Marcus Updateinfo to OVAL Converter 5.5 2019-09-27T08:39:09 openSUSE Leap 42.3 These are all security issues found in the FastCGI Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2766 openSUSE Leap 42.3 These are all security issues found in the GraphicsMagick-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1882 CVE-2009-3736 CVE-2012-3438 CVE-2014-9805 CVE-2014-9807 CVE-2014-9809 CVE-2014-9815 CVE-2014-9817 CVE-2014-9820 CVE-2014-9831 CVE-2014-9834 CVE-2014-9835 CVE-2014-9837 CVE-2014-9845 CVE-2014-9846 CVE-2014-9853 CVE-2016-10048 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10068 CVE-2016-10070 CVE-2016-10146 CVE-2016-2317 CVE-2016-3714 CVE-2016-3715 CVE-2016-3717 CVE-2016-3718 CVE-2016-5118 CVE-2016-6823 CVE-2016-7101 CVE-2016-7515 CVE-2016-7522 CVE-2016-7528 CVE-2016-7529 CVE-2016-7531 CVE-2016-7533 CVE-2016-7537 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-9830 CVE-2017-5511 CVE-2017-6335 CVE-2017-8350 CVE-2017-8351 CVE-2017-8353 CVE-2017-8355 CVE-2017-9142 openSUSE Leap 42.3 These are all security issues found in the ImageMagick Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2014-9907 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5118 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6520 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 CVE-2016-7522 CVE-2016-7523 CVE-2016-7524 CVE-2016-7525 CVE-2016-7526 CVE-2016-7527 CVE-2016-7528 CVE-2016-7529 CVE-2016-7530 CVE-2016-7531 CVE-2016-7532 CVE-2016-7533 CVE-2016-7534 CVE-2016-7535 CVE-2016-7537 CVE-2016-7538 CVE-2016-7539 CVE-2016-7540 CVE-2016-7799 CVE-2016-7800 CVE-2016-7996 CVE-2016-7997 CVE-2016-8677 CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 CVE-2016-8707 CVE-2016-8862 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 openSUSE Leap 42.3 These are all security issues found in the LibVNCServer-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 openSUSE Leap 42.3 These are all security issues found in the MozillaFirefox Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-5913 CVE-2009-0040 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2011-0068 CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 CVE-2011-0084 CVE-2011-1187 CVE-2011-1202 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3079 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-2808 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1519 CVE-2014-1522 CVE-2014-1523 CVE-2014-1524 CVE-2014-1525 CVE-2014-1526 CVE-2014-1528 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1539 CVE-2014-1540 CVE-2014-1541 CVE-2014-1542 CVE-2014-1543 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1549 CVE-2014-1550 CVE-2014-1552 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1558 CVE-2014-1559 CVE-2014-1560 CVE-2014-1561 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1580 CVE-2014-1581 CVE-2014-1582 CVE-2014-1583 CVE-2014-1584 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1589 CVE-2014-1590 CVE-2014-1591 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 CVE-2015-0798 CVE-2015-0799 CVE-2015-0800 CVE-2015-0801 CVE-2015-0802 CVE-2015-0803 CVE-2015-0804 CVE-2015-0805 CVE-2015-0806 CVE-2015-0807 CVE-2015-0808 CVE-2015-0810 CVE-2015-0811 CVE-2015-0812 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0819 CVE-2015-0820 CVE-2015-0821 CVE-2015-0822 CVE-2015-0823 CVE-2015-0824 CVE-2015-0825 CVE-2015-0826 CVE-2015-0827 CVE-2015-0828 CVE-2015-0829 CVE-2015-0830 CVE-2015-0831 CVE-2015-0832 CVE-2015-0833 CVE-2015-0834 CVE-2015-0835 CVE-2015-0836 CVE-2015-2706 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2711 CVE-2015-2712 CVE-2015-2713 CVE-2015-2715 CVE-2015-2716 CVE-2015-2717 CVE-2015-2718 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2742 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4476 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4483 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4490 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4502 CVE-2015-4503 CVE-2015-4504 CVE-2015-4505 CVE-2015-4506 CVE-2015-4507 CVE-2015-4508 CVE-2015-4509 CVE-2015-4510 CVE-2015-4511 CVE-2015-4512 CVE-2015-4513 CVE-2015-4514 CVE-2015-4515 CVE-2015-4516 CVE-2015-4517 CVE-2015-4518 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7184 CVE-2015-7185 CVE-2015-7186 CVE-2015-7187 CVE-2015-7188 CVE-2015-7189 CVE-2015-7190 CVE-2015-7191 CVE-2015-7192 CVE-2015-7193 CVE-2015-7194 CVE-2015-7195 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7202 CVE-2015-7203 CVE-2015-7204 CVE-2015-7205 CVE-2015-7207 CVE-2015-7208 CVE-2015-7210 CVE-2015-7211 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7215 CVE-2015-7216 CVE-2015-7217 CVE-2015-7218 CVE-2015-7219 CVE-2015-7220 CVE-2015-7221 CVE-2015-7222 CVE-2015-7223 CVE-2015-7575 CVE-2016-0718 CVE-2016-1930 CVE-2016-1931 CVE-2016-1933 CVE-2016-1935 CVE-2016-1937 CVE-2016-1938 CVE-2016-1939 CVE-2016-1942 CVE-2016-1943 CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 CVE-2016-1947 CVE-2016-1949 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1959 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1963 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1967 CVE-2016-1968 CVE-2016-1970 CVE-2016-1971 CVE-2016-1972 CVE-2016-1973 CVE-2016-1974 CVE-2016-1975 CVE-2016-1976 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2804 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2809 CVE-2016-2810 CVE-2016-2811 CVE-2016-2812 CVE-2016-2813 CVE-2016-2814 CVE-2016-2815 CVE-2016-2816 CVE-2016-2817 CVE-2016-2818 CVE-2016-2819 CVE-2016-2820 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2825 CVE-2016-2827 CVE-2016-2828 CVE-2016-2829 CVE-2016-2830 CVE-2016-2831 CVE-2016-2832 CVE-2016-2833 CVE-2016-2834 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5251 CVE-2016-5252 CVE-2016-5253 CVE-2016-5254 CVE-2016-5255 CVE-2016-5256 CVE-2016-5257 CVE-2016-5258 CVE-2016-5259 CVE-2016-5260 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5266 CVE-2016-5267 CVE-2016-5268 CVE-2016-5270 CVE-2016-5271 CVE-2016-5272 CVE-2016-5273 CVE-2016-5274 CVE-2016-5275 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5279 CVE-2016-5280 CVE-2016-5281 CVE-2016-5282 CVE-2016-5283 CVE-2016-5284 CVE-2016-5287 CVE-2016-5288 CVE-2016-5289 CVE-2016-5290 CVE-2016-5291 CVE-2016-5292 CVE-2016-5293 CVE-2016-5294 CVE-2016-5295 CVE-2016-5296 CVE-2016-5297 CVE-2016-5298 CVE-2016-5299 CVE-2016-6354 CVE-2016-9061 CVE-2016-9062 CVE-2016-9063 CVE-2016-9064 CVE-2016-9065 CVE-2016-9066 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9070 CVE-2016-9071 CVE-2016-9072 CVE-2016-9073 CVE-2016-9074 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2016-9078 CVE-2016-9079 CVE-2016-9080 CVE-2016-9893 CVE-2016-9894 CVE-2016-9895 CVE-2016-9896 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9903 CVE-2016-9904 CVE-2017-5031 CVE-2017-5373 CVE-2017-5374 CVE-2017-5375 CVE-2017-5376 CVE-2017-5377 CVE-2017-5378 CVE-2017-5379 CVE-2017-5380 CVE-2017-5381 CVE-2017-5382 CVE-2017-5383 CVE-2017-5384 CVE-2017-5385 CVE-2017-5386 CVE-2017-5387 CVE-2017-5388 CVE-2017-5389 CVE-2017-5390 CVE-2017-5391 CVE-2017-5392 CVE-2017-5393 CVE-2017-5394 CVE-2017-5395 CVE-2017-5396 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5415 CVE-2017-5416 CVE-2017-5417 CVE-2017-5418 CVE-2017-5419 CVE-2017-5420 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5427 CVE-2017-5428 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7760 CVE-2017-7761 CVE-2017-7764 CVE-2017-7765 CVE-2017-7766 CVE-2017-7767 CVE-2017-7768 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 openSUSE Leap 42.3 These are all security issues found in the MozillaThunderbird Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1571 CVE-2009-3555 CVE-2010-0159 CVE-2010-0173 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0182 CVE-2010-0654 CVE-2010-1121 CVE-2010-1196 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1585 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2010-3768 CVE-2010-3769 CVE-2010-3776 CVE-2010-3777 CVE-2010-3778 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-1187 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2987 CVE-2011-2988 CVE-2011-2989 CVE-2011-2991 CVE-2011-2992 CVE-2011-3000 CVE-2011-3001 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3079 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3975 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5613 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487 CVE-2014-1490 CVE-2014-1491 CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532 CVE-2014-1533 CVE-2014-1534 CVE-2014-1536 CVE-2014-1537 CVE-2014-1538 CVE-2014-1541 CVE-2014-1544 CVE-2014-1545 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0833 CVE-2015-0836 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2730 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4475 CVE-2015-4477 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4481 CVE-2015-4482 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493 CVE-2015-4500 CVE-2015-4505 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4513 CVE-2015-4514 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7178 CVE-2015-7179 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7205 CVE-2015-7207 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2015-7575 CVE-2016-1930 CVE-2016-1935 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1955 CVE-2016-1956 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-1979 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2806 CVE-2016-2807 CVE-2016-2815 CVE-2016-2818 CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-6354 CVE-2016-9066 CVE-2016-9079 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9904 CVE-2016-9905 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396 CVE-2017-5398 CVE-2017-5399 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5403 CVE-2017-5404 CVE-2017-5405 CVE-2017-5406 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410 CVE-2017-5412 CVE-2017-5413 CVE-2017-5414 CVE-2017-5416 CVE-2017-5418 CVE-2017-5419 CVE-2017-5421 CVE-2017-5422 CVE-2017-5426 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 openSUSE Leap 42.3 These are all security issues found in the NetworkManager Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-2924 CVE-2016-0764 openSUSE Leap 42.3 These are all security issues found in the a2ps Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2004-1377 CVE-2014-0466 openSUSE Leap 42.3 These are all security issues found in the aaa_base Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-0461 openSUSE Leap 42.3 These are all security issues found in the accountsservice Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2737 openSUSE Leap 42.3 These are all security issues found in the alsa Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0035 openSUSE Leap 42.3 These are all security issues found in the android-tools Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-1909 openSUSE Leap 42.3 These are all security issues found in the ant Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1571 openSUSE Leap 42.3 These are all security issues found in the apache-commons-beanutils Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3540 openSUSE Leap 42.3 These are all security issues found in the apache-commons-daemon Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2729 openSUSE Leap 42.3 These are all security issues found in the apache-commons-httpclient Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-5783 openSUSE Leap 42.3 These are all security issues found in the apache-pdfbox Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-2175 openSUSE Leap 42.3 These are all security issues found in the apache2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0023 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-1955 CVE-2009-1956 CVE-2009-2412 CVE-2009-2699 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2009-3560 CVE-2009-3720 CVE-2010-0408 CVE-2010-0425 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2011-1176 CVE-2011-3192 CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 CVE-2012-2687 CVE-2012-3499 CVE-2012-3502 CVE-2013-1896 CVE-2013-2249 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-4000 CVE-2016-0736 CVE-2016-1546 CVE-2016-2161 CVE-2016-4979 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 openSUSE Leap 42.3 These are all security issues found in the apache2-mod_perl Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1667 openSUSE Leap 42.3 These are all security issues found in the apache2-mod_php5 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2006-7243 CVE-2010-2225 CVE-2010-2950 CVE-2010-3436 CVE-2010-3709 CVE-2010-3710 CVE-2010-4150 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-2202 CVE-2011-3379 CVE-2011-4153 CVE-2011-4566 CVE-2011-4718 CVE-2011-4885 CVE-2012-0830 CVE-2012-1823 CVE-2012-2311 CVE-2012-2335 CVE-2012-2336 CVE-2012-2688 CVE-2012-3365 CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420 CVE-2013-6712 CVE-2013-7327 CVE-2013-7345 CVE-2013-7456 CVE-2014-0185 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 CVE-2014-5459 CVE-2014-8142 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2014-9767 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2305 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4116 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643 CVE-2015-4644 CVE-2015-5589 CVE-2015-5590 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 CVE-2015-7803 CVE-2015-8835 CVE-2015-8838 CVE-2015-8866 CVE-2015-8867 CVE-2015-8873 CVE-2015-8874 CVE-2015-8876 CVE-2015-8877 CVE-2015-8879 CVE-2015-8935 CVE-2015-8994 CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-1903 CVE-2016-2554 CVE-2016-3141 CVE-2016-3142 CVE-2016-3185 CVE-2016-3587 CVE-2016-4070 CVE-2016-4071 CVE-2016-4073 CVE-2016-4342 CVE-2016-4346 CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544 CVE-2016-5093 CVE-2016-5094 CVE-2016-5095 CVE-2016-5096 CVE-2016-5385 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 CVE-2016-6128 CVE-2016-6161 CVE-2016-6207 CVE-2016-6288 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 CVE-2016-6911 CVE-2016-7124 CVE-2016-7125 CVE-2016-7126 CVE-2016-7127 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7134 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 CVE-2016-7478 CVE-2016-7568 CVE-2016-8670 CVE-2016-9137 CVE-2016-9933 CVE-2016-9934 CVE-2016-9935 CVE-2017-7272 CVE-2017-9224 CVE-2017-9226 CVE-2017-9227 openSUSE Leap 42.3 These are all security issues found in the apparmor-abstractions Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-6507 openSUSE Leap 42.3 These are all security issues found in the argyllcms Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-1616 openSUSE Leap 42.3 These are all security issues found in the aria2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-3617 openSUSE Leap 42.3 These are all security issues found in the at Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-6354 openSUSE Leap 42.3 These are all security issues found in the audiofile-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-7747 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 openSUSE Leap 42.3 These are all security issues found in the augeas Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-0786 CVE-2014-8119 openSUSE Leap 42.3 These are all security issues found in the autofs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8169 openSUSE Leap 42.3 These are all security issues found in the automake Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-4029 openSUSE Leap 42.3 These are all security issues found in the avahi Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0758 CVE-2010-2244 CVE-2011-1002 openSUSE Leap 42.3 These are all security issues found in the bash Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 openSUSE Leap 42.3 These are all security issues found in the bind Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0696 CVE-2009-4022 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 CVE-2015-8704 CVE-2016-1285 CVE-2016-1286 CVE-2016-2775 CVE-2016-2776 CVE-2016-6170 CVE-2016-8864 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2017-3135 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 CVE-2017-3142 CVE-2017-3143 openSUSE Leap 42.3 These are all security issues found in the binutils Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 openSUSE Leap 42.3 These are all security issues found in the bogofilter-common Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2494 CVE-2012-5468 openSUSE Leap 42.3 These are all security issues found in the bsdtar Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-0211 CVE-2015-2304 CVE-2015-8915 CVE-2015-8916 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 openSUSE Leap 42.3 These are all security issues found in the busybox Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-9645 openSUSE Leap 42.3 These are all security issues found in the bzip2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-0405 openSUSE Leap 42.3 These are all security issues found in the cairo-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-9082 CVE-2017-7475 openSUSE Leap 42.3 These are all security issues found in the cifs-utils Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2012-1586 openSUSE Leap 42.3 These are all security issues found in the clamav Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 CVE-2012-6706 CVE-2013-6497 CVE-2014-9050 CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 openSUSE Leap 42.3 These are all security issues found in the claws-mail Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4507 CVE-2014-3566 CVE-2015-8614 CVE-2015-8708 openSUSE Leap 42.3 These are all security issues found in the colord Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-4349 openSUSE Leap 42.3 These are all security issues found in the coreutils Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2015-4041 CVE-2015-4042 openSUSE Leap 42.3 These are all security issues found in the cpio Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-0624 CVE-2014-9112 CVE-2016-2037 openSUSE Leap 42.3 These are all security issues found in the cpp48 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-5044 CVE-2015-5276 openSUSE Leap 42.3 These are all security issues found in the cracklib Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-6318 openSUSE Leap 42.3 These are all security issues found in the crash-kmp-default Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-2524 openSUSE Leap 42.3 These are all security issues found in the cron Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2006-2607 CVE-2010-0424 openSUSE Leap 42.3 These are all security issues found in the ctags Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-7204 openSUSE Leap 42.3 These are all security issues found in the cups Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0163 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2941 CVE-2012-5519 CVE-2012-6094 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 openSUSE Leap 42.3 These are all security issues found in the cups-filters Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-6473 CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 CVE-2014-2707 CVE-2014-4336 CVE-2014-4337 CVE-2014-4338 CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 CVE-2015-8327 CVE-2015-8560 openSUSE Leap 42.3 These are all security issues found in the cups-pk-helper Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4510 openSUSE Leap 42.3 These are all security issues found in the curl Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2013-0249 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2016-0755 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-9586 CVE-2017-7407 openSUSE Leap 42.3 These are all security issues found in the cvs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-0804 openSUSE Leap 42.3 These are all security issues found in the cyradm Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-3235 CVE-2011-3372 CVE-2015-8077 CVE-2015-8078 openSUSE Leap 42.3 These are all security issues found in the cyrus-sasl Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0688 openSUSE Leap 42.3 These are all security issues found in the dbus-1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-4352 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 openSUSE Leap 42.3 These are all security issues found in the dbus-1-glib Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-1172 CVE-2013-0292 openSUSE Leap 42.3 These are all security issues found in the dhcp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 CVE-2015-8605 openSUSE Leap 42.3 These are all security issues found in the dia Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-5984 openSUSE Leap 42.3 These are all security issues found in the dnsmasq Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-3294 CVE-2015-8899 openSUSE Leap 42.3 These are all security issues found in the dosfstools Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-8872 CVE-2016-4804 openSUSE Leap 42.3 These are all security issues found in the dracut Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4453 CVE-2016-8637 openSUSE Leap 42.3 These are all security issues found in the drm-kmp-default Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-10810 CVE-2017-7261 CVE-2017-7294 CVE-2017-7346 openSUSE Leap 42.3 These are all security issues found in the e2fsprogs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-0247 CVE-2015-1572 openSUSE Leap 42.3 These are all security issues found in the elfutils Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0172 CVE-2014-9447 openSUSE Leap 42.3 These are all security issues found in the emacs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-0035 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 openSUSE Leap 42.3 These are all security issues found in the empathy Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3635 openSUSE Leap 42.3 These are all security issues found in the eog Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-7447 CVE-2016-6855 openSUSE Leap 42.3 These are all security issues found in the evince Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 CVE-2017-1000083 openSUSE Leap 42.3 These are all security issues found in the exif Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2845 openSUSE Leap 42.3 These are all security issues found in the exiv2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-9449 openSUSE Leap 42.3 These are all security issues found in the expat Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-5300 openSUSE Leap 42.3 These are all security issues found in the fetchmail Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2666 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-3482 openSUSE Leap 42.3 These are all security issues found in the file Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-1571 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 openSUSE Leap 42.3 These are all security issues found in the flac Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8962 CVE-2014-9028 openSUSE Leap 42.3 These are all security issues found in the fontconfig Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-5384 openSUSE Leap 42.3 These are all security issues found in the freerdp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0250 CVE-2014-0791 openSUSE Leap 42.3 These are all security issues found in the freetype2-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-2241 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 openSUSE Leap 42.3 These are all security issues found in the ft2demos Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2011-0226 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 openSUSE Leap 42.3 These are all security issues found in the fuse Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 openSUSE Leap 42.3 These are all security issues found in the gcab Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-0552 openSUSE Leap 42.3 These are all security issues found in the gd Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-2497 CVE-2014-9709 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6906 CVE-2016-6911 CVE-2016-6912 CVE-2016-7568 CVE-2016-8670 CVE-2016-9317 CVE-2016-9933 openSUSE Leap 42.3 These are all security issues found in the gdk-pixbuf-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2485 CVE-2015-4491 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 CVE-2016-6352 openSUSE Leap 42.3 These are all security issues found in the gdk-pixbuf-loader-rsvg Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3146 CVE-2013-1881 openSUSE Leap 42.3 These are all security issues found in the gdm Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1709 openSUSE Leap 42.3 These are all security issues found in the gegl-0_2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4433 openSUSE Leap 42.3 These are all security issues found in the ghostscript Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-5653 CVE-2015-3228 CVE-2016-10220 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 openSUSE Leap 42.3 These are all security issues found in the giflib-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-7555 CVE-2016-3977 openSUSE Leap 42.3 These are all security issues found in the gimp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-3126 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-2896 CVE-2012-3236 CVE-2012-5576 CVE-2016-4994 openSUSE Leap 42.3 These are all security issues found in the git Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2005-4900 CVE-2011-2186 CVE-2014-9390 CVE-2016-2315 CVE-2016-2324 CVE-2017-8386 openSUSE Leap 42.3 These are all security issues found in the glib2-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-4316 CVE-2012-3524 openSUSE Leap 42.3 These are all security issues found in the glibc Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-5029 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 CVE-2017-1000366 openSUSE Leap 42.3 These are all security issues found in the gnome-games Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-4003 openSUSE Leap 42.3 These are all security issues found in the gnome-keyring Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-3466 openSUSE Leap 42.3 These are all security issues found in the gnome-online-accounts Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-0240 CVE-2013-1799 openSUSE Leap 42.3 These are all security issues found in the gnome-photos Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-7447 openSUSE Leap 42.3 These are all security issues found in the gnome-settings-daemon Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-7300 openSUSE Leap 42.3 These are all security issues found in the gnome-shell Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-4000 openSUSE Leap 42.3 These are all security issues found in the gnuchess Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-8972 openSUSE Leap 42.3 These are all security issues found in the gnutls Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-4989 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2014-0092 CVE-2014-1959 CVE-2014-3466 CVE-2014-8564 CVE-2015-0294 CVE-2015-3622 CVE-2015-6251 CVE-2016-7444 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 openSUSE Leap 42.3 These are all security issues found in the gpg2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2547 CVE-2013-4351 CVE-2013-4402 CVE-2014-4617 CVE-2015-1606 CVE-2015-1607 openSUSE Leap 42.3 These are all security issues found in the gpgme Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3564 openSUSE Leap 42.3 These are all security issues found in the graphite2-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-1521 CVE-2016-1523 CVE-2016-1526 CVE-2017-5436 openSUSE Leap 42.3 These are all security issues found in the groff Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-5044 CVE-2009-5080 CVE-2009-5081 openSUSE Leap 42.3 These are all security issues found in the grub2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-8370 openSUSE Leap 42.3 These are all security issues found in the gstreamer Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-5838 openSUSE Leap 42.3 These are all security issues found in the gstreamer-0_10-plugin-esd Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 openSUSE Leap 42.3 These are all security issues found in the gstreamer-0_10-plugin-gnomevfs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5844 openSUSE Leap 42.3 These are all security issues found in the gstreamer-0_10-plugins-bad Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-0797 CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 CVE-2016-9809 openSUSE Leap 42.3 These are all security issues found in the gstreamer-plugins-bad Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-5843 CVE-2017-5848 openSUSE Leap 42.3 These are all security issues found in the gstreamer-plugins-base Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 openSUSE Leap 42.3 These are all security issues found in the gstreamer-plugins-good Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-10198 CVE-2016-10199 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 openSUSE Leap 42.3 These are all security issues found in the guile Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-8605 openSUSE Leap 42.3 These are all security issues found in the gv Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-3386 openSUSE Leap 42.3 These are all security issues found in the gvim Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0316 CVE-2016-1248 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 openSUSE Leap 42.3 These are all security issues found in the gzip Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2624 CVE-2010-0001 openSUSE Leap 42.3 These are all security issues found in the hardlink Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 openSUSE Leap 42.3 These are all security issues found in the hplip Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2004-0801 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 CVE-2015-0839 openSUSE Leap 42.3 These are all security issues found in the htmldoc Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-3050 openSUSE Leap 42.3 These are all security issues found in the hyper-v Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2669 CVE-2012-5532 openSUSE Leap 42.3 These are all security issues found in the ibus-chewing Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4509 openSUSE Leap 42.3 These are all security issues found in the icedtea-web-javadoc Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2513 CVE-2011-2514 CVE-2011-3377 CVE-2012-3422 CVE-2012-3423 CVE-2012-4540 CVE-2013-1926 CVE-2013-1927 CVE-2013-4349 CVE-2015-5234 CVE-2015-5235 openSUSE Leap 42.3 These are all security issues found in the icoutils Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-5208 CVE-2017-5331 CVE-2017-5332 CVE-2017-5333 openSUSE Leap 42.3 These are all security issues found in the id3lib Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-4460 openSUSE Leap 42.3 These are all security issues found in the ipsec-tools Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-4047 openSUSE Leap 42.3 These are all security issues found in the iputils Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2529 openSUSE Leap 42.3 These are all security issues found in the irssi Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1959 CVE-2010-1154 CVE-2010-1155 CVE-2016-7044 CVE-2016-7045 CVE-2016-7553 CVE-2017-10965 CVE-2017-10966 CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 CVE-2017-5356 CVE-2017-9468 CVE-2017-9469 openSUSE Leap 42.3 These are all security issues found in the jakarta-commons-fileupload Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2186 CVE-2014-0050 openSUSE Leap 42.3 These are all security issues found in the java-1_8_0-openjdk Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-2590 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 CVE-2015-7575 CVE-2015-8126 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-2183 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 CVE-2016-5542 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 openSUSE Leap 42.3 These are all security issues found in the jhead Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-4575 CVE-2008-4641 openSUSE Leap 42.3 These are all security issues found in the kauth-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-8422 openSUSE Leap 42.3 These are all security issues found in the kbd Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-0460 openSUSE Leap 42.3 These are all security issues found in the kcoreaddons Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-7966 openSUSE Leap 42.3 These are all security issues found in the kdebase4-workspace-libs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-0436 openSUSE Leap 42.3 These are all security issues found in the kdelibs4 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3494 CVE-2017-8422 openSUSE Leap 42.3 These are all security issues found in the kdenetwork4-filesharing Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-1000 openSUSE Leap 42.3 These are all security issues found in the kdump Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-5759 openSUSE Leap 42.3 These are all security issues found in the kernel-default Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0712 CVE-2011-1020 CVE-2011-1577 CVE-2011-2203 CVE-2012-0056 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2013-4312 CVE-2014-0038 CVE-2014-00691 CVE-2014-0196 CVE-2015-1350 CVE-2015-7833 CVE-2015-7884 CVE-2015-7885 CVE-2015-8709 CVE-2015-8812 CVE-2015-8964 CVE-2016-0617 CVE-2016-0723 CVE-2016-0728 CVE-2016-0758 CVE-2016-10200 CVE-2016-1237 CVE-2016-1583 CVE-2016-2117 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2383 CVE-2016-2384 CVE-2016-2847 CVE-2016-3134 CVE-2016-3135 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3672 CVE-2016-3689 CVE-2016-3713 CVE-2016-3951 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4557 CVE-2016-4558 CVE-2016-4569 CVE-2016-4578 CVE-2016-4794 CVE-2016-4805 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 CVE-2016-5195 CVE-2016-5244 CVE-2016-5412 CVE-2016-5696 CVE-2016-5828 CVE-2016-5829 CVE-2016-6197 CVE-2016-6480 CVE-2016-6828 CVE-2016-7039 CVE-2016-7042 CVE-2016-7097 CVE-2016-7117 CVE-2016-7425 CVE-2016-7913 CVE-2016-7917 CVE-2016-8632 CVE-2016-8636 CVE-2016-8645 CVE-2016-8655 CVE-2016-8658 CVE-2016-8666 CVE-2016-9083 CVE-2016-9084 CVE-2016-9191 CVE-2016-9555 CVE-2016-9576 CVE-2016-9793 CVE-2016-9794 CVE-2016-9806 CVE-2016-9919 CVE-2017-1000364 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-10810 CVE-2017-2583 CVE-2017-2584 CVE-2017-2596 CVE-2017-2636 CVE-2017-2671 CVE-2017-5551 CVE-2017-5576 CVE-2017-5577 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 CVE-2017-6074 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6353 CVE-2017-7184 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7346 CVE-2017-7374 CVE-2017-7487 CVE-2017-7518 CVE-2017-7616 CVE-2017-7618 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9150 CVE-2017-9242 openSUSE Leap 42.3 These are all security issues found in the kinit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-3100 openSUSE Leap 42.3 These are all security issues found in the kio-extras5 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8600 openSUSE Leap 42.3 These are all security issues found in the klogd Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3634 openSUSE Leap 42.3 These are all security issues found in the konversation Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8483 openSUSE Leap 42.3 These are all security issues found in the krb5 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-3119 CVE-2016-3120 openSUSE Leap 42.3 These are all security issues found in the kscreenlocker Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-2312 openSUSE Leap 42.3 These are all security issues found in the lftp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0139 openSUSE Leap 42.3 These are all security issues found in the libFS6 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1996 openSUSE Leap 42.3 These are all security issues found in the libHX28 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2947 openSUSE Leap 42.3 These are all security issues found in the libICE-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-2626 openSUSE Leap 42.3 These are all security issues found in the libIlmImf-Imf_2_1-21 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1720 CVE-2009-1721 openSUSE Leap 42.3 These are all security issues found in the libImlib2-1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-0991 openSUSE Leap 42.3 These are all security issues found in the libQt5Concurrent-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 openSUSE Leap 42.3 These are all security issues found in the libQt5WebKit5 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-8079 openSUSE Leap 42.3 These are all security issues found in the libX11-6 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 CVE-2016-7942 openSUSE Leap 42.3 These are all security issues found in the libXRes1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1988 openSUSE Leap 42.3 These are all security issues found in the libXcursor-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2003 openSUSE Leap 42.3 These are all security issues found in the libXdmcp-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-2625 openSUSE Leap 42.3 These are all security issues found in the libXext-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1982 openSUSE Leap 42.3 These are all security issues found in the libXfixes-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1983 CVE-2016-7944 openSUSE Leap 42.3 These are all security issues found in the libXfont-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 openSUSE Leap 42.3 These are all security issues found in the libXi-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 CVE-2016-7945 CVE-2016-7946 openSUSE Leap 42.3 These are all security issues found in the libXinerama-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1985 openSUSE Leap 42.3 These are all security issues found in the libXp-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2062 openSUSE Leap 42.3 These are all security issues found in the libXpm-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-10164 openSUSE Leap 42.3 These are all security issues found in the libXrandr-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1986 CVE-2016-7947 CVE-2016-7948 openSUSE Leap 42.3 These are all security issues found in the libXrender-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1987 CVE-2016-7949 CVE-2016-7950 openSUSE Leap 42.3 These are all security issues found in the libXt-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2002 CVE-2013-2005 openSUSE Leap 42.3 These are all security issues found in the libXtst-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2063 CVE-2016-7951 CVE-2016-7952 openSUSE Leap 42.3 These are all security issues found in the libXv-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1989 CVE-2013-2066 CVE-2016-5407 openSUSE Leap 42.3 These are all security issues found in the libXvMC-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1990 CVE-2013-1999 CVE-2016-7953 openSUSE Leap 42.3 These are all security issues found in the libXvnc1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0011 CVE-2014-8240 CVE-2015-0255 openSUSE Leap 42.3 These are all security issues found in the libXxf86dga-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1991 CVE-2013-2000 openSUSE Leap 42.3 These are all security issues found in the libXxf86vm-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2001 openSUSE Leap 42.3 These are all security issues found in the libapr-util1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0023 CVE-2009-2412 CVE-2009-3560 CVE-2009-3720 CVE-2010-1623 openSUSE Leap 42.3 These are all security issues found in the libapr1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 openSUSE Leap 42.3 These are all security issues found in the libass5 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-7969 CVE-2016-7972 openSUSE Leap 42.3 These are all security issues found in the libavcodec57 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-8216 CVE-2015-8217 CVE-2015-8218 CVE-2015-8219 CVE-2015-8363 CVE-2015-8364 CVE-2015-8365 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191 CVE-2016-10192 CVE-2016-1897 CVE-2016-1898 CVE-2017-7859 CVE-2017-7862 CVE-2017-7863 CVE-2017-7865 CVE-2017-7866 openSUSE Leap 42.3 These are all security issues found in the libblkid-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-0157 CVE-2014-9114 CVE-2015-5218 CVE-2016-5011 CVE-2017-2616 openSUSE Leap 42.3 These are all security issues found in the libcares2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-5180 CVE-2017-1000381 openSUSE Leap 42.3 These are all security issues found in the libdcerpc-binding0-32bit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2015-8543 CVE-2016-0771 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 CVE-2017-2619 CVE-2017-7494 openSUSE Leap 42.3 These are all security issues found in the libdirectfb-1_7-1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-2977 CVE-2014-2978 openSUSE Leap 42.3 These are all security issues found in the libdmx-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1992 openSUSE Leap 42.3 These are all security issues found in the libecpg6 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-2193 CVE-2016-3065 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 openSUSE Leap 42.3 These are all security issues found in the libevent-2_0-5 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-6272 openSUSE Leap 42.3 These are all security issues found in the libexif-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 openSUSE Leap 42.3 These are all security issues found in the libffi-devel-gcc5 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-5276 openSUSE Leap 42.3 These are all security issues found in the libfreebl3 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2011-3640 CVE-2013-0743 CVE-2013-0791 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-5605 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1568 CVE-2014-1569 CVE-2015-2721 CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1950 CVE-2016-1979 CVE-2016-2834 openSUSE Leap 42.3 These are all security issues found in the libgadu-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-6487 CVE-2014-3775 openSUSE Leap 42.3 These are all security issues found in the libgc1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2673 CVE-2016-9427 openSUSE Leap 42.3 These are all security issues found in the libgcrypt-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4242 CVE-2014-3591 CVE-2015-0837 CVE-2015-7511 CVE-2016-6313 CVE-2017-7526 openSUSE Leap 42.3 These are all security issues found in the libgit2-24 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 CVE-2016-8568 CVE-2016-8569 CVE-2017-5338 CVE-2017-5339 openSUSE Leap 42.3 These are all security issues found in the libgme0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 openSUSE Leap 42.3 These are all security issues found in the libgnomesu Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1946 openSUSE Leap 42.3 These are all security issues found in the libgssglue-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2709 openSUSE Leap 42.3 These are all security issues found in the libgypsy0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-0523 CVE-2011-0524 openSUSE Leap 42.3 These are all security issues found in the libhogweed2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-6489 openSUSE Leap 42.3 These are all security issues found in the libicu-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-9654 openSUSE Leap 42.3 These are all security issues found in the libid3tag0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-2109 openSUSE Leap 42.3 These are all security issues found in the libidn-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 openSUSE Leap 42.3 These are all security issues found in the libimobiledevice-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2142 CVE-2016-5104 openSUSE Leap 42.3 These are all security issues found in the libjasper-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-3522 CVE-2011-4516 CVE-2011-4517 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 CVE-2015-5203 CVE-2015-5221 CVE-2016-10251 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 openSUSE Leap 42.3 These are all security issues found in the libjavascriptcoregtk-1_0-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-2330 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 openSUSE Leap 42.3 These are all security issues found in the libjavascriptcoregtk-4_0-18 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 openSUSE Leap 42.3 These are all security issues found in the libjbig2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-6369 openSUSE Leap 42.3 These are all security issues found in the libjpeg-turbo Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-9092 openSUSE Leap 42.3 These are all security issues found in the libjson-c2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-6370 CVE-2013-6371 openSUSE Leap 42.3 These are all security issues found in the libkpathsea6 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-10243 openSUSE Leap 42.3 These are all security issues found in the libksba8 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 openSUSE Leap 42.3 These are all security issues found in the liblcms-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0793 CVE-2013-4276 openSUSE Leap 42.3 These are all security issues found in the libldap-2_4-2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-6908 openSUSE Leap 42.3 These are all security issues found in the libldb1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-3223 CVE-2015-5330 openSUSE Leap 42.3 These are all security issues found in the liblightdm-gobject-1-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3153 CVE-2011-3349 CVE-2011-4105 CVE-2012-1111 openSUSE Leap 42.3 These are all security issues found in the libltdl7 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-3736 openSUSE Leap 42.3 These are all security issues found in the liblua5_2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-5461 openSUSE Leap 42.3 These are all security issues found in the liblzo2-2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-4607 openSUSE Leap 42.3 These are all security issues found in the libmikmod3 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-6720 CVE-2009-0179 CVE-2009-3995 CVE-2009-3996 CVE-2010-2546 openSUSE Leap 42.3 These are all security issues found in the libminiupnpc10 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3985 CVE-2015-6031 CVE-2017-8798 openSUSE Leap 42.3 These are all security issues found in the libmms-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-2892 openSUSE Leap 42.3 These are all security issues found in the libmodplug1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1761 CVE-2013-4233 CVE-2013-4234 openSUSE Leap 42.3 These are all security issues found in the libmpfr4 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-9474 openSUSE Leap 42.3 These are all security issues found in the libmpg123-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-10683 CVE-2017-11126 openSUSE Leap 42.3 These are all security issues found in the libmspack0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2800 CVE-2010-2801 CVE-2014-9556 openSUSE Leap 42.3 These are all security issues found in the libmusicbrainz-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2006-4197 openSUSE Leap 42.3 These are all security issues found in the libmwaw-0_3-3 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-9433 openSUSE Leap 42.3 These are all security issues found in the libmxml1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-4570 CVE-2016-4571 openSUSE Leap 42.3 These are all security issues found in the libmysqlclient-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-8283 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 openSUSE Leap 42.3 These are all security issues found in the libncurses5-32bit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-10684 CVE-2017-10685 openSUSE Leap 42.3 These are all security issues found in the libndp0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-3698 openSUSE Leap 42.3 These are all security issues found in the libneon27 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2473 CVE-2009-2474 openSUSE Leap 42.3 These are all security issues found in the libnetpbm-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-6354 CVE-2017-2581 CVE-2017-2586 CVE-2017-2587 openSUSE Leap 42.3 These are all security issues found in the libnewt0_52 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2905 openSUSE Leap 42.3 These are all security issues found in the libnghttp2-14 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-1544 openSUSE Leap 42.3 These are all security issues found in the libopenjp2-7 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 openSUSE Leap 42.3 These are all security issues found in the libopenjpeg1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-5030 CVE-2012-3358 CVE-2012-3535 CVE-2013-1447 CVE-2013-4289 CVE-2013-4290 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 CVE-2013-6054 CVE-2013-6887 CVE-2016-7445 openSUSE Leap 42.3 These are all security issues found in the libopenssl-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2015-3216 CVE-2015-4000 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 openSUSE Leap 42.3 These are all security issues found in the libopus0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-0381 openSUSE Leap 42.3 These are all security issues found in the libosip2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 openSUSE Leap 42.3 These are all security issues found in the libospf0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-1674 CVE-2010-1675 CVE-2013-2236 CVE-2016-1245 CVE-2016-2342 CVE-2016-4049 CVE-2017-5495 openSUSE Leap 42.3 These are all security issues found in the libotr-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-2851 openSUSE Leap 42.3 These are all security issues found in the libpango-1_0-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-0020 CVE-2011-0064 openSUSE Leap 42.3 These are all security issues found in the libpcre1-32bit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2016-1283 CVE-2016-3191 openSUSE Leap 42.3 These are all security issues found in the libpcsclite1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-0407 CVE-2010-4531 CVE-2016-10109 openSUSE Leap 42.3 These are all security issues found in the libplist-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6440 CVE-2017-7982 openSUSE Leap 42.3 These are all security issues found in the libpng12-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-3386 CVE-2013-7353 CVE-2013-7354 CVE-2015-7981 CVE-2015-8126 CVE-2015-8540 CVE-2016-10087 openSUSE Leap 42.3 These are all security issues found in the libpng16-16 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3328 CVE-2013-6954 CVE-2014-0333 CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 CVE-2016-10087 openSUSE Leap 42.3 These are all security issues found in the libpolkit0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 openSUSE Leap 42.3 These are all security issues found in the libpoppler-cpp0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 openSUSE Leap 42.3 These are all security issues found in the libproxy-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4504 openSUSE Leap 42.3 These are all security issues found in the libpulse-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3970 openSUSE Leap 42.3 These are all security issues found in the libpurple Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2694 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2010-0013 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-1624 CVE-2010-2528 CVE-2010-3711 CVE-2011-1091 CVE-2011-3594 CVE-2012-2214 CVE-2012-3374 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2014-0020 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 CVE-2017-2640 openSUSE Leap 42.3 These are all security issues found in the libpython2_7-1_0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.3 These are all security issues found in the libpython3_4m1_0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.3 These are all security issues found in the libqt4-32bit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 openSUSE Leap 42.3 These are all security issues found in the libquicktime0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-2399 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 openSUSE Leap 42.3 These are all security issues found in the libraptor2-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-0037 openSUSE Leap 42.3 These are all security issues found in the libraw-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2126 CVE-2013-2127 CVE-2015-8367 CVE-2017-6886 CVE-2017-6887 CVE-2017-6890 CVE-2017-6899 openSUSE Leap 42.3 These are all security issues found in the libreoffice Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2935 CVE-2010-2936 CVE-2014-0247 CVE-2014-3524 CVE-2014-3575 CVE-2014-3693 CVE-2014-8146 CVE-2014-8147 CVE-2014-9093 CVE-2015-4551 CVE-2015-45513 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2016-0794 CVE-2016-0795 CVE-2016-10327 CVE-2016-4324 CVE-2017-3157 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 openSUSE Leap 42.3 These are all security issues found in the librsync2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8242 openSUSE Leap 42.3 These are all security issues found in the libruby2_1-2_1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3566 CVE-2014-4975 CVE-2014-8080 CVE-2014-8090 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 openSUSE Leap 42.3 These are all security issues found in the libserf-1-1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3504 openSUSE Leap 42.3 These are all security issues found in the libsmi Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2891 openSUSE Leap 42.3 These are all security issues found in the libsndfile-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0186 CVE-2011-2696 CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 openSUSE Leap 42.3 These are all security issues found in the libsnmp30-32bit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-3565 CVE-2015-5621 openSUSE Leap 42.3 These are all security issues found in the libsoup-2_4-1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2054 openSUSE Leap 42.3 These are all security issues found in the libspice-client-glib-2_0-8 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4425 openSUSE Leap 42.3 These are all security issues found in the libspice-server1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 CVE-2016-9577 CVE-2016-9578 openSUSE Leap 42.3 These are all security issues found in the libsqlite3-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-6153 openSUSE Leap 42.3 These are all security issues found in the libsrtp1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2139 CVE-2015-6360 openSUSE Leap 42.3 These are all security issues found in the libssh-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2013-0176 CVE-2014-0017 CVE-2014-8132 CVE-2015-3146 CVE-2016-0739 openSUSE Leap 42.3 These are all security issues found in the libssh2-1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-1782 CVE-2016-0787 openSUSE Leap 42.3 These are all security issues found in the libsss_idmap0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 openSUSE Leap 42.3 These are all security issues found in the libsvn_auth_gnome_keyring-1-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2411 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 CVE-2011-0715 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 CVE-2013-4131 CVE-2013-4246 CVE-2013-4262 CVE-2013-4277 CVE-2013-4505 CVE-2013-4558 CVE-2014-0032 CVE-2014-3522 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108 CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 CVE-2015-5259 CVE-2015-5343 CVE-2016-2167 CVE-2016-2168 CVE-2016-8734 openSUSE Leap 42.3 These are all security issues found in the libsystemd0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-1174 CVE-2013-4288 CVE-2016-10156 CVE-2016-7795 CVE-2017-9217 openSUSE Leap 42.3 These are all security issues found in the libtag-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2396 openSUSE Leap 42.3 These are all security issues found in the libtasn1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 CVE-2015-3622 CVE-2016-4008 openSUSE Leap 42.3 These are all security issues found in the libtcnative-1-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-4000 openSUSE Leap 42.3 These are all security issues found in the libthai-data Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-4012 openSUSE Leap 42.3 These are all security issues found in the libthunarx-2-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1588 openSUSE Leap 42.3 These are all security issues found in the libtidy-0_99-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-5522 CVE-2015-5523 openSUSE Leap 42.3 These are all security issues found in the libtiff-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-2285 CVE-2009-2347 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 CVE-2016-3186 CVE-2016-3622 CVE-2016-3623 CVE-2016-3658 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 CVE-2017-5225 openSUSE Leap 42.3 These are all security issues found in the libtirpc-netconfig Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-8779 openSUSE Leap 42.3 These are all security issues found in the libudisks2-0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0004 openSUSE Leap 42.3 These are all security issues found in the libupsclient1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2944 openSUSE Leap 42.3 These are all security issues found in the libusbmuxd-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-5104 openSUSE Leap 42.3 These are all security issues found in the libvdpau1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 openSUSE Leap 42.3 These are all security issues found in the libvirglrenderer0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-10163 CVE-2016-10214 CVE-2017-5580 CVE-2017-5937 CVE-2017-5956 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6209 CVE-2017-6210 CVE-2017-6317 CVE-2017-6355 CVE-2017-6386 openSUSE Leap 42.3 These are all security issues found in the libvirt Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6456 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8131 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 CVE-2017-2635 openSUSE Leap 42.3 These are all security issues found in the libvmtools0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-5191 openSUSE Leap 42.3 These are all security issues found in the libvorbis-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 openSUSE Leap 42.3 These are all security issues found in the libvte9 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2738 openSUSE Leap 42.3 These are all security issues found in the libwmf-0_2-7 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696 openSUSE Leap 42.3 These are all security issues found in the libxcb-composite0 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-2064 openSUSE Leap 42.3 These are all security issues found in the libxerces-c-3_1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1885 CVE-2015-0252 CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 openSUSE Leap 42.3 These are all security issues found in the libxml2-2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-4658 CVE-2016-9318 CVE-2016-9597 CVE-2017-0663 CVE-2017-5969 CVE-2017-7375 CVE-2017-7376 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 openSUSE Leap 42.3 These are all security issues found in the libxslt-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 openSUSE Leap 42.3 These are all security issues found in the libyaml-0-2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 openSUSE Leap 42.3 These are all security issues found in the libz1 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-9843 openSUSE Leap 42.3 These are all security issues found in the libzip-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2015-2331 openSUSE Leap 42.3 These are all security issues found in the links Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4929 openSUSE Leap 42.3 These are all security issues found in the logrotate Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 openSUSE Leap 42.3 These are all security issues found in the lynx Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2006-7234 CVE-2008-4690 CVE-2012-4929 CVE-2016-9179 openSUSE Leap 42.3 These are all security issues found in the mailman Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-0707 CVE-2015-2775 CVE-2016-6893 openSUSE Leap 42.3 These are all security issues found in the mailx Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2004-2771 CVE-2014-7844 openSUSE Leap 42.3 These are all security issues found in the mercurial Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-7545 CVE-2016-3068 CVE-2016-3069 CVE-2016-3105 CVE-2016-3630 openSUSE Leap 42.3 These are all security issues found in the monitoring-tools Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-6096 CVE-2013-7107 CVE-2013-7108 CVE-2014-2386 CVE-2015-8010 CVE-2016-9566 openSUSE Leap 42.3 These are all security issues found in the mosh Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2385 openSUSE Leap 42.3 These are all security issues found in the mozilla-nspr Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-1545 CVE-2015-7183 openSUSE Leap 42.3 These are all security issues found in the mutt Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0467 CVE-2014-9116 openSUSE Leap 42.3 These are all security issues found in the mysql-connector-java Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-2575 openSUSE Leap 42.3 These are all security issues found in the nagios Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1523 CVE-2013-2214 openSUSE Leap 42.3 These are all security issues found in the nano Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-1160 CVE-2010-1161 openSUSE Leap 42.3 These are all security issues found in the nbd Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-0847 openSUSE Leap 42.3 These are all security issues found in the ntp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-0159 CVE-2009-1252 CVE-2013-5211 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9042 CVE-2016-9310 CVE-2016-9311 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 openSUSE Leap 42.3 These are all security issues found in the obs-service-set_version Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0593 openSUSE Leap 42.3 These are all security issues found in the ocaml Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-8869 openSUSE Leap 42.3 These are all security issues found in the openconnect Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-3291 CVE-2012-6128 CVE-2013-7098 openSUSE Leap 42.3 These are all security issues found in the openslp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-3609 CVE-2016-4912 CVE-2016-6354 CVE-2016-7567 openSUSE Leap 42.3 These are all security issues found in the openssh Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-8325 CVE-2016-0777 CVE-2016-0778 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 CVE-2016-8858 openSUSE Leap 42.3 These are all security issues found in the openvpn Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8104 CVE-2016-6329 CVE-2017-7478 CVE-2017-7479 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 openSUSE Leap 42.3 These are all security issues found in the opie Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2489 CVE-2011-2490 openSUSE Leap 42.3 These are all security issues found in the optipng Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-2191 openSUSE Leap 42.3 These are all security issues found in the osc Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-1095 CVE-2015-0778 openSUSE Leap 42.3 These are all security issues found in the p7zip Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-1038 CVE-2016-2335 openSUSE Leap 42.3 These are all security issues found in the pam Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 CVE-2015-3238 openSUSE Leap 42.3 These are all security issues found in the pam-modules Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3172 openSUSE Leap 42.3 These are all security issues found in the pam_krb5 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-3825 CVE-2009-1384 openSUSE Leap 42.3 These are all security issues found in the pam_ssh Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1273 openSUSE Leap 42.3 These are all security issues found in the patch Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-4651 CVE-2015-1196 CVE-2015-1395 CVE-2015-1396 openSUSE Leap 42.3 These are all security issues found in the perl-32bit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 openSUSE Leap 42.3 These are all security issues found in the perl-Capture-Tiny Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-1875 openSUSE Leap 42.3 These are all security issues found in the perl-Config-IniFiles Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2451 openSUSE Leap 42.3 These are all security issues found in the perl-DBD-mysql Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-1246 CVE-2016-1249 CVE-2016-1251 openSUSE Leap 42.3 These are all security issues found in the perl-HTML-Parser Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-3627 openSUSE Leap 42.3 These are all security issues found in the perl-LWP-Protocol-https Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3230 openSUSE Leap 42.3 These are all security issues found in the perl-XML-LibXML Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-3451 openSUSE Leap 42.3 These are all security issues found in the perl-YAML-LibYAML Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-1152 CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 openSUSE Leap 42.3 These are all security issues found in the pigz Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-1191 openSUSE Leap 42.3 These are all security issues found in the pitivi Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-0855 openSUSE Leap 42.3 These are all security issues found in the plasma5-desktop Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8651 openSUSE Leap 42.3 These are all security issues found in the postgresql93-docs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-5423 CVE-2016-5424 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 openSUSE Leap 42.3 These are all security issues found in the postgresql94-docs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-5423 CVE-2016-5424 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 openSUSE Leap 42.3 These are all security issues found in the postgresql95-docs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-2193 CVE-2016-3065 CVE-2016-5423 CVE-2016-5424 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 openSUSE Leap 42.3 These are all security issues found in the ppp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3158 CVE-2015-3310 openSUSE Leap 42.3 These are all security issues found in the privoxy Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-1030 CVE-2015-1031 CVE-2015-1201 CVE-2015-1380 CVE-2015-1381 CVE-2015-1382 CVE-2016-1982 CVE-2016-1983 openSUSE Leap 42.3 These are all security issues found in the procmail Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3618 openSUSE Leap 42.3 These are all security issues found in the pwgen Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4440 CVE-2013-4442 openSUSE Leap 42.3 These are all security issues found in the python Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4238 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.3 These are all security issues found in the python-Pillow Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3589 CVE-2014-3598 CVE-2016-0740 CVE-2016-0775 openSUSE Leap 42.3 These are all security issues found in the python-doc Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-0772 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.3 These are all security issues found in the python-libxml2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2012-5134 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 openSUSE Leap 42.3 These are all security issues found in the python-pyOpenSSL Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4314 openSUSE Leap 42.3 These are all security issues found in the python-pycrypto Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2417 CVE-2013-1445 CVE-2013-7459 openSUSE Leap 42.3 These are all security issues found in the python-requests Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-1829 CVE-2014-1830 CVE-2015-2296 openSUSE Leap 42.3 These are all security issues found in the python3 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4238 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.3 These are all security issues found in the python3-cupshelpers Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-4405 openSUSE Leap 42.3 These are all security issues found in the python3-doc Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 openSUSE Leap 42.3 These are all security issues found in the python3-pip Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-5123 CVE-2014-8991 CVE-2015-2296 openSUSE Leap 42.3 These are all security issues found in the python3-pycrypto Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2417 CVE-2013-1445 openSUSE Leap 42.3 These are all security issues found in the python3-requests Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-1829 CVE-2014-1830 openSUSE Leap 42.3 These are all security issues found in the qemu Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10028 CVE-2016-10155 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4964 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7422 CVE-2016-7423 CVE-2016-7466 CVE-2016-7907 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8668 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 CVE-2016-9381 CVE-2016-9602 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 CVE-2016-9923 CVE-2017-2615 CVE-2017-2620 CVE-2017-2630 CVE-2017-2633 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5579 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 CVE-2017-5931 CVE-2017-5973 CVE-2017-5987 CVE-2017-6058 CVE-2017-6505 CVE-2017-7471 CVE-2017-7493 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9503 CVE-2017-9524 openSUSE Leap 42.3 These are all security issues found in the qemu-linux-user Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952 CVE-2016-4964 CVE-2016-6490 CVE-2016-6833 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7161 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 openSUSE Leap 42.3 These are all security issues found in the radvd Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3602 openSUSE Leap 42.3 These are all security issues found in the rpcbind Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-7236 CVE-2017-8779 openSUSE Leap 42.3 These are all security issues found in the rpm-32bit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-6435 CVE-2014-8118 openSUSE Leap 42.3 These are all security issues found in the rsync Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1097 CVE-2014-2855 CVE-2014-8242 CVE-2014-9512 openSUSE Leap 42.3 These are all security issues found in the rsyslog Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3200 CVE-2013-4758 CVE-2013-6370 CVE-2013-6371 CVE-2014-3634 CVE-2014-3683 openSUSE Leap 42.3 These are all security issues found in the rtkit Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4326 openSUSE Leap 42.3 These are all security issues found in the ruby Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-4492 CVE-2010-0541 CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 openSUSE Leap 42.3 These are all security issues found in the rxvt-unicode Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-1142 CVE-2014-3121 CVE-2017-7483 openSUSE Leap 42.3 These are all security issues found in the rzip Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2017-8364 openSUSE Leap 42.3 These are all security issues found in the sblim-sfcb Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-5185 openSUSE Leap 42.3 These are all security issues found in the sddm Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-7271 CVE-2014-7272 CVE-2015-0856 openSUSE Leap 42.3 These are all security issues found in the shim Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 openSUSE Leap 42.3 These are all security issues found in the slrn Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3566 openSUSE Leap 42.3 These are all security issues found in the squashfs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-4024 CVE-2012-4025 openSUSE Leap 42.3 These are all security issues found in the squid Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-5643 CVE-2014-7141 CVE-2014-7142 CVE-2014-9749 CVE-2015-5400 CVE-2016-10002 CVE-2016-10003 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 openSUSE Leap 42.3 These are all security issues found in the squidGuard Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-3700 CVE-2009-3826 CVE-2015-8936 openSUSE Leap 42.3 These are all security issues found in the sudo Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2014-9680 CVE-2016-7032 CVE-2016-7076 CVE-2017-1000367 CVE-2017-1000368 openSUSE Leap 42.3 These are all security issues found in the sysconfig Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-4182 openSUSE Leap 42.3 These are all security issues found in the sysvinit-tools Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2483 openSUSE Leap 42.3 These are all security issues found in the tar Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-0624 CVE-2016-6321 openSUSE Leap 42.3 These are all security issues found in the tcpdump Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3138 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 openSUSE Leap 42.3 These are all security issues found in the telepathy-gabble Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1000 CVE-2013-1431 openSUSE Leap 42.3 These are all security issues found in the telepathy-idle Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2007-6746 openSUSE Leap 42.3 These are all security issues found in the tftp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2199 openSUSE Leap 42.3 These are all security issues found in the tnftp Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8517 openSUSE Leap 42.3 These are all security issues found in the tomcat Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-1976 CVE-2014-0050 CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0762 CVE-2016-0763 CVE-2016-3092 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 openSUSE Leap 42.3 These are all security issues found in the transmission-common Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-4909 openSUSE Leap 42.3 These are all security issues found in the unixODBC Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1145 openSUSE Leap 42.3 These are all security issues found in the unzip Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 openSUSE Leap 42.3 These are all security issues found in the update-alternatives Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-0840 openSUSE Leap 42.3 These are all security issues found in the viewvc Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-3356 CVE-2012-3357 CVE-2017-5938 openSUSE Leap 42.3 These are all security issues found in the vino Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 openSUSE Leap 42.3 These are all security issues found in the virtualbox-guest-kmp-default Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0224 CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0377 CVE-2015-0418 CVE-2015-0427 CVE-2015-3456 CVE-2015-4813 CVE-2015-4896 CVE-2016-0678 CVE-2016-5501 CVE-2016-5538 CVE-2016-5545 CVE-2016-5605 CVE-2016-5608 CVE-2016-5610 CVE-2016-5611 CVE-2016-561313 CVE-2017-3290 CVE-2017-3316 CVE-2017-3332 CVE-2017-3513 CVE-2017-3538 CVE-2017-3558 CVE-2017-3559 CVE-2017-3561 CVE-2017-3563 CVE-2017-3575 CVE-2017-3576 CVE-2017-3587 openSUSE Leap 42.3 These are all security issues found in the vorbis-tools Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2008-1686 CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 openSUSE Leap 42.3 These are all security issues found in the vsftpd Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-1419 openSUSE Leap 42.3 These are all security issues found in the w3m Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2074 CVE-2012-4929 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 openSUSE Leap 42.3 These are all security issues found in the wget Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2252 CVE-2012-4929 CVE-2014-4877 CVE-2015-2059 CVE-2016-4971 CVE-2016-7098 CVE-2017-6508 openSUSE Leap 42.3 These are all security issues found in the wireshark Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2014-6423 CVE-2014-6424 CVE-2014-6425 CVE-2014-6426 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2187 CVE-2015-2188 CVE-2015-2189 CVE-2015-2190 CVE-2015-2191 CVE-2015-2192 CVE-2015-3808 CVE-2015-3809 CVE-2015-3810 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-3815 CVE-2015-4651 CVE-2015-4652 CVE-2015-6241 CVE-2015-6242 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6247 CVE-2015-6248 CVE-2015-6249 CVE-2015-7830 CVE-2015-8711 CVE-2015-8718 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2015-8734 CVE-2015-8735 CVE-2015-8736 CVE-2015-8737 CVE-2015-8738 CVE-2015-8739 CVE-2015-8740 CVE-2015-8741 CVE-2015-8742 CVE-2016-2522 CVE-2016-2523 CVE-2016-2524 CVE-2016-2525 CVE-2016-2526 CVE-2016-2527 CVE-2016-2528 CVE-2016-2529 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-6505 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 CVE-2016-6512 CVE-2016-6513 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9372 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-5596 CVE-2017-5597 CVE-2017-6467 CVE-2017-6468 CVE-2017-6469 CVE-2017-6470 CVE-2017-6471 CVE-2017-6472 CVE-2017-6473 CVE-2017-6474 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 openSUSE Leap 42.3 These are all security issues found in the wpa_supplicant Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-3686 CVE-2015-0210 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-5130 CVE-2015-5310 CVE-2015-8041 openSUSE Leap 42.3 These are all security issues found in the xalan-j2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-0107 openSUSE Leap 42.3 These are all security issues found in the xen Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-0222 CVE-2014-3124 CVE-2014-3640 CVE-2014-3672 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-7815 CVE-2015-1779 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-6855 CVE-2015-7311 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8615 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4439 CVE-2016-4441 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2016-9921 CVE-2016-9922 CVE-2016-9932 CVE-2017-2615 CVE-2017-2620 CVE-2017-6505 CVE-2017-8309 CVE-2017-9330 openSUSE Leap 42.3 These are all security issues found in the xf86-video-intel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2014-4910 openSUSE Leap 42.3 These are all security issues found in the xfsprogs Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-2150 openSUSE Leap 42.3 These are all security issues found in the xinetd Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2012-0862 CVE-2013-4342 openSUSE Leap 42.3 These are all security issues found in the xlockmore Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2013-4143 openSUSE Leap 42.3 These are all security issues found in the xorg-x11 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-0465 openSUSE Leap 42.3 These are all security issues found in the xorg-x11-devel Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2895 openSUSE Leap 42.3 These are all security issues found in the xorg-x11-server Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2010-2240 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2015-3164 CVE-2017-10971 CVE-2017-10972 CVE-2017-2624 openSUSE Leap 42.3 These are all security issues found in the xscreensaver Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2015-8025 openSUSE Leap 42.3 These are all security issues found in the yast2 Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-3177 openSUSE Leap 42.3 These are all security issues found in the yast2-core Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2011-2483 CVE-2011-3177 openSUSE Leap 42.3 These are all security issues found in the yast2-users Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2016-1601 openSUSE Leap 42.3 These are all security issues found in the zoo Package on the GA media of openSUSE Leap 42.3. Moderate CVE-2006-0855 CVE-2007-1669 openSUSE Leap 42.3 The Software Update Stack was updated to receive fixes and enhancements. libzypp: - Adapt to work with GnuPG 2.1.23. (bsc#1054088) - Support signing with subkeys. (bsc#1008325) - Enhance sort order for media.1/products. (bsc#1054671) zypper: - Also show a gpg key's subkeys. (bsc#1008325) - Improve signature check callback messages. (bsc#1045735) - Add options to tune the GPG check settings. (bsc#1045735) - Adapt download callback to report and handle unsigned packages. (bsc#1038984, CVE-2017-7436) - Report missing/optional files as 'not found' rather than 'error'. (bsc#1047785) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1008325 SUSE bug 1038984 SUSE bug 1045735 SUSE bug 1047785 SUSE bug 1054088 SUSE bug 1054671 SUSE bug 1055920 CVE-2017-7436 openSUSE Leap 42.3 This update for php5 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP interpreter. (bsc#1048097) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting could lead to heap overflow (bsc#986386) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() in Zend/zend_ini_parser.c (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047454 SUSE bug 1048094 SUSE bug 1048096 SUSE bug 1048097 SUSE bug 1048111 SUSE bug 1048112 SUSE bug 1050241 SUSE bug 1050726 SUSE bug 986386 CVE-2016-10397 CVE-2016-5766 CVE-2017-11143 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-7890 openSUSE Leap 42.3 icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 929629 CVE-2014-8146 CVE-2014-8147 openSUSE Leap 42.3 This update for salt fixes the following issues: - Update to 2017.7.1 See https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html for full changelog - CVE-2017-12791: crafted minion ID could lead directory traversal on the Salt-master (boo#1053955) - Run fdupes over all of /usr because it still warns about duplicate files. Remove ancient suse_version > 1020 conditional. - Replace unnecessary %__ indirections. Use grep -q in favor of >/dev/null. - Avoid bashisms in %pre. - Update to 2017.7.0 See https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html for full changelog - fix ownership for whole master cache directory (boo#1035914) - fix setting the language on SUSE systems (boo#1038855) - wrong os_family grains on SUSE - fix unittests (boo#1038855) - speed-up cherrypy by removing sleep call - Disable 3rd party runtime packages to be explicitly recommended. (boo#1040886) - fix format error (boo#1043111) - Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Add procps as dependency. - Bugfix: jobs scheduled to run at a future time stay pending for Salt minions (boo#1036125) Moderate SUSE bug 1035914 SUSE bug 1036125 SUSE bug 1038855 SUSE bug 1040886 SUSE bug 1043111 SUSE bug 1053955 CVE-2017-12791 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). The following non-security bugs were fixed: - acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller (bsc#1049291). - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291). - acpi: APEI: Enable APEI multiple GHES source to share a single external IRQ (bsc#1053627). - acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627). - acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629). - acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes). - Add "shutdown" to "struct class" (bsc#1053117). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda - Workaround for i915 KBL breakage (bsc#1048356,bsc#1047989,bsc#1055272). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - arm64: do not trace atomic operations (bsc#1055290). - block: add kblock_mod_delayed_work_on() (bsc#1050211). - block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet time (bsc#1050211). - block: provide bio_uninit() free freeing integrity/task associations (bsc#1050211). - block: return on congested block device (FATE#321994). - bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784). - bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784). - bnxt_en: Add a callback to inform RDMA driver during PCI shutdown (bsc#1053309). - bnxt_en: Add additional chip ID definitions (bsc#1053309). - bnxt_en: Add bnxt_get_num_stats() to centrally get the number of ethtool stats (bsc#1053309). - bnxt_en: Add missing logic to handle TPA end error conditions (bsc#1053309). - bnxt_en: Add PCI IDs for BCM57454 VF devices (bsc#1053309). - bnxt_en: Allow the user to set ethtool stats-block-usecs to 0 (bsc#1053309). - bnxt_en: Call bnxt_dcb_init() after getting firmware DCBX configuration (bsc#1053309). - bnxt_en: Check status of firmware DCBX agent before setting DCB_CAP_DCBX_HOST (bsc#1053309). - bnxt_en: Fix bug in ethtool -L (bsc#1053309). - bnxt_en: Fix netpoll handling (bsc#1053309). - bnxt_en: Fix race conditions in .ndo_get_stats64() (bsc#1053309). - bnxt_en: Fix SRIOV on big-endian architecture (bsc#1053309). - bnxt_en: Fix xmit_more with BQL (bsc#1053309). - bnxt_en: Implement ndo_bridge_{get|set}link methods (bsc#1053309). - bnxt_en: Implement xmit_more (bsc#1053309). - bnxt_en: Optimize doorbell write operations for newer chips (bsc#1053309). - bnxt_en: Pass in sh parameter to bnxt_set_dflt_rings() (bsc#1053309). - bnxt_en: Report firmware DCBX agent (bsc#1053309). - bnxt_en: Retrieve the hardware bridge mode from the firmware (bsc#1053309). - bnxt_en: Set ETS min_bw parameter for older firmware (bsc#1053309). - bnxt_en: Support for Short Firmware Message (bsc#1053309). - bnxt_en: Update firmware interface spec to 1.8.0 (bsc#1053309). - bnxt: fix unsigned comparsion with 0 (bsc#1053309). - bnxt: fix unused variable warnings (bsc#1053309). - btrfs: fix early ENOSPC due to delalloc (bsc#1049226). - btrfs: nowait aio: Correct assignment of pos (FATE#321994). - btrfs: nowait aio support (FATE#321994). - ceph: avoid accessing freeing inode in ceph_check_delayed_caps() (bsc#1048228). - ceph: avoid invalid memory dereference in the middle of umount (bsc#1048228). - ceph: cleanup writepage_nounlock() (bsc#1048228). - ceph: do not re-send interrupted flock request (bsc#1048228). - ceph: getattr before read on ceph.* xattrs (bsc#1048228). - ceph: handle epoch barriers in cap messages (bsc#1048228). - ceph: new mount option that specifies fscache uniquifier (bsc#1048228). - ceph: redirty page when writepage_nounlock() skips unwritable page (bsc#1048228). - ceph: remove special ack vs commit behavior (bsc#1048228). - ceph: remove useless page->mapping check in writepage_nounlock() (bsc#1048228). - ceph: re-request max size after importing caps (bsc#1048228). - ceph: update ceph_dentry_info::lease_session when necessary (bsc#1048228). - ceph: update the 'approaching max_size' code (bsc#1048228). - ceph: when seeing write errors on an inode, switch to sync writes (bsc#1048228). - cifs: Fix maximum SMB2 header size (bsc#1056185). - clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization (bsc#1055709). - crush: assume weight_set != null imples weight_set_size > 0 (bsc#1048228). - crush: crush_init_workspace starts with struct crush_work (bsc#1048228). - crush: implement weight and id overrides for straw2 (bsc#1048228). - crush: remove an obsolete comment (bsc#1048228). - crypto: chcr - Add ctr mode and process large sg entries for cipher (bsc#1048325). - crypto: chcr - Avoid changing request structure (bsc#1048325). - crypto: chcr - Ensure Destination sg entry size less than 2k (bsc#1048325). - crypto: chcr - Fix fallback key setting (bsc#1048325). - crypto: chcr - Pass lcb bit setting to firmware (bsc#1048325). - crypto: chcr - Return correct error code (bsc#1048325). - cxgb4: update latest firmware version supported (bsc#1048327). - cxgbit: add missing __kfree_skb() (bsc#1052095). - cxgbit: fix sg_nents calculation (bsc#1052095). - Disable patch 0017-nvmet_fc-Simplify-sg-list-handling.patch (bsc#1052384) - dm: make flush bios explicitly sync (bsc#1050211). - dm mpath: do not lock up a CPU with requeuing activity (bsc#1048912). - drivers: net: xgene: Fix wrong logical operation (bsc#1056827). - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155). - ext4: nowait aio support (FATE#321994). - fs: Introduce filemap_range_has_page() (FATE#321994). - fs: Introduce RWF_NOWAIT and FMODE_AIO_NOWAIT (FATE#321994). - fs: pass on flags in compat_writev (bsc#1050211). - fs: return if direct I/O will trigger writeback (FATE#321994). - fs: Separate out kiocb flags setup based on RWF_* flags (FATE#321994). - fs: Use RWF_* flags for AIO operations (FATE#321994). - fuse: initialize the flock flag in fuse_file on allocation (git-fixes). - i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller (bsc#1049291). - i2c: designware: Convert to use unified device property API (bsc#1049291). - i2c: xgene: Set ACPI_COMPANION_I2C (bsc#1053633). - i2c: xgene-slimpro: Add ACPI support by using PCC mailbox (bsc#1053633). - i2c: xgene-slimpro: include linux/io.h for memremap (bsc#1053633). - i2c: xgene-slimpro: Use a single function to send command message (bsc#1053633). - i40e/i40evf: fix out-of-bounds read of cpumask (bsc#1053685). - ib/iser: Fix connection teardown race condition (bsc#1050211). - iscsi-target: fix invalid flags in text response (bsc#1052095). - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717). - kabi: arm64: compatibility workaround for lse atomics (bsc#1055290). - kABI: protect enum pid_type (kabi). - kABI: protect struct iscsi_np (kabi). - kABI: protect struct se_lun (kabi). - kabi/severities: add fs/ceph to kabi severities (bsc#1048228). - kabi/severities: Ignore drivers/scsi/cxgbi (bsc#1052094) - kabi/severities: Ignore kABI changes due to last patchset (bnc#1053472) - kABI: uninline task_tgid_nr_nr (kabi). - kvm: arm64: Restore host physical timer access on hyp_panic() (bsc#1054082). - kvm: arm/arm64: Fix bug in advertising KVM_CAP_MSI_DEVID capability (bsc#1054082). - kvm, pkeys: do not use PKRU value in vcpu->arch.guest_fpu.state (bsc#1055935). - kvm: x86: block guest protection keys unless the host has them enabled (bsc#1055935). - kvm: x86: kABI workaround for PKRU fixes (bsc#1055935). - kvm: x86: simplify handling of PKRU (bsc#1055935). - libceph: abort already submitted but abortable requests when map or pool goes full (bsc#1048228). - libceph: add an epoch_barrier field to struct ceph_osd_client (bsc#1048228). - libceph: advertise support for NEW_OSDOP_ENCODING and SERVER_LUMINOUS (bsc#1048228). - libceph: advertise support for OSD_POOLRESEND (bsc#1048228). - libceph: allow requests to return immediately on full conditions if caller wishes (bsc#1048228). - libceph: always populate t->target_{oid,oloc} in calc_target() (bsc#1048228). - libceph: always signal completion when done (bsc#1048228). - libceph: apply_upmap() (bsc#1048228). - libceph: avoid unnecessary pi lookups in calc_target() (bsc#1048228). - libceph: ceph_connection_operations::reencode_message() method (bsc#1048228). - libceph: ceph_decode_skip_* helpers (bsc#1048228). - libceph: compute actual pgid in ceph_pg_to_up_acting_osds() (bsc#1048228). - libceph, crush: per-pool crush_choose_arg_map for crush_do_rule() (bsc#1048228). - libceph: delete from need_resend_linger before check_linger_pool_dne() (bsc#1048228). - libceph: do not call encode_request_finish() on MOSDBackoff messages (bsc#1048228). - libceph: do not call ->reencode_message() more than once per message (bsc#1048228). - libceph: do not pass pgid by value (bsc#1048228). - libceph: drop need_resend from calc_target() (bsc#1048228). - libceph: encode_{pgid,oloc}() helpers (bsc#1048228). - libceph: fallback for when there isn't a pool-specific choose_arg (bsc#1048228). - libceph: fix old style declaration warnings (bsc#1048228). - libceph: foldreq->last_force_resend into ceph_osd_request_target (bsc#1048228). - libceph: get rid of ack vs commit (bsc#1048228). - libceph: handle non-empty dest in ceph_{oloc,oid}_copy() (bsc#1048228). - libceph: initialize last_linger_id with a large integer (bsc#1048228). - libceph: introduce and switch to decode_pg_mapping() (bsc#1048228). - libceph: introduce ceph_spg, ceph_pg_to_primary_shard() (bsc#1048228). - libceph: kill __{insert,lookup,remove}_pg_mapping() (bsc#1048228). - libceph: make DEFINE_RB_* helpers more general (bsc#1048228). - libceph: make encode_request_*() work with r_mempool requests (bsc#1048228). - libceph: make RECOVERY_DELETES feature create a new interval (bsc#1048228). - libceph: make sure need_resend targets reflect latest map (bsc#1048228). - libceph: MOSDOp v8 encoding (actual spgid + full hash) (bsc#1048228). - libceph: new features macros (bsc#1048228). - libceph: new pi->last_force_request_resend (bsc#1048228). - libceph: NULL deref on osdmap_apply_incremental() error path (bsc#1048228). - libceph: osd_request_timeout option (bsc#1048228). - libceph: osd_state is 32 bits wide in luminous (bsc#1048228). - libceph: pg_upmap[_items] infrastructure (bsc#1048228). - libceph: pool deletion detection (bsc#1048228). - libceph: potential NULL dereference in ceph_msg_data_create() (bsc#1048228). - libceph: remove ceph_sanitize_features() workaround (bsc#1048228). - libceph: remove now unused finish_request() wrapper (bsc#1048228). - libceph: remove req->r_replay_version (bsc#1048228). - libceph: resend on PG splits if OSD has RESEND_ON_SPLIT (bsc#1048228). - libceph: respect RADOS_BACKOFF backoffs (bsc#1048228). - libceph: set -EINVAL in one place in crush_decode() (bsc#1048228). - libceph: support SERVER_JEWEL feature bits (bsc#1048228). - libceph: take osdc->lock in osdmap_show() and dump flags in hex (bsc#1048228). - libceph: upmap semantic changes (bsc#1048228). - libceph: use alloc_pg_mapping() in __decode_pg_upmap_items() (bsc#1048228). - libceph: use target pi for calc_target() calculations (bsc#1048228). - lib: test_rhashtable: fix for large entry counts (bsc#1055359). - lib: test_rhashtable: Fix KASAN warning (bsc#1055359). - locking/rwsem: Fix down_write_killable() for CONFIG_RWSEM_GENERIC_SPINLOCK=y (bsc#969756). - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common() (bsc#969756). - lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384). - lpfc: convert info messages to standard messages (bsc#1052384). - lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384). - lpfc: Correct return error codes to align with nvme_fc transport (bsc#1052384). - lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384). - lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384). - lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384). - lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology (bsc#1052384). - lpfc: fix "integer constant too large" error on 32bit archs (bsc#1052384). - lpfc: Fix loop mode target discovery (bsc#1052384). - lpfc: Fix MRQ > 1 context list handling (bsc#1052384). - lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384). - lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384). - lpfc: Fix oops when NVME Target is discovered in a nonNVME environment (bsc#1052384). - lpfc: Fix plogi collision that causes illegal state transition (bsc#1052384). - lpfc: Fix rediscovery on switch blade pull (bsc#1052384). - lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384). - lpfc: fixup crash during storage failover operations (bsc#1042847). - lpfc: Limit amount of work processed in IRQ (bsc#1052384). - lpfc: lpfc version bump 11.4.0.3 (bsc#1052384). - lpfc: remove console log clutter (bsc#1052384). - lpfc: support nvmet_fc defer_rcv callback (bsc#1052384). - megaraid_sas: Fix probing cards without io port (bsc#1053681). - mmc: mmc: correct the logic for setting HS400ES signal voltage (bsc#1054082). - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes). - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850). - net: ethernet: hip04: Call SET_NETDEV_DEV() (bsc#1049336). - netfilter: fix IS_ERR_VALUE usage (bsc#1052888). - netfilter: x_tables: pack percpu counter allocations (bsc#1052888). - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888). - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888). - net: hns: add acpi function of xge led control (bsc#1049336). - net: hns: Fix a skb used after free bug (bsc#1049336). - net/mlx5: Cancel delayed recovery work when unloading the driver (bsc#1015342). - net/mlx5: Clean SRIOV eswitch resources upon VF creation failure (bsc#1015342). - net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342). - net/mlx5e: Add field select to MTPPS register (bsc#1015342). - net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342). - net/mlx5e: Change 1PPS out scheme (bsc#1015342). - net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342). - net/mlx5e: Fix outer_header_zero() check size (bsc#1015342). - net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342). - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff (bsc#1015342). - net/mlx5e: Rename physical symbol errors counter (bsc#1015342). - net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests (bsc#1015342). - net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342). - net/mlx5: Fix offset of hca cap reserved field (bsc#1015342). - net: phy: Fix lack of reference count on PHY driver (bsc#1049336). - net: phy: Fix PHY module checks and NULL deref in phy_attach_direct() (bsc#1049336). - nvme-fc: address target disconnect race conditions in fcp io submit (bsc#1052384). - nvme-fc: do not override opts->nr_io_queues (bsc#1052384). - nvme-fc: kABI fix for defer_rcv() callback (bsc#1052384). - nvme_fc/nvmet_fc: revise Create Association descriptor length (bsc#1052384). - nvme_fc: Reattach to localports on re-registration (bsc#1052384). - nvme-fc: revise TRADDR parsing (bsc#1052384). - nvme-fc: update tagset nr_hw_queues after queues reinit (bsc#1052384). - nvme-fc: use blk_mq_delay_run_hw_queue instead of open-coding it (bsc#1052384). - nvme: fix hostid parsing (bsc#1049272). - nvme-loop: update tagset nr_hw_queues after reconnecting/resetting (bsc#1052384). - nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211). - nvme-rdma: update tagset nr_hw_queues after reconnecting/resetting (bsc#1052384). - nvmet: avoid unneeded assignment of submit_bio return value (bsc#1052384). - nvmet_fc: Accept variable pad lengths on Create Association LS (bsc#1052384). - nvmet_fc: add defer_req callback for deferment of cmd buffer return (bsc#1052384). - nvmet-fc: correct use after free on list teardown (bsc#1052384). - nvmet-fc: eliminate incorrect static markers on local variables (bsc#1052384). - nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association (bsc#1052384). - nvmet_fc: Simplify sg list handling (bsc#1052384). - nvmet: prefix version configfs file with attr (bsc#1052384). - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() (bsc#1056827). - ovl: fix dentry leak for default_permissions (bsc#1054084). - pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211). - pci/MSI: Ignore affinity if pre/post vector count is more than min_vecs (1050211). - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096). - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096). - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096). - percpu_ref: restructure operation mode switching (bsc#1055096). - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096). - phy: Do not increment MDIO bus refcount unless it's a different owner (bsc#1049336). - phy: fix error case of phy_led_triggers_(un)register (bsc#1049336). - qeth: add network device features for VLAN devices (bnc#1053472, LTC#157385). - r8169: Add support for restarting auto-negotiation (bsc#1050742). - r8169:Correct the way of setting RTL8168DP ephy (bsc#1050742). - r8169:fix system hange problem (bsc#1050742). - r8169:Fix typo in setting RTL8168H PHY parameter (bsc#1050742). - r8169:Fix typo in setting RTL8168H PHY PFM mode (bsc#1050742). - r8169:Remove unnecessary phy reset for pcie nic when setting link spped (bsc#1050742). - r8169:Update the way of reading RTL8168H PHY register "rg_saw_cnt" (bsc#1050742). - rdma/mlx5: Fix existence check for extended address vector (bsc#1015342). - Remove patch 0407-nvme_fc-change-failure-code-on-remoteport-connectivi.patch (bsc#1037838) - Revert "ceph: SetPageError() for writeback pages if writepages fails" (bsc#1048228). - s390/diag: add diag26c support (bnc#1053472, LTC#156729). - s390: export symbols for crash-kmp (bsc#1053915). - s390: Include uapi/linux/if_ether.h instead of linux/if_ether.h (bsc#1053472). - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1053472, LTC#157731). - s390/pci: fix handling of PEC 306 (bnc#1053472, LTC#157731). - s390/pci: improve error handling during fmb (de)registration (bnc#1053472, LTC#157731). - s390/pci: improve error handling during interrupt deregistration (bnc#1053472, LTC#157731). - s390/pci: improve pci hotplug (bnc#1053472, LTC#157731). - s390/pci: improve unreg_ioat error handling (bnc#1053472, LTC#157731). - s390/pci: introduce clp_get_state (bnc#1053472, LTC#157731). - s390/pci: provide more debug information (bnc#1053472, LTC#157731). - s390/pci: recognize name clashes with uids (bnc#1053472, LTC#157731). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1053472, LTC#156276). - s390/qeth: size calculation outbound buffers (bnc#1053472, LTC#156276). - s390/qeth: use diag26c to get MAC address on L2 (bnc#1053472, LTC#156729). - scsi: csiostor: add check for supported fw version (bsc#1005776). - scsi: csiostor: add support for Chelsio T6 adapters (bsc#1005776). - scsi: csiostor: fix use after free in csio_hw_use_fwconfig() (bsc#1005776). - scsi: csiostor: switch to pci_alloc_irq_vectors (bsc#1005776). - scsi: csiostor: update module version (bsc#1052093). - scsi: cxgb4i: assign rxqs in round robin mode (bsc#1052094). - scsi: qedf: Fix a potential NULL pointer dereference (bsc#1048912). - scsi: qedf: Limit number of CQs (bsc#1040813). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed). - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117). - tpm: KABI fix (bsc#1053117). - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3). - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tty: pl011: fix initialization order of QDF2400 E44 (bsc#1054082). - tty: serial: msm: Support more bauds (git-fixes). - Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37). - usb: core: fix device node leak (bsc#1047487). - x86/mm: Fix use-after-free of ldt_struct (bsc#1055963). - xfs/dmapi: fix incorrect file->f_path.dentry->d_inode usage (bsc#1055896). - xfs: nowait aio support (FATE#321994). - xgene: Always get clk source, but ignore if it's missing for SGMII ports (bsc#1048501). - xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501). Important SUSE bug 1005776 SUSE bug 1015342 SUSE bug 1020645 SUSE bug 1020657 SUSE bug 1030850 SUSE bug 1031717 SUSE bug 1031784 SUSE bug 1034048 SUSE bug 1037838 SUSE bug 1040813 SUSE bug 1042847 SUSE bug 1047487 SUSE bug 1047989 SUSE bug 1048155 SUSE bug 1048228 SUSE bug 1048325 SUSE bug 1048327 SUSE bug 1048356 SUSE bug 1048501 SUSE bug 1048912 SUSE bug 1048934 SUSE bug 1049226 SUSE bug 1049272 SUSE bug 1049291 SUSE bug 1049336 SUSE bug 1050211 SUSE bug 1050742 SUSE bug 1051790 SUSE bug 1052093 SUSE bug 1052094 SUSE bug 1052095 SUSE bug 1052384 SUSE bug 1052580 SUSE bug 1052888 SUSE bug 1053117 SUSE bug 1053309 SUSE bug 1053472 SUSE bug 1053627 SUSE bug 1053629 SUSE bug 1053633 SUSE bug 1053681 SUSE bug 1053685 SUSE bug 1053802 SUSE bug 1053915 SUSE bug 1053919 SUSE bug 1054082 SUSE bug 1054084 SUSE bug 1055013 SUSE bug 1055096 SUSE bug 1055272 SUSE bug 1055290 SUSE bug 1055359 SUSE bug 1055709 SUSE bug 1055896 SUSE bug 1055935 SUSE bug 1055963 SUSE bug 1056185 SUSE bug 1056588 SUSE bug 1056827 SUSE bug 969756 CVE-2017-12134 CVE-2017-14051 openSUSE Leap 42.3 This update for postgresql94 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 openSUSE Leap 42.3 This update for postgresql96 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.6/static/release-9-6-4.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 openSUSE Leap 42.3 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 bsc#1052686. These non-security issues were fixed: - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack - bsc#1035231: Migration of HVM domU did not use superpages on destination dom0 - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1002573 SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1035231 SUSE bug 1046637 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1051789 SUSE bug 1052686 SUSE bug 1055695 CVE-2017-10664 CVE-2017-11434 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 openSUSE Leap 42.3 This update for gdk-pixbuf fixes the following issues: - CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (bsc#1048289) - CVE-2017-2870: tiff_image_parse Code Execution Vulnerability (bsc#1048544) - CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024) - CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025) - CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1027024 SUSE bug 1027025 SUSE bug 1027026 SUSE bug 1048289 SUSE bug 1048544 SUSE bug 1049877 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 openSUSE Leap 42.3 This update for mpg123 fixes the following issues: - Update to version 1.25.6 * Hotfix for bug 255: Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so far. - Update to version 1.25.5 * Avoid another buffer read overflow in the ID3 parser on 32 bit platforms (bug 254). (CVE-2017-12797/boo#1056999) - Update to version 1.25.4 libmpg123: * Prevent harmless call to memcpy(NULL, NULL, 0). * More early checking of ID3v2 encoding values to avoid bogus text being stored. Moderate SUSE bug 1056999 CVE-2017-12797 openSUSE Leap 42.3 This update for libidn2 fixes the following issues: * integer overflow in bidi.c/_isBidi() could lead to unexpected behavior (boo#1056451) * integer overflow in puny_decode.c/decode_digit() could lead to unexpected behavior (boo#1056450) libunistring was rebuilt to supply a -32bit package, a dependency for libidn2-0-32bit (boo#1056981). Moderate SUSE bug 1056450 SUSE bug 1056451 SUSE bug 1056981 openSUSE Leap 42.3 This update for chromium to version 61.0.3163.79 fixes several issues. These security issues were fixed: - CVE-2017-5111: Use after free in PDFium (boo#1057364). - CVE-2017-5112: Heap buffer overflow in WebGL (boo#1057364). - CVE-2017-5113: Heap buffer overflow in Skia (boo#1057364). - CVE-2017-5114: Memory lifecycle issue in PDFium (boo#1057364). - CVE-2017-5115: Type confusion in V8 (boo#1057364). - CVE-2017-5116: Type confusion in V8 (boo#1057364). - CVE-2017-5117: Use of uninitialized value in Skia (boo#1057364). - CVE-2017-5118: Bypass of Content Security Policy in Blink (boo#1057364). - CVE-2017-5119: Use of uninitialized value in Skia (boo#1057364). - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation (boo#1057364). Important SUSE bug 1057364 CVE-2017-5111 CVE-2017-5112 CVE-2017-5113 CVE-2017-5114 CVE-2017-5115 CVE-2017-5116 CVE-2017-5117 CVE-2017-5118 CVE-2017-5119 CVE-2017-5120 openSUSE Leap 42.3 LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements: Writer: - New "Go to Page" dialog for quickly jumping to another page. - Support for "Table Styles". - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc: - New drawing tools were added. - In new installations the default setting for new documents is now "Enable wildcards in formulas" instead of regular expressions. - Improved compatibility with ODF 1.2 Impress: - Images inserted via "Photo Album" can now be linked instead of embedded in the document. - When launching Impress, a Template Selector allows you to choose a Template to start with. - Two new default templates: Vivid and Pencil. - All existing templates have been improved. Draw: - New arrow endings, including Crow's foot notation's ones. Base: - Firebird has been upgraded to version 3.0.0. It is unable to read back Firebird 2.5 data, so embedded Firebird odb files created in LibreOffice version up to 5.2 cannot be opened with LibreOffice 5.3. Some security issues have also been fixed: - CVE-2017-7870: An out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function. - CVE-2017-7882: An out-of-bounds write related to the HWPFile::TagsRead function. - CVE-2017-8358: an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function. - CVE-2016-10327: An out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function. - CVE-2017-9433: An out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in libmwaw. A comprehensive list of new features and changes in this release is available at: https://wiki.documentfoundation.org/ReleaseNotes/5.3 This update contains binaries for the ports architectures only. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1015115 SUSE bug 1015118 SUSE bug 1015360 SUSE bug 1017925 SUSE bug 1021369 SUSE bug 1021373 SUSE bug 1021675 SUSE bug 1028817 SUSE bug 1034192 SUSE bug 1034329 SUSE bug 1034568 SUSE bug 1035087 SUSE bug 1035589 SUSE bug 1036975 SUSE bug 1042828 SUSE bug 1045339 SUSE bug 947117 SUSE bug 948058 SUSE bug 954776 SUSE bug 959926 SUSE bug 962777 SUSE bug 963436 SUSE bug 972777 SUSE bug 975283 SUSE bug 976831 SUSE bug 989564 CVE-2015-8947 CVE-2016-10327 CVE-2016-2052 CVE-2017-7870 CVE-2017-7882 CVE-2017-8358 CVE-2017-9433 openSUSE Leap 42.3 This update for cvs fixes the following issues: - CVE-2017-12836: A leading dash in the argument of the "-d" option could lead to argument injection (bsc#1053364) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1053364 CVE-2017-12836 openSUSE Leap 42.3 This update for php7 fixes several issues. These security issues were fixed: - CVE-2017-12932: Prevent heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054432). - CVE-2017-12934: Prevent heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054408). - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430) These non-security issues were fixed: - bsc#1057104: php7-devel now requires php7-pear - bsc#1057845: Fixed namespace encapsulation of imported classes/functions/constants This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1054408 SUSE bug 1054430 SUSE bug 1054432 SUSE bug 1057104 SUSE bug 1057845 CVE-2017-12932 CVE-2017-12933 CVE-2017-12934 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.87 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table (bnc#1049580). The following non-security bugs were fixed: - acpica: IORT: Update SMMU models for revision C (bsc#1036060). - acpi/nfit: Fix memory corruption/Unregister mce decoder on failure (bsc#1057047). - ahci: do not use MSI for devices with the silly Intel NVMe remapping scheme (bsc#1048912). - ahci: thunderx2: stop engine fix update (bsc#1057031). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT (bsc#1046529). - arm64: PCI: Fix struct acpi_pci_root_ops allocation failure path (bsc#1056849). - arm64: Update config files. Enable ARCH_PROC_KCORE_TEXT - blacklist.conf: gcc7 compiler warning (bsc#1056849) - bnxt: add a missing rcu synchronization (bnc#1038583). - bnxt: do not busy-poll when link is down (bnc#1038583). - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583). - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583). - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583). - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583). - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583). - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583). - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583). - bnxt_en: Fix VF virtual link state (bnc#1038583). - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583). - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583). - bnxt_en: Refactor TPA code path (bnc#1038583). - ceph: fix readpage from fscache (bsc#1057015). - cifs: add build_path_from_dentry_optional_prefix() (fate#323482). - cifs: add use_ipc flag to SMB2_ioctl() (fate#323482). - cifs: Fix sparse warnings (fate#323482). - cifs: implement get_dfs_refer for SMB2+ (fate#323482). - cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482). - cifs: move DFS response parsing out of SMB1 code (fate#323482). - cifs: remove any preceding delimiter from prefix_path (fate#323482). - cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482). - cifs: use DFS pathnames in SMB2+ Create requests (fate#323482). - cpufreq: intel_pstate: Disable energy efficiency optimization (bsc#1054654). - cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743). - device-dax: fix cdev leak (bsc#1057047). - dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx (bsc#1056849). - dmaengine: mv_xor_v2: enable XOR engine after its configuration (bsc#1056849). - dmaengine: mv_xor_v2: fix tx_submit() implementation (bsc#1056849). - dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly (bsc#1056849). - dmaengine: mv_xor_v2: properly handle wrapping in the array of HW descriptors (bsc#1056849). - dmaengine: mv_xor_v2: remove interrupt coalescing (bsc#1056849). - dmaengine: mv_xor_v2: set DMA mask to 40 bits (bsc#1056849). - drivers: base: cacheinfo: fix boot error message when acpi is enabled (bsc#1057849). - edac, thunderx: Fix a warning during l2c debugfs node creation (bsc#1057038). - edac, thunderx: Fix error handling path in thunderx_lmc_probe() (bsc#1057038). - fs/proc: kcore: use kcore_list type to check for vmalloc/module address (bsc#1046529). - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829). - ib/hns: checking for IS_ERR() instead of NULL (bsc#1056849). - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116). - ib/rxe: Add dst_clone() in prepare_ipv6_hdr() (bsc#1049361). - ib/rxe: Avoid ICRC errors by copying into the skb first (bsc#1049361). - ib/rxe: Disable completion upcalls when a CQ is destroyed (bsc#1049361). - ib/rxe: Fix destination cache for IPv6 (bsc#1049361). - ib/rxe: Fix up rxe_qp_cleanup() (bsc#1049361). - ib/rxe: Fix up the responder's find_resources() function (bsc#1049361). - ib/rxe: Handle NETDEV_CHANGE events (bsc#1049361). - ib/rxe: Move refcounting earlier in rxe_send() (bsc#1049361). - ib/rxe: Remove dangling prototype (bsc#1049361). - ib/rxe: Remove unneeded initialization in prepare6() (bsc#1049361). - ib/rxe: Set dma_mask and coherent_dma_mask (bsc#1049361). - iommu/arm-smmu-v3, acpi: Add temporary Cavium SMMU-V3 IORT model number definitions (bsc#1036060). - iommu/arm-smmu-v3: Increase CMDQ drain timeout value (bsc#1035479). Refresh patch to mainline version - irqchip/gic-v3-its: Fix command buffer allocation (bsc#1057067). - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717). - kernel/*: switch to memdup_user_nul() (bsc#1048893). - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466). - md/raid5: fix a race condition in stripe batch (linux-stable). - mmc: sdhci-xenon: add set_power callback (bsc#1057035). - mmc: sdhci-xenon: Fix the work flow in xenon_remove() (bsc#1057035). - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes). - mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings (bsc#1046529). - new helper: memdup_user_nul() (bsc#1048893). - nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309). - pci: rockchip: Handle regulator_get_current_limit() failure correctly (bsc#1056849). - pci: rockchip: Use normal register bank for config accessors (bsc#1056849). - pm / Domains: Fix unsafe iteration over modified list of domains (bsc#1056849). - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261). - scsi: hisi_sas: add missing break in switch statement (bsc#1056849). - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893). - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893). - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893). - sysctl: simplify unsigned int support (bsc#1048893). - ubifs: Correctly evict xattr inodes (bsc#1012829). - ubifs: Do not leak kernel memory to the MTD (bsc#1012829). - xfs: fix inobt inode allocation search optimization (bsc#1012829). Important SUSE bug 1012829 SUSE bug 1021424 SUSE bug 1022743 SUSE bug 1024405 SUSE bug 1031717 SUSE bug 1035479 SUSE bug 1036060 SUSE bug 1038583 SUSE bug 1046529 SUSE bug 1048893 SUSE bug 1048912 SUSE bug 1049361 SUSE bug 1049580 SUSE bug 1054654 SUSE bug 1056261 SUSE bug 1056849 SUSE bug 1056982 SUSE bug 1057015 SUSE bug 1057031 SUSE bug 1057035 SUSE bug 1057038 SUSE bug 1057047 SUSE bug 1057067 SUSE bug 1057389 SUSE bug 1057849 SUSE bug 1058116 SUSE bug 971975 SUSE bug 981309 CVE-2017-1000251 CVE-2017-11472 CVE-2017-14106 openSUSE Leap 42.3 This update introduces lame and twolame. For ffmpeg2 it updates to version 2.8.13 and fixes several issues. These security issues were fixed: - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762). - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but did not contain sufficient backing data, was provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056761). - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check might have caused huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but did not contain sufficient backing data, was provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056763). - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but did not contain sufficient backing data, was provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056760). - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but did not contain sufficient backing data, was provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056766). - boo#1046211: Lots of integer overflow fixes - CVE-2016-9561: The che_configure function in libavcodec/aacdec_template.c in FFmpeg allowed remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file (boo#1015120) - CVE-2017-7863: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c (boo#1034179) - CVE-2017-7865: FFmpeg had an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c (boo#1034177) - CVE-2017-7866: FFmpeg had an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c (boo#1034176) - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in FFmpeg allowed remote web servers to execute arbitrary code via a negative chunk size in an HTTP response (boo#1022920) - CVE-2016-10191: Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg allowed remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches (boo#1022921) - CVE-2016-10192: Heap-based buffer overflow in ffserver.c in FFmpeg allowed remote attackers to execute arbitrary code by leveraging failure to check chunk size (boo#1022922) - CVE-2017-14169: In the mxf_read_primer_pack function an integer signedness error have might occured when a crafted file, which claims a large "item_num" field such as 0xffffffff, was provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value (bsc#1057536). - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU resources, since there was no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file (bsc#1057537). - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check taht might have caused huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but did not contain sufficient backing data, was provided, the loop over 'table_entries_used' would consume huge CPU resources, since there was no EOF check inside the loop (bsc#1057539). - CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but did not contain sufficient backing data, was provided, the for loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058019) - CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of File) check that might have caused huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058020) These non-security issues were fixed: - Unconditionalize celt, ass, openjpeg, webp, libva, vdpau. - Build unconditionally with lame and twolame - Enable AC3 and MP3 decoding to match multimedia:libs/ffmpeg (3.x) For ffmpeg it updates to version 3.3.4 and fixes several issues. These security issues were fixed: - CVE-2017-14225: The av_color_primaries_name function may have returned a NULL pointer depending on a value contained in a file, but callers did not anticipate this, leading to a NULL pointer dereference (bsc#1058018). - CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but did not contain sufficient backing data, was provided, the for loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058019). - CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of File) check that might have caused huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU and memory resources, since there was no EOF check inside the loop (bsc#1058020). - CVE-2017-14058: The read_data function in libavformat/hls.c did not restrict reload attempts for an insufficient list, which allowed remote attackers to cause a denial of service (infinite loop) (bsc#1056762) - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but did not contain sufficient backing data, was provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056761) - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check might have caused huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but did not contain sufficient backing data, was provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056763) - CVE-2017-14054: A DoS in ivr_read_header() due to lack of an EOF (End of File) check might have caused huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but did not contain sufficient backing data, was provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop (bsc#1056765). - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but did not contain sufficient backing data, was provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops (bsc#1056760) - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might have caused huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but did not contain sufficient backing data, was provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop (bsc#1056766) - CVE-2017-11399: Integer overflow in the ape_decode_frame function allowed remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file (bsc#1049095). - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check taht might have caused huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but did not contain sufficient backing data, was provided, the loop over 'table_entries_used' would consume huge CPU resources, since there was no EOF check inside the loop (bsc#1057539) - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check that might have caused huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but did not contain sufficient backing data, was provided, the loop would consume huge CPU resources, since there was no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file (bsc#1057537) - CVE-2017-14169: In the mxf_read_primer_pack function an integer signedness error have might occured when a crafted file, which claims a large "item_num" field such as 0xffffffff, was provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value (bsc#1057536) It also includes various fixes for integer overflows and too-large bit shifts that didn't receive a CVE. These non-security issues were fixed: - Unconditionalize celt, ass, openjpeg, webp, netcdf, libva, vdpau. - Build unconditionally with lame and twolame - Enabled cuda and cuvid for unrestricted build. - Add additional checks to ensure MPEG is off Important SUSE bug 1015120 SUSE bug 1022920 SUSE bug 1022921 SUSE bug 1022922 SUSE bug 1034176 SUSE bug 1034177 SUSE bug 1034179 SUSE bug 1046211 SUSE bug 1049095 SUSE bug 1056760 SUSE bug 1056761 SUSE bug 1056762 SUSE bug 1056763 SUSE bug 1056765 SUSE bug 1056766 SUSE bug 1057536 SUSE bug 1057537 SUSE bug 1057539 SUSE bug 1058018 SUSE bug 1058019 SUSE bug 1058020 CVE-2016-10190 CVE-2016-10191 CVE-2016-10192 CVE-2016-9561 CVE-2017-11399 CVE-2017-14054 CVE-2017-14055 CVE-2017-14056 CVE-2017-14057 CVE-2017-14058 CVE-2017-14059 CVE-2017-14169 CVE-2017-14170 CVE-2017-14171 CVE-2017-14222 CVE-2017-14223 CVE-2017-14225 CVE-2017-7863 CVE-2017-7865 CVE-2017-7866 openSUSE Leap 42.3 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14318: The function __gnttab_cache_flush missed a check for grant tables, allowing a malicious guest to crash the host or for x86 PV guests to potentially escalate privileges (XSA-232, bsc#1056280) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). These non-security issues were fixed: - bsc#1057358: Fixed boot into SUSE Linux Enterprise 12.3 with secure boot - bsc#1055695: Fixed restoring updates for HVM guests for ballooned domUs This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1055695 SUSE bug 1056278 SUSE bug 1056280 SUSE bug 1056281 SUSE bug 1056282 SUSE bug 1057358 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 openSUSE Leap 42.3 This update for qemu fixes the following issues: Security issues fixed: * CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636) * CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support (bsc#1047674) * CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902) * CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381) Following non-security issues were fixed: - Postrequire acl for setfacl - Prerequire shadow for groupadd - The recent security fix for CVE-2017-11334 adversely affects Xen. Include two additional patches to make sure Xen is going to be OK. - Pre-add group kvm for qemu-tools (bsc#1011144) - Fixed a few more inaccuracies in the support docs. - Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12 SP3. Apply a few additional clarifications in the support docs. (bsc#1050268) - Adjust to libvdeplug-devel package naming changes. - Fix migration with xhci (bsc#1048296) - Increase VNC delay to fix missing keyboard input events (bsc#1031692) - Remove build dependency package iasl used for seabios This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1011144 SUSE bug 1031692 SUSE bug 1046636 SUSE bug 1047674 SUSE bug 1048296 SUSE bug 1048902 SUSE bug 1049381 SUSE bug 1050268 CVE-2017-10664 CVE-2017-10806 CVE-2017-11334 CVE-2017-11434 openSUSE Leap 42.3 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with "Content-Type: text/enriched" (bsc#1058425) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1058425 CVE-2017-14482 openSUSE Leap 42.3 This update for php5 fixes on issues. This security issue was fixed: - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1054430 CVE-2017-12933 openSUSE Leap 42.3 This update for freexl to version 1.0.4 fixes several issues. These security issues were fixed: - CVE-2017-2924: Prevent heap-based buffer overflow in the read_legacy_biff function (bsc#1058433). - CVE-2017-2923: Prevent heap-based buffer overflow in the read_biff_next_record function (bsc#1058431). Low SUSE bug 1058431 SUSE bug 1058433 CVE-2017-2923 CVE-2017-2924 openSUSE Leap 42.3 This update for apache2 fixes the following security issue: - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1058058 CVE-2017-9798 openSUSE Leap 42.3 This update for libzip fixes the following security issue: - CVE-2017-14107: The _zip_read_eocd64 function mishandled EOCD records, which allowed remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive (bsc#1056996). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056996 CVE-2017-14107 openSUSE Leap 42.3 This update to Chromium 61.0.3163.100 fixes the following vulnerabilities: - CVE-2017-5121: Out-of-bounds access in V8 - CVE-2017-5122: Out-of-bounds access in V8 - Various fixes from internal audits, fuzzing and other initiatives Moderate SUSE bug 1060019 CVE-2017-5121 CVE-2017-5122 openSUSE Leap 42.3 This update for libraw fixes the following issues: - CVE-2017-14348: A specially crafted file could have been used to trigger a heap-based buffer overflow (boo#1058467) Moderate SUSE bug 1058467 CVE-2017-14348 openSUSE Leap 42.3 This update for tor fixes the following issues: - CVE-2017-0380: hidden services with the SafeLogging option disabled could disclose the stack (boo#1059194) Moderate SUSE bug 1059194 CVE-2017-0380 openSUSE Leap 42.3 This update for vlc fixes several issues. This security issue was fixed: - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file (bsc#1041907). These non-security issues were fixed: - Stop depending on libkde4-devel: It's only used to find the install path for kde4, but configure falls back to the correct default for openSUSE anyway (boo#1057736). - Disable vnc access module Moderate SUSE bug 1041907 SUSE bug 1057736 CVE-2017-9300 openSUSE Leap 42.3 This update for spice fixes the following security issues: - CVE-2017-7506: Fixed an out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak (bsc#1046779). This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1046779 CVE-2017-7506 openSUSE Leap 42.3 This update for weechat fixes the following issues: - CVE-2017-14727: A uninitialized buffer could be used to crash the logger plugin in WeeChat (boo#1060140) Moderate SUSE bug 1060140 CVE-2017-14727 openSUSE Leap 42.3 This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 (boo#1060445) were fixed: - CVE-2017-7793: Use-after-free with Fetch API - CVE-2017-7818: Use-after-free during ARIA array manipulation - CVE-2017-7819: Use-after-free while resizing images in design mode - CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE - CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings - CVE-2017-7823: CSP sandbox directive did not create a unique origin - CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 The following security issue was fixed in Mozilla NSS 3.28.6: - CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005) The following bug was fixed: - boo#1029917: language accept header use incorrect locale For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated version of NSS. Important SUSE bug 1060445 SUSE bug 1061005 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 openSUSE Leap 42.3 This update for git to version 2.13.6 fixes the following issues: * CVE-2017-14867: Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input (boo#1061041) As an additional measure, "git cvsserver" no longer is invoked by "git daemon" by default. Moderate SUSE bug 1061041 CVE-2017-14867 openSUSE Leap 42.3 This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1060354 SUSE bug 1060355 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 openSUSE Leap 42.3 This update for otrs to version 3.3.18 fixes the following issue: This security issue was fixed: - CVE-2017-14635: Remote authenticated users could have leveraged statistics-write permissions to gain privileges via code injection (bsc#1059691). Moderate SUSE bug 1059691 CVE-2017-14635 openSUSE Leap 42.3 This update for tiff to version 4.0.8 fixes a several bugs and security issues: These security issues were fixed: - CVE-2017-7595: The JPEGSetupEncode function allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033127). - CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file (bsc#1038438). - CVE-2017-7598: Error in tif_dirread.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033118). - CVE-2017-7596: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033126). - CVE-2017-7597: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033120). - CVE-2017-7599: Undefined behavior because of shorts outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033113). - CVE-2017-7600: Undefined behavior because of chars outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033112). - CVE-2017-7601: Because of a shift exponent too large for 64-bit type long undefined behavior was caused, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033111). - CVE-2017-7602: Prevent signed integer overflow, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033109). - CVE-2017-7592: The putagreytile function had a left-shift undefined behavior issue, which might allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033131). - CVE-2017-7593: Ensure that tif_rawdata is properly initialized, to prevent remote attackers to obtain sensitive information from process memory via a crafted image (bsc#1033129). - CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function allowed remote attackers to cause a denial of service (memory leak) via a crafted image (bsc#1033128). - CVE-2017-9403: Prevent memory leak in function TIFFReadDirEntryLong8Array, which allowed attackers to cause a denial of service via a crafted file (bsc#1042805). - CVE-2017-9404: Fixed memory leak vulnerability in function OJPEGReadHeaderInfoSecTablesQTable, which allowed attackers to cause a denial of service via a crafted file (bsc#1042804). These various other issues were fixed: - Fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer division by zero. Reported by Agostino Sarubbo. - fix heap-based buffer overflow on generation of PixarLog / LUV compressed files, with ColorMap, TransferFunction attached and nasty plays with bitspersample. The fix for LUV has not been tested, but suffers from the same kind of issue of PixarLog. - modify ChopUpSingleUncompressedStrip() to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on the total size of data. Which is faulty is the total size of data is not sufficient to fill the whole image, and thus results in reading outside of the StripByCounts/StripOffsets arrays when using TIFFReadScanline() - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues. - fix misleading indentation as warned by GCC. - revert change done on 2016-01-09 that made Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the binary. It happens that the Hylafax software uses the tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable), although they are not in a public libtiff header. - add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants of the functions without ext, with an extra argument to control the stop_on_error behaviour. - fix potential memory leaks in error code path of TIFFRGBAImageBegin(). - increase libjpeg max memory usable to 10 MB instead of libjpeg 1MB default. This helps when creating files with "big" tile, without using libjpeg temporary files. - add _TIFFcalloc() - return 0 in Encode functions instead of -1 when TIFFFlushData1() fails. - only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling tag is not explicitly present. This helps a bit to reduce the I/O amount when the tag is present (especially on cloud hosted files). - in LZWPostEncode(), increase, if necessary, the code bit-width after flushing the remaining code and before emitting the EOI code. - fix memory leak in error code path of PixarLogSetupDecode(). - fix potential memory leak in OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable - avoid crash in Fax3Close() on empty file. - TIFFFillStrip(): add limitation to the number of bytes read in case td_stripbytecount[strip] is bigger than reasonable, so as to avoid excessive memory allocation. - fix memory leak when the underlying codec (ZIP, PixarLog) succeeds its setupdecode() method, but PredictorSetup fails. - TIFFFillStrip() and TIFFFillTile(): avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds and non-mapped cases. - TIFFFillStripPartial() / TIFFSeek(), avoid potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode. - avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds. - update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with tif_rawdataloaded when calling TIFFStartStrip() or TIFFFillStripPartial(). - avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes - avoid potential int32 overflows in multiply_ms() and add_ms(). - fix out-of-buffer read in PackBitsDecode() Fixes - LogL16InitState(): avoid excessive memory allocation when RowsPerStrip tag is missing. - update dec_bitsleft at beginning of LZWDecode(), and update tif_rawcc at end of LZWDecode(). This is needed to properly work with the latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. - PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc with avail_in at beginning and end of function, similarly to what is done in LZWDecode(). Likely needed so that it works properly with latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. - initYCbCrConversion(): add basic validation of luma and refBlackWhite coefficients (just check they are not NaN for now), to avoid potential float to int overflows. - _TIFFVSetField(): fix outside range cast of double to float. - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero - _TIFFVSetField(): fix outside range cast of double to float. - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero. - initYCbCrConversion(): stricter validation for refBlackWhite coefficients values. - avoid uint32 underflow in cpDecodedStrips that can cause various issues, such as buffer overflows in the library. - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the output buffer is correctly incremented to avoid write outside bounds. - add 3 extra bytes at end of strip buffer in readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer. - fix integer division by zero when BitsPerSample is missing. - fix null pointer dereference in -r mode when the image has no StripByteCount tag. - avoid potential division by zero is BitsPerSamples tag is missing. - when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit the return number of inks to SamplesPerPixel, so that code that parses ink names doesn't go past the end of the buffer. - avoid potential division by zero is BitsPerSamples tag is missing. - fix uint32 underflow/overflow that can cause heap-based buffer overflow. - replace assert( (bps % 8) == 0 ) by a non assert check. - fix 2 heap-based buffer overflows (in PSDataBW and PSDataColorContig). - prevent heap-based buffer overflow in -j mode on a paletted image. - fix wrong usage of memcpy() that can trigger unspecified behaviour. - avoid potential invalid memory read in t2p_writeproc. - avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile(). - remove extraneous TIFFClose() in error code path, that caused double free. - error out cleanly in cpContig2SeparateByRow and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow. - avoid integer division by zero. - call TIFFClose() in error code paths. - emit appropriate message if the input file is empty. - close TIFF handle in error code path. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1033109 SUSE bug 1033111 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033118 SUSE bug 1033120 SUSE bug 1033126 SUSE bug 1033127 SUSE bug 1033128 SUSE bug 1033129 SUSE bug 1033131 SUSE bug 1038438 SUSE bug 1042804 SUSE bug 1042805 CVE-2016-10371 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 openSUSE Leap 42.3 This update for libraw fixes the following issues: Security issue fixed: * CVE-2017-14265: A stack based buffer overflow in the xtrans_interpolate function was fixed. [boo#1060163] * CVE-2017-13735: A floating point exception in the kodak_radc_load_raw function was fixed which could have lead to aborts of programs using libraw on reading malicious files. [bsc#1060321] Moderate SUSE bug 1060163 SUSE bug 1060321 CVE-2017-13735 CVE-2017-14265 openSUSE Leap 42.3 This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13738: Prevent illegal address access in the _lou_getALine function that allowed to cause remote DoS (bsc#1056105). - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101). - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095). - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090). - CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1056088 SUSE bug 1056090 SUSE bug 1056093 SUSE bug 1056095 SUSE bug 1056097 SUSE bug 1056101 SUSE bug 1056105 CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 CVE-2017-13744 openSUSE Leap 42.3 This update for nextcloud fixes the following issues: - CVE-2017-9286: During upgrade of the nextcloud package local attackers could gain root access via a /tmp file race. (boo#1036756) Moderate SUSE bug 1036756 CVE-2017-9286 openSUSE Leap 42.3 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1049505, bsc#1051017: Security manager: Don't autogenerate seclabels of type 'none' when AppArmor is inactive - bsc#1045693: Support chardevs with ARM machines This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1045693 SUSE bug 1049505 SUSE bug 1051017 SUSE bug 1053600 openSUSE Leap 42.3 This update for mpg123 to version 1.25.7 fixes the following issues: - CVE-2017-10683: Improvement over previous fix for xrpnt overflow problems (boo#1046766) The following changes are also included in version 1.25.7: - Do not play with cursor and inverse video for progress bar when TERM=dumb - Fix parsing of host port for numerical IPv6 addresses Moderate SUSE bug 1046766 CVE-2017-10683 openSUSE Leap 42.3 This update for openjpeg2 fixes several issues. These security issues were fixed: - CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file (bsc#1056421). - CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (bsc#1056622). - CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (bsc#1057511). - CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (bsc#1056621). - CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (bsc#1056562). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1056421 SUSE bug 1056562 SUSE bug 1056621 SUSE bug 1056622 SUSE bug 1057511 CVE-2016-10507 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14164 openSUSE Leap 42.3 Mozilla Thunderbird was updated to 52.4.0 (boo#1060445) * new behavior was introduced for replies to mailing list posts: "When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header". A new preference mail.override_list_reply_to allows to restore the previous behavior. * Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use. * IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko 52.4esr * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array manipulation * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in design mode * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and validating elements with ANGLE * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free in TLS 1.2 generating handshake hashes * CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and malware protection warnings * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render some Tibetan and Arabic unicode characters as spaces * CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a unique origin * CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 - Add alsa-devel BuildRequires: we care for ALSA support to be built and thus need to ensure we get the dependencies in place. In the past, alsa-devel was pulled in by accident: we buildrequire libgnome-devel. This required esound-devel and that in turn pulled in alsa-devel for us. libgnome is being fixed to no longer require esound-devel. Important SUSE bug 1060445 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 openSUSE Leap 42.3 This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995) These non-security issues were fixed: - Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543) - Remove main package's dependency on systemd (bsc#1032680) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1032680 SUSE bug 1054028 SUSE bug 1056995 SUSE bug 903543 CVE-2017-11462 openSUSE Leap 42.3 This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624) - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622) - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565) The following non-security issue was fixed: - Fix GUID string format on GetPrinter info request. (bsc#1050707) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1050707 SUSE bug 1058565 SUSE bug 1058622 SUSE bug 1058624 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following security issues: - CVE-2017-14532: NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c allowing for DoS (bsc#1059663) - CVE-2017-15033: Memory leak in ReadYUVImage could have allowed DoS (boo#1061873) Moderate SUSE bug 1059663 SUSE bug 1061873 CVE-2017-14532 CVE-2017-15033 openSUSE Leap 42.3 This update for mbedtls fixes the following issues: - CVE-2017-14032: Possible authentication bypass of peer based authentication when auth mode is configured as 'optional' (boo#1056544). Moderate SUSE bug 1056544 CVE-2017-14032 openSUSE Leap 42.3 This update for wireshark to version 2.2.10 fixes multiple minor security issues. These vulnerabilities that could be used to trigger dissector crashes or infinite loops by making Wireshark read specially crafted packages from the network or a capture file: * CVE-2017-15192: BT ATT dissector crash * CVE-2017-15193: MBIM dissector crash * CVE-2017-15191: DMP dissector crash Moderate SUSE bug 1062645 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507). The following non-security bugs were fixed: - arc: Re-enable MMU upon Machine Check exception (bnc#1012382). - arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382). - arm64: Make sure SPsel is always set (bnc#1012382). - arm: pxa: add the number of DMA requestor lines (bnc#1012382). - arm: pxa: fix the number of DMA requestor lines (bnc#1012382). - bcache: correct cache_dirty_target in __update_writeback_rate() (bnc#1012382). - bcache: Correct return value for sysfs attach errors (bnc#1012382). - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382). - bcache: fix bch_hprint crash and improve output (bnc#1012382). - bcache: fix for gc and write-back race (bnc#1012382). - bcache: Fix leak of bdev reference (bnc#1012382). - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382). - block: Relax a check in blk_start_queue() (bnc#1012382). - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382). - btrfs: change how we decide to commit transactions during flushing (bsc#1060197). - btrfs: fix NULL pointer dereference from free_reloc_roots() (bnc#1012382). - btrfs: prevent to set invalid default subvolid (bnc#1012382). - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382). - btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755). - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382). - cifs: release auth_key.response for reconnect (bnc#1012382). - crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382). - crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382). - crypto: talitos - fix sha224 (bnc#1012382). - cxl: Fix driver use count (bnc#1012382). - dmaengine: mmp-pdma: add number of requestors (bnc#1012382). - drivers: net: phy: xgene: Fix mdio write (bsc#1057383). - drm: Add driver-private objects to atomic state (bsc#1055493). - drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493). - efi/fb: Avoid reconfiguration of BAR that covers the framebuffer (bsc#1051987). - efi/fb: Correct PCI_STD_RESOURCE_END usage (bsc#1051987). - ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382). - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382). - f2fs: check hot_data for roll-forward recovery (bnc#1012382). - fix xen_swiotlb_dma_mmap prototype (bnc#1012382). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382). - ftrace: Fix selftest goto location on error (bnc#1012382). - genirq: Fix for_each_action_of_desc() macro (bsc#1061064). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gfs2: Fix debugfs glocks dump (bnc#1012382). - gianfar: Fix Tx flow control deactivation (bnc#1012382). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382). - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067). - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (bnc#1012382). - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382). - ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382). - ipv6: fix sparse warning on rt6i_node (bnc#1012382). - ipv6: fix typo in fib6_net_exit() (bnc#1012382). - iw_cxgb4: put ep reference in pass_accept_req() (fate#321658 bsc#1005778 fate#321660 bsc#1005780 fate#321661 bsc#1005781). - KABI fix drivers/nvme/target/nvmet.h (bsc#1058550). - kabi/severities: ignore nfs_pgio_data_destroy - kABI: Workaround kABI breakage of AMD-AVIC fixes (bsc#1044503). - keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382). - keys: prevent creating a different user's keyrings (bnc#1012382). - keys: prevent KEYCTL_READ on negative key (bnc#1012382). - kvm: Add struct kvm_vcpu pointer parameter to get_enable_apicv() (bsc#1044503). - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously (bsc#1061017). - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() (bnc#1012382). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: SVM: Add irqchip_split() checks before enabling AVIC (bsc#1044503). - kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static array) (bsc#1059500). - kvm: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu() (bsc#1044503). - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017). - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt (bsc#1061017). - kvm: VMX: use cmpxchg64 (bnc#1012382). - mac80211: flush hw_roc_start work before cancelling the ROC (bnc#1012382). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172). - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list (bnc#1012382). - md/raid5: release/flush io in raid5_do_work() (bnc#1012382). - media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382). - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382). - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs (bnc#1012382). - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs (bnc#1012382). - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero (bnc#1012382). - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation (bnc#1012382). - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative (bnc#1012382). - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs (bnc#1012382). - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382). - nfsd: Fix general protection fault in release_lock_stateid() (bnc#1012382). - nvme-fabrics: generate spec-compliant UUID NQNs (bsc#1057498). - nvmet: Move serial number from controller to subsystem (bsc#1058550). - nvmet: preserve controller serial number between reboots (bsc#1058550). - pci: Allow PCI express root ports to find themselves (bsc#1061046). - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046). - pci: Fix race condition with driver_override (bnc#1012382). - pci: Mark AMD Stoney GPU ATS as broken (bsc#1061046). - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382). - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831). - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct tracking' (bsc#1061831). - perf: xgene: Add APM X-Gene SoC Performance Monitoring Unit driver (bsc#1036737). - perf: xgene: Include module.h (bsc#1036737). - perf: xgene: Move PMU leaf functions into function pointer structure (bsc#1036737). - perf: xgene: Parse PMU subnode from the match table (bsc#1036737). - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382). - powerpc/perf: Cleanup of PM_BR_CMPL vs. PM_BRU_CMPL in Power9 event list (bsc#1056686, fate#321438, bsc#1047238, git-fixes 34922527a2bc). - powerpc/perf: Factor out PPMU_ONLY_COUNT_RUN check code from power8 (fate#321438, bsc#1053043, git-fixes efe881afdd999). - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() (bnc#1012382). - qlge: avoid memcpy buffer overflow (bnc#1012382). - rdma/bnxt_re: Allocate multiple notification queues (bsc#1037579). - rdma/bnxt_re: Implement the alloc/get_hw_stats callback (bsc#1037579). - Revert "net: fix percpu memory leaks" (bnc#1012382). - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" (bnc#1012382). - Revert "net: use lib/percpu_counter API for fragmentation mem accounting" (bnc#1012382). - Revert "Update patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch (bsc#1043598, bsc#1036215)." - Revert "xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598)." - Revert "xfs: detect and trim torn writes during log recovery (bsc#1036215)." - Revert "xfs: refactor and open code log record crc check (bsc#1036215)." - Revert "xfs: refactor log record start detection into a new helper (bsc#1036215)." - Revert "xfs: return start block of first bad log record during recovery (bsc#1036215)." - Revert "xfs: support a crc verification only log record pass (bsc#1036215)." - scsi: ILLEGAL REQUEST + ASC==27 => target failure (bsc#1059465). - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382). - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382). - scsi: sg: factor out sg_fill_request_table() (bnc#1012382). - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382). - scsi: sg: off by one in sg_ioctl() (bnc#1012382). - scsi: sg: remove 'save_scat_len' (bnc#1012382). - scsi: sg: use standard lists for sg_requests (bnc#1012382). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382). - scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (bnc#1012382). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382). - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382). - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() (bnc#1012382). - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382). - skd: Submit requests to firmware before triggering the doorbell (bnc#1012382). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382). - smb: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382). - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382). - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382). - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382). - tracing: Erase irqsoff trace with empty write (bnc#1012382). - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382). - tty: fix __tty_insert_flip_char regression (bnc#1012382). - tty: improve tty_insert_flip_char() fast path (bnc#1012382). - tty: improve tty_insert_flip_char() slow path (bnc#1012382). - Update patches.drivers/0029-perf-xgene-Remove-bogus-IS_ERR-check.patch (bsc#1036737). - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets (bnc#1012382). - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382). - Workaround for kABI compatibility with DP-MST patches (bsc#1055493). - x86/cpu/amd: Hide unused legacy_fixup_core_id() function (bsc#1060229). - x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h (bsc#1060229). - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382). - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382). - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872). - x86/mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (bsc#1058512). - x86/mm: Fix fault error path using unsafe vma pointer (fate#321300). Important SUSE bug 1005778 SUSE bug 1005780 SUSE bug 1005781 SUSE bug 1012382 SUSE bug 1022967 SUSE bug 1036215 SUSE bug 1036737 SUSE bug 1037579 SUSE bug 1037890 SUSE bug 1043598 SUSE bug 1044503 SUSE bug 1047238 SUSE bug 1051987 SUSE bug 1052593 SUSE bug 1053043 SUSE bug 1055493 SUSE bug 1055755 SUSE bug 1056686 SUSE bug 1057383 SUSE bug 1057498 SUSE bug 1058038 SUSE bug 1058410 SUSE bug 1058507 SUSE bug 1058512 SUSE bug 1058550 SUSE bug 1059051 SUSE bug 1059465 SUSE bug 1059500 SUSE bug 1060197 SUSE bug 1060229 SUSE bug 1061017 SUSE bug 1061046 SUSE bug 1061064 SUSE bug 1061067 SUSE bug 1061172 SUSE bug 1061831 SUSE bug 1061872 CVE-2017-1000252 CVE-2017-12153 CVE-2017-12154 CVE-2017-14489 openSUSE Leap 42.3 This update for wpa_supplicant fixes the security issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1056061 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 openSUSE Leap 42.3 This update for cacti and cacti-spine fixes the following issues: Build version 1.1.26 - issue#841: --input-fields variable not working with add_graphs.php cli - issue#986: Resolve minor appearance problem on Modern theme - issue#989: Resolve issue with data input method commands loosing spaces on import - issue#1000: add_graphs.php not recognizing input fields - issue#1003: Reversing resolution to Issue#995 due to adverse impact to polling times - issue#1008: Remove developer debug warning about thumbnail validation - issue#1009: Resolving minor issue with cmd_realtime.php and a changing hostname - issue#1010: CVE-2017-15194 - Path-Based Cross-Site Scripting (XSS) (bsc#1062554) - issue#1027: Confirm that the PHP date.timezone setting is properly set during install - issue: Fixed database session handling for PHP 7.1 - issue: Fixed some missing i18n - issue: Fixed typo's - feature: Updated Dutch translations - feature: Schema changes; Examined queries without key usage and added/changed some keys - feature: Some small improvements Build version 1.1.25 - issue#966: Email still using SMTP security even though set to none - issue#995: Redirecting exec_background() to dev null breaks some functions - issue#998: Allow removal of external data template and prevent their creation - issue: Remove spikes uses wrong variance value from WebGUI - issue: Changing filters on log page does not reset to first page - issue: Allow manual creation of external data sources once again - feature: Updated Dutch translations Build version 1.1.24 - issue#932: Zoom positioning breaks when you scroll the graph page - issue#970: Remote Data Collector Cache Synchronization missing plugin sub-directories - issue#980: Resolve issue where a new tree branches refreshs before you have a chance to name it - issue#982: Data Source Profile size information not showing properly - issue: Long sysDescriptions on automation page cause columns to be hidden - issue: Resolve visual issues in Classic theme - feature: Allow Resynchronization of Poller Resource Cache Build version 1.1.23 - issue#963: SQL Errors with snmpagent and MariaDB 10.2 - issue#964: SQL Mode optimization failing in 1.1.22 Build version 1.1.22 - issue#950: Automation - New graph rule looses name on change - issue#952: CSV Export not rendering chinese characters correctly (Second attempt) - issue#955: Validation error trying to view graph debug syntax - issue: MySQL/MariaDB database sql_mode NO_AUTO_VALUE_ON_ZERO corrupts Cacti database - issue: When creating a data source, the data source profile does not default to the system default - feature: Enhance table filters to support new Cycle plugin - feature: Updated Dutch Translations Build version 1.1.21 - issue#938: Problems upgrading to 1.1.20 with one table alter statement - issue#952: CSV Export not rendering chinese characters correctly - issue: Minor alignment issue on tables Build version 1.1.20 - issue#920: Issue with scrollbars after update to 1.1.19 related to #902 - issue#921: Tree Mode no longer expands to accomodate full tree item names - issue#922: When using LDAP domains some setings are not passed correctly to the Cacti LDAP library - issue#923: Warninga in cacti.log are displayed incorrectly - issue#926: Update Utilities page to provide more information on rebuilding poller cache - issue#927: Minor schema change to support XtraDB Cluster - issue#929: Overlapping frames on certain themes - issue#931: Aggregate graphs missing from list view - issue#933: Aggregate graphs page counter off - issue#935: Support utf8 printable in data query inserts - issue#936: TimeZone query failure undefined function - issue: Taking actions on users does not use callbacks - issue: Undefined constant in lib/snmp.php on RHEL7 - issue: Human readable socket errno's not defined - issue: Audit of ping methods tcp, udp, and icmp ping. IPv6 will still not work till php 5.5.4 Moderate SUSE bug 1062554 CVE-2017-15194 openSUSE Leap 42.3 This update for upx fixes the following security issue: * CVE-2017-15056: specially crafted package may have caused a denial of service (boo#1062059) In addition upx was updated to 3.94, with the following improvements: * Support for aarch64). * Support for --lzma compression on 64-bit PowerPC Moderate SUSE bug 1062059 CVE-2017-15056 openSUSE Leap 42.3 This update for bluez fixes the following vulnerabilities: * CVE-2016-7837: Buffer overflow in parse_line function (bsc#1026652) * CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req (bsc#1057342) Moderate SUSE bug 1026652 SUSE bug 1057342 CVE-2016-7837 CVE-2017-1000250 openSUSE Leap 42.3 This update for xorg-x11-server fixes the following vulnerabilities: * CVE-2017-12176: Unvalidated extra length in ProcEstablishConnection (bsc#1063041) * CVE-2017-12177: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) * CVE-2017-12178: Xi: fix wrong extra length check in ProcXIChangeHierarchy (bsc#1063039) * CVE-2017-12179: Xi: integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer (bsc#1063038) * CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Unvalidated lengths in XFree86-VidMode/XFree86-DGA/XFree86-DRI extension (bsc#1063037) * CVE-2017-12183: Unvalidated lengths in XFIXES extension (bsc#1063035) * CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Unvalidated lengths in multiple extensions (bsc#1063034) Moderate SUSE bug 1063034 SUSE bug 1063035 SUSE bug 1063037 SUSE bug 1063038 SUSE bug 1063039 SUSE bug 1063040 SUSE bug 1063041 CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 openSUSE Leap 42.3 This update for python3-PyJWT fixes the following vulnerabilty: * CVE-2017-11424: Insufficient filtering of PEM encoding public keys allowed for creation of JWTs from scratch (boo#1054106, with duplicate CVE-2017-12880) Moderate SUSE bug 1054106 CVE-2017-11424 CVE-2017-12880 openSUSE Leap 42.3 xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047536 SUSE bug 814241 SUSE bug 879138 openSUSE Leap 42.3 This update for exiv2 fixes the following issues: Security issues fixed: - CVE-2017-11591: There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (boo#1050257) - CVE-2017-11683: There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. (boo#1051188) - CVE-2017-14865: There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. (boo#1061003) - CVE-2017-14862: An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (boo#1060996) - CVE-2017-14859: An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (boo#1061000) Moderate SUSE bug 1050257 SUSE bug 1051188 SUSE bug 1060996 SUSE bug 1061000 SUSE bug 1061003 CVE-2017-11591 CVE-2017-11683 CVE-2017-14859 CVE-2017-14862 CVE-2017-14865 openSUSE Leap 42.3 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15591: Missing checks in the handling of DMOPs allowed malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 to cause a DoS (XSA-238 bsc#1061077) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) - bsc#1055321: When dealing with the grant map space of add-to-physmap operations, ARM specific code failed to release a lock. This allowed a malicious guest administrator to cause DoS (XSA-235) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1055321 SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061077 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 openSUSE Leap 42.3 Salt was updated to 2017.7.2 and also to fix various bugs and security issues. See https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html for full changelog. Security issues fixed: - CVE-2017-14695: A directory traversal during minion id validation was fixed. (boo#1062462) - CVE-2017-14696: A remote denial of service attack with a specially crafted authentication request was fixed. (boo#1062464) Non security issues fixed: - Add possibility to generate _version.py at the build time for raw builds: https://github.com/saltstack/salt/pull/43955 - Fix salt target-type field returns "String" for existing jids but an empty "Array" for non existing jids. (issue #1711) - Fixed minion resource exhaustion when many functions are being executed in parallel (boo#1059758) - Remove 'TasksTask' attribute from salt-master.service in older versions of systemd (boo#985112) - Provide custom SUSE salt-master.service file. - Fix wrong version reported by Salt (boo#1061407) - list_pkgs: add parameter for returned attribute selection (boo#1052264) - Adding the leftover for zypper and yum list_pkgs functionality. - Use $HOME to get the user home directory instead using '~' char (boo#1042749) Moderate SUSE bug 1042749 SUSE bug 1052264 SUSE bug 1059758 SUSE bug 1061407 SUSE bug 1062462 SUSE bug 1062464 SUSE bug 985112 CVE-2017-14695 CVE-2017-14696 openSUSE Leap 42.3 This security update for irssi to version 1.0.5 addresses the following security issues: * CVE-2017-15228: When installing themes with unterminated colour formatting sequences, Irssi may access data beyond the end of the string. This issue could have resulted in denial of service (remote crash) when installing a malicious or broken theme file. * CVE-2017-15227: While waiting for the channel synchronisation, Irssi may incorrectly fail to remove destroyed channels from the query list, resulting in use after free conditions when updating the state later on. This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd. * CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages could cause NULL pointer dereference. This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd. * CVE-2017-15723: Overlong nicks or targets may result in a NULL pointer dereference while splitting the message. This issue could have caused denial of service (remote crash) when connecting to a malicious or broken ircd. * CVE-2017-15722: In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. Moderate SUSE bug 1064540 CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 openSUSE Leap 42.3 This update for libraw fixes the following issues: Changes in libraw: * CVE-2017-14608: An out of bounds read in the kodak_65000_load_raw function could lead to an information leak. [boo#1063798] Moderate SUSE bug 1063798 CVE-2017-14608 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). The following non-security bugs were fixed: - acpi/processor: Check for duplicate processor ids at hotplug time (bnc#1056230). - acpi/processor: Implement DEVICE operator for processor enumeration (bnc#1056230). - add mainline tags to hyperv patches - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - arm64: add function to get a cpu's MADT GICC table (bsc#1062279). - arm64: dts: Add Broadcom Vulcan PMU in dts (fate#319481). - arm64/perf: Access pmu register using <read/write;gt;_sys_reg (bsc#1062279). - arm64/perf: Add Broadcom Vulcan PMU support (fate#319481). - arm64/perf: Changed events naming as per the ARM ARM (fate#319481). - arm64/perf: Define complete ARMv8 recommended implementation defined events (fate#319481). - arm64: perf: do not expose CHAIN event in sysfs (bsc#1062279). - arm64: perf: Extend event config for ARMv8.1 (bsc#1062279). - arm64/perf: Filter common events based on PMCEIDn_EL0 (fate#319481). - arm64: perf: Ignore exclude_hv when kernel is running in HYP (bsc#1062279). - arm64: perf: move to common attr_group fields (bsc#1062279). - arm64: perf: Use the builtin_platform_driver (bsc#1062279). - arm64: pmu: add fallback probe table (bsc#1062279). - arm64: pmu: Hoist pmu platform device name (bsc#1062279). - arm64: pmu: Probe default hw/cache counters (bsc#1062279). - arm64: pmuv3: handle pmuv3+ (bsc#1062279). - arm64: pmuv3: handle !PMUv3 when probing (bsc#1062279). - arm64: pmuv3: use arm_pmu ACPI framework (bsc#1062279). - arm64: pmu: Wire-up Cortex A53 L2 cache events and DTLB refills (bsc#1062279). - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382). - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382). - arm/perf: Convert to hotplug state machine (bsc#1062279). - arm/perf: Fix hotplug state machine conversion (bsc#1062279). - arm/perf: Use multi instance instead of custom list (bsc#1062279). - arm: remove duplicate 'const' annotations' (bnc#1012382). - asoc: dapm: fix some pointer error handling (bnc#1012382). - asoc: dapm: handle probe deferrals (bnc#1012382). - audit: log 32-bit socketcalls (bnc#1012382). - blacklist 0e7736c6b806 powerpc/powernv: Fix data type for @r in pnv_ioda_parse_m64_window() - blacklist.conf: fix commit exists twice in upstream, blacklist one of them - blacklist.conf: stack limit warning isn't triggered on SP3 - block: genhd: add device_add_disk_with_groups (bsc#1060400). - bnx2x: Do not log mc removal needlessly (bsc#1019680 FATE#321692). - bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps() (bsc#963575 FATE#320144). - bnxt_en: Free MSIX vectors when unregistering the device from bnxt_re (bsc#1020412 FATE#321671). - bnxt_re: Do not issue cmd to delete GID for QP1 GID entry before the QP is destroyed (bsc#1056596). - bnxt_re: Fix compare and swap atomic operands (bsc#1056596). - bnxt_re: Fix memory leak in FRMR path (bsc#1056596). - bnxt_re: Fix race between the netdev register and unregister events (bsc#1037579). - bnxt_re: Fix update of qplib_qp.mtu when modified (bsc#1056596). - bnxt_re: Free up devices in module_exit path (bsc#1056596). - bnxt_re: Remove RTNL lock dependency in bnxt_re_query_port (bsc#1056596). - bnxt_re: Stop issuing further cmds to FW once a cmd times out (bsc#1056596). - brcmfmac: setup passive scan if requested by user-space (bnc#1012382). - bridge: netlink: register netdevice before executing changelink (bnc#1012382). - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL (bsc#1061451). - ceph: check negative offsets in ceph_llseek() (bsc#1061451). - ceph: fix message order check in handle_cap_export() (bsc#1061451). - ceph: fix NULL pointer dereference in ceph_flush_snaps() (bsc#1061451). - ceph: limit osd read size to CEPH_MSG_MAX_DATA_LEN (bsc#1061451). - ceph: limit osd write size (bsc#1061451). - ceph: stop on-going cached readdir if mds revokes FILE_SHARED cap (bsc#1061451). - ceph: validate correctness of some mount options (bsc#1061451). - documentation: arm64: pmu: Add Broadcom Vulcan PMU binding (fate#319481). - driver-core: platform: Add platform_irq_count() (bsc#1062279). - driver core: platform: Do not read past the end of "driver_override" buffer (bnc#1012382). - drivers: firmware: psci: drop duplicate const from psci_of_match (FATE#319482 bnc#1012382). - drivers: hv: fcopy: restore correct transfer length (bnc#1012382). - drivers/perf: arm_pmu_acpi: avoid perf IRQ init when guest PMU is off (bsc#1062279). - drivers/perf: arm_pmu_acpi: Release memory obtained by kasprintf (bsc#1062279). - drivers/perf: arm_pmu: add ACPI framework (bsc#1062279). - drivers/perf: arm_pmu: add common attr group fields (bsc#1062279). - drivers/perf: arm_pmu: Always consider IRQ0 as an error (bsc#1062279). - drivers/perf: arm_pmu: Avoid leaking pmu->irq_affinity on error (bsc#1062279). - drivers/perf: arm_pmu: avoid NULL dereference when not using devicetree (bsc#1062279). - drivers/perf: arm-pmu: convert arm_pmu_mutex to spinlock (bsc#1062279). - drivers/perf: arm_pmu: Defer the setting of __oprofile_cpu_pmu (bsc#1062279). - drivers/perf: arm_pmu: define armpmu_init_fn (bsc#1062279). - drivers/perf: arm_pmu: expose a cpumask in sysfs (bsc#1062279). - drivers/perf: arm_pmu: factor out pmu registration (bsc#1062279). - drivers/perf: arm-pmu: Fix handling of SPI lacking "interrupt-affinity" property (bsc#1062279). - drivers/perf: arm_pmu: Fix NULL pointer dereference during probe (bsc#1062279). - drivers/perf: arm-pmu: fix RCU usage on pmu resume from low-power (bsc#1062279). - drivers/perf: arm_pmu: Fix reference count of a device_node in of_pmu_irq_cfg (bsc#1062279). - drivers/perf: arm_pmu: fold init into alloc (bsc#1062279). - drivers/perf: arm_pmu: handle no platform_device (bsc#1062279). - drivers/perf: arm-pmu: Handle per-interrupt affinity mask (bsc#1062279). - drivers/perf: arm_pmu: implement CPU_PM notifier (bsc#1062279). - drivers/perf: arm_pmu: make info messages more verbose (bsc#1062279). - drivers/perf: arm_pmu: manage interrupts per-cpu (bsc#1062279). - drivers/perf: arm_pmu: move irq request/free into probe (bsc#1062279). - drivers/perf: arm_pmu: only use common attr_groups (bsc#1062279). - drivers/perf: arm_pmu: remove pointless PMU disabling (bsc#1062279). - drivers/perf: arm_pmu: rename irq request/free functions (bsc#1062279). - drivers/perf: arm_pmu: Request PMU SPIs with IRQF_PER_CPU (bsc#1062279). - drivers/perf: arm_pmu: rework per-cpu allocation (bsc#1062279). - drivers/perf: arm_pmu: simplify cpu_pmu_request_irqs() (bsc#1062279). - drivers/perf: arm_pmu: split cpu-local irq request/free (bsc#1062279). - drivers/perf: arm_pmu: split irq request from enable (bsc#1062279). - drivers/perf: arm_pmu: split out platform device probe logic (bsc#1062279). - drivers/perf: kill armpmu_register (bsc#1062279). - drm/amdkfd: fix improper return value on error (bnc#1012382). - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382). - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382). - drm/i915/bios: ignore HDMI on port A (bnc#1012382). - e1000e: use disable_hardirq() also for MSIX vectors in e1000_netpoll() (bsc#1022912 FATE#321246). - edac, sb_edac: Assign EDAC memory controller per h/w controller (bsc#1061721). - edac, sb_edac: Avoid creating SOCK memory controller (bsc#1061721). - edac, sb_edac: Bump driver version and do some cleanups (bsc#1061721). - edac, sb_edac: Carve out dimm-populating loop (bsc#1061721). - edac, sb_edac: Check if ECC enabled when at least one DIMM is present (bsc#1061721). - edac, sb_edac: Classify memory mirroring modes (bsc#1061721). - edac, sb_edac: Classify PCI-IDs by topology (bsc#1061721). - edac, sb_edac: Do not create a second memory controller if HA1 is not present (bsc#1061721). - edac, sb_edac: Do not use "Socket#" in the memory controller name (bsc#1061721). - edac, sb_edac: Drop NUM_CHANNELS from 8 back to 4 (bsc#1061721). - edac, sb_edac: Fix mod_name (bsc#1061721). - edac, sb_edac: Get rid of ->show_interleave_mode() (bsc#1061721). - edac, sb_edac: Remove double buffering of error records (bsc#1061721). - edac, sb_edac: Remove NULL pointer check on array pci_tad (bsc#1061721). - edac, skx_edac: Handle systems with segmented PCI busses (bsc#1063102). - ext4: do not allow encrypted operations without keys (bnc#1012382). - extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382). - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382). - fix flags ordering (bsc#1034075 comment 131) - Fix mpage_writepage() for pages with buffers (bsc#1050471). - fix whitespace according to upstream commit - fs/epoll: cache leftmost node (bsc#1056427). - fs/mpage.c: fix mpage_writepage() for pages with buffers (bsc#1050471). Update to version in mainline - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382). - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382). - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382). - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382). - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#1024346 FATE#321239 bsc#1024373 FATE#321247). - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/core: Add generic function to extract IB speed from netdev (bsc#1056596). - ib/core: Add ordered workqueue for RoCE GID management (bsc#1056596). - ib/core: Fix for core panic (bsc#1022595 FATE#322350). - ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350). - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382 bsc#1022595 FATE#322350). - ib/ipoib: Replace list_del of the neigh->list with list_del_init (FATE#322350 bnc#1012382 bsc#1022595). - ib/ipoib: rtnl_unlock can not come after free_netdev (FATE#322350 bnc#1012382 bsc#1022595). - ib/mlx5: Change logic for dispatching IB events for port state (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ib/mlx5: Fix cached MR allocation flow (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Set state UP (bsc#1062962). - ib/qib: fix false-postive maybe-uninitialized warning (FATE#321231 FATE#321473 FATE#322149 FATE#322153 bnc#1012382). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382). - iio: ad7793: Fix the serial interface reset (bnc#1012382). - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications (bnc#1012382). - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382). - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382). - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bnc#1012382). - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382). - iio: core: Return error for failed read_reg (bnc#1012382). - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382). - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382). - kabi fixup struct nvmet_sq (bsc#1063349). - kABI: protect enum fs_flow_table_type (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - kABI: protect struct mlx5_priv (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - kABI: protect struct rm_data_op (kabi). - kABI: protect struct sdio_func (kabi). - libata: transport: Remove circular dependency at free time (bnc#1012382). - libceph: do not allow bidirectional swap of pg-upmap-items (bsc#1061451). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bnc#1012382). - md/raid10: submit bio directly to replacement disk (bnc#1012382). - mips: Ensure bss section ends on a long-aligned address (bnc#1012382). - mips: Fix minimum alignment requirement of IRQ stack (git-fixes). - mips: IRQ Stack: Unwind IRQ stack onto task stack (bnc#1012382). - mips: Lantiq: Fix another request_mem_region() return code check (bnc#1012382). - mips: ralink: Fix incorrect assignment on ralink_soc (bnc#1012382). - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - mm: avoid marking swap cached page as lazyfree (VM Functionality, bsc#1061775). - mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475). - mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975). - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382). - mm: discard memblock data later (bnc#1063460). - mm: fix data corruption caused by lazyfree page (VM Functionality, bsc#1061775). - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460). - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509). - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function (bnc#1063501). - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long (bnc#1063520). - net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382). - netfilter: invoke synchronize_rcu after set the _hook_ to NULL (bnc#1012382). - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max (bnc#1012382). - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx5: Check device capability for maximum flow counters (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Delay events till ib registration ends (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Check for qos capability in dcbnl_initialize (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Do not add/remove 802.1ad rules when changing 802.1Q VLAN filter (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix calculated checksum offloads counters (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix dangling page pointer on DMA mapping error (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix DCB_CAP_ATTR_DCBX capability for DCBNL getcap (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix inline header size for small packets (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Print netdev features correctly in error message (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: E-Switch, Unload the representors in the correct order (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix arm SRQ command for ISSI version 0 (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix command completion after timeout access invalid structure (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - net/mlx5: Fix counter list hardware structure (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Remove the flag MLX5_INTERFACE_STATE_SHUTDOWN (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mvpp2: fix the mac address used when using PPv2.2 (bsc#1032150). - net: mvpp2: use {get, put}_cpu() instead of smp_processor_id() (bsc#1032150). - net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382). - netvsc: Initialize 64-bit stats seqcount (fate#320485). - nvme: allow timed-out ios to retry (bsc#1063349). - nvme: fix sqhd reference when admin queue connect fails (bsc#1063349). - nvme: fix visibility of "uuid" ns attribute (bsc#1060400). - nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944). - nvme: stop aer posting if controller state not live (bsc#1063349). - nvmet: implement valid sqhd values in completions (bsc#1063349). - nvmet: synchronize sqhd update (bsc#1063349). - nvme: use device_add_disk_with_groups() (bsc#1060400). - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382). - partitions/efi: Fix integer overflow in GPT size calculation (FATE#322379 bnc#1012382 bsc#1020989). - perf: arm: acpi: remove cpu hotplug statemachine dependency (bsc#1062279). - perf: arm: platform: remove cpu hotplug statemachine dependency (bsc#1062279). - perf: arm: replace irq_get_percpu_devid_partition call (bsc#1062279). - perf: arm: temporary workaround for build errors (bsc#1062279). - perf: Convert to using %pOF instead of full_name (bsc#1062279). - powerpc: Fix unused function warning 'lmb_to_memblock' (FATE#322022). - powerpc/pseries: Add pseries hotplug workqueue (FATE#322022). - powerpc/pseries: Auto-online hotplugged memory (FATE#322022). - powerpc/pseries: Check memory device state before onlining/offlining (FATE#322022). - powerpc/pseries: Correct possible read beyond dlpar sysfs buffer (FATE#322022). - powerpc/pseries: Do not attempt to acquire drc during memory hot add for assigned lmbs (FATE#322022). - powerpc/pseries: Fix build break when MEMORY_HOTREMOVE=n (FATE#322022). - powerpc/pseries: fix memory leak in queue_hotplug_event() error path (FATE#322022). - powerpc/pseries: Implement indexed-count hotplug memory add (FATE#322022). - powerpc/pseries: Implement indexed-count hotplug memory remove (FATE#322022). - powerpc/pseries: Introduce memory hotplug READD operation (FATE#322022). - powerpc/pseries: Make the acquire/release of the drc for memory a seperate step (FATE#322022). - powerpc/pseries: Remove call to memblock_add() (FATE#322022). - powerpc/pseries: Revert 'Auto-online hotplugged memory' (FATE#322022). - powerpc/pseries: Use kernel hotplug queue for PowerVM hotplug events (FATE#322022). - powerpc/pseries: Use lmb_is_removable() to check removability (FATE#322022). - powerpc/pseries: Verify CPU does not exist before adding (FATE#322022). - rdma: Fix return value check for ib_get_eth_speed() (bsc#1056596). - rdma/qedr: Parse VLAN ID correctly and ignore the value of zero (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - rdma/qedr: Parse vlan priority as sl (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - rds: ib: add error handle (bnc#1012382). - rds: rdma: Fix the composite message user notification (bnc#1012382). - README.BRANCH: Add Michal and Johannes as co-maintainers. - Remove superfluous hunk in bigmem backport (bsc#1064436). Refresh patches.arch/powerpc-bigmem-16-mm-Add-addr_limit-to-mm_context-and-use-it-t.patch. - Revert "x86/acpi: Enable MADT APIs to return disabled apicids" (bnc#1056230). - Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" (bnc#1056230). - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060249, LTC#159112). - s390/qdio: avoid reschedule of outbound tasklet once killed (bnc#1060249, LTC#159885). - s390/topology: alternative topology for topology-less machines (bnc#1060249, LTC#159177). - s390/topology: always use s390 specific sched_domain_topology_level (bnc#1060249, LTC#159177). - s390/topology: enable / disable topology dynamically (bnc#1060249, LTC#159177). - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382). - scsi: fixup kernel warning during rmmod() (bsc#1052360). - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695). - scsi: lpfc: Ensure io aborts interlocked with the target (bsc#1056587). - scsi: qedi: off by one in qedi_get_cmd_from_tid() (bsc#1004527, FATE#321744). - scsi: qla2xxx: Fix uninitialized work element (bsc#1019675,FATE#321701). - scsi: scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890). - scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135). - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461). - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). This patch is originally part of a larger series which can't be easily backported to SLE-12. For a reasoning why we think it's safe to apply, see bsc#1060985, comment 20. - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - scsi: sg: do not return bogus Sg_requests (bsc#1064206). - scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206). - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382). - stm class: Fix a use-after-free (bnc#1012382). - supported.conf: enable dw_mmc-rockchip driver References: bsc#1064064 - team: call netdev_change_features out of team lock (bsc#1055567). - team: fix memory leaks (bnc#1012382). - ttpci: address stringop overflow warning (bnc#1012382). - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382). - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382). - usb: core: harden cdc_parse_cdc_header (bnc#1012382). - usb: devio: Do not corrupt user memory (bnc#1012382). - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382). - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382). - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382). - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382). - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382). - usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382). - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write (bnc#1012382). - usb: gadget: mass_storage: set msg_registered after msg registered (bnc#1012382). - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382). - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382). - usb: Increase quirk delay for USB devices (bnc#1012382). - usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382). - usb: plusb: Add support for PL-27A1 (bnc#1012382). - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382). - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction (bnc#1012382). - usb: serial: mos7720: fix control-message error handling (bnc#1012382). - usb: serial: mos7840: fix control-message error handling (bnc#1012382). - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382). - usb: uas: fix bug in handling of alternate settings (bnc#1012382). - uwb: ensure that endpoint is interrupt (bnc#1012382). - uwb: properly check kthread_run return value (bnc#1012382). - x86/acpi: Restore the order of CPU IDs (bnc#1056230). - x86/cpu: Remove unused and undefined __generic_processor_info() declaration (bnc#1056230). - x86 edac, sb_edac.c: Take account of channel hashing when needed (bsc#1061721). - x86/mshyperv: Remove excess #includes from mshyperv.h (fate#320485). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: remove kmem_zalloc_greedy (bnc#1012382). - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382). Important SUSE bug 1004527 SUSE bug 1012382 SUSE bug 1015342 SUSE bug 1015343 SUSE bug 1019675 SUSE bug 1019680 SUSE bug 1019695 SUSE bug 1019699 SUSE bug 1020412 SUSE bug 1020989 SUSE bug 1022595 SUSE bug 1022604 SUSE bug 1022912 SUSE bug 1024346 SUSE bug 1024373 SUSE bug 1025461 SUSE bug 1032150 SUSE bug 1034075 SUSE bug 1037579 SUSE bug 1037890 SUSE bug 1050471 SUSE bug 1052360 SUSE bug 1055567 SUSE bug 1056230 SUSE bug 1056427 SUSE bug 1056587 SUSE bug 1056596 SUSE bug 1058135 SUSE bug 1059863 SUSE bug 1060249 SUSE bug 1060400 SUSE bug 1060985 SUSE bug 1061451 SUSE bug 1061721 SUSE bug 1061775 SUSE bug 1062279 SUSE bug 1062520 SUSE bug 1062962 SUSE bug 1063102 SUSE bug 1063349 SUSE bug 1063460 SUSE bug 1063475 SUSE bug 1063501 SUSE bug 1063509 SUSE bug 1063520 SUSE bug 1063570 SUSE bug 1063667 SUSE bug 1063695 SUSE bug 1064064 SUSE bug 1064206 SUSE bug 1064388 SUSE bug 1064436 SUSE bug 963575 SUSE bug 964944 SUSE bug 966170 SUSE bug 966172 SUSE bug 966186 SUSE bug 966191 SUSE bug 966316 SUSE bug 966318 SUSE bug 969476 SUSE bug 969477 SUSE bug 971975 CVE-2017-13080 CVE-2017-15265 CVE-2017-15649 openSUSE Leap 42.3 This update for mysql-community-server to 5.6.38 fixes the following issues: Full list of changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html CVEs fixed: - [boo#1064116] CVE-2017-10379 - [boo#1064117] CVE-2017-10384 - [boo#1064115] CVE-2017-10378 - [boo#1064101] CVE-2017-10268 - [boo#1064096] CVE-2017-10155 - [boo#1064118] CVE-2017-3731 - [boo#1064102] CVE-2017-10276 - [boo#1064105] CVE-2017-10283 - [boo#1064112] CVE-2017-10314 - [boo#1064100] CVE-2017-10227 - [boo#1064104] CVE-2017-10279 - [boo#1064108] CVE-2017-10294 - [boo#1064107] CVE-2017-10286 Additional changes: - add "BuildRequires: unixODBC-devel" to allow ODBC support for Connect engine [boo#1039034] - update filename in /var/adm/update-messages to match documentation, and build-compare pattern - some scripts from the tools subpackage, namely: wsrep_sst_xtrabackup, wsrep_sst_mariabackup.sh and wsrep_sst_xtrabackup-v2.sh need socat - fixed incorrect descriptions and mismatching RPM groups Important SUSE bug 1039034 SUSE bug 1064096 SUSE bug 1064100 SUSE bug 1064101 SUSE bug 1064102 SUSE bug 1064104 SUSE bug 1064105 SUSE bug 1064107 SUSE bug 1064108 SUSE bug 1064112 SUSE bug 1064115 SUSE bug 1064116 SUSE bug 1064117 SUSE bug 1064118 SUSE bug 1064119 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-3731 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: * CVE-2017-13775: Fixed a denial of service issue in ReadJNXImage() in coders/jnx.c (boo#1056431) * CVE-2017-13063: Fixed a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c (bsc#1055050) * CVE-2017-13064: Fixed a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c (bsc#1055042) * CVE-2017-12936: The ReadWMFImage function in coders/wmf.c in GraphicsMagick had a use-after-free issue for data associated with exception reporting. (bsc#1054598) * CVE-2017-13139: The ReadOneMNGImage function in coders/png.c had an out-of-bounds read with the MNG CLIP chunk. (bsc#1055430) * CVE-2017-12937: The ReadSUNImage function in coders/sun.c in GraphicsMagick had a colormap heap-based buffer over-read. (bsc#1054596) Moderate SUSE bug 1054596 SUSE bug 1054598 SUSE bug 1055042 SUSE bug 1055050 SUSE bug 1055430 SUSE bug 1056431 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13139 CVE-2017-13775 openSUSE Leap 42.3 This update for curl fixes the following issues: Security issues fixed: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) - CVE-2017-1000257: IMAP FETCH response out of bounds read (bsc#1063824) Bugs fixed: - Fixed error "error:1408F10B:SSL routines" when connecting to ftps via proxy (bsc#1060653) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1060653 SUSE bug 1061876 SUSE bug 1063824 CVE-2017-1000254 CVE-2017-1000257 openSUSE Leap 42.3 This update for hostapd fixes the following issues: - Fix KRACK attacks on the AP side (boo#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): Hostap was updated to upstream release 2.6 * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) * fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476) * extended channel switch support for VHT bandwidth changes * added support for configuring new ANQP-elements with anqp_elem=<InfoID>:<hexdump of payload> * fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response frame sending for not-associated STAs if max_num_sta limit has been reached * added option (-S as command line argument) to request all interfaces to be started at the same time * modified rts_threshold and fragm_threshold configuration parameters to allow -1 to be used to disable RTS/fragmentation * EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) * fixed EAPOL reauthentication after FT protocol run * fixed FTIE generation for 4-way handshake after FT protocol run * fixed and improved various FST operations * TLS server - support SHA384 and SHA512 hashes - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) * added support for OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 * EAP-PEAP: support fast-connect crypto binding * RADIUS - fix Called-Station-Id to not escape SSID - add Event-Timestamp to all Accounting-Request packets - add Acct-Session-Id to Accounting-On/Off - add Acct-Multi-Session-Id ton Access-Request packets - add Service-Type (= Frames) - allow server to provide PSK instead of passphrase for WPA-PSK Tunnel_password case - update full message for interim accounting updates - add Acct-Delay-Time into Accounting messages - add require_message_authenticator configuration option to require CoA/Disconnect-Request packets to be authenticated * started to postpone WNM-Notification frame sending by 100 ms so that the STA has some more time to configure the key before this frame is received after the 4-way handshake * VHT: added interoperability workaround for 80+80 and 160 MHz channels * extended VLAN support (per-STA vif, etc.) * fixed PMKID derivation with SAE * nl80211 - added support for full station state operations - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames * added initial MBO support; number of extensions to WNM BSS Transition Management * added initial functionality for location related operations * added assocresp_elements parameter to allow vendor specific elements to be added into (Re)Association Response frames * improved Public Action frame addressing - use Address 3 = wildcard BSSID in GAS response if a query from an unassociated STA used that address - fix TX status processing for Address 3 = wildcard BSSID - add gas_address3 configuration parameter to control Address 3 behavior * added command line parameter -i to override interface parameter in hostapd.conf * added command completion support to hostapd_cli * added passive client taxonomy determination (CONFIG_TAXONOMY=y compile option and "SIGNATURE <addr>" control interface command) * number of small fixes hostapd was updated to upstream release 2.5 * (CVE-2015-1863) is fixed in upstream release 2.5 * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141 boo#930077) * fixed WMM Action frame parser [http://w1.fi/security/2015-3/] (CVE-2015-4142 boo#930078) * fixed EAP-pwd server missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, boo#930079) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] * nl80211: - fixed vendor command handling to check OUI properly * fixed hlr_auc_gw build with OpenSSL * hlr_auc_gw: allow Milenage RES length to be reduced * disable HT for a station that does not support WMM/QoS * added support for hashed password (NtHash) in EAP-pwd server * fixed and extended dynamic VLAN cases * added EAP-EKE server support for deriving Session-Id * set Acct-Session-Id to a random value to make it more likely to be unique even if the device does not have a proper clock * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * increases maximum value accepted for cwmin/cwmax * added support for CCMP-256 and GCMP-256 as group ciphers with FT * added Fast Session Transfer (FST) module * removed optional fields from RSNE when using FT with PMF (workaround for interoperability issues with iOS 8.4) * added EAP server support for TLS session resumption * fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version) * added mechanism to track unconnected stations and do minimal band steering * number of small fixes Important SUSE bug 1063479 SUSE bug 930077 SUSE bug 930078 SUSE bug 930079 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-5314 CVE-2016-4476 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 openSUSE Leap 42.3 This update for openvpn fixes the following issues: - CVE-2017-12166: Lack of bound check in read_key in old legacy key handling before using values could be used for a remote buffer overflow (bsc#1060877). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1060877 CVE-2017-12166 openSUSE Leap 42.3 This update for tcpdump to version 4.9.2 fixes several issues. These security issues were fixed: - CVE-2017-11108: Prevent remote attackers to cause DoS (heap-based buffer over-read and application crash) via crafted packet data. The crash occured in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol (bsc#1047873, bsc#1057247). - CVE-2017-11543: Prevent buffer overflow in the sliplink_print function in print-sl.c that allowed remote DoS (bsc#1057247). - CVE-2017-13011: Prevent buffer overflow in bittok2str_internal() that allowed remote DoS (bsc#1057247) - CVE-2017-12989: Prevent infinite loop in the RESP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12990: Prevent infinite loop in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12995: Prevent infinite loop in the DNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12997: Prevent infinite loop in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-11541: Prevent heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c that allowed remote DoS (bsc#1057247). - CVE-2017-11542: Prevent heap-based buffer over-read in the pimv1_print function in print-pim.c that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12894: Prevent buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12895: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12896: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12898: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12899: Prevent buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12900: Prevent buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12901: Prevent buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12902: Prevent buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247) - CVE-2017-12985: Prevent buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12986: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - CVE-2017-12987: Prevent buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12988: Prevent buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12991: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12992: Prevent buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247) - CVE-2017-12993: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-12994: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12996: Prevent buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12998: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12999: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13000: Prevent buffer over-read in the IEEE 802.15.4 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13001: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13002: Prevent buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247) - CVE-2017-13003: Prevent buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13004: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-13005: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13006: Prevent buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13007: Prevent buffer over-read in the Apple PKTAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13008: Prevent buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13009: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13010: Prevent buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13012: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13013: Prevent buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13014: Prevent buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13015: Prevent buffer over-read in the EAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13016: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13017: Prevent buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13018: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13019: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13020: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13021: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13022: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13023: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13024: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13025: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13026: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13027: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13028: Prevent buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13029: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13030: Prevent buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13031: Prevent buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247) - CVE-2017-13032: Prevent buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13033: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13034: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13035: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13036: Prevent buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13037: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13038: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13039: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13040: Prevent buffer over-read in the MPTCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13041: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13042: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13043: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13044: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13045: Prevent buffer over-read in the VQP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13046: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13047: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13048: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13049: Prevent buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13050: Prevent buffer over-read in the RPKI-Router parser that allowed remote DoS (bsc#1057247) - CVE-2017-13051: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13052: Prevent buffer over-read in the CFM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13053: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13054: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13055: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13687: Prevent buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247) - CVE-2017-13688: Prevent buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247) - CVE-2017-13689: Prevent buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13690: Prevent buffer over-read in the IKEv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13725: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - Prevent segmentation fault in ESP decoder with OpenSSL 1.1 (bsc#1057247) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047873 SUSE bug 1057247 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 openSUSE Leap 42.3 This update for wget fixes the following security issues: - CVE-2017-13089,CVE-2017-13090: Missing checks for negative remaining_chunk_size in skip_short_body and fd_read_body could cause stack buffer overflows, which could have been exploited by malicious servers. (bsc#1064715,bsc#1064716) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1064715 SUSE bug 1064716 CVE-2017-13089 CVE-2017-13090 openSUSE Leap 42.3 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2017-1000256: Ensure TLS clients always verify the server certificate in the serial/TLS support. (bsc#1062563) Non security issue fixed: - libvirt-daemon-qemu requires libvirt-daemon-driver-storage (bsc#1062620) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1062563 SUSE bug 1062620 CVE-2017-1000256 openSUSE Leap 42.3 This update for SDL2 fixes the following issues: - CVE-2017-2888: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. (bsc#1062784) Moderate SUSE bug 1062784 CVE-2017-2888 openSUSE Leap 42.3 This update for libjpeg-turbo to version 1.5.2 fixes the following issues: * CVE-2017-15232: NULL pointer dereference in jdpostct.c and jquant1.c (boo#1062937) This compatible version update contains the following improvements: * Improved and updated upsampling support and sampling factors * Memory handling correctness fixes * Improved robustness when decoding images This version is a dependency of Chromium 62. Moderate SUSE bug 1062937 CVE-2017-15232 openSUSE Leap 42.3 This update to Chromium 62.0.3202.75 fixes the following security issues: - CVE-2017-5124: UXSS with MHTML - CVE-2017-5125: Heap overflow in Skia - CVE-2017-5126: Use after free in PDFium - CVE-2017-5127: Use after free in PDFium - CVE-2017-5128: Heap overflow in WebGL - CVE-2017-5129: Use after free in WebAudio - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2 - CVE-2017-5131: Out of bounds write in Skia - CVE-2017-5133: Out of bounds write in Skia - CVE-2017-15386: UI spoofing in Blink - CVE-2017-15387: Content security bypass - CVE-2017-15388: Out of bounds read in Skia - CVE-2017-15389: URL spoofing in OmniBox - CVE-2017-15390: URL spoofing in OmniBox - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration - CVE-2017-15393: Referrer leak in Devtools - CVE-2017-15394: URL spoofing in extensions UI - CVE-2017-15395: Null pointer dereference in ImageCapture - CVE-2017-15396: Stack overflow in V8 Important SUSE bug 1064066 SUSE bug 1065405 CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-15396 CVE-2017-5124 CVE-2017-5125 CVE-2017-5126 CVE-2017-5127 CVE-2017-5128 CVE-2017-5129 CVE-2017-5130 CVE-2017-5131 CVE-2017-5132 CVE-2017-5133 openSUSE Leap 42.3 This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. [bnc#1039513] Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdseed code generation issue [bsc#1050947] Bugs fixed: - Enable LFS support in 32bit libgcov.a. [bsc#1044016] - Bump libffi version in libffi.pc to 3.0.11. - Fix libffi issue for armv7l. [bsc#988274] - Properly diagnose missing -fsanitize=address support on ppc64le. [bnc#1028744] - Backport patch for PR65612. [bnc#1022062] - Fixed DR#1288. [bnc#1011348] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1011348 SUSE bug 1022062 SUSE bug 1028744 SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1050947 SUSE bug 988274 CVE-2017-11671 openSUSE Leap 42.3 This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. This update was imported from the SUSE:SLE-12:Update and SUSE:SLE-12-SP3:Update update projects. Moderate SUSE bug 1064127 CVE-2017-15638 openSUSE Leap 42.3 This update for libwpd fixes the following issues: Security issue fixed: - CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. (bnc#1058025) Bugfixes: - Fix various crashes, leaks and hangs when reading damaged files found by oss-fuzz. - Fix crash when NULL is passed as input stream. - Use symbol visibility on Linux. The library only exports public functions now. - Avoid infinite loop. (libwpd#3) - Remove bashism. (libwpd#5) - Fix various crashes and hangs when reading broken files found with the help of american-fuzzy-lop. - Make --help output of all command line tools more help2man-friendly. - Miscellaneous fixes and cleanups. - Generate manpages for the libwpd-tools This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1058025 CVE-2017-14226 openSUSE Leap 42.3 This update for qemu to version 2.9.1 fixes several issues. It also announces that the qed storage format will be no longer supported in Leap 15.0. These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942) - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378) - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) - CVE-2017-13711: Use-after-free vulnerability allowed attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets (bsc#1056291). These non-security issues were fixed: - Fixed not being able to build from rpm sources due to undefined macro (bsc#1057966) - Fiedx package build failure against new glibc (bsc#1055587) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1054724 SUSE bug 1055587 SUSE bug 1056291 SUSE bug 1056334 SUSE bug 1057378 SUSE bug 1057585 SUSE bug 1057966 SUSE bug 1062069 SUSE bug 1062942 SUSE bug 1063122 CVE-2017-10911 CVE-2017-12809 CVE-2017-13672 CVE-2017-13711 CVE-2017-14167 CVE-2017-15038 CVE-2017-15268 CVE-2017-15289 openSUSE Leap 42.3 This update for libsass fixes the following DoS vulnerabilities: - CVE-2017-11554: Stack consumption vulnerability allowed remote DoS via crafted input (1050148) - CVE-2017-11555: Illegal address access in Eval::operator allowed remote DoS via crafted input (boo#1050149) - CVE-2017-11556: Stack consumption vulnerability allowed remote DoS via crafted input (boo#1050150) - CVE-2017-11605: Heap based buffer over-read allowed remote DoS via crafted input (boo#1050151) - CVE-2017-11608: Heap-based buffer over-read allowed remote DoS via crafted input (boo#1050380) Moderate SUSE bug 1050148 SUSE bug 1050149 SUSE bug 1050150 SUSE bug 1050151 SUSE bug 1050380 CVE-2017-11554 CVE-2017-11555 CVE-2017-11556 CVE-2017-11605 CVE-2017-11608 openSUSE Leap 42.3 This update for sssd provides the following fixes: Security issues fixed: - CVE-2017-12173: Fixed unsanitized input when searching in local cache database (bsc#1061832). Non security issues fixed: - Fixed a segfault issue in ldap_rfc_2307_fallback_to_local_users. (bsc#1055123) - Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. (bsc#1039567) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1039567 SUSE bug 1055123 SUSE bug 1061832 CVE-2017-12173 openSUSE Leap 42.3 This update for Chromium to version 62.0.3202.89 fixes the following vulnerabilities (boo#1066851): - CVE-2017-15398: Stack buffer overflow in QUIC - CVE-2017-15399: Use after free in V8 Important SUSE bug 1066851 CVE-2017-15398 CVE-2017-15399 openSUSE Leap 42.3 This update for redis to version 4.0.2 fixes the following issues: - CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability (boo#1002351) The following upstream changes are included: - SLOWLOG now logs the offending client name and address - The modules native data types RDB format changed. - The AOF check utility is now able to deal with RDB preambles. - GEORADIUS_RO and GEORADIUSBYMEMBER_RO variants, not supporting the STORE option, were added in order to allow read-only scaling of such queries. - HSET is now variadic, and HMSET is considered deprecated - GEORADIUS huge radius (>= ~6000 km) corner cases fixed - HyperLogLog commands no longer crash on certain input (non HLL) strings. - Fixed SLAVEOF inside MULTI/EXEC blocks. - TCP binding bug fixed when only certain addresses were available for a given por - MIGRATE could crash the server after a socket error Moderate SUSE bug 1064980 CVE-2016-10517 openSUSE Leap 42.3 This update for ansible to version 2.4.1.0 fixes the following vulnerabilities: - CVE-2017-7481: Security issue with lookup return not tainting the jinja2 environment (bsc#1038785) - CVE-2016-9587: host to controller command execution vulnerability (bsc#1019021) - CVE-2016-8628: Command injection by compromised server via fact variables (bsc#1008037) - CVE-2016-8614: Improper verification of key fingerprints in apt_key module (bsc#1008038) - CVE-2017-7550: jenkins_plugin module may have exposed passwords in remote host logs (bsc#1065872) This update also contains a number of upstream bug fixes and improvements. Moderate SUSE bug 1008037 SUSE bug 1008038 SUSE bug 1019021 SUSE bug 1038785 SUSE bug 1065872 CVE-2016-8614 CVE-2016-8628 CVE-2016-9587 CVE-2017-7481 CVE-2017-7550 openSUSE Leap 42.3 This update for shadow fixes several issues. This security issue was fixed: - CVE-2017-12424: The newusers tool could have been forced to manipulate internal data structures in ways unintended by the authors. Malformed input may have lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors (bsc#1052261). These non-security issues were fixed: - bsc#1023895: Fixed man page to not contain invalid options and also prevent warnings when using these options in certain settings - bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2 This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1023895 SUSE bug 1052261 SUSE bug 980486 CVE-2017-12424 openSUSE Leap 42.3 This update for krb5 fixes the following securitz issue? - CVE-2017-15088: A buffer overflow in get_matching_data() was fixed that could under specific circumstances be used to execute code (bsc#1065274) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1065274 CVE-2017-15088 openSUSE Leap 42.3 This update for virtualbox fixes the following issues: - CVE-2017-10392: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10407: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10408: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10428: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and partially deny service The following packaging changes are included: - Further to usage of vboxdrv if virtualbox-qt is not installed: updates to vboxdrv.sh (boo#1060072) - The virtualbox package no longer requires libX11, an library module files were moved to virtualbox-qt This update also contains all upstream improvements in the 5.1.30 release, including: - Fix for double mouse cursor when using mouse integration without Guest Additions. - Translation updates Moderate SUSE bug 1060072 SUSE bug 1064200 SUSE bug 1066488 CVE-2017-10392 CVE-2017-10407 CVE-2017-10408 CVE-2017-10428 openSUSE Leap 42.3 This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed: - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469). - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1045460) - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749). - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted web site (bsc#1024749) - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that used HTTP redirects (bsc#1020950) - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site (bsc#1020950) - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a web site (bsc#1020950) - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted web site (bsc#1020950) For other non-security fixes please check the changelog. This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1020950 SUSE bug 1024749 SUSE bug 1045460 SUSE bug 1050469 CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 openSUSE Leap 42.3 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed: - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes: - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1032647 SUSE bug 1052009 SUSE bug 1064069 SUSE bug 1064070 SUSE bug 1064071 SUSE bug 1064072 SUSE bug 1064073 SUSE bug 1064075 SUSE bug 1064077 SUSE bug 1064078 SUSE bug 1064079 SUSE bug 1064080 SUSE bug 1064081 SUSE bug 1064082 SUSE bug 1064083 SUSE bug 1064084 SUSE bug 1064085 SUSE bug 1064086 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873] * CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379) * CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545) * CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249) * CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253) * CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135) * CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219) * CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430) This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924]. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1049379 SUSE bug 1050135 SUSE bug 1052249 SUSE bug 1052253 SUSE bug 1052545 SUSE bug 1054924 SUSE bug 1055219 SUSE bug 1055430 SUSE bug 1061873 CVE-2016-7530 CVE-2017-11446 CVE-2017-11534 CVE-2017-12428 CVE-2017-12431 CVE-2017-12433 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 openSUSE Leap 42.3 This update for shadowsocks-libev fixes the following issues: Security issue fixed: - CVE-2017-15924: In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. (boo#1065619) Moderate SUSE bug 1065619 CVE-2017-15924 openSUSE Leap 42.3 This update for mongodb 3.4.10 fixes the following issues: Security issues fixed: - CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. (boo#1065956) Bug fixes: - See release-notes for 3.4.4 - 3.4.10 changes. * https://docs.mongodb.com/manual/release-notes/3.4-changelog/ Moderate SUSE bug 1065956 CVE-2017-15535 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following security issues: - CVE-2017-13776: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056429) - CVE-2017-13777: denial of service issue in ReadXBMImage() in a coders/xbm.c (bsc#1056426) - CVE-2017-13134: heap-based buffer over-read allowing DoS via crafted sfw files (bsc#1055214) - CVE-2017-15930: Specially crafted JPEG files could lead to a Null Pointer dereference and DoS (bsc#1066003) - CVE-2017-14165: Memory allocation issue may allow DoS through specially crafted files (bsc#1057508) - CVE-2017-12983: Heap-based buffer overflow could have triggered an application crash or possibly have unspecified other impact via a crafted file. (bnc#1054757) Moderate SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056426 SUSE bug 1056429 SUSE bug 1057508 SUSE bug 1066003 CVE-2017-12983 CVE-2017-13134 CVE-2017-13776 CVE-2017-13777 CVE-2017-14165 CVE-2017-15930 openSUSE Leap 42.3 This update for snack fixes the following issues: Security issue fixed: - CVE-2012-6303: Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file. (bnc#793860) Important SUSE bug 793860 CVE-2012-6303 openSUSE Leap 42.3 MozillaFirefox was updated to 52.5.0esr (boo#1068101) MFSA 2017-25 * CVE-2017-7828: Fixed a use-after-free of PressShell while restyling layout * CVE-2017-7830: Cross-origin URL information leak through Resource Timing API * CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 Also fixed: - Correct plugin directory for aarch64 (boo#1061207). The wrapper script was not detecting aarch64 as a 64 bit architecture, thus used /usr/lib/browser-plugins/. Important SUSE bug 1061207 SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 openSUSE Leap 42.3 This update for cacti, cacti-spine to version 1.1.28 fixes the following issues: - CVE-2017-16641: Potential code execution vulnerability in RRDtool functions (boo#1067166) - CVE-2017-16660: Remote execution vulnerability in logging function (boo#1067164) - CVE-2017-16661: Arbitrary file read vulnerability in view log file (boo#1067163) - CVE-2017-16785: Reflection XSS vulnerability (boo#1068028) This update to version 1.1.28 also contains a number of upstream bug fixes and improvements. Important SUSE bug 1067163 SUSE bug 1067164 SUSE bug 1067166 SUSE bug 1068028 CVE-2017-16641 CVE-2017-16660 CVE-2017-16661 CVE-2017-16785 openSUSE Leap 42.3 This update for otrs fixes the following security issues: - CVE-2017-15864: Remote authenticated attackers could have caused otrs to disclose configuration information, including database credentials (boo#1068677, OSA-2017-06) - CVE-2017-16664: Remote authenticated attackers could have caused the execution of shell commands with the permission of the web server user (boo#1069391, OSA-2017-07) Important SUSE bug 1068677 SUSE bug 1069391 CVE-2017-15864 CVE-2017-16664 openSUSE Leap 42.3 The GNU file utility was updated to version 5.22. Security issues fixed: - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 * add indirect relative for TIFF/Exif * restructure elf note printing to avoid repeated messages * add note limit, suggested by Alexander Cherepanov * Bail out on partial pread()'s (Alexander Cherepanov) * Fix incorrect bounds check in file_printable (Alexander Cherepanov) * PR/405: ignore SIGPIPE from uncompress programs * change printable -> file_printable and use it in more places for safety * in ELF, instead of "(uses dynamic libraries)" when PT_INTERP is present print the interpreter name. Version update to file version 5.21 * there was an incorrect free in magic_load_buffers() * there was an out of bounds read for some pascal strings * there was a memory leak in magic lists * don't interpret strings printed from files using the current locale, convert them to ascii format first. * there was an out of bounds read in elf note reads Update to file version 5.20 * recognize encrypted CDF documents * add magic_load_buffers from Brooks Davis * add thumbs.db support Additional non-security bug fixes: * Fixed a memory corruption during rpmbuild (bsc#1063269) * Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) * file command throws "Composite Document File V2 Document, corrupt: Can't read SSAT" error against excel 97/2003 file format. (bsc#1009966) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1009966 SUSE bug 1063269 SUSE bug 910252 SUSE bug 910253 SUSE bug 913650 SUSE bug 913651 SUSE bug 917152 SUSE bug 996511 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 openSUSE Leap 42.3 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910). - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352) - CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554) Non security bugs fixed: - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1019016 SUSE bug 1042910 SUSE bug 1053352 SUSE bug 1059554 SUSE bug 977410 CVE-2017-12617 CVE-2017-5664 CVE-2017-7674 openSUSE Leap 42.3 This update for mupdf fixes the following issues: Security issues fixed: - CVE-2017-7976: integer overflow (jbig2_image_compose function in jbig2_image.c) during operations on a crafted .jb2 file (boo#1052029). - CVE-2016-10221: count_entries in pdf-layer.c allows for DoS (boo#1032140). - CVE-2016-8728: Fitz library font glyph scaling Code Execution Vulnerability (boo#1039850). Bug fixes: - Update to version 1.11 * This is primarily a bug fix release. * PDF portfolio support with command line tool "mutool portfolio". * Add callbacks to load fallback fonts from the system. * Use system fonts in Android to reduce install size. * Flag to disable publisher styles in EPUB layout. * Improved SVG output. - Add reproducible.patch to sort input files to make build reproducible (boo#1041090) - mupdf is not a terminal app (boo#1036637) Moderate SUSE bug 1032140 SUSE bug 1036637 SUSE bug 1039850 SUSE bug 1041090 SUSE bug 1052029 CVE-2016-10221 CVE-2016-8728 CVE-2016-8729 CVE-2017-7976 openSUSE Leap 42.3 This update for perl fixes the following issues: Security issues fixed: - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. (bnc#1057724) - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. (bnc#1057721) - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - backport set_capture_string changes from upstream (bsc#999735) - reformat baselibs.conf as source validator workaround This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047178 SUSE bug 1057721 SUSE bug 1057724 SUSE bug 999735 CVE-2017-12837 CVE-2017-12883 CVE-2017-6512 openSUSE Leap 42.3 This update for konversation fixes the following issues: Security issue fixed: - CVE-2017-15923: Fixed a crash in parsing IRC color formatting codes (boo#1068097). Bug fixes: - Update to version 1.7.4: * Fixed a bug causing the size of a custom chat text view font set via the configuration dialog to be ignored. A font size modification done via the Enlarge/Decrease Font Size actions is now applied on top of the configured size (or the system default font size, respectively). - Update to 1.7.3: * Added a copy action to the context menu of nicknames in the chat text view. * Re-enabled channel mode buttons. * Reduced emission of Unicode directional control characters in the chat text view. Unnecessary control characters could sometimes cause problems with copying text from Konversation and pasting it into terminal applications, confusing them. * Fixed handling of nick and channel prefix characters potentially using the same set of symbols. * Removed redundant escaping of angle brackets in GECOS ("realname") field. * The nickname combobox will no longer change the nickname to the current value whenvever it loses focus. * Fixed color scheme handling in the treelist version on the tab bar, fixing an issue where the background and text color of the selected item would sometimes be the same, rendering the item unreadable. * Fixed handling of IRC URLs for channels starting with more than one #, addressing a percent-encoding problem with bookmarks of them. * Fixed custom chat text view font family reverting to system default font family upon using the increase/decrease font size actions. * Fixed chat text view font size adjusted via the increase/decrease font size actions reverting to configuration default when OK'ing the config dialog. * Fixed incorrect checkbox states in the Channel Invite dialog. * Fixed a crash in IRC v3 extended-join parsing. * Fixed a crash in parsing IRC color formatting codes. * Fixed a minor memory leak in the Join Channel dialog code. * Removed unnecessary nickname list debug message sent as warning. - Trim description from redundant phrasing, and ensure neutrality. Moderate SUSE bug 1068097 CVE-2017-15923 openSUSE Leap 42.3 This update for tnef fixes the following issues: Security issue fixed: - CVE-2017-8911: Fix underflow problem (boo#1038837). Bug fixes: - Update to version 1.4.15: * Use __builtin_mul_overflow when available. * Fixing Unicode related bugs introduced in previous release. * Prevent against various cases of null derefences, buffer overshooting, and fix some integer overflows. Moderate SUSE bug 1038837 CVE-2017-8911 openSUSE Leap 42.3 This update for tboot fixes the following issues: Security issues fixed: - CVE-2017-16837: Fix tbootfailed to validate a number of immutable function pointers, which could allow an attacker to bypass the chain of trust and execute arbitrary code (boo#1068390). - Make tboot package compatible with OpenSSL 1.1.0 for SLE-15 support (boo#1067229). Bug fixes: - Update to new upstream version. See release notes for details (1.9.6; 1.9.5, FATE#321510; 1.9.4, FATE#320665; 1.8.3, FATE#318542): * https://sourceforge.net/p/tboot/code/ci/default/tree/CHANGELOG - Fix some gcc7 warnings that lead to errors. (boo#1041264) - Fix wrong pvops kernel config matching (boo#981948) - Fix a excessive stack usage pattern that could lead to resets/crashes (boo#967441) - fixes a boot issue on Skylake (boo#964408) - Trim filler words from description; use modern macros over shell vars. - Add reproducible.patch to call gzip -n to make build fully reproducible. Important SUSE bug 1041264 SUSE bug 1067229 SUSE bug 1068390 SUSE bug 964408 SUSE bug 967441 SUSE bug 981948 CVE-2017-16837 openSUSE Leap 42.3 This update for backintime fixes the following issues: Security issue fixed: - CVE-2017-16667: Fixed shell injection in notify-send (boo#1067342). Moderate SUSE bug 1067342 CVE-2017-16667 openSUSE Leap 42.3 This update for Mozilla Thunderbird fixes the following issues: Security issues fixed in 52.5.0 ESR as advised in MFSA 2017-26 (boo#1068101): - CVE-2017-7828: Use-after-free of PressShell while restyling layout - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API - CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 The following bug fixes and improvements are included: - Better support for Charter/Spectrum IMAP - No longer mark other messages as read in search folders spanning multiple base folders - IMAP alerts have been corrected and now show the correct server name in case of connection problems - POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found Moderate SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 openSUSE Leap 42.3 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file (bsc#1058624). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). - CVE-2017-12150: Some code path don't enforce smb signing when they should (bsc#1058565). Bug fixes: - Samba was updated to 4.6.9 (bsc#1065066) see release notes for details. * https://www.samba.org/samba/history/samba-4.6.9.html This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1058565 SUSE bug 1058622 SUSE bug 1058624 SUSE bug 1060427 SUSE bug 1063008 SUSE bug 1065066 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 CVE-2017-14746 CVE-2017-15275 openSUSE Leap 42.3 This update for kernel-firmware fixes the following issues: - Update Intel WiFi firmwares for the 3160, 7260 and 7265 adapters. Security issues fixed are part of the "KRACK" attacks affecting the firmware: - CVE-2017-13080: The reinstallation of the Group Temporal key could be used for replay attacks (bsc#1066295): - CVE-2017-13081: The reinstallation of the Integrity Group Temporal key could be used for replay attacks (bsc#1066295): This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1066295 CVE-2017-13080 CVE-2017-13081 openSUSE Leap 42.3 This update for optipng fixes the following issues: Security issue fixed: - CVE-2017-1000229: Fix integer overflow bug in function minitiff_read_info() allows an attacker to remotely execute code or cause denial of service (boo#1068720). - CVE-2017-16938: Fix a global buffer overflow that allows attackers to cause DoS via a maliciously crafted GIF file (bsc#1069774). Moderate SUSE bug 1068720 SUSE bug 1069774 CVE-2017-1000229 CVE-2017-16938 openSUSE Leap 42.3 This update for xen to version 4.9.1 (bsc#1027519) fixes several issues. This new feature was added: - Support migration of HVM domains larger than 1 TB These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). This non-security issue was fixed: - bsc#1055047: Fixed --initrd-inject option in virt-install This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1055047 SUSE bug 1061075 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-15289 CVE-2017-15597 openSUSE Leap 42.3 This update for libressl fixes the following issues: - an out-of-bounds read in the DES code may have led to an application crash (boo#1065363) Low SUSE bug 1065363 openSUSE Leap 42.3 This update for openssl fixes the following issues: Security issues fixed: - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1055825 SUSE bug 1056058 SUSE bug 1065363 SUSE bug 1066242 CVE-2017-3735 CVE-2017-3736 openSUSE Leap 42.3 GNU binutil was updated to the 2.29.1 release, bringing various new features, fixing a lot of bugs and security issues. Following security issues are being addressed by this release: * 18750 bsc#1030296 CVE-2014-9939 * 20891 bsc#1030585 CVE-2017-7225 * 20892 bsc#1030588 CVE-2017-7224 * 20898 bsc#1030589 CVE-2017-7223 * 20905 bsc#1030584 CVE-2017-7226 * 20908 bsc#1031644 CVE-2017-7299 * 20909 bsc#1031656 CVE-2017-7300 * 20921 bsc#1031595 CVE-2017-7302 * 20922 bsc#1031593 CVE-2017-7303 * 20924 bsc#1031638 CVE-2017-7301 * 20931 bsc#1031590 CVE-2017-7304 * 21135 bsc#1030298 CVE-2017-7209 * 21137 bsc#1029909 CVE-2017-6965 * 21139 bsc#1029908 CVE-2017-6966 * 21156 bsc#1029907 CVE-2017-6969 * 21157 bsc#1030297 CVE-2017-7210 * 21409 bsc#1037052 CVE-2017-8392 * 21412 bsc#1037057 CVE-2017-8393 * 21414 bsc#1037061 CVE-2017-8394 * 21432 bsc#1037066 CVE-2017-8396 * 21440 bsc#1037273 CVE-2017-8421 * 21580 bsc#1044891 CVE-2017-9746 * 21581 bsc#1044897 CVE-2017-9747 * 21582 bsc#1044901 CVE-2017-9748 * 21587 bsc#1044909 CVE-2017-9750 * 21594 bsc#1044925 CVE-2017-9755 * 21595 bsc#1044927 CVE-2017-9756 * 21787 bsc#1052518 CVE-2017-12448 * 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 * 21933 bsc#1053347 CVE-2017-12799 * 21990 bsc#1058480 CVE-2017-14333 * 22018 bsc#1056312 CVE-2017-13757 * 22047 bsc#1057144 CVE-2017-14129 * 22058 bsc#1057149 CVE-2017-14130 * 22059 bsc#1057139 CVE-2017-14128 * 22113 bsc#1059050 CVE-2017-14529 * 22148 bsc#1060599 CVE-2017-14745 * 22163 bsc#1061241 CVE-2017-14974 * 22170 bsc#1060621 CVE-2017-14729 Update to binutils 2.29. [fate#321454, fate#321494, fate#323293]: * The MIPS port now supports microMIPS eXtended Physical Addressing (XPA) instructions for assembly and disassembly. * The MIPS port now supports the microMIPS Release 5 ISA for assembly and disassembly. * The MIPS port now supports the Imagination interAptiv MR2 processor, which implements the MIPS32r3 ISA, the MIPS16e2 ASE as well as a couple of implementation-specific regular MIPS and MIPS16e2 ASE instructions. * The SPARC port now supports the SPARC M8 processor, which implements the Oracle SPARC Architecture 2017. * The MIPS port now supports the MIPS16e2 ASE for assembly and disassembly. * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX. * Add support for the wasm32 ELF conversion of the WebAssembly file format. * Add --inlines option to objdump, which extends the --line-numbers option so that inlined functions will display their nesting information. * Add --merge-notes options to objcopy to reduce the size of notes in a binary file by merging and deleting redundant notes. * Add support for locating separate debug info files using the build-id method, where the separate file has a name based upon the build-id of the original file. - GAS specific: * Add support for ELF SHF_GNU_MBIND. * Add support for the WebAssembly file format and wasm32 ELF conversion. * PowerPC gas now checks that the correct register class is used in instructions. For instance, "addi %f4,%cr3,%r31" warns three times that the registers are invalid. * Add support for the Texas Instruments PRU processor. * Support for the ARMv8-R architecture and Cortex-R52 processor has been added to the ARM port. - GNU ld specific: * Support for -z shstk in the x86 ELF linker to generate GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties. * Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties in the x86 ELF linker. * Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program properties in the x86 ELF linker. * Support for -z ibtplt in the x86 ELF linker to generate IBT-enabled PLT. * Support for -z ibt in the x86 ELF linker to generate IBT-enabled PLT as well as GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program properties. * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX. * Add support for ELF GNU program properties. * Add support for the Texas Instruments PRU processor. * When configuring for arc*-*-linux* targets the default linker emulation will change if --with-cpu=nps400 is used at configure time. * Improve assignment of LMAs to orphan sections in some edge cases where a mixture of both AT>LMA_REGION and AT(LMA) are used. * Orphan sections placed after an empty section that has an AT(LMA) will now take an load memory address starting from LMA. * Section groups can now be resolved (the group deleted and the group members placed like normal sections) at partial link time either using the new linker option --force-group-allocation or by placing FORCE_GROUP_ALLOCATION into the linker script. - Add riscv64 target, tested with gcc7 and downstream newlib 2.4.0 - Prepare riscv32 target (gh#riscv/riscv-newlib#8) - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] Minor security bugs fixed: PR 21147, PR 21148, PR 21149, PR 21150, PR 21151, PR 21155, PR 21158, PR 21159 - Update to binutils 2.28. * Add support for locating separate debug info files using the build-id method, where the separate file has a name based upon the build-id of the original file. * This version of binutils fixes a problem with PowerPC VLE 16A and 16D relocations which were functionally swapped, for example, R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D performed like R_PPC_VLE_HA16A. This could have been fixed by renumbering relocations, which would keep object files created by an older version of gas compatible with a newer ld. However, that would require an ABI update, affecting other assemblers and linkers that create and process the relocations correctly. It is recommended that all VLE object files be recompiled, but ld can modify the relocations if --vle-reloc-fixup is passed to ld. If the new ld command line option is not used, ld will ld warn on finding relocations inconsistent with the instructions being relocated. * The nm program has a new command line option (--with-version-strings) which will display a symbol's version information, if any, after the symbol's name. * The ARC port of objdump now accepts a -M option to specify the extra instruction class(es) that should be disassembled. * The --remove-section option for objcopy and strip now accepts section patterns starting with an exclamation point to indicate a non-matching section. A non-matching section is removed from the set of sections matched by an earlier --remove-section pattern. * The --only-section option for objcopy now accepts section patterns starting with an exclamation point to indicate a non-matching section. A non-matching section is removed from the set of sections matched by an earlier --only-section pattern. * New --remove-relocations=SECTIONPATTERN option for objcopy and strip. This option can be used to remove sections containing relocations. The SECTIONPATTERN is the section to which the relocations apply, not the relocation section itself. - GAS specific: * Add support for the RISC-V architecture. * Add support for the ARM Cortex-M23 and Cortex-M33 processors. - GNU ld specific: * The EXCLUDE_FILE linker script construct can now be applied outside of the section list in order for the exclusions to apply over all input sections in the list. * Add support for the RISC-V architecture. * The command line option --no-eh-frame-hdr can now be used in ELF based linkers to disable the automatic generation of .eh_frame_hdr sections. * Add --in-implib=<infile> to the ARM linker to enable specifying a set of Secure Gateway veneers that must exist in the output import library specified by --out-implib=<outfile> and the address they must have. As such, --in-implib is only supported in combination with --cmse-implib. * Extended the --out-implib=<file> option, previously restricted to x86 PE targets, to any ELF based target. This allows the generation of an import library for an ELF executable, which can then be used by another application to link against the executable. - GOLD specific: * Add -z bndplt option (x86-64 only) to support Intel MPX. * Add --orphan-handling option. * Add --stub-group-multi option (PowerPC only). * Add --target1-rel, --target1-abs, --target2 options (Arm only). * Add -z stack-size option. * Add --be8 option (Arm only). * Add HIDDEN support in linker scripts. * Add SORT_BY_INIT_PRIORITY support in linker scripts. - Other fixes: * Fix section alignment on .gnu_debuglink. [bso#21193] * Add s390x to gold_archs. * Fix alignment frags for aarch64 (bsc#1003846) * Call ldconfig for libbfd * Fix an assembler problem with clang on ARM. * Restore monotonically increasing section offsets. - Update to binutils 2.27. * Add a configure option, --enable-64-bit-archive, to force use of a 64-bit format when creating an archive symbol index. * Add --elf-stt-common= option to objcopy for ELF targets to control whether to convert common symbols to the STT_COMMON type. - GAS specific: * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets. * Add --no-pad-sections to stop the assembler from padding the end of output sections up to their alignment boundary. * Support for the ARMv8-M architecture has been added to the ARM port. Support for the ARMv8-M Security and DSP Extensions has also been added to the ARM port. * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and .extCoreRegister pseudo-ops that allow an user to define custom instructions, conditional codes, auxiliary and core registers. * Add a configure option --enable-elf-stt-common to decide whether ELF assembler should generate common symbols with the STT_COMMON type by default. Default to no. * New command line option --elf-stt-common= for ELF targets to control whether to generate common symbols with the STT_COMMON type. * Add ability to set section flags and types via numeric values for ELF based targets. * Add a configure option --enable-x86-relax-relocations to decide whether x86 assembler should generate relax relocations by default. Default to yes, except for x86 Solaris targets older than Solaris 12. * New command line option -mrelax-relocations= for x86 target to control whether to generate relax relocations. * New command line option -mfence-as-lock-add=yes for x86 target to encode lfence, mfence and sfence as "lock addl $0x0, (%[re]sp)". * Add assembly-time relaxation option for ARC cpus. * Add --with-cpu=TYPE configure option for ARC gas. This allows the default cpu type to be adjusted at configure time. - GOLD specific: * Add a configure option --enable-relro to decide whether -z relro should be enabled by default. Default to yes. * Add support for s390, MIPS, AArch64, and TILE-Gx architectures. * Add support for STT_GNU_IFUNC symbols. * Add support for incremental linking (--incremental). - GNU ld specific: * Add a configure option --enable-relro to decide whether -z relro should be enabled in ELF linker by default. Default to yes for all Linux targets except FRV, HPPA, IA64 and MIPS. * Support for -z noreloc-overflow in the x86-64 ELF linker to disable relocation overflow check. * Add -z common/-z nocommon options for ELF targets to control whether to convert common symbols to the STT_COMMON type during a relocatable link. * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which avoids dynamic relocations against undefined weak symbols in executable. * The NOCROSSREFSTO command was added to the linker script language. * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply link-time values for dynamic relocations. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1003846 SUSE bug 1025282 SUSE bug 1029907 SUSE bug 1029908 SUSE bug 1029909 SUSE bug 1029995 SUSE bug 1030296 SUSE bug 1030297 SUSE bug 1030298 SUSE bug 1030583 SUSE bug 1030584 SUSE bug 1030585 SUSE bug 1030588 SUSE bug 1030589 SUSE bug 1031590 SUSE bug 1031593 SUSE bug 1031595 SUSE bug 1031638 SUSE bug 1031644 SUSE bug 1031656 SUSE bug 1033122 SUSE bug 1037052 SUSE bug 1037057 SUSE bug 1037061 SUSE bug 1037062 SUSE bug 1037066 SUSE bug 1037070 SUSE bug 1037072 SUSE bug 1037273 SUSE bug 1038874 SUSE bug 1038875 SUSE bug 1038876 SUSE bug 1038877 SUSE bug 1038878 SUSE bug 1038880 SUSE bug 1038881 SUSE bug 1044891 SUSE bug 1044897 SUSE bug 1044901 SUSE bug 1044909 SUSE bug 1044925 SUSE bug 1044927 SUSE bug 1046094 SUSE bug 1052061 SUSE bug 1052496 SUSE bug 1052503 SUSE bug 1052507 SUSE bug 1052509 SUSE bug 1052511 SUSE bug 1052514 SUSE bug 1052518 SUSE bug 1053347 SUSE bug 1056312 SUSE bug 1056437 SUSE bug 1057139 SUSE bug 1057144 SUSE bug 1057149 SUSE bug 1058480 SUSE bug 1059050 SUSE bug 1060599 SUSE bug 1060621 SUSE bug 1061241 SUSE bug 437293 SUSE bug 445037 SUSE bug 546106 SUSE bug 561142 SUSE bug 578249 SUSE bug 590820 SUSE bug 691290 SUSE bug 698346 SUSE bug 713504 SUSE bug 776968 SUSE bug 863764 SUSE bug 938658 SUSE bug 970239 CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7227 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-7614 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8395 CVE-2017-8396 CVE-2017-8397 CVE-2017-8398 CVE-2017-8421 CVE-2017-9038 CVE-2017-9039 CVE-2017-9040 CVE-2017-9041 CVE-2017-9042 CVE-2017-9043 CVE-2017-9044 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2017-9954 CVE-2017-9955 openSUSE Leap 42.3 This update for lynx fixes the following issues: Security issue fixed: - CVE-2017-1000211: Fix use after free in the HTMLparser that can resulting in memory disclosure (bsc#1068885). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1068885 CVE-2017-1000211 openSUSE Leap 42.3 This update for tor fixes vulnerabilities that allowed some traffic confirmation, DoS and other attacks (bsc#1070849): - CVE-2017-8819: Replay-cache ineffective for v2 onion services - CVE-2017-8820: Remote DoS attack against directory authorities - CVE-2017-8821: An attacker can make Tor ask for a password - CVE-2017-8822: Relays can pick themselves in a circuit path - CVE-2017-8823: Use-after-free in onion service v2 Moderate SUSE bug 1070849 CVE-2017-8819 CVE-2017-8820 CVE-2017-8821 CVE-2017-8822 CVE-2017-8823 openSUSE Leap 42.3 This update for wireshark to version 2.2.11 fixes the following issues: Minor vulnerabilities that could be used to trigger dissector crashes by making Wireshark read specially crafted packages from the network or capture files (boo#1070727): - CVE-2017-17084: IWARP_MPA dissector crash (wnpa-sec-2017-47) - CVE-2017-17083: NetBIOS dissector crash (wnpa-sec-2017-48) - CVE-2017-17085: CIP Safety dissector crash (wnpa-sec-2017-49) This update also fixes further bugs and updates protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html Low SUSE bug 1070727 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 openSUSE Leap 42.3 This update for pdns-recursor fixes the following issues: Security issues fixed: - CVE-2017-15090: An issue has been found in the DNSSEC validation component of PowerDNS Recursor, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records (boo#1069242). - CVE-2017-15092: An issue has been found in the web interface of PowerDNS Recursor, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content (boo#1069242). - CVE-2017-15093: When `api-config-dir` is set to a non-empty value, which is not the case by default, the API allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration (boo#1069242). - CVE-2017-15094: An issue has been found in the DNSSEC parsing code of PowerDNS Recursor during a code audit by Nixu, leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys (boo#1069242). Moderate SUSE bug 1069242 CVE-2017-15090 CVE-2017-15092 CVE-2017-15093 CVE-2017-15094 openSUSE Leap 42.3 This update for pdns fixes the following issues: Security issue fixed: - CVE-2017-15091: An issue has been found in the API component of PowerDNS Authoritative, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only. This missing check allows an attacker with valid API credentials could flush the cache, trigger a zone transfer or send a NOTIFY (boo#1069242). Moderate SUSE bug 1069242 CVE-2017-15091 openSUSE Leap 42.3 This update for graphviz fixes the following issues: Security issue fixed: - CVE-2014-9157: Fix format string vulnerability (boo#908426). Moderate SUSE bug 908426 CVE-2014-9157 openSUSE Leap 42.3 This update for exim fixes the following issues: Security issue fixed: - CVE-2017-16943: Fix possible remote code execution (boo#1069857). Important SUSE bug 1069857 CVE-2017-16943 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-16546: Fix ReadWPGImage function in coders/wpg.c that could lead to a denial of service (bsc#1067181). - CVE-2017-14342: Fix a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c that could lead to a denial of service (bsc#1058485). - CVE-2017-16669: Fix coders/wpg.c that allows remote attackers to cause a denial of service via crafted files (bsc#1067409). - CVE-2017-16545: Fix the ReadWPGImage function in coders/wpg.c as a validation problems could lead to a denial of service (bsc#1067184). - CVE-2017-14341: Fix infinite loop in the ReadWPGImage function (bsc#1058637). - CVE-2017-13737: Fix invalid free in the MagickFree function in magick/memory.c (tiff.c) (bsc#1056162). - CVE-2017-11640: Fix NULL pointer deref in WritePTIFImage() in coders/tiff.c (bsc#1050632). Important SUSE bug 1050632 SUSE bug 1056162 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1067181 SUSE bug 1067184 SUSE bug 1067409 CVE-2017-11640 CVE-2017-13737 CVE-2017-14341 CVE-2017-14342 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 openSUSE Leap 42.3 This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2017-16852: Fix critical security checks in the Dynamic MetadataProvider plugin in Shibboleth Service (bsc#1068689). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1068689 CVE-2017-16852 openSUSE Leap 42.3 This update to Chromium 63.0.3239.84 fixes the following security issues: - CVE-2017-15408: Heap buffer overflow in PDFium - CVE-2017-15409: Out of bounds write in Skia - CVE-2017-15410: Use after free in PDFium - CVE-2017-15411: Use after free in PDFium - CVE-2017-15412: Use after free in libXML - CVE-2017-15413: Type confusion in WebAssembly - CVE-2017-15415: Pointer information disclosure in IPC call - CVE-2017-15416: Out of bounds read in Blink - CVE-2017-15417: Cross origin information disclosure in Skia - CVE-2017-15418: Use of uninitialized value in Skia - CVE-2017-15419: Cross origin leak of redirect URL in Blink - CVE-2017-15420: URL spoofing in Omnibox - CVE-2017-15422: Integer overflow in ICU - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL - CVE-2017-15424: URL Spoof in Omnibox - CVE-2017-15425: URL Spoof in Omnibox - CVE-2017-15426: URL Spoof in Omnibox - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox Important SUSE bug 1071691 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 openSUSE Leap 42.3 This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks (bsc#1068685). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1068685 CVE-2017-16853 openSUSE Leap 42.3 This update for openssh fixes the following issues: Security issue fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000). Bug fixes: - FIPS: Startup selfchecks (bsc#1068310). - FIPS: Silent complaints about unsupported key exchange methods (bsc#1006166). - Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509). - Test configuration before running daemon to prevent looping resulting in service shutdown (bsc#1048367) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1006166 SUSE bug 1048367 SUSE bug 1065000 SUSE bug 1068310 SUSE bug 1069509 CVE-2008-1483 CVE-2017-15906 openSUSE Leap 42.3 This update for php7 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). Bugs fixed: - Fix wrong reference when serialize/unserialize an object (bsc#1063815). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1063815 SUSE bug 1067441 SUSE bug 1069606 SUSE bug 1069631 CVE-2017-16642 CVE-2017-9228 CVE-2017-9229 openSUSE Leap 42.3 This update for openvswitch fixes the following issues: Security issue fixed: - CVE-2017-14970: Add upstream patches to fix memory leaks (bsc#1061310). Bug fixes: - Fix rpmlint warnings (bsc#1057357). - Add missing post/postun scriptlets for the ovn-common sub-package (bsc#1054094). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1054094 SUSE bug 1057357 SUSE bug 1061310 CVE-2017-14970 openSUSE Leap 42.3 This update for erlang fixes security issues and bugs. The following vulnerabilities were addressed: - CVE-2017-1000385: Harden against the Bleichenbacher attacher against RSA - CVE-2016-10253: Heap overflow through regular expressions (bsc#1030062) In addition Erlang was updated to version 18.3.4.6, containing a number of upstream bug fixes and improvements. Moderate SUSE bug 1030062 CVE-2016-10253 CVE-2017-1000385 openSUSE Leap 42.3 This OBS toolchain update fixes the following issues: Package 'build': - CVE-2010-4226: force use of bsdtar for VMs (bnc#665768) - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904) - switch baselibs scheme for debuginfo packages from foo-debuginfo-32bit to foo-32bit-debuginfo (fate#323217) Package 'obs-service-source_validator': - CVE-2017-9274: Don't use rpmbuild to extract sources, patches etc. from a spec (bnc#938556). - Update to version 0.7 - use spec_query instead of output_versions using the specfile parser from the build package (boo#1059858) Package 'osc': - update to version 0.162.0 - add Recommends: ca-certificates to enable TLS verification without manually installing them. (bnc#1061500) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1059858 SUSE bug 1061500 SUSE bug 1069904 SUSE bug 665768 SUSE bug 938556 CVE-2010-4226 CVE-2017-14804 CVE-2017-9274 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: * CVE-2017-12140: ReadDCMImage in coders\dcm.c has a ninteger signedness error leading to excessive memory consumption (bnc#1051847) * CVE-2017-14994: NULL pointer in ReadDCMImage in coders/dcm.c could lead to denial of service (bnc#1061587) * CVE-2017-12662: Memory leak in WritePDFImage in coders/pdf.c could lead to denial of service (bnc#1052758) * CVE-2017-14733: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service (bnc#1060577) * CVE-2017-12644: Memory leak in ReadDCMImage in coders\dcm.c could lead to denial of service (bnc#1052764) * CVE-2017-10799: denial of service (OOM) can occur inReadDPXImage() (bnc#1047054) Important SUSE bug 1047054 SUSE bug 1051847 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1060577 SUSE bug 1061587 CVE-2017-10799 CVE-2017-12140 CVE-2017-12644 CVE-2017-12662 CVE-2017-14733 CVE-2017-14994 openSUSE Leap 42.3 This update for libheimdal fixes the following issues: - CVE-2017-17439: Remote unauthenticated attackers may have crashed the KDC (boo#1071675) Moderate SUSE bug 1071675 CVE-2017-17439 openSUSE Leap 42.3 This update for fossil to version 2.4 fixes the following issues: - CVE-2017-17459: Client-side code execution via crafted "ssh://" URLs (bsc#1071709) The impact of this vulnerability is more limited than similar vectors fixed in other SCMs, as there is no known way to mask the repository URL or otherwise trigger non-interactively. This update also contains all bug fixes and improvements in the 2.4 release: - URL Aliases - tech-note search capability - Various added command line options - Annation depth is now configurable The following legacy options are no longer available: - --no-dir-symlinks option - legacy configuration sync protocol Moderate SUSE bug 1071709 CVE-2017-17459 openSUSE Leap 42.3 This update for MozillaFirefox to 52.5.2esr fixes the following issue: - CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (boo#1072034, bmo#1410106, MFSA 2017-28) Moderate SUSE bug 1072034 CVE-2017-7843 openSUSE Leap 42.3 This update for libapr-util1 fixes the following issues: Security issue fixed: - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1064990 CVE-2017-12618 openSUSE Leap 42.3 This update for php5 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter (bsc#1067441). - CVE-2017-4025: Fix pathname truncation in set_include_path, tempnam, rmdir, and readlink (bsc#1067090). - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range() during regex compilation (bsc#1069606). - CVE-2017-9229: Fix invalid pointer dereference in left_adjust_char_head() (bsc#1069631). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1067090 SUSE bug 1067441 SUSE bug 1069606 SUSE bug 1069631 CVE-2015-4025 CVE-2017-16642 CVE-2017-9228 CVE-2017-9229 openSUSE Leap 42.3 This update to Chromium 63.0.3239.108 fixes the following issues: - CVE-2017-15429: UXSS in V8 (bsc#1072976) - Various fuzzing fixes Important SUSE bug 1072976 CVE-2017-15429 openSUSE Leap 42.3 This update for openssl fixes the following issues: - OpenSSL Security Advisory [07 Dec 2017] * CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905) * CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1071905 SUSE bug 1071906 CVE-2017-3737 CVE-2017-3738 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - CVE-2017-14042: Denial of service through a large memory allocation via specially crafted PNM images (boo#1056550) - CVE-2017-14504: NULL pointer dereference via specially crafted PNM images (boo#1059721) - CVE-2017-17498: Denial of service or unspecified other impact through a heap-based buffer overflow via specially crafted PNM images (boo#1072103) - CVE-2017-15277: Information leak from the application into palette data via specially crafted GIF images (boo#1063050) Moderate SUSE bug 1056550 SUSE bug 1059721 SUSE bug 1063050 SUSE bug 1072103 CVE-2017-14042 CVE-2017-14504 CVE-2017-15277 CVE-2017-17498 openSUSE Leap 42.3 This update for mercurial fixes the following issue: - CVE-2017-17458: A specially malformed repository may have caused Git subrepositories to run arbitrary code (bsc#1071715) Moderate SUSE bug 1071715 CVE-2017-17458 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.103 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash (bnc#1069496). - CVE-2017-1000410: The Linux kernel was affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. (bnc#1070535). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (bnc#1066192). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-16528: sound/core/seq_device.c in the Linux kernel allowed local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066629). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16645: The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067132). - CVE-2017-16646: drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067105). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). - CVE-2017-16994: The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandled holes in hugetlb ranges, which allowed local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (bnc#1069996). - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693). - CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-7482: Fixed an overflow when decoding a krb5 principal. (bnc#1046107). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - acpi / apd: Add clock frequency for ThunderX2 I2C controller (bsc#1067225). - Add references (bsc#1062941, bsc#1037404, bsc#1012523, bsc#1038299) The scsi_devinfo patches are relevant for all bugs related to HITACHI OPEN-V. - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1031717). - adv7604: Initialize drive strength to default when using DT (bnc#1012382). - af_netlink: ensure that NLMSG_DONE never fails in dumps (bnc#1012382). - alsa: caiaq: Fix stray URB at probe error path (bnc#1012382). - alsa: hda: Abort capability probe at invalid register read (bsc#1048356). - alsa: hda: Add Raven PCI ID (bnc#1012382). - alsa: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE (bnc#1012382). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc236 (bnc#1012382). - alsa: hda - No loopback on ALC299 codec (git-fixes). - alsa: hda/realtek: Add headset mic support for Intel NUC Skull Canyon (bsc#1031717). - alsa: hda/realtek - Add new codec ID ALC299 (bnc#1012382). - alsa: hda/realtek - Add support for ALC236/ALC3204 (bnc#1012382). - alsa: hda/realtek - Fix ALC700 family no sound issue (bsc#1031717). - alsa: hda: Remove superfluous '-' added by printk conversion (bnc#1012382). - alsa: hda: Workaround for KBL codec power control (bsc#1048356,bsc#1047989,bsc#1055272,bsc#1058413). - alsa: line6: Fix leftover URB at error-path during probe (bnc#1012382). - alsa: pcm: update tstamp only if audio_tstamp changed (bsc#1031717). - alsa: seq: Avoid invalid lockdep class warning (bsc#1031717). - alsa: seq: Enable 'use' locking in all configurations (bnc#1012382). - alsa: seq: Fix copy_from_user() call inside lock (bnc#1012382). - alsa: seq: Fix nested rwsem annotation for lockdep splat (bnc#1012382). - alsa: seq: Fix OSS sysex delivery in OSS emulation (bnc#1012382). - alsa: timer: Add missing mutex lock for compat ioctls (bnc#1012382). - alsa: timer: Remove kernel warning at compat ioctl error paths (bsc#1031717). - alsa: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital (bnc#1012382). - alsa: usb-audio: Add sanity checks in v2 clock parsers (bsc#1031717). - alsa: usb-audio: Add sanity checks to FE parser (bsc#1031717). - alsa: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1031717). - alsa: usb-audio: Kill stray URB at exiting (bnc#1012382). - alsa: usb-audio: uac1: Invalidate ctl on interrupt (bsc#1031717). - alsa: vx: Do not try to update capture stream before running (bnc#1012382). - alsa: vx: Fix possible transfer overflow (bnc#1012382). - Apply generic ppc build fixes to vanilla (bsc#1070805) - arm64: dts: NS2: reserve memory for Nitro firmware (bnc#1012382). - arm64: ensure __dump_instr() checks addr_limit (bnc#1012382). - arm: 8715/1: add a private asm/unaligned.h (bnc#1012382). - arm: 8720/1: ensure dump_instr() checks addr_limit (bnc#1012382). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bnc#1012382). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bnc#1012382). - arm: crypto: reduce priority of bit-sliced AES cipher (bnc#1012382). - arm: dts: Fix am335x and dm814x scm syscon to probe children (bnc#1012382). - arm: dts: Fix compatible for ti81xx uarts for 8250 (bnc#1012382). - arm: dts: Fix omap3 off mode pull defines (bnc#1012382). - arm: dts: mvebu: pl310-cache disable double-linefill (bnc#1012382). - arm: OMAP2+: Fix init for multiple quirks for the same SoC (bnc#1012382). - arm: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 (bnc#1012382). - arm: pxa: Do not rely on public mmc header to include leds.h (bnc#1012382). - asm/sections: add helpers to check for section data (bsc#1063026). - asoc: adau17x1: Workaround for noise bug in ADC (bnc#1012382). - asoc: cs42l56: Fix reset GPIO name in example DT binding (bsc#1031717). - asoc: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' (bsc#1031717). - ASoC: rsnd: do not double free kctrl (bnc#1012382). - asoc: samsung: Fix possible double iounmap on s3c24xx driver probe failure (bsc#1031717). - ASoC: wm_adsp: Do not overrun firmware file buffer when reading region data (bnc#1012382). - ata: ATA_BMDMA should depend on HAS_DMA (bnc#1012382). - ata: fixes kernel crash while tracing ata_eh_link_autopsy event (bnc#1012382). - ata: SATA_HIGHBANK should depend on HAS_DMA (bnc#1012382). - ata: SATA_MV should depend on HAS_DMA (bnc#1012382). - ath10k: convert warning about non-existent OTP board id to debug message (git-fixes). - ath10k: fix a warning during channel switch with multiple vaps (bsc#1031717). - ath10k: fix board data fetch error message (bsc#1031717). - ath10k: fix diag_read to collect data for larger memory (bsc#1031717). - ath10k: fix incorrect txpower set by P2P_DEVICE interface (bnc#1012382). - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() (bnc#1012382). - ath10k: free cached fw bin contents when get board id fails (bsc#1031717). - ath10k: ignore configuring the incorrect board_id (bnc#1012382). - ath10k: set CTS protection VDEV param only if VDEV is up (bnc#1012382). - ath9k_htc: check for underflow in ath9k_htc_rx_msg() (bsc#1031717). - ath9k: off by one in ath9k_hw_nvram_read_array() (bsc#1031717). - autofs: do not fail mount for transient error (bsc#1065180). - backlight: adp5520: Fix error handling in adp5520_bl_probe() (bnc#1012382). - backlight: lcd: Fix race condition during register (bnc#1012382). - bcache: check ca->alloc_thread initialized before wake up it (bnc#1012382). - bio-integrity: bio_integrity_advance must update integrity seed (bsc#1046054). - bio-integrity: bio_trim should truncate integrity vector accordingly (bsc#1046054). - bio-integrity: Do not allocate integrity context for bio w/o data (bsc#1046054). - bio-integrity: fix interface for bio_integrity_trim (bsc#1046054). - bio: partially revert 'fix interface for bio_integrity_trim' (bsc#1046054). - blacklist 85e3f1adcb9d powerpc/64s/radix: Fix 128TB-512TB virtual address boundary case allocation - blacklist arm64 kaslr fix for 16KB pages - blacklist.conf - blacklist.conf: add 79b63f12abcbbd2caf7064b294af648a87de07ff # bsc#1061756 may break existing setups - blacklist.conf: Add ath10k, mmc and rtl8192u commits (bsc#1031717) - blacklist.conf: Add drm/i915 blacklist (bsc#1031717) - blacklist.conf: added misc commits (bsc#1031717) - blacklist.conf: Add misc entries (bsc#1031717) - blacklist.conf: Add non-applicable commit ID (bsc#1066812) - blacklist.conf: Add non-applicable commits (bsc#1066812) - blacklist.conf: add test_kmod blacklist CONFIG_TEST_KMOD=n is currently set. When and if we enable it then we will need it, otherwise we do not. - blacklist.conf: add two more - blacklist.conf: blacklist 0fafdc9f888b - blacklist.conf: blacklist 4c578dce5803 - blacklist.conf: blacklisted 16af97dc5a89 (bnc#1053919) - blacklist.conf: Blacklist two commits (bbb3be170ac2 and ccf1e0045eea). - blacklist.conf: commit fe22cd9b7c980b8b948 ("printk: help pr_debug and pr_devel to optimize out arguments") is just a cosmetic change. - blacklist.conf: ignore a broken USB-audio patch - blacklist.conf: Update blacklist (bsc#1031717) - blacklist.conf: Update iwlwifi blacklist (bsc#1031717) - blacklist.conf: yet another serial entry (bsc#1031717) - blacklist irrelevant powerpc fixes 6b8cb66a6a7c powerpc: Fix usage of _PAGE_RO in hugepage Only relevant on ppc CPUs that have non-zero _PAGE_RO a050d20d024d powerpc/64s: Use relon prolog for EXC_VIRT_OOL_MASKABLE_HV handlers IPI optimization, hard to backport fb479e44a9e2 powerpc/64s: relocation, register save fixes for system reset interrupt Fixes PowerNV running relocated. Nobody missed it so far. e76ca27790a5 powerpc/sysfs: Fix reference leak of cpu device_nodes present at boot Fixes leak of few kobjects created at boot but high risk of regression - blacklist tpm endian annotation patches. - block: Fix a race between blk_cleanup_queue() and timeout handling (FATE#319965, bsc#964944). - block: Make q_usage_counter also track legacy requests (bsc#1057820). - bluetooth: btusb: fix QCA Rome suspend/resume (bnc#1012382). - bnxt_en: Do not use rtnl lock to protect link change logic in workqueue (bsc#1020412 FATE#321671). - bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg() (bsc#1053309). - bnxt_en: Fix possible corrupted NVRAM parameters from firmware response (bsc#1020412 FATE#321671). - bnxt_en: Fix possible corruption in DCB parameters from firmware (bsc#1020412 FATE#321671). - bnxt_en: Fix VF PCIe link speed and width logic (bsc#1020412 FATE#321671). - bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown (bsc#1053309). - bnxt_re: Make room for mapping beyond 32 entries (bsc#1056596). - bonding: discard lowest hash bit for 802.3ad layer3+4 (bnc#1012382). - bpf: one perf event close won't free bpf program attached by another perf event (bnc#1012382). - bpf/verifier: reject BPF_ALU64|BPF_END (bnc#1012382). - brcmfmac: add length check in brcmf_cfg80211_escan_handler() (bnc#1012382). - brcmfmac: remove setting IBSS mode when stopping AP (bnc#1012382). - brcmsmac: make some local variables 'static const' to reduce stack size (bnc#1012382). - bt8xx: fix memory leak (bnc#1012382). - btrfs: return the actual error value from from btrfs_uuid_tree_iterate (bnc#1012382). - bus: mbus: fix window size calculation for 4GB windows (bnc#1012382). - can: c_can: do not indicate triple sampling support for D_CAN (bnc#1012382). - can: esd_usb2: Fix can_dlc value for received RTR, frames (bnc#1012382). - can: gs_usb: fix busy loop if no more TX context is available (bnc#1012382). - can: kvaser_usb: Correct return value in printout (bnc#1012382). - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages (bnc#1012382). - can: sun4i: fix loopback mode (bnc#1012382). - can: sun4i: handle overrun in RX FIFO (bnc#1012382). - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices (bnc#1012382). - ceph: clean up unsafe d_parent accesses in build_dentry_path (FATE#322288 bnc#1012382). - ceph: disable cached readdir after dropping positive dentry (bsc#1069277). - ceph: -EINVAL on decoding failure in ceph_mdsc_handle_fsmap() (bsc#1069277). - ceph: present consistent fsid, regardless of arch endianness (bsc#1069277). - ceph: unlock dangling spinlock in try_flush_caps() (bsc#1065639). - cgroup, net_cls: iterate the fds of only the tasks which are being migrated (bnc#1064926). - cifs: check MaxPathNameComponentLength != 0 before using it (bnc#1012382). - cifs: fix circular locking dependency (bsc#1064701). - cifs: Reconnect expired SMB sessions (bnc#1012382). - clk: ti: dra7-atl-clock: fix child-node lookups (bnc#1012382). - clk: ti: dra7-atl-clock: Fix of_node reference counting (bnc#1012382). - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bnc#1012382). - cma: fix calculation of aligned offset (VM Functionality, bsc#1050060). - coda: fix 'kernel memory exposure attempt' in fsync (bnc#1012382). - cpufreq: CPPC: add ACPI_PROCESSOR dependency (bnc#1012382). - crypto: dh - Do not permit 'key' or 'g' size longer than 'p' (bsc#1048317). - crypto: dh - Do not permit 'p' to be 0 (bsc#1048317). - crypto: dh - Fix double free of ctx->p (bsc#1048317). - crypto: dh - fix memleak in setkey (bsc#1048317). - crypto: rsa - fix buffer overread when stripping leading zeroes (bsc#1048317). - crypto: shash - Fix zero-length shash ahash digest crash (bnc#1012382). - crypto: vmx - disable preemption to enable vsx in aes_ctr.c (bnc#1012382). - crypto: x86/sha1-mb - fix panic due to unaligned access (bnc#1012382). - crypto: xts - Add ECB dependency (bnc#1012382). - cx231xx: Fix I2C on Internal Master 3 Bus (bnc#1012382). - cxgb4: Fix error codes in c4iw_create_cq() (bsc#1048327). - cxl: Fix DAR check & use REGION_ID instead of opencoding (bsc#1066223). - cxl: Fix leaking pid refs in some error paths (bsc#1066223). - cxl: Force context lock during EEH flow (bsc#1066223). - cxl: Prevent adapter reset if an active context exists (bsc#1066223). - cxl: Route eeh events to all drivers in cxl_pci_error_detected() (bsc#1066223). - direct-io: Prevent NULL pointer access in submit_page_section (bnc#1012382). - Disable patches.kernel.org/4.4.93-022-fix-unbalanced-page-refcounting-in-bio_map_use.patch (bsc#1070767) - dmaengine: dmatest: warn user when dma test times out (bnc#1012382). - dmaengine: edma: Align the memcpy acnt array size with the transfer (bnc#1012382). - dmaengine: zx: set DMA_CYCLIC cap_mask bit (bnc#1012382). - dm bufio: fix integer overflow when limiting maximum cache size (bnc#1012382). - dm: fix race between dm_get_from_kobject() and __dm_destroy() (bnc#1012382). - dm mpath: remove annoying message of 'blk_get_request() returned -11' (bsc#1066812). - dm raid: fix NULL pointer dereference for raid1 without bitmap (bsc#1042957, FATE#321488). - dm rq: Avoid that request processing stalls sporadically (bsc#1042978). - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled (bsc#1070001). - drivers: dma-mapping: Do not leave an invalid area->pages pointer in dma_common_contiguous_remap() (Git-fixes, bsc#1065692). - drivers/fbdev/efifb: Allow BAR to be moved instead of claiming it (bsc#1051987). - drivers: of: Fix of_pci.h header guard (bsc#1065959). - drm/amdgpu: when dpm disabled, also need to stop/start vce (bnc#1012382). - drm/amdkfd: NULL dereference involving create_process() (bsc#1031717). - drm: Apply range restriction after color adjustment when allocation (bnc#1012382). - drm/armada: Fix compile fail (bnc#1012382). - drm: drm_minor_register(): Clean up debugfs on failure (bnc#1012382). - drm: gma500: fix logic error (bsc#1031717). - drm/i915/bxt: set min brightness from VBT (bsc#1031717). - drm/i915: Do not try indexed reads to alternate slave addresses (bsc#1031717). - drm/i915: fix backlight invert for non-zero minimum brightness (bsc#1031717). - drm/i915: Prevent zero length "index" write (bsc#1031717). - drm/i915: Read timings from the correct transcoder in intel_crtc_mode_get() (bsc#1031717). - drm/msm: fix an integer overflow test (bnc#1012382). - drm/msm: Fix potential buffer overflow issue (bnc#1012382). - drm/nouveau/bsp/g92: disable by default (bnc#1012382). - drm/nouveau/gr: fallback to legacy paths during firmware lookup (bsc#1031717). - drm/nouveau/mmu: flush tlbs before deleting page tables (bnc#1012382). - drm/omap: Fix error handling path in 'omap_dmm_probe()' (bsc#1031717). - drm/panel: simple: Add missing panel_simple_unprepare() calls (bsc#1031717). - drm/radeon: Avoid double gpu reset by adding a timeout on IB ring tests (bsc#1066175). - drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache (bnc#1012382). - drm/vc4: Fix leak of HDMI EDID (bsc#1031717). - drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue (bnc#1012382). - e1000e: Avoid receiver overrun interrupt bursts (bsc#969470 FATE#319819). - e1000e: Fix error path in link detection (bnc#1012382). - e1000e: Fix return value test (bnc#1012382). - e1000e: Separate signaling for link check/link up (bnc#1012382). - ecryptfs: fix dereference of NULL user_key_payload (bnc#1012382). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1070404). - epoll: avoid calling ep_call_nested() from ep_poll_safewake() (bsc#1056427). - epoll: remove ep_call_nested() from ep_eventpoll_poll() (bsc#1056427). - ext4: cleanup goto next group (bsc#1066285). - ext4: do not use stripe_width if it is not set (bnc#1012382). - ext4: fix fault handling when mounted with -o dax,ro (bsc#1069484). - ext4: fix interaction between i_size, fallocate, and delalloc after a crash (bnc#1012382). - ext4: fix stripe-unaligned allocations (bnc#1012382). - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets (bnc#1012382). - ext4: prevent data corruption with inline data + DAX (bsc#1064591). - ext4: prevent data corruption with journaling + DAX (bsc#1064591). - ext4: reduce lock contention in __ext4_new_inode (bsc#1066285). - extcon: palmas: Check the parent instance to prevent the NULL (bnc#1012382). - exynos4-is: fimc-is: Unmap region obtained by of_iomap() (bnc#1012382). - f2fs crypto: add missing locking for keyring_key access (bnc#1012382). - f2fs crypto: replace some BUG_ON()'s with error checks (bnc#1012382). - f2fs: do not wait for writeback in write_begin (bnc#1012382). - fealnx: Fix building error on MIPS (bnc#1012382). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bnc#1012382). - fix unbalanced page refcounting in bio_map_user_iov (bnc#1012382). - fm10k: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1070404). - FS-Cache: fix dereference of NULL user_key_payload (bnc#1012382). - fscrypt: fix dereference of NULL user_key_payload (bnc#1012382). - fscrypt: lock mutex before checking for bounce page pool (bnc#1012382). - fscrypto: require write access to mount to set encryption policy (bnc#1012382). - fuse: fix READDIRPLUS skipping an entry (bnc#1012382). - gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap (bnc#1012382). - hid: elo: clear BTN_LEFT mapping (bsc#1065866). - hid: usbhid: fix out-of-bounds bug (bnc#1012382). - hsi: ssi_protocol: double free in ssip_pn_xmit() (bsc#1031717). - hwmon: (xgene) Fix up error handling path mixup in 'xgene_hwmon_probe()' (bsc#). - i2c: at91: ensure state is restored after suspending (bnc#1012382). - i2c: bcm2835: Add support for dynamic clock (bsc#1066660). - i2c: bcm2835: Add support for Repeated Start Condition (bsc#1066660). - i2c: bcm2835: Avoid possible NULL ptr dereference (bsc#1066660). - i2c: bcm2835: Can't support I2C_M_IGNORE_NAK (bsc#1066660). - i2c: bcm2835: Do not complain on -EPROBE_DEFER from getting our clock (bsc#1066660). - i2c: bcm2835: Fix hang for writing messages larger than 16 bytes (bsc#1066660). - i2c: bcm2835: Protect against unexpected TXW/RXR interrupts (bsc#1066660). - i2c: bcm2835: Support i2c-dev ioctl I2C_TIMEOUT (bsc#1066660). - i2c: bcm2835: Use dev_dbg logging on transfer errors (bsc#1066660). - i2c: cadance: fix ctrl/addr reg write order (bsc#1031717). - i2c: imx: Use correct function to write to register (bsc#1031717). - i2c: ismt: Separate I2C block read from SMBus block read (bnc#1012382). - i2c: riic: correctly finish transfers (bnc#1012382). - i2c: riic: fix restart condition (git-fixes). - i2c: xlp9xx: Enable HWMON class probing for xlp9xx (bsc#1067225). - i2c: xlp9xx: Get clock frequency with clk API (bsc#1067225). - i2c: xlp9xx: Handle I2C_M_RECV_LEN in msg->flags (bsc#1067225). - i40e: Fix incorrect use of tx_itr_setting when checking for Rx ITR setup (bsc#1024346 FATE#321239 bsc#1024373 FATE#321247). - i40e: fix the calculation of VFs mac addresses (bsc#1024346 FATE#321239 bsc#1024373 FATE#321247). - i40e: only redistribute MSI-X vectors when needed (bsc#1024346 FATE#321239 bsc#1024373 FATE#321247). - i40e: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - i40evf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - i40iw: Remove UDA QP from QoS list if creation fails (bsc#1024376 FATE#321249). - ib/core: Fix calculation of maximum RoCE MTU (bsc#1022595 FATE#322350). - ib/core: Fix unable to change lifespan entry for hw_counters (FATE#321231 FATE#321473). - ib/core: Namespace is mandatory input for address resolution (bsc#1022595 FATE#322350). - ib/hfi1: Add MODULE_FIRMWARE statements (bsc#1036800). - ib/ipoib: Clean error paths in add port (bsc#1022595 FATE#322350). - ib/ipoib: Prevent setting negative values to max_nonsrq_conn_qp (bsc#1022595 FATE#322350). - ib/ipoib: Remove double pointer assigning (bsc#1022595 FATE#322350). - ib/ipoib: Set IPOIB_NEIGH_TBL_FLUSH after flushed completion initialization (bsc#1022595 FATE#322350). - ib/mlx5: Fix RoCE Address Path fields (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Add netdev_dbg output for debugging (fate#323285). - ibmvnic: Add vnic client data to login buffer (bsc#1069942). - ibmvnic: Convert vnic server reported statistics to cpu endian (fate#323285). - ibmvnic: Enable scatter-gather support (bsc#1066382). - ibmvnic: Enable TSO support (bsc#1066382). - ibmvnic: Feature implementation of Vital Product Data (VPD) for the ibmvnic driver (bsc#1069942). - ibmvnic: Fix calculation of number of TX header descriptors (bsc#1066382). - ibmvnic: fix dma_mapping_error call (bsc#1069942). - ibmvnic: Fix failover error path for non-fatal resets (bsc#1066382). - ibmvnic: Implement .get_channels (fate#323285). - ibmvnic: Implement .get_ringparam (fate#323285). - ibmvnic: Implement per-queue statistics reporting (fate#323285). - ibmvnic: Let users change net device features (bsc#1066382). - ibmvnic: Update reset infrastructure to support tunable parameters (bsc#1066382). - ib/rxe: check for allocation failure on elem (FATE#322149). - ib/rxe: do not crash, if allocation of crc algorithm failed (bsc#1051635). - ib/rxe: put the pool on allocation failure (FATE#322149). - ib/srp: Avoid that a cable pull can trigger a kernel crash (bsc#1022595 FATE#322350). - ib/srpt: Do not accept invalid initiator port names (bnc#1012382). - ib/uverbs: Fix device cleanup (bsc#1022595 FATE#322350). - ib/uverbs: Fix NULL pointer dereference during device removal (bsc#1022595 FATE#322350). - igb: close/suspend race in netif_device_detach (bnc#1012382). - igb: Fix hw_dbg logging in igb_update_flash_i210 (bnc#1012382). - igb: reset the PHY before reading the PHY ID (bnc#1012382). - igb: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - igbvf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - iio: adc: xilinx: Fix error handling (bnc#1012382). - iio: dummy: events: Add missing break (bsc#1031717). - iio: light: fix improper return value (bnc#1012382). - iio: trigger: free trigger resource correctly (bnc#1012382). - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS (bnc#1012382). - input: ar1021_i2c - fix too long name in driver's device table (bsc#1031717). - input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree (bsc#1031717). - input: elan_i2c - add ELAN060C to the ACPI table (bnc#1012382). - input: elan_i2c - add ELAN0611 to the ACPI table (bnc#1012382). - input: gtco - fix potential out-of-bound access (bnc#1012382). - input: mpr121 - handle multiple bits change of status register (bnc#1012382). - input: mpr121 - set missing event capability (bnc#1012382). - input: ti_am335x_tsc - fix incorrect step config for 5 wire touchscreen (bsc#1031717). - input: twl4030-pwrbutton - use correct device for irq request (bsc#1031717). - input: ucb1400_ts - fix suspend and resume handling (bsc#1031717). - input: uinput - avoid crash when sending FF request to device going away (bsc#1031717). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bnc#1012382). - iommu/vt-d: Do not register bus-notifier under dmar_global_lock (bsc#1069793). - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err (bnc#1012382). - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header (bnc#1012382). - ipip: only increase err_count for some certain type icmp in ipip_err (bnc#1012382). - ipmi: fix unsigned long underflow (bnc#1012382). - ipmi: Pick up slave address from SMBIOS on an ACPI device (bsc#1070006). - ipmi: Prefer ACPI system interfaces over SMBIOS ones (bsc#1070006). - ipmi_si: Clean up printks (bsc#1070006). - ipmi_si: fix memory leak on new_smi (bsc#1070006). - ipsec: do not ignore crypto err in ah4 input (bnc#1012382). - ipv6: flowlabel: do not leave opt->tot_len with garbage (bnc#1012382). - ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER (bnc#1012382). - ipvs: make drop_entry protection effective for SIP-pe (bsc#1056365). - irqchip/crossbar: Fix incorrect type of local variables (bnc#1012382). - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1031717). - iscsi-target: Fix non-immediate TMR reference leak (bnc#1012382). - isdn/i4l: fetch the ppp_write buffer in one shot (bnc#1012382). - isofs: fix timestamps beyond 2027 (bnc#1012382). - iwlwifi: mvm: fix the coex firmware API (bsc#1031717). - iwlwifi: mvm: return -ENODATA when reading the temperature with the FW down (bsc#1031717). - iwlwifi: mvm: set the RTS_MIMO_PROT bit in flag mask when sending sta to fw (bsc#1031717). - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD (bnc#1012382). - iwlwifi: split the regulatory rules when the bandwidth flags require it (bsc#1031717). - ixgbe: add mask for 64 RSS queues (bnc#1012382). - ixgbe: do not disable FEC from the driver (bnc#1012382). - ixgbe: fix AER error handling (bnc#1012382). - ixgbe: Fix skb list corruption on Power systems (bnc#1012382). - ixgbe: handle close/suspend race with netif_device_detach/present (bnc#1012382). - ixgbe: Reduce I2C retry count on X550 devices (bnc#1012382). - ixgbevf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - kABI fix for 4.4.99 net changes (stable-4.4.99). - kABI: protect struct l2tp_tunnel (kabi). - kABI: protect struct regulator_dev (kabi). - kABI: protect structs rt_rq+root_domain (kabi). - kABI: protect typedef rds_rdma_cookie_t (kabi). - kabi/severities: Ignore drivers/nvme/target (bsc#1063349) - kabi/severities: Ignore kABI changes for qla2xxx (bsc#1043017) - kernel-docs: unpack the source instead of using kernel-source (bsc#1057199). - kernel/sysctl_binary.c: check name array length in deprecated_sysctl_warning() (FATE#323821). - kernel/sysctl.c: remove duplicate UINT_MAX check on do_proc_douintvec_conv() (bsc#1066470). - kernel/watchdog: Prevent false positives with turbo modes (bnc#1063516). - keys: do not let add_key() update an uninstantiated key (bnc#1012382). - keys: do not revoke uninstantiated key in request_key_auth_new() (bsc#1031717). - keys: encrypted: fix dereference of NULL user_key_payload (bnc#1012382). - keys: fix cred refcount leak in request_key_auth_new() (bsc#1031717). - keys: fix key refcount leak in keyctl_assume_authority() (bsc#1031717). - keys: fix key refcount leak in keyctl_read_key() (bsc#1031717). - keys: fix NULL pointer dereference during ASN.1 parsing [ver #2] (bnc#1012382). - keys: fix out-of-bounds read during ASN.1 parsing (bnc#1012382). - keys: Fix race between updating and finding a negative key (bnc#1012382). - keys: return full count in keyring_read() if buffer is too small (bnc#1012382). - keys: trusted: fix writing past end of buffer in trusted_read() (bnc#1012382). - keys: trusted: sanitize all key material (bnc#1012382). - KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (bnc#1012382). - kvm: nVMX: set IDTR and GDTR limits when loading L1 host state (bnc#1012382). - KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter (bnc#1012382). - kvm: SVM: obey guest PAT (bnc#1012382). - l2tp: Avoid schedule while atomic in exit_net (bnc#1012382). - l2tp: check ps->sock before running pppol2tp_session_ioctl() (bnc#1012382). - l2tp: fix race condition in l2tp_tunnel_delete (bnc#1012382). - libceph: do not WARN() if user tries to add invalid key (bsc#1069277). - lib/digsig: fix dereference of NULL user_key_payload (bnc#1012382). - libertas: Fix lbs_prb_rsp_limit_set() (bsc#1031717). - lib/mpi: call cond_resched() from mpi_powm() loop (bnc#1012382). - libnvdimm, namespace: fix label initialization to use valid seq numbers (bnc#1012382). - libnvdimm, namespace: make 'resource' attribute only readable by root (bnc#1012382). - libnvdimm, pfn: make 'resource' attribute only readable by root (FATE#319858). - lib/ratelimit.c: use deferred printk() version (bsc#979928). - locking/lockdep: Add nest_lock integrity test (bnc#1012382). - lpfc: tie in to new dev_loss_tmo interface in nvme transport (bsc#1041873). - mac80211: agg-tx: call drv_wake_tx_queue in proper context (bsc#1031717). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mac80211: do not send SMPS action frame in AP mode when not needed (bsc#1031717). - mac80211: Fix addition of mesh configuration element (git-fixes). - mac80211: Fix BW upgrade for TDLS peers (bsc#1031717). - mac80211: fix mgmt-tx abort cookie and leak (bsc#1031717). - mac80211: fix power saving clients handling in iwlwifi (bnc#1012382). - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length (bnc#1012382). - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() (bsc#1031717). - mac80211: Remove invalid flag operations in mesh TSF synchronization (bnc#1012382). - mac80211: Remove unused 'beaconint_us' variable (bsc#1031717). - mac80211: Remove unused 'i' variable (bsc#1031717). - mac80211: Remove unused 'len' variable (bsc#1031717). - mac80211: Remove unused 'rates_idx' variable (bsc#1031717). - mac80211: Remove unused 'sband' and 'local' variables (bsc#1031717). - mac80211: Remove unused 'struct ieee80211_rx_status' ptr (bsc#1031717). - mac80211: Suppress NEW_PEER_CANDIDATE event if no room (bnc#1012382). - mac80211: TDLS: always downgrade invalid chandefs (bsc#1031717). - mac80211: TDLS: change BW calculation for WIDER_BW peers (bsc#1031717). - mac80211: use constant time comparison with keys (bsc#1066471). - md/linear: shutup lockdep warnning (FATE#321488 bnc#1012382 bsc#1042977). - media: au0828: fix RC_CORE dependency (bsc#1031717). - media: Do not do DMA on stack for firmware upload in the AS102 driver (bnc#1012382). - media: em28xx: calculate left volume level correctly (bsc#1031717). - media: mceusb: fix memory leaks in error path (bsc#1031717). - media: rc: check for integer overflow (bnc#1012382). - media: v4l2-ctrl: Fix flags field on Control events (bnc#1012382). - mei: return error on notification request to a disconnected client (bnc#1012382). - memremap: add scheduling point to devm_memremap_pages (bnc#1057079). - mfd: ab8500-sysctrl: Handle probe deferral (bnc#1012382). - mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped (bnc#1012382). - mips: AR7: Defer registration of GPIO (bnc#1012382). - mips: AR7: Ensure that serial ports are properly set up (bnc#1012382). - mips: BCM47XX: Fix LED inversion for WRT54GSv1 (bnc#1012382). - mips: End asm function prologue macros with .insn (bnc#1012382). - mips: Fix an n32 core file generation regset support regression (bnc#1012382). - mips: Fix CM region target definitions (bnc#1012382). - mips: Fix race on setting and getting cpu_online_mask (bnc#1012382). - mips: init: Ensure bootmem does not corrupt reserved memory (bnc#1012382). - mips: init: Ensure reserved memory regions are not added to bootmem (bnc#1012382). - mips: math-emu: Remove pr_err() calls from fpu_emu() (bnc#1012382). - mips: microMIPS: Fix incorrect mask in insn_table_MM (bnc#1012382). - mips: Netlogic: Exclude netlogic,xlp-pic code from XLR builds (bnc#1012382). - mips: ralink: Fix MT7628 pinmux (bnc#1012382). - mips: ralink: Fix typo in mt7628 pinmux function (bnc#1012382). - mips: SMP: Fix deadlock & online race (bnc#1012382). - mips: SMP: Use a completion event to signal CPU up (bnc#1012382). - misc: panel: properly restore atomic counter on error path (bnc#1012382). - mmc: block: return error on failed mmc_blk_get() (bsc#1031717). - mmc: core: add driver strength selection when selecting hs400es (bsc#1069721). - mmc: core: Fix access to HS400-ES devices (bsc#1031717). - mmc: core/mmci: restore pre/post_req behaviour (bsc#1031717). - mmc: dw_mmc: Fix the DTO timeout calculation (bsc#1069721). - mm: check the return value of lookup_page_ext for all call sites (bnc#1068982). - mmc: host: omap_hsmmc: avoid possible overflow of timeout value (bsc#1031717). - mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() (bsc#1031717). - mmc: mediatek: Fixed size in dma_free_coherent (bsc#1031717). - mmc: s3cmci: include linux/interrupt.h for tasklet_struct (bnc#1012382). - mmc: sd: limit SD card power limit according to cards capabilities (bsc#1031717). - mm: distinguish CMA and MOVABLE isolation in has_unmovable_pages (bnc#1051406). - mm: drop migrate type checks from has_unmovable_pages (bnc#1051406). - mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites" (bnc#1012382). - mm/madvise.c: fix freeing of locked page with MADV_FREE (bnc#1069152). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm, memory_hotplug: add scheduling point to __add_pages (bnc#1057079). - mm, memory_hotplug: do not fail offlining too early (bnc#1051406). - mm, memory_hotplug: remove timeout from __offline_memory (bnc#1051406). - mm, page_alloc: add scheduling point to memmap_init_zone (bnc#1057079). - mm/page_alloc.c: broken deferred calculation (bnc#1068980). - mm, page_alloc: fix potential false positive in __zone_watermark_ok (Git-fixes, bsc#1068978). - mm/page_ext.c: check if page_ext is not prepared (bnc#1068982). - mm/page_owner: avoid null pointer dereference (bnc#1068982). - mm/pagewalk.c: report holes in hugetlb ranges (bnc#1012382). - mm, sparse: do not swamp log with huge vmemmap allocation failures (bnc#1047901). - net: 3com: typhoon: typhoon_init_one: fix incorrect return values (bnc#1012382). - net: 3com: typhoon: typhoon_init_one: make return values more specific (bnc#1012382). - net/9p: Switch to wait_event_killable() (bnc#1012382). - net: Allow IP_MULTICAST_IF to set index to L3 slave (bnc#1012382). - net: cdc_ether: fix divide by 0 on bad descriptors (bnc#1012382). - net: cdc_ncm: GetNtbFormat endian fix (git-fixes). - net: dsa: select NET_SWITCHDEV (bnc#1012382). - net: emac: Fix napi poll list corruption (bnc#1012382). - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed (bnc#1012382). - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value (bnc#1012382). - netfilter: nf_tables: fix oob access (bnc#1012382). - netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family (bnc#1012382). - netfilter: nft_queue: use raw_smp_processor_id() (bnc#1012382). - net: ibm: ibmvnic: constify vio_device_id (fate#323285). - net: ixgbe: Use new IXGBE_FLAG2_ROOT_RELAXED_ORDERING flag (bsc#1056652). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (FATE#321685 FATE#321686 FATE#321687 bnc#1012382 bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (FATE#321685 FATE#321686 FATE#321687 bnc#1012382 bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx5: Delay events till mlx5 interface's add complete for pci resume (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Increase Striding RQ minimum size limit to 4 multi-packet WQEs (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix health work queue spin lock to IRQ safe (bsc#1015342). - net/mlx5: Loop over temp list to release delay events (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net: mvneta: fix handling of the Tx descriptor counter (fate#319899). - net: mvpp2: release reference to txq_cpu[] entry after unmapping (bnc#1012382 bsc#1032150). - net: qmi_wwan: fix divide by 0 on bad descriptors (bnc#1012382). - net/sctp: Always set scope_id in sctp_inet6_skb_msgname (bnc#1012382). - net: Set sk_prot_creator when cloning sockets to the right proto (bnc#1012382). - net/smc: dev_put for netdev after usage of ib_query_gid() (bsc#1066812). - net: thunderx: Fix TCP/UDP checksum offload for IPv4 pkts (bsc#1069583). - net: thunderx: Fix TCP/UDP checksum offload for IPv6 pkts (bsc#1069583). - net/unix: do not show information about sockets from other namespaces (bnc#1012382). - netvsc: use refcount_t for keeping track of sub channels (bsc#1062835). - nfc: fix device-allocation error return (bnc#1012382). - nfsd/callback: Cleanup callback cred on shutdown (bnc#1012382). - nfsd: deal with revoked delegations appropriately (bnc#1012382). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Fix typo in nomigration mount option (bnc#1012382). - nfs: Fix ugly referral attributes (bnc#1012382). - nilfs2: fix race condition that causes file system corruption (bnc#1012382). - nl80211: Define policy for packet pattern attributes (bnc#1012382). - nvme: add duplicate_connect option (bsc#1067734). - nvme: add helper to compare options to controller (bsc#1067734). - nvme: add transport SGL definitions (bsc#1057820). - nvme: allow controller RESETTING to RECONNECTING transition (bsc#1037838). - nvme-fabrics: Allow 0 as KATO value (bsc#1067734). - nvme-fabrics: kABI fix for duplicate_connect option (bsc#1067734). - nvme-fc: add a dev_loss_tmo field to the remoteport (bsc#1037838). - nvme-fc: add dev_loss_tmo timeout and remoteport resume support (bsc#1037838). - nvme-fc: add support for duplicate_connect option (bsc#1067734). - nvme-fc: add uevent for auto-connect (bsc#1037838). - nvme-fc: change ctlr state assignments during reset/reconnect (bsc#1037838). - nvme-fc: check connectivity before initiating reconnects (bsc#1037838). - nvme-fc: correct io termination handling (bsc#1067734). - nvme-fc: correct io timeout behavior (bsc#1067734). - nvme-fc: create fc class and transport device (bsc#1037838). - nvme-fc: decouple ns references from lldd references (bsc#1067734). - nvme-fc: fix iowait hang (bsc#1052384). - nvme-fc: fix localport resume using stale values (bsc#1067734). - nvme-fcloop: fix port deletes and callbacks (bsc#1037838). - nvme-fc: move remote port get/put/free location (bsc#1037838). - nvme-fc: on lldd/transport io error, terminate association (bsc#1042268). - nvme-fc: Reattach to localports on re-registration (bsc#1052384). - nvme-fc: remove NVME_FC_MAX_SEGMENTS (bsc#1067734). - nvme-fc: remove unused "queue_size" field (bsc#1042268). - nvme-fc: retry initial controller connections 3 times (bsc#1067734). - nvme-fc: use transport-specific sgl format (bsc#1057820). - nvme: Fix memory order on async queue deletion (bnc#1012382). - nvme: fix the definition of the doorbell buffer config support bit (bsc#1066812). - nvme-rdma: add support for duplicate_connect option (bsc#1067734). - nvme/rdma: Kick admin queue when a connection is going down (bsc#1059639). - nvmet-fc: correct ref counting error when deferred rcv used (bsc#1067734). - nvmet-fc: fix failing max io queue connections (bsc#1067734). - nvmet-fc: on port remove call put outside lock (bsc#1067734). - nvmet-fc: simplify sg list handling (bsc#1052384). - nvmet: Fix fatal_err_work deadlock (bsc#1063349). - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (bnc#1012382). - ocfs2: should wait dio before inode lock in ocfs2_setattr() (bnc#1012382). - packet: avoid panic in packet_getsockopt() (bnc#1012382). - packet: only test po->has_vnet_hdr once in packet_snd (bnc#1012382). - parisc: Avoid trashing sr2 and sr3 in LWS code (bnc#1012382). - parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels (bnc#1012382). - parisc: Fix validity check of pointer size argument in new CAS implementation (bnc#1012382). - pci: Apply Cavium ThunderX ACS quirk to more Root Ports (bsc#1069250). - pci: Apply _HPX settings only to relevant devices (bnc#1012382). - pci: Enable Relaxed Ordering for Hisilicon Hip07 chip (bsc#1056652). - pci: Mark Cavium CN8xxx to avoid bus reset (bsc#1069250). - pci: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF (bsc#1069250). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bnc#1012382). - perf tools: Fix build failure on perl script context (bnc#1012382). - perf tools: Only increase index if perf_evsel__new_idx() succeeds (bnc#1012382). - perf/x86/intel/bts: Fix exclusive event reference leak (git-fixes d2878d642a4ed). - phy: increase size of MII_BUS_ID_SIZE and bus_id (bnc#1012382). - pkcs#7: fix unitialized boolean 'want' (bnc#1012382). - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set (bnc#1012382). - platform/x86: acer-wmi: setup accelerometer when ACPI device was found (bsc#1031717). - platform/x86: hp-wmi: Do not shadow error values (bnc#1012382). - platform/x86: hp-wmi: Fix detection for dock and tablet mode (bnc#1012382). - platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state (bnc#1012382). - platform/x86: intel_mid_thermal: Fix module autoload (bnc#1012382). - platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() (bsc#1031717). - pm / OPP: Add missing of_node_put(np) (bnc#1012382). - power: bq27xxx_battery: Fix bq27541 AveragePower register address (bsc#1031717). - power: bq27xxx: fix reading for bq27000 and bq27010 (bsc#1031717). - powercap: Fix an error code in powercap_register_zone() (bsc#1031717). - power: ipaq-micro-battery: freeing the wrong variable (bsc#1031717). - powerpc/64: Fix race condition in setting lock bit in idle/wakeup code (bsc#1066223). - powerpc/64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary (bsc#1070169). - powerpc/64s/hash: Fix 128TB-512TB virtual address boundary case allocation (bsc#1070169). - powerpc/64s/hash: Fix 512T hint detection to use >= 128T (bsc#1070169). - powerpc/64s/hash: Fix fork() with 512TB process address space (bsc#1070169). - powerpc/64s/slice: Use addr limit when computing slice mask (bsc#1070169). - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le (bsc#1066223). - powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 (bnc#1012382). - powerpc: Correct instruction code for xxlor instruction (bsc#1066223). - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC (bsc#1066223). - powerpc/hotplug: Improve responsiveness of hotplug change (FATE#322022, bsc#1067906). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1066223). - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash (bsc#1066223). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201, bsc#1066223). - powerpc/mm/hash: Free the subpage_prot_table correctly (bsc#1066223). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1066223). - powerpc/numa: Fix whitespace in hot_add_drconf_memory_max() (bsc#1066223). - powerpc/opal: Fix EBUSY bug in acquiring tokens (bsc#1066223). - powerpc/powernv/ioda: Fix endianness when reading TCEs (bsc#1066223). - powerpc/powernv: Make opal_event_shutdown() callable from IRQ context (bsc#1066223). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888). - powerpc/signal: Properly handle return value from uprobe_deny_signal() (bsc#1066223). - powerpc/sysrq: Fix oops whem ppmu is not registered (bsc#1066223). - powerpc/vphn: Fix numa update end-loop bug (FATE#322022, bsc#1067906). - powerpc/vphn: Improve recognition of PRRN/VPHN (FATE#322022, bsc#1067906). - powerpc/vphn: Update CPU topology when VPHN enabled (FATE#322022, bsc#1067906). - power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520 ("bsc#1069270"). - power: supply: isp1704: Fix unchecked return value of devm_kzalloc (bsc#1031717). - power: supply: lp8788: prevent out of bounds array access (bsc#1031717). - power_supply: tps65217-charger: Fix NULL deref during property export (bsc#1031717). - ppp: fix race in ppp device destruction (bnc#1012382). - printk/console: Always disable boot consoles that use init memory before it is freed (bsc#1063026). - printk/console: Enhance the check for consoles using init memory (bsc#1063026). - printk: include <asm/sections.h> instead of <asm-generic/sections.h> (bsc#1063026). - printk: Make sure to wake up printk kthread from irq work for pending output (bnc#744692, bnc#789311). - printk: only unregister boot consoles when necessary (bsc#1063026). - qla2xxx: Fix cable swap (bsc#1043017). - qla2xxx: Fix notify ack without timeout handling (bsc#1043017). - qla2xxx: Fix re-login for Nport Handle in use (bsc#1043017). - qla2xxx: fix stale memory access (bsc#1043017). - qla2xxx: Login state machine stuck at GPDB (bsc#1043017). - qla2xxx: Recheck session state after RSCN (bsc#1043017). - qla2xxx: relogin is being triggered too fast (bsc#1043017). - qla2xxx: Retry switch command on timed out (bsc#1043017). - qla2xxx: Serialize gpnid (bsc#1043017). - quota: Check for register_shrinker() failure (bsc#1070404). - r8169: Do not increment tx_dropped in TX ring cleaning (bsc#1031717). - rbd: set discard_alignment to zero (bsc#1064320). - rbd: use GFP_NOIO for parent stat and data requests (bnc#1012382). - rcu: Allow for page faults in NMI handlers (bnc#1012382). - rdma/uverbs: Prevent leak of reserved field (bsc#1022595 FATE#322350). - rds: rdma: return appropriate error on rdma map failures (bnc#1012382). - regulator: core: Limit propagation of parent voltage count and list (bsc#1070145). - regulator: fan53555: fix I2C device ids (bnc#1012382). - Revert "bpf: one perf event close won't free bpf program attached by another perf event" (kabi). - Revert "bsg-lib: do not free job in bsg_prepare_job" (bnc#1012382). - Revert "crypto: xts - Add ECB dependency" (bnc#1012382). - Revert "drm: bridge: add DT bindings for TI ths8135" (bnc#1012382). - Revert "keys: Fix race between updating and finding a negative key" (kabi). - Revert "phy: increase size of MII_BUS_ID_SIZE and bus_id" (kabi). - Revert "sctp: do not peel off an assoc from one netns to another one" (bnc#1012382). - Revert "tty: goldfish: Fix a parameter of a call to free_irq" (bnc#1012382). - Revert "uapi: fix linux/rds.h userspace compilation errors" (bnc#1012382). - rpm/kernel-binary.spec.in: add the kernel-binary dependencies to kernel-binary-base (bsc#1060333). - rpm/kernel-binary.spec.in: Correct supplements for recent SLE products (bsc#1067494) - rpm/kernel-binary.spec.in: only rewrite modules.dep if non-zero in size (bsc#1056979). - rpm/package-descriptions: - rtc: ds1307: Fix relying on reset value for weekday (bsc#1031717). - rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks (bsc#1031717). - rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL (bsc#1031717). - rtc: rtc-nuc900: fix loop timeout test (bsc#1031717). - rtc: sa1100: fix unbalanced clk_prepare_enable/clk_disable_unprepare (bsc#1031717). - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time (bnc#1012382). - rtlwifi: rtl8192ee: Fix memory leak when loading firmware (bnc#1012382). - rtlwifi: rtl8821ae: Fix connection lost problem (bnc#1012382). - rtlwifi: rtl8821ae: Fix HW_VAR_NAV_UPPER operation (bsc#1031717). - s390/dasd: check for device error pointer within state change interrupts (bnc#1012382). - s390/disassembler: add missing end marker for e7 table (bnc#1012382). - s390/disassembler: correct disassembly lines alignment (bsc#1070825). - s390/disassembler: increase show_code buffer size (bnc#1070825, LTC#161577). - s390/disassembler: increase show_code buffer size (LTC#161577 bnc#1012382 bnc#1070825). - s390: fix transactional execution control register handling (bnc#1012382). - s390/kbuild: enable modversions for symbols exported from asm (bnc#1012382). - s390/mm: fix write access check in gup_huge_pmd() (bnc#1066974, LTC#160551). - s390/qeth: allow hsuid configuration in DOWN state (bnc#1070825, LTC#161871). - s390/qeth: issue STARTLAN as first IPA command (bnc#1012382). - s390/qeth: use ip_lock for hsuid configuration (bnc#1070825, LTC#161871). - s390/runtime instrumention: fix possible memory corruption (bnc#1012382). - sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task() (bnc#1012382). - sched: Make resched_cpu() unconditional (bnc#1012382). - sched/rt: Simplify the IPI based RT balancing logic (bnc#1012382). - scsi: aacraid: Check for PCI state of device in a generic way (bsc#1022607, FATE#321673). - scsi: aacraid: Fix controller initialization failure (FATE#320140). - scsi: bfa: fix access to bfad_im_port_s (bsc#1065101). - scsi: check for device state in __scsi_remove_target() (bsc#1072589). - scsi_devinfo: cleanly zero-pad devinfo strings (bsc#1062941). - scsi: fcoe: move fcoe_interface_remove() out of fcoe_interface_cleanup() (bsc#1039542). - scsi: fcoe: open-code fcoe_destroy_work() for NETDEV_UNREGISTER (bsc#1039542). - scsi: fcoe: separate out fcoe_vport_remove() (bsc#1039542). - scsi: ipr: Fix scsi-mq lockdep issue (bsc#1066213). - scsi: ipr: Set no_report_opcodes for RAID arrays (bsc#1066213). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1056003). - scsi: lpfc: Add Buffer to Buffer credit recovery support (bsc#1052384). - scsi: lpfc: Add changes to assist in NVMET debugging (bsc#1041873). - scsi: lpfc: Add nvme initiator devloss support (bsc#1041873). - scsi: lpfc: Adjust default value of lpfc_nvmet_mrq (bsc#1067735). - scsi: lpfc: Break up IO ctx list into a separate get and put list (bsc#1045404). - scsi: lpfc: change version to 11.4.0.4 (bsc#1067735). - scsi: lpfc: convert info messages to standard messages (bsc#1052384). - scsi: lpfc: Correct driver deregistrations with host nvme transport (bsc#1067735). - scsi: lpfc: Correct issues with FAWWN and FDISCs (bsc#1052384). - scsi: lpfc: correct nvme sg segment count check (bsc#1067735). - scsi: lpfc: correct port registrations with nvme_fc (bsc#1067735). - scsi: lpfc: Correct return error codes to align with nvme_fc transport (bsc#1052384). - scsi: lpfc: Disable NPIV support if NVME is enabled (bsc#1067735). - scsi: lpfc: Driver fails to detect direct attach storage array (bsc#1067735). - scsi: lpfc: Expand WQE capability of every NVME hardware queue (bsc#1067735). - scsi: lpfc: Extend RDP support (bsc#1067735). - scsi: lpfc: Fix a precedence bug in lpfc_nvme_io_cmd_wqe_cmpl() (bsc#1056587). - scsi: lpfc: Fix bad sgl reposting after 2nd adapter reset (bsc#1052384). - scsi: lpfc: fix build issue if NVME_FC_TARGET is not defined (bsc#1040073). - scsi: lpfc: Fix counters so outstandng NVME IO count is accurate (bsc#1041873). - scsi: lpfc: Fix crash after bad bar setup on driver attachment (bsc#1067735). - scsi: lpfc: Fix crash during driver unload with running nvme traffic (bsc#1067735). - scsi: lpfc: Fix crash in lpfc_nvme_fcp_io_submit during LIP (bsc#1067735). - scsi: lpfc: Fix crash in lpfc nvmet when fc port is reset (bsc#1052384). - scsi: lpfc: Fix crash receiving ELS while detaching driver (bsc#1067735). - scsi: lpfc: Fix display for debugfs queInfo (bsc#1067735). - scsi: lpfc: Fix driver handling of nvme resources during unload (bsc#1067735). - scsi: lpfc: Fix duplicate NVME rport entries and namespaces (bsc#1052384). - scsi: lpfc: Fix FCP hba_wqidx assignment (bsc#1067735). - scsi: lpfc: Fix handling of FCP and NVME FC4 types in Pt2Pt topology (bsc#1052384). - scsi: lpfc: Fix hard lock up NMI in els timeout handling (bsc#1067735). - scsi: lpfc: fix "integer constant too large" error on 32bit archs (bsc#1052384). - scsi: lpfc: Fix loop mode target discovery (bsc#1052384). - scsi: lpfc: Fix lpfc nvme host rejecting IO with Not Ready message (bsc#1067735). - scsi: lpfc: Fix Lun Priority level shown as NA (bsc#1041873). - scsi: lpfc: Fix ndlp ref count for pt2pt mode issue RSCN (bsc#1067735). - scsi: lpfc: Fix NVME LS abort_xri (bsc#1067735). - scsi: lpfc: Fix nvme port role handling in sysfs and debugfs handlers (bsc#1041873). - scsi: lpfc: Fix NVME PRLI handling during RSCN (bsc#1052384). - scsi: lpfc: Fix nvme target failure after 2nd adapter reset (bsc#1052384). - scsi: lpfc: Fix nvmet node ref count handling (bsc#1041873). - scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails (bsc#1067735). - scsi: lpfc: Fix oops of nvme host during driver unload (bsc#1067735). - scsi: lpfc: Fix oops when NVME Target is discovered in a nonNVME environment. - scsi: lpfc: fix pci hot plug crash in list_add call (bsc#1067735). - scsi: lpfc: fix pci hot plug crash in timer management routines (bsc#1067735). - scsi: lpfc: Fix plogi collision that causes illegal state transition (bsc#1052384). - scsi: lpfc: Fix Port going offline after multiple resets (bsc#1041873). - scsi: lpfc: Fix PRLI retry handling when target rejects it (bsc#1041873). - scsi: lpfc: Fix rediscovery on switch blade pull (bsc#1052384). - scsi: lpfc: Fix relative offset error on large nvmet target ios (bsc#1052384). - scsi: lpfc: Fix return value of board_mode store routine in case of online failure (bsc#1041873). - scsi: lpfc: Fix secure firmware updates (bsc#1067735). - scsi: lpfc: Fix System panic after loading the driver (bsc#1041873). - scsi: lpfc: Fix transition nvme-i rport handling to nport only (bsc#1041873). - scsi: lpfc: Fix vports not logging into target (bsc#1041873). - scsi: lpfc: Fix warning messages when NVME_TARGET_FC not defined (bsc#1067735). - scsi: lpfc: FLOGI failures are reported when connected to a private loop (bsc#1067735). - scsi: lpfc: Handle XRI_ABORTED_CQE in soft IRQ (bsc#1067735). - scsi: lpfc: Limit amount of work processed in IRQ (bsc#1052384). - scsi: lpfc: Linux LPFC driver does not process all RSCNs (bsc#1067735). - scsi: lpfc: lpfc version bump 11.4.0.3 (bsc#1052384). - scsi: lpfc: Make ktime sampling more accurate (bsc#1067735). - scsi: lpfc: Move CQ processing to a soft IRQ (bsc#1067735). - scsi: lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (bsc#1041873). - scsi: lpfc: PLOGI failures during NPIV testing (bsc#1067735). - scsi: lpfc: Raise maximum NVME sg list size for 256 elements (bsc#1067735). - scsi: lpfc: Reduce log spew on controller reconnects (bsc#1067735). - scsi: lpfc: remove console log clutter (bsc#1052384). - scsi: lpfc: Revise NVME module parameter descriptions for better clarity (bsc#1067735). - scsi: lpfc: Set missing abort context (bsc#1067735). - scsi: lpfc: small sg cnt cleanup (bsc#1067735). - scsi: lpfc: spin_lock_irq() is not nestable (bsc#1045404). - scsi: lpfc: update driver version to 11.4.0.5 (bsc#1067735). - scsi: lpfc: update to revision to 11.4.0.0 (bsc#1041873). - scsi: megaraid_sas: mismatch of allocated MFI frame size and length exposed in MFI MPT pass through command (bsc#1066767). - scsi: qla2xxx: Cleanup debug message IDs (bsc#1043017). - scsi: qla2xxx: Correction to vha->vref_count timeout (bsc#1066812). - scsi: qla2xxx: Fix name server relogin (bsc#1043017). - scsi: qla2xxx: Fix path recovery (bsc#1043017). - scsi: qla2xxx: Initialize Work element before requesting IRQs (bsc#1019675,FATE#321701). - scsi: qla2xxx: Replace usage of spin_lock with spin_lock_irqsave (bsc#1043017). - scsi: qla2xxx: Retain loop test for fwdump length exceeding buffer length (bsc#1043017). - scsi: qla2xxx: Turn on FW option for exchange check (bsc#1043017). - scsi: qla2xxx: Use BIT_6 to acquire FAWWPN from switch (bsc#1066812). - scsi: qla2xxx: Use fabric name for Get Port Speed command (bsc#1066812). - scsi: qla2xxx: Use flag PFLG_DISCONNECTED (bsc#1043017). - scsi: reset wait for IO completion (bsc#996376). - scsi: scsi_devinfo: fixup string compare (bsc#1062941). updated patches.fixes/scsi_devinfo-fixup-string-compare.patch to the version merged upstream. - scsi: scsi_devinfo: handle non-terminated strings (bsc#1062941). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bnc#1012382). - scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics() (bsc#1066812). - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - scsi: sg: do not return bogus Sg_requests (bsc#1064206). - scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206). - scsi: sg: Re-fix off by one in sg_fill_request_table() (bnc#1012382). - scsi: ufs: add capability to keep auto bkops always enabled (bnc#1012382). - scsi: ufs-qcom: Fix module autoload (bnc#1012382). - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1012382). - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect (bnc#1012382). - sctp: do not peel off an assoc from one netns to another one (bnc#1012382). - sctp: potential read out of bounds in sctp_ulpevent_type_enabled() (bnc#1012382). - sctp: reset owner sk for data chunks on out queues when migrating a sock (bnc#1012382). - security/keys: add CONFIG_KEYS_COMPAT to Kconfig (bnc#1012382). - selftests: firmware: add empty string and async tests (bnc#1012382). - selftests: firmware: send expected errors to /dev/null (bnc#1012382). - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() (bsc#1031717). - serial: 8250_uniphier: fix serial port index in private data (bsc#1031717). - serial: Fix serial console on SNI RM400 machines (bsc#1031717). - serial: omap: Fix EFR write on RTS deassertion (bnc#1012382). - serial: Remove unused port type (bsc#1066045). - serial: sh-sci: Fix register offsets for the IRDA serial port (bnc#1012382). - slub: do not merge cache if slub_debug contains a never-merge flag (bnc#1012382). - smb3: Validate negotiate request must always be signed (bsc#1064597). - smb: fix leak of validate negotiate info response buffer (bsc#1064597). - smb: fix validate negotiate info uninitialised memory use (bsc#1064597). - sparc64: Migrate hvcons irq to panicked cpu (bnc#1012382). - spi: SPI_FSL_DSPI should depend on HAS_DMA (bnc#1012382). - spi: uapi: spidev: add missing ioctl header (bnc#1012382). - staging: iio: cdc: fix improper return value (bnc#1012382). - staging: lustre: hsm: stack overrun in hai_dump_data_field (bnc#1012382). - staging: lustre: llite: do not invoke direct_IO for the EOF case (bnc#1012382). - staging: lustre: ptlrpc: skip lock if export failed (bnc#1012382). - staging: r8712u: Fix Sparse warning in rtl871x_xmit.c (bnc#1012382). - staging: rtl8188eu: fix incorrect ERROR tags from logs (bnc#1012382). - staging: rtl8712: fixed little endian problem (bnc#1012382). - staging: rtl8712u: Fix endian settings for structs describing network packets (bnc#1012382). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (bnc#1012382). - supported.conf: Support spidev (bsc#1066696) - sysctl: add unsigned int range support (FATE#323821) - target: fix ALUA state file path truncation (bsc#1064606). - target: Fix node_acl demo-mode + uncached dynamic shutdown regression (bnc#1012382). - target: fix PR state file path truncation (bsc#1064606). - target: Fix QUEUE_FULL + SCSI task attribute handling (bnc#1012382). - target/iscsi: Fix unsolicited data seq_end_offset calculation (bnc#1012382 bsc#1036489). - target/rbd: handle zero length UNMAP requests early (bsc#1064320). - target/rbd: use target_configure_unmap_from_queue() helper (bsc#1064320). - tcp/dccp: fix ireq->opt races (bnc#1012382). - tcp/dccp: fix lockdep splat in inet_csk_route_req() (bnc#1012382). - tcp/dccp: fix other lockdep splats accessing ireq_opt (bnc#1012382). - tcp: do not mangle skb->cb[] in tcp_make_synack() (bnc#1012382). - tcp: fix tcp_mtu_probe() vs highest_sack (bnc#1012382). - test: firmware_class: report errors properly on failure (bnc#1012382). - test_sysctl: add dedicated proc sysctl test driver (FATE#323821) - test_sysctl: add generic script to expand on tests (FATE#323821) - test_sysctl: add simple proc_dointvec() case (FATE#323821). - test_sysctl: add simple proc_douintvec() case (FATE#323821). - test_sysctl: fix sysctl.sh by making it executable (FATE#323821). - test_sysctl: test against int proc_dointvec() array support (FATE#323821). - test_sysctl: test against PAGE_SIZE for int (FATE#323821) - timer: Prevent timer value 0 for MWAITX (bsc#1065717). - tipc: fix link attribute propagation bug (bnc#1012382). - tipc: use only positive error codes in messages (bnc#1012382). - tools: firmware: check for distro fallback udev cancel rule (bnc#1012382). - tpm: constify transmit data pointers (bsc#1020645, git-fixes). - tpm: kabi: do not bother with added const (bsc#1020645, git-fixes). - tpm_tis_spi: Use DMA-safe memory for SPI transfers (bsc#1020645, git-fixes). - tracing: Fix tracing sample code warning (bnc#1012382). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (bnc#1012382). - tun: allow positive return values on dev_get_valid_name() call (bnc#1012382). - tun: bail out from tun_get_user() if the skb is empty (bnc#1012382). - tun: call dev_get_valid_name() before register_netdevice() (bnc#1012382). - tun/tap: sanitize TUNSETSNDBUF input (bnc#1012382). - uapi: fix linux/mroute6.h userspace compilation errors (bnc#1012382). - uapi: fix linux/rds.h userspace compilation error (bnc#1012382). - uapi: fix linux/rds.h userspace compilation errors (bnc#1012382). - udpv6: Fix the checksum computation when HW checksum does not apply (bnc#1012382). - Update config files to enable spidev on arm64. (bsc#1066696) - Update patches.drivers/0005-hwmon-xgene-Fix-up-error-handling-path-mixup-in-xgen.patch (bsc#1056652) Correct bugzilla reference. - Update patches.fixes/scsi-devinfo-cleanly-zero-pad-devinfo-strings.patch (bsc#1062941, bsc#1037404, bsc#1012523, bsc#1038299). - Update patches.fixes/scsi_devinfo-fixup-string-compare.patch (bsc#1062941, bsc#1037404, bsc#1012523, bsc#1038299). - Update patches.fixes/scsi_devinfo-handle-non-terminated-strings.patch (bsc#1062941, bsc#1037404, bsc#1012523, bsc#1038299). - Update preliminary FC-NVMe patches to mainline status (bsc#1067734) - usb: Add delay-init quirk for Corsair K70 LUX keyboards (bnc#1012382). - usb: cdc_acm: Add quirk for Elatec TWN3 (bnc#1012382). - usb: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (bnc#1012382). - usb: devio: Revert "USB: devio: Do not corrupt user memory" (bnc#1012382). - usb: dummy-hcd: Fix deadlock caused by disconnect detection (bnc#1012382). - usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options (bnc#1012382). - usb: hcd: initialize hcd->flags to 0 when rm hcd (bnc#1012382). - usb: hub: Allow reset retry for USB2 devices on connect bounce (bnc#1012382). - usb: musb: Check for host-mode using is_host_active() on reset interrupt (bnc#1012382). - usb: musb: sunxi: Explicitly release USB PHY on exit (bnc#1012382). - usb: quirks: add quirk for WORLDE MINI MIDI keyboard (bnc#1012382). - usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet (bnc#1012382). - usb: serial: console: fix use-after-free after failed setup (bnc#1012382). - usb: serial: cp210x: add support for ELV TFD500 (bnc#1012382). - usb: serial: ftdi_sio: add id for Cypress WICED dev board (bnc#1012382). - usb: serial: garmin_gps: fix I/O after failed probe and remove (bnc#1012382). - usb: serial: garmin_gps: fix memory leak on probe errors (bnc#1012382). - usb: serial: metro-usb: add MS7820 device id (bnc#1012382). - usb: serial: option: add support for TP-Link LTE module (bnc#1012382). - usb: serial: qcserial: add Dell DW5818, DW5819 (bnc#1012382). - usb: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update (bnc#1012382). - usb: usbfs: compute urb->actual_length for isochronous (bnc#1012382). - usb: usbtest: fix NULL pointer dereference (bnc#1012382). - usb: xhci: Handle error condition in xhci_stop_device() (bnc#1012382). - vfs: expedite unmount (bsc#1024412). - video: fbdev: pmag-ba-fb: Remove bad `__init' annotation (bnc#1012382). - video: udlfb: Fix read EDID timeout (bsc#1031717). - vlan: fix a use-after-free in vlan_device_event() (bnc#1012382). - vsock: use new wait API for vsock_stream_sendmsg() (bnc#1012382). - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bnc#1012382). - watchdog: kempld: fix gcc-4.3 build (bnc#1012382). - workqueue: Fix NULL pointer dereference (bnc#1012382). - workqueue: replace pool->manager_arb mutex with a flag (bnc#1012382). - x86/ACPI/cstate: Allow ACPI C1 FFH MWAIT use on AMD systems (bsc#1069879). - x86/alternatives: Fix alt_max_short macro to really be a max() (bnc#1012382). - x86/decoder: Add new TEST instruction pattern (bnc#1012382). - x86/MCE/AMD: Always give panic severity for UC errors in kernel context (git-fixes bf80bbd7dcf5). - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/microcode/intel: Disable late loading on model 79 (bnc#1012382). - x86/mm: fix use-after-free of vma during userfaultfd fault (Git-fixes, bsc#1069916). - x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context (bnc#1012382). - x86/uaccess, sched/preempt: Verify access_ok() context (bnc#1012382). - xen: do not print error message in case of missing Xenstore entry (bnc#1012382). - xen/events: events_fifo: Do not use {get,put}_cpu() in xen_evtchn_fifo_init() (bnc#1065600). - xen: fix booting ballooned down hvm guest (bnc#1065600). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1012382). - xen/manage: correct return value check on xenbus_scanf() (bnc#1012382). - xen-netback: fix error handling output (bnc#1065600). - xen: x86: mark xen_find_pt_base as __init (bnc#1065600). - xen: xenbus driver must not accept invalid transaction ids (bnc#1012382). - zd1211rw: fix NULL-deref at probe (bsc#1031717). Important SUSE bug 1010201 SUSE bug 1012382 SUSE bug 1012523 SUSE bug 1015336 SUSE bug 1015337 SUSE bug 1015340 SUSE bug 1015342 SUSE bug 1015343 SUSE bug 1019675 SUSE bug 1020412 SUSE bug 1020645 SUSE bug 1022595 SUSE bug 1022607 SUSE bug 1024346 SUSE bug 1024373 SUSE bug 1024376 SUSE bug 1024412 SUSE bug 1031717 SUSE bug 1032150 SUSE bug 1036489 SUSE bug 1036800 SUSE bug 1037404 SUSE bug 1037838 SUSE bug 1038299 SUSE bug 1039542 SUSE bug 1040073 SUSE bug 1041873 SUSE bug 1042268 SUSE bug 1042957 SUSE bug 1042977 SUSE bug 1042978 SUSE bug 1043017 SUSE bug 1045404 SUSE bug 1046054 SUSE bug 1046107 SUSE bug 1047901 SUSE bug 1047989 SUSE bug 1048317 SUSE bug 1048327 SUSE bug 1048356 SUSE bug 1050060 SUSE bug 1050231 SUSE bug 1051406 SUSE bug 1051635 SUSE bug 1051987 SUSE bug 1052384 SUSE bug 1053309 SUSE bug 1053919 SUSE bug 1055272 SUSE bug 1056003 SUSE bug 1056365 SUSE bug 1056427 SUSE bug 1056587 SUSE bug 1056596 SUSE bug 1056652 SUSE bug 1056979 SUSE bug 1057079 SUSE bug 1057199 SUSE bug 1057820 SUSE bug 1058413 SUSE bug 1059639 SUSE bug 1060333 SUSE bug 1061756 SUSE bug 1062496 SUSE bug 1062835 SUSE bug 1062941 SUSE bug 1063026 SUSE bug 1063349 SUSE bug 1063516 SUSE bug 1064206 SUSE bug 1064320 SUSE bug 1064591 SUSE bug 1064597 SUSE bug 1064606 SUSE bug 1064701 SUSE bug 1064926 SUSE bug 1065101 SUSE bug 1065180 SUSE bug 1065600 SUSE bug 1065639 SUSE bug 1065692 SUSE bug 1065717 SUSE bug 1065866 SUSE bug 1065959 SUSE bug 1066045 SUSE bug 1066175 SUSE bug 1066192 SUSE bug 1066213 SUSE bug 1066223 SUSE bug 1066285 SUSE bug 1066382 SUSE bug 1066470 SUSE bug 1066471 SUSE bug 1066472 SUSE bug 1066573 SUSE bug 1066606 SUSE bug 1066629 SUSE bug 1066660 SUSE bug 1066696 SUSE bug 1066767 SUSE bug 1066812 SUSE bug 1066974 SUSE bug 1067105 SUSE bug 1067132 SUSE bug 1067225 SUSE bug 1067494 SUSE bug 1067734 SUSE bug 1067735 SUSE bug 1067888 SUSE bug 1067906 SUSE bug 1068671 SUSE bug 1068978 SUSE bug 1068980 SUSE bug 1068982 SUSE bug 1069152 SUSE bug 1069250 SUSE bug 1069270 SUSE bug 1069277 SUSE bug 1069484 SUSE bug 1069496 SUSE bug 1069583 SUSE bug 1069702 SUSE bug 1069721 SUSE bug 1069793 SUSE bug 1069879 SUSE bug 1069916 SUSE bug 1069942 SUSE bug 1069996 SUSE bug 1070001 SUSE bug 1070006 SUSE bug 1070145 SUSE bug 1070169 SUSE bug 1070404 SUSE bug 1070535 SUSE bug 1070767 SUSE bug 1070771 SUSE bug 1070805 SUSE bug 1070825 SUSE bug 1070964 SUSE bug 1071693 SUSE bug 1071694 SUSE bug 1071695 SUSE bug 1071833 SUSE bug 1072589 SUSE bug 744692 SUSE bug 789311 SUSE bug 964944 SUSE bug 966170 SUSE bug 966172 SUSE bug 969470 SUSE bug 979928 SUSE bug 989261 SUSE bug 996376 CVE-2017-1000405 CVE-2017-1000410 CVE-2017-11600 CVE-2017-12193 CVE-2017-15115 CVE-2017-16528 CVE-2017-16536 CVE-2017-16537 CVE-2017-16645 CVE-2017-16646 CVE-2017-16939 CVE-2017-16994 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-7482 CVE-2017-8824 openSUSE Leap 42.3 This update for pdns-recursor fixes the following issues: - CVE-2017-15120: parsing error while handling authoritative answers containing a CNAME of a different class than IN, leading to a recursor crash via a NULL-pointer dereference. (boo#1072170) Moderate SUSE bug 1072170 CVE-2017-15120 openSUSE Leap 42.3 This update for 389-ds fixes the following issues: - CVE-2017-7551: 389-ds-base: Password brute-force possible for locked account due to different return codes (bsc#1051997) - CVE-2016-4992: 389-ds: Information disclosure via repeated use of LDAP ADD operation (bsc#997256) - CVE-2016-5405: 389-ds: Password verification vulnerable to timing attack (bsc#1007004) - CVE-2017-2591: 389-ds-base: Heap buffer overflow in uiduniq.c (bsc#1020670) - CVE-2017-2668 389-ds Remote crash via crafted LDAP messages (bsc#1069067) - CVE-2016-0741: 389-ds: worker threads do not detect abnormally closed connections causing DoS (bsc#1069074) Moderate SUSE bug 1007004 SUSE bug 1020670 SUSE bug 1051997 SUSE bug 1069067 SUSE bug 1069074 SUSE bug 997256 CVE-2016-4992 CVE-2016-5405 CVE-2017-2668 CVE-2017-7551 openSUSE Leap 42.3 This update for enigmail to version 1.9.9 fixes the following issues (boo#1073858): * Enigmail could be coerced to use a malicious PGP public key with a corresponding secret key controlled by an attacker * Enigmail could have replayed encrypted content in partially encrypted e-mails, allowing a plaintext leak * Enigmail could be tricked into displaying incorrect signature verification results * Specially crafted content may cause denial of service Important SUSE bug 1073858 openSUSE Leap 42.3 This update for python-PyJWT fixes the following issues: - CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys (bsc#1054106) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1054106 CVE-2017-12880 openSUSE Leap 42.3 This update for postgresql96 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-15099: Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases (bsc#1067841). Bug fixes: - Update to version 9.6.6: * https://www.postgresql.org/docs/9.6/static/release-9-6-6.html * https://www.postgresql.org/docs/9.6/static/release-9-6-5.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1067841 SUSE bug 1067844 CVE-2017-15098 CVE-2017-15099 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: * CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service [bsc#1061254] * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service [bsc#1060176] * Memory leak in WriteINLINEImage in coders/inline.c could lead to denial of service [bsc#1052744] * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637] * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers to cause a denial of service via crafted file [bsc#1067409] * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719] * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in coders/webp.c could lead to denial of service [bsc#1057157] * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432] * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214] * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c [bsc#1062750] * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service [bsc#1054757] * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666] * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553] * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\pwp.c could lead to denial of service [bsc#1052450] * CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers to cause a denial of service [bsc#1050083] * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729] * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457] * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139] * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689] * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758] * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764] * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730] * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1048457 SUSE bug 1049796 SUSE bug 1050083 SUSE bug 1050116 SUSE bug 1050139 SUSE bug 1050632 SUSE bug 1051441 SUSE bug 1051847 SUSE bug 1052450 SUSE bug 1052553 SUSE bug 1052689 SUSE bug 1052744 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056432 SUSE bug 1057157 SUSE bug 1057719 SUSE bug 1057729 SUSE bug 1057730 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1059666 SUSE bug 1059778 SUSE bug 1060176 SUSE bug 1060577 SUSE bug 1061254 SUSE bug 1062750 SUSE bug 1066003 SUSE bug 1067181 SUSE bug 1067184 SUSE bug 1067409 CVE-2017-11188 CVE-2017-11478 CVE-2017-11523 CVE-2017-11527 CVE-2017-11535 CVE-2017-11640 CVE-2017-11752 CVE-2017-12140 CVE-2017-12435 CVE-2017-12587 CVE-2017-12644 CVE-2017-12662 CVE-2017-12669 CVE-2017-12983 CVE-2017-13134 CVE-2017-13769 CVE-2017-14138 CVE-2017-14172 CVE-2017-14173 CVE-2017-14175 CVE-2017-14341 CVE-2017-14342 CVE-2017-14531 CVE-2017-14607 CVE-2017-14682 CVE-2017-14733 CVE-2017-14989 CVE-2017-15217 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 openSUSE Leap 42.3 This update for evince fixes the following issues: Security issue fixed: - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend (bsc#1046856). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1046856 CVE-2017-1000083 openSUSE Leap 42.3 This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin (bsc#1074043) - CVE-2017-7847: Local path string can be leaked from RSS feed (bsc#1074044) - CVE-2017-7848: RSS Feed vulnerable to new line Injection (bsc#1074045) - CVE-2017-7829: From address with encoded null character is cut off in message header display (bsc#1074046) Important SUSE bug 1074043 SUSE bug 1074044 SUSE bug 1074045 SUSE bug 1074046 CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 openSUSE Leap 42.3 This update for global fixes the following issue: - CVE-2017-17531: Argument-injection vulnerability allowed execution of arbitrary code via crafted URLs (boo#1073197) Moderate SUSE bug 1073197 CVE-2017-17531 openSUSE Leap 42.3 This update for phpMyAdmin to version 4.7.7 fixes a security issue and bugs. The following vulnerability was fixed: - By deceiving a user to click on a crafted URL, it was possible to perform harmful database operations (bsc#1074066, PMASA-2017-09) This update also contains all upstream improvements and bugfixes in version 4.7.7: - various display and UI fixes - PHP error fixes - Improved deteciton of MySQL server needing SSL connections - Support JSON datatype on MariaDB 10.2.7 and newer - Fix constructing ALTER query with AFTER - Fix changing password on MariaDB cluster Important SUSE bug 1074066 openSUSE Leap 42.3 This update for gdk-pixbuf provides the following fixes: - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader (bsc#1053417) - Adds support for BMPv3 with bitmasks (bsc#1053417) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1053417 openSUSE Leap 42.3 This update for xorg-x11-server fixes the following issues: - Improve retrieval of entropy for generating random authentication cookies (bsc#1025084) - Fix rendering with glamor acceleration. (bsc#1047154) Moderate SUSE bug 1025084 SUSE bug 1047154 openSUSE Leap 42.3 This update for rubygem-puppet fixes the following issues: - CVE-2017-2295: A remote attacker could have forced unsafe YAML deserialization which could have led to code execution (bsc#1040151) Important SUSE bug 1040151 CVE-2017-2295 openSUSE Leap 42.3 This update to Wireshark 2.2.8 fixes some minor vulnerabilities could be used to trigger dissector crashes, infinite loops, or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file: - CVE-2017-7702,CVE-2017-11410: WBMXL dissector infinite loop (wnpa-sec-2017-13) - CVE-2017-9350,CVE-2017-11411: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28) - CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34) - CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35) - CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36) Moderate SUSE bug 1049255 SUSE bug 1049621 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 CVE-2017-7702 CVE-2017-9350 openSUSE Leap 42.3 This update for catdoc fixes the following issues: - CVE-2017-11110: Attackers may have used specially crafted files to cause a denial of service through a heap-based buffer under-flow and application crash, or have unspecified other impact (boo#1047877) Moderate SUSE bug 1047877 CVE-2017-11110 openSUSE Leap 42.3 This update for gsoap fixes the following security issue: - CVE-2017-9765: A remote attacker may have triggered a buffer overflow to cause a server crash (denial of service) after sending 2GB of a specially crafted XML message, or possibly have unspecified futher impact. (bsc#1049348) Moderate SUSE bug 1049348 CVE-2017-9765 openSUSE Leap 42.3 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1009994 SUSE bug 1010756 SUSE bug 1010757 SUSE bug 1010766 SUSE bug 1010774 SUSE bug 1010782 SUSE bug 1010968 SUSE bug 1010975 SUSE bug 1047958 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2017-1000050 openSUSE Leap 42.3 This update for the_silver_searcher to version 2.0.0 fixes a minor security issue and includes various improvements. New and updated functionality: - New and updated support for various file types - Performance improvements, including faster substring search - Add --print-all-files options to print all files searched - Add support for inverting ignore rules (e.g. !blah.txt) - Add zsh completion function The following functionality has changed: - No longer read from .agignore, .ignore is used The following potential security issue was fixed: - Heap buffer overflow when searching an absolute path (boo#1050057) The following bug fixes are included: - Fix context line printing when reading from a pipe - Ignore local-domain socket just like named pipes - Fix --word-regexp not applying to alternates Moderate SUSE bug 1050057 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issue: - CVE-2017-11403: A specially crafted PNG file may have have triggerd a use-after-free flaw (boo#1049072) Moderate SUSE bug 1049072 CVE-2017-11403 openSUSE Leap 42.3 This update Chromium to version 60.0.3112.78 fixes security issue and bugs. The following security issues were fixed: * CVE-2017-5091: Use after free in IndexedDB * CVE-2017-5092: Use after free in PPAPI * CVE-2017-5093: UI spoofing in Blink * CVE-2017-5094: Type confusion in extensions * CVE-2017-5095: Out-of-bounds write in PDFium * CVE-2017-5096: User information leak via Android intents * CVE-2017-5097: Out-of-bounds read in Skia * CVE-2017-5098: Use after free in V8 * CVE-2017-5099: Out-of-bounds write in PPAPI * CVE-2017-5100: Use after free in Chrome Apps * CVE-2017-5101: URL spoofing in OmniBox * CVE-2017-5102: Uninitialized use in Skia * CVE-2017-5103: Uninitialized use in Skia * CVE-2017-5104: UI spoofing in browser * CVE-2017-7000: Pointer disclosure in SQLite * CVE-2017-5105: URL spoofing in OmniBox * CVE-2017-5106: URL spoofing in OmniBox * CVE-2017-5107: User information leak via SVG * CVE-2017-5108: Type confusion in PDFium * CVE-2017-5109: UI spoofing in browser * CVE-2017-5110: UI spoofing in payments dialog * Various fixes from internal audits, fuzzing and other initiatives A number of upstream bugfixes are also included in this release. Important SUSE bug 1050537 CVE-2017-5091 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095 CVE-2017-5096 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108 CVE-2017-5109 CVE-2017-5110 CVE-2017-7000 openSUSE Leap 42.3 This update for apache2 fixes the following issues: Security issue fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes: - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.conf is processed. (bsc#1023616, bsc#1043055) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1023616 SUSE bug 1043055 SUSE bug 1048576 CVE-2017-9788 openSUSE Leap 42.3 This update for mysql-community-server to version 5.6.37 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-3633: Memcached unspecified vulnerability (boo#1049394) - CVE-2017-3634: DML unspecified vulnerability (boo#1049396) - CVE-2017-3635: C API unspecified vulnerability (boo#1049398) - CVE-2017-3636: Client programs unspecified vulnerability (boo#1049399) - CVE-2017-3641: DML unspecified vulnerability (boo#1049404) - CVE-2017-3647: Replication unspecified vulnerability (boo#1049410) - CVE-2017-3648: Charsets unspecified vulnerability (boo#1049411) - CVE-2017-3649: Replication unspecified vulnerability (boo#1049412) - CVE-2017-3651: Client mysqldump unspecified vulnerability (boo#1049415) - CVE-2017-3652: DDL unspecified vulnerability (boo#1049416) - CVE-2017-3653: DDL unspecified vulnerability (boo#1049417) - CVE-2017-3732: Security, Encryption unspecified vulnerability (boo#1049421) The following general changes are included: - switch systemd unit file from 'Restart=on-failure' to 'Restart=on-abort' - update file lists for new man-pages and tools (for mariadb) For a list of upstream changes in this release, see: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-37.html Moderate SUSE bug 1049394 SUSE bug 1049396 SUSE bug 1049398 SUSE bug 1049399 SUSE bug 1049404 SUSE bug 1049410 SUSE bug 1049411 SUSE bug 1049412 SUSE bug 1049415 SUSE bug 1049416 SUSE bug 1049417 SUSE bug 1049421 SUSE bug 1049422 CVE-2017-3633 CVE-2017-3634 CVE-2017-3635 CVE-2017-3636 CVE-2017-3641 CVE-2017-3647 CVE-2017-3648 CVE-2017-3649 CVE-2017-3651 CVE-2017-3652 CVE-2017-3653 CVE-2017-3732 openSUSE Leap 42.3 This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bsc#986639) - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. (bsc#986631) - CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. (bsc#1015964) Bug fixes: - libical crashes while parsing timezones (bsc#1044995) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1015964 SUSE bug 1044995 SUSE bug 986631 SUSE bug 986639 CVE-2016-5824 CVE-2016-5827 CVE-2016-9584 openSUSE Leap 42.3 This update for icoutils fixes the following issues: - CVE-2017-6009: Buffer Overflows in wrestool (bsc#1025703) - CVE-2017-6010, CVE-2017-6011: out-of-bounds read leading to a buffer overflow in the "simple_vec" function (bsc#1025700) Moderate SUSE bug 1025700 SUSE bug 1025703 CVE-2017-6009 CVE-2017-6010 CVE-2017-6011 openSUSE Leap 42.3 This update for poppler fixes the following issues: Security issues fixed: - CVE-2017-9775: DoS stack buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719) - CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721) - CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088) - CVE-2017-7511: Null pointer dereference in pdfunite via crafted documents (bsc#1041783) - CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803) - CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1041783 SUSE bug 1042802 SUSE bug 1042803 SUSE bug 1043088 SUSE bug 1045719 SUSE bug 1045721 CVE-2017-7511 CVE-2017-7515 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 openSUSE Leap 42.3 This update for cacti, cacti-spine fixes the following issues: - CVE-2017-12065: Possible code execution via avgnan, outlier-start, or outlier-end parameter (bsc#1051633) - CVE-2017-11691: XSS in auth_profile.php allows remote attackers to inject arbitrary JS via specially crafted HTTP Referer headers (bsc#1050950) - CVE-2017-10970: XSS Issue in link.php bsc#1047512 - CVE-2017-11163: XSS Issue in lib/html_form.php bsc#1048102 In addition, cacti and cacti-spine were updated to the current stable release 1.1.16, containing all upstream improvements and bugfixes. Moderate SUSE bug 1047512 SUSE bug 1048102 SUSE bug 1050950 SUSE bug 1051633 CVE-2017-10970 CVE-2017-11163 CVE-2017-11691 CVE-2017-12065 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.79 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). The following non-security bugs were fixed: - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478). - ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - Added sbitmap patch to blacklist.conf Add a patch "sbitmap: fix wakeup hang after sbq resize" to the blacklist.conf file because it is not needed in SLE 12 SP2. - Btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - Btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - Btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - Delete patches.drivers/0004-iommu-amd-reduce-delay-waiting-for-command-buffer-space. Remove the patch because it caused problems for users. See bsc#1048348. - Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state' - Fix kABI breakage by KVM CVE fix (bsc#1045922). - IB/rxe: Fix kernel panic from skb destructor (bsc#1049361). - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - NFS: Cache aggressively when file is open for writing (bsc#1033587). - NFS: Do not flush caches for a getattr that races with writeback (bsc#1033587). - NFS: invalidate file size when taking a lock (git-fixes). - PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478). - PCI: Add Mellanox device IDs (bsc#1051478). - PCI: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - PCI: Enable ECRC only if device supports it (bsc#1051478). - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - PM / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - RDMA/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604 FATE#321747). - README.BRANCH: Add Oliver as openSUSE-42.3 branch co-maintainer - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a stupid bug where the VCPU_REGS_TF shift was used as a mask. - Revert "Add "shutdown" to "struct class"." (kabi). - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" (bsc#1048914). - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi). - Update patches.drivers/0011-hpsa-remove-abort-handler.patch (bsc#1022600 fate#321928 bsc#1016119). - Update patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch (bsc#1043598, bsc#1036215). - apply mainline tags to some hyperv patches - arm64: kernel: restrict /dev/mem read() calls to linear region (bsc#1046651).++ kernel-source.spec (revision 3)%define patchversion 4.4.79Version: 4.4.79Release: <RELEASE>.g4dc78e3 - arm64: mm: remove page_mapping check in __sync_icache_dcache (bsc#1040347). - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb() - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue. - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning. - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels. - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE - blacklist.conf: add inapplicable commits for wifi (bsc#1031717) - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not applicable to SLE - blkfront: add uevent for size change (bnc#1036632). - block: Fix front merge check (bsc#1051239). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778). - cxgb4: fix a NULL dereference (bsc#1005778). - cxgb4: fix memory leak in init_one() (bsc#1005778). - dentry name snapshots (bsc#1049483). - device-dax: fix sysfs attribute deadlock (bsc#1048919). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - gcov: add support for gcc version >= 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - gfs2: fix flock panic issue (bsc#1012829). - hv: print extra debug in kvp_on_msg in error paths (bnc#1039153). - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421). - hv_netvsc: Fix the queue index computation in forwarding case (bsc#1048421). - i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913). - introduce the walk_process_tree() helper (bnc#1022476). - iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly version in panic path" (bsc#1051478). - kABI: protect lwtunnel include in ip6_route.h (kabi). - kABI: protect struct iscsi_tpg_attrib (kabi). - kABI: protect struct tpm_chip (kabi). - kABI: protect struct xfrm_dst (kabi). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919). - libnvdimm, region: fix flush hint detection crash (bsc#1048919). - libnvdimm: fix badblock range handling of ARS range (bsc#1051048). - lightnvm: fix "warning: ‘ret’ may be used uninitialized" (FATE#319466). - md-cluster: Fix a memleak in an error handling path (bsc#1049289). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net/ena: switch to pci_alloc_irq_vectors (bsc#1047121). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146). - nvme: wwid_show: strip trailing 0-bytes (bsc#1048146). - nvmet: identify controller: improve standard compliance (bsc#1048146). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bsc#1049231). - powerpc: Add POWER9 architected mode to cputable (bsc#1048916, fate#321439). - powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - qed: Add missing static/local dcbx info (bsc#1019695). - qed: Correct print in iscsi error-flow (bsc#1019695). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reorder upstream commit d0c2c9973ecd net: use core MTU range checking in virt drivers - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706). - s390/kdump: remove code to create ELF notes in the crashed system (bsc#1049706). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: aacraid: Do not copy uninitialized stack memory to userspace (bsc#1048912). - scsi: aacraid: fix leak of data from stack back to userspace (bsc#1048912). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: lpfc: Add MDS Diagnostic support (bsc#1037838). - scsi: lpfc: Add auto EQ delay logic (bsc#1042257). - scsi: lpfc: Added recovery logic for running out of NVMET IO context resources (bsc#1037838). - scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838). - scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838). - scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux (bsc#1044623). - scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests (bsc#1037838). - scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type (bsc#1037838). - scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport state (bsc#1037838). - scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes (bsc#1037838). - scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623). - scsi: lpfc: Fix crash after firmware flash when IO is running (bsc#1044623). - scsi: lpfc: Fix crash doing IO with resets (bsc#1044623). - scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an abort request (bsc#1044623). - scsi: lpfc: Fix debugfs root inode "lpfc" not getting deleted on driver unload (bsc#1037838). - scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257). - scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404). - scsi: lpfc: Fix nvmet RQ resource needs for large block writes (bsc#1037838). - scsi: lpfc: Fix system crash when port is reset (bsc#1037838). - scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623). - scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838). - scsi: lpfc: Reduce time spent in IRQ for received NVME commands (bsc#1044623). - scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context (bsc#1037838). - scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838). - scsi: lpfc: Vport creation is failing with "Link Down" error (bsc#1044623). - scsi: lpfc: fix refcount error on node list (bsc#1045404). - scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623). - scsi: lpfc: update version to 11.2.0.14 (bsc#1037838). - scsi: qedf: Fix a return value in case of error in 'qedf_alloc_global_queues' (bsc#1048912). - scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443). - scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443). - sfc: Add ethtool -m support for QSFP modules (bsc#1049619). - string.h: add memcpy_and_pad() (bsc#1048146). - timers: Plug locking race vs. timer migration (bnc#1022476). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - x86/platform/uv/BAU: Disable BAU on single hub configurations (bsc#1050320). - x86/platform/uv/BAU: Fix congested_response_us not taking effect (bsc#1050322). - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598). - xfs: detect and trim torn writes during log recovery (bsc#1036215). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: refactor and open code log record crc check (bsc#1036215). - xfs: refactor log record start detection into a new helper (bsc#1036215). - xfs: return start block of first bad log record during recovery (bsc#1036215). - xfs: support a crc verification only log record pass (bsc#1036215). - xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501). Important SUSE bug 1005778 SUSE bug 1011913 SUSE bug 1012829 SUSE bug 1013887 SUSE bug 1016119 SUSE bug 1019695 SUSE bug 1022476 SUSE bug 1022600 SUSE bug 1022604 SUSE bug 1028286 SUSE bug 1030552 SUSE bug 1031717 SUSE bug 1033587 SUSE bug 1036215 SUSE bug 1036632 SUSE bug 1037838 SUSE bug 1039153 SUSE bug 1040347 SUSE bug 1042257 SUSE bug 1042286 SUSE bug 1042422 SUSE bug 1043598 SUSE bug 1044443 SUSE bug 1044623 SUSE bug 1045404 SUSE bug 1045563 SUSE bug 1045922 SUSE bug 1046651 SUSE bug 1046682 SUSE bug 1047121 SUSE bug 1048146 SUSE bug 1048155 SUSE bug 1048348 SUSE bug 1048421 SUSE bug 1048451 SUSE bug 1048501 SUSE bug 1048891 SUSE bug 1048912 SUSE bug 1048914 SUSE bug 1048916 SUSE bug 1048919 SUSE bug 1049231 SUSE bug 1049289 SUSE bug 1049361 SUSE bug 1049483 SUSE bug 1049486 SUSE bug 1049603 SUSE bug 1049619 SUSE bug 1049645 SUSE bug 1049706 SUSE bug 1049882 SUSE bug 1050061 SUSE bug 1050188 SUSE bug 1050320 SUSE bug 1050322 SUSE bug 1051022 SUSE bug 1051048 SUSE bug 1051059 SUSE bug 1051239 SUSE bug 1051471 SUSE bug 1051478 SUSE bug 1051479 SUSE bug 1051663 SUSE bug 964063 SUSE bug 974215 CVE-2017-11473 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 openSUSE Leap 42.3 This update for pspp fixes the following issues: CVE-2017-10792: Crafted input could have allowed a denial of service attack via a NULL pointer dereference in ll_insert (boo#1046997) CVE-2017-10791: Crafted input could have allowed a denial of service attack via an integer overflow in the hash_int library (boo#1046998) Moderate SUSE bug 1046997 SUSE bug 1046998 CVE-2017-10791 CVE-2017-10792 openSUSE Leap 42.3 This update for rubygem-rubyzip fixes the following issues: - CVE-2017-5946: A directory traversal vulnerability could lead to access and overwrite files that are outside of the restricted directory (boo#1027050) Moderate SUSE bug 1027050 CVE-2017-5946 openSUSE Leap 42.3 This update for nasm fixes the following issues: Security issues fixed: - CVE-2017-10686: Multiple heap use after free vulnerabilities. (bsc#1047936) - CVE-2017-11111: Heap-based buffer overflow and application crash. (bsc#1047925) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047925 SUSE bug 1047936 CVE-2017-10686 CVE-2017-11111 openSUSE Leap 42.3 This MariaDB update to version 10.0.31 GA fixes the following issues: Security issues fixed: - CVE-2017-3308: Subcomponent: Server: DML: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3456: Subcomponent: Server: DML: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3464: Subcomponent: Server: DDL: Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) Bug fixes: - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service in order to follow the upstream. It also fixes hanging mysql-systemd-helper when mariadb fails (e.g. because of the misconfiguration) (bsc#963041) - XtraDB updated to 5.6.36-82.0 - TokuDB updated to 5.6.36-82.0 - Innodb updated to 5.6.36 - Performance Schema updated to 5.6.36 Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10031-release-notes - https://kb.askmonty.org/en/mariadb-10031-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1048715 SUSE bug 963041 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 openSUSE Leap 42.3 This update for libsoup fixes the following issues: - A bug in the HTTP Chunked Encoding code has been fixed that could have been exploited by attackers to cause a stack-based buffer overflow in client or server code running libsoup (bsc#1052916, CVE-2017-2885). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1052916 CVE-2017-2885 openSUSE Leap 42.3 This update librsvg to version 2.40.18 fixes the following issues: Security issue fixed: - CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c. (bsc#1049607) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1049607 CVE-2017-11464 openSUSE Leap 42.3 This update for tcmu-runner fixes the following issues: - qcow handler opens up an information leak via the CheckConfig D-Bus method (bsc#1049491) - glfs handler allows local DoS via crafted CheckConfig strings (bsc#1049485) - UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes denial of service (bsc#1049488) - UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes denial of service (bsc#1049489) - Memory leaks can be triggered in tcmu-runner daemon by calling D-Bus method for (Un)RegisterHandler (bsc#1049490) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1049485 SUSE bug 1049488 SUSE bug 1049489 SUSE bug 1049490 SUSE bug 1049491 openSUSE Leap 42.3 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1046853 SUSE bug 1046858 SUSE bug 1047964 SUSE bug 1047965 SUSE bug 1049344 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 openSUSE Leap 42.3 This update to Mozilla Firefox 52.3esr fixes a number of security issues. The following vulnerabilities were advised upstream under MFSA 2017-19 (boo#1052829): - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marquee during window resizing - CVE-2017-7784: Use-after-free with image observers - CVE-2017-7802: Use-after-free resizing image elements - CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - CVE-2017-7786: Buffer overflow while painting non-displayable SVG - CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements# - CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - CVE-2017-7807: Domain hijacking through AppCache fallback - CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - CVE-2017-7803: CSP containing 'sandbox' improperly applied - CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 Important SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994). The following non-security bugs were fixed: - acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325). - acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - config: disable CONFIG_RT_GROUP_SCHED (bsc#1052204). - drivers: hv: : As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153) - drivers: hv: Fix a typo (fate#320485). - drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485). - drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485). - drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485). - Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n (bsc#1052204). - hv_netvsc: change netvsc device default duplex to FULL (fate#320485). - hv_netvsc: Fix the carrier state error when data path is off (fate#320485). - hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485). - hyperv: fix warning about missing prototype (fate#320485). - hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485). - hyperv: remove unnecessary return variable (fate#320485). - i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689). - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - KABI protect struct acpi_nfit_desc (bsc#1052325). - kabi/severities: add drivers/scsi/hisi_sas to kabi severities - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - net: add netdev_lockdep_set_classes() helper (fate#320485). - net: hyperv: use new api ethtool_{get|set}_link_ksettings (fate#320485). - net/mlx4_core: Fixes missing capability bit in flags2 capability dump (bsc#1015337). - net/mlx4_core: Fix namespace misalignment in QinQ VST support commit (bsc#1015337). - net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump (bsc#1015337). - netsvc: Remove upstream commit e14b4db7a567 netvsc: fix race during initialization will be replaced by following changes - netsvc: Revert "netvsc: optimize calculation of number of slots" (fate#320485). - netvsc: add comments about callback's and NAPI (fate#320485). - netvsc: Add #include's for csum_* function declarations (fate#320485). - netvsc: add rtnl annotations in rndis (fate#320485). - netvsc: add some rtnl_dereference annotations (fate#320485). - netvsc: avoid race with callback (fate#320485). - netvsc: change logic for change mtu and set_queues (fate#320485). - netvsc: change max channel calculation (fate#320485). - netvsc: change order of steps in setting queues (fate#320485). - netvsc: Deal with rescinded channels correctly (fate#320485). - netvsc: do not access netdev->num_rx_queues directly (fate#320485). - netvsc: do not overload variable in same function (fate#320485). - netvsc: do not print pointer value in error message (fate#320485). - netvsc: eliminate unnecessary skb == NULL checks (fate#320485). - netvsc: enable GRO (fate#320485). - netvsc: Fix a bug in sub-channel handling (fate#320485). - netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485). - netvsc: fix calculation of available send sections (fate#320485). - netvsc: fix dereference before null check errors (fate#320485). - netvsc: fix error unwind on device setup failure (fate#320485). - netvsc: fix hang on netvsc module removal (fate#320485). - netvsc: fix NAPI performance regression (fate#320485). - netvsc: fix net poll mode (fate#320485). - netvsc: fix netvsc_set_channels (fate#320485). - netvsc: fix ptr_ret.cocci warnings (fate#320485). - netvsc: fix rcu dereference warning from ethtool (fate#320485). - netvsc: fix RCU warning in get_stats (fate#320485). - netvsc: fix return value for set_channels (fate#320485). - netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442). - netvsc: fix use after free on module removal (fate#320485). - netvsc: fix warnings reported by lockdep (fate#320485). - netvsc: fold in get_outbound_net_device (fate#320485). - netvsc: force link update after MTU change (fate#320485). - netvsc: handle offline mtu and channel change (fate#320485). - netvsc: implement NAPI (fate#320485). - netvsc: include rtnetlink.h (fate#320485). - netvsc: Initialize all channel related state prior to opening the channel (fate#320485). - netvsc: make sure and unregister datapath (fate#320485, bsc#1052899). - netvsc: make sure napi enabled before vmbus_open (fate#320485). - netvsc: mark error cases as unlikely (fate#320485). - netvsc: move filter setting to rndis_device (fate#320485). - netvsc: need napi scheduled during removal (fate#320485). - netvsc: need rcu_derefence when accessing internal device info (fate#320485). - netvsc: optimize calculation of number of slots (fate#320485). - netvsc: optimize receive completions (fate#320485). - netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp (fate#320485). - netvsc: prefetch the first incoming ring element (fate#320485). - netvsc: Properly initialize the return value (fate#320485). - netvsc: remove bogus rtnl_unlock (fate#320485). - netvsc: remove no longer used max_num_rss queues (fate#320485). - netvsc: Remove redundant use of ipv6_hdr() (fate#320485). - netvsc: remove unnecessary indirection of page_buffer (fate#320485). - netvsc: remove unnecessary lock on shutdown (fate#320485). - netvsc: remove unused #define (fate#320485). - netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb (fate#320485). - netvsc: save pointer to parent netvsc_device in channel table (fate#320485). - netvsc: signal host if receive ring is emptied (fate#320485). - netvsc: transparent VF management (fate#320485, bsc#1051979). - netvsc: use ERR_PTR to avoid dereference issues (fate#320485). - netvsc: use hv_get_bytes_to_read (fate#320485). - netvsc: use napi_consume_skb (fate#320485). - netvsc: use RCU to protect inner device structure (fate#320485). - netvsc: uses RCU instead of removal flag (fate#320485). - netvsc: use typed pointer for internal state (fate#320485). - nvme: fabrics commands should use the fctype field for data direction (bsc#1043805). - powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9 (bsc#1053043 (git-fixes)). - powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes 08e1c01d6aed). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925). - scsi: aacraid: fix PCI error recovery path (bsc#1048912). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298). - scsi: hisi_sas: add v2 hw internal abort timeout workaround (bsc#1049298). - scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors (bsc#1049298). - scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298). - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort() (bsc#1049298). - scsi: hisi_sas: optimise DMA slot memory (bsc#1049298). - scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298). - scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298). - scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298). - scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298). - scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298). - scsi: lpfc: do not double count abort errors (bsc#1048912). - scsi: lpfc: fix linking against modular NVMe support (bsc#1048912). - scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912). - scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485). - scsi: storvsc: remove return at end of void function (fate#320485). - tools: hv: Add clean up for included files in Ubuntu net config (fate#320485). - tools: hv: Add clean up function for Ubuntu config (fate#320485). - tools: hv: properly handle long paths (fate#320485). - tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485). - tools: hv: set hotplug for VF on Suse (fate#320485). - tools: hv: vss: Thaw the filesystem and continue if freeze call has timed out (fate#320485). - vfs: fix missing inode_get_dev sites (bsc#1052049). - vmbus: cleanup header file style (fate#320485). - vmbus: expose debug info for drivers (fate#320485). - vmbus: fix spelling errors (fate#320485). - vmbus: introduce in-place packet iterator (fate#320485). - vmbus: only reschedule tasklet if time limit exceeded (fate#320485). - vmbus: re-enable channel tasklet (fate#320485). - vmbus: remove unnecessary initialization (fate#320485). - vmbus: remove useless return's (fate#320485). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). - x86/hyperv: Check frequency MSRs presence according to the specification (fate#320485). - The package release number was increased to be higher than the Leap 42.2 package (boo#1053531). Important SUSE bug 1015337 SUSE bug 1019151 SUSE bug 1023175 SUSE bug 1037404 SUSE bug 1037994 SUSE bug 1038078 SUSE bug 1038792 SUSE bug 1039153 SUSE bug 1043652 SUSE bug 1043805 SUSE bug 1047027 SUSE bug 1048912 SUSE bug 1049298 SUSE bug 1051399 SUSE bug 1051556 SUSE bug 1051689 SUSE bug 1051979 SUSE bug 1052049 SUSE bug 1052204 SUSE bug 1052223 SUSE bug 1052311 SUSE bug 1052325 SUSE bug 1052365 SUSE bug 1052442 SUSE bug 1052533 SUSE bug 1052709 SUSE bug 1052773 SUSE bug 1052794 SUSE bug 1052899 SUSE bug 1052925 SUSE bug 1053043 SUSE bug 1053531 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-8831 openSUSE Leap 42.3 This update for potrace fixes the following security issues: - CVE-2017-12067: potential buffer overflows and arithmetic overflows (bsc#1051634) The update also fixes various bugs, including a bug triggered by very large bitmaps. Moderate SUSE bug 1051634 CVE-2017-12067 openSUSE Leap 42.3 This update for openldap2 fixes the following issues: * Let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (boo#1009470). * Fix CVE-2017-9287: openldap2: Double free vulnerability with patch (boo#1041764) * Fix an uninitialized variable that causes startup failure (boo#1037396) * Fix a regression in handling of non-blocking connection with (boo#1031702) Moderate SUSE bug 1009470 SUSE bug 1031702 SUSE bug 1037396 SUSE bug 1041764 CVE-2017-9287 openSUSE Leap 42.3 This update for libheimdal fixes the following issues: - Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation. This is a critical vulnerability. In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. See https://www.orpheus-lyre.info/ for more details. (bsc#1048278) - Fix CVE-2017-6594: transit path validation inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. Moderate SUSE bug 1048278 CVE-2017-11103 CVE-2017-6594 openSUSE Leap 42.3 This update for taglib fixes the following issues: - CVE-2017-12678: Denial of service vulnerability via specially crafted ID3v2 data (boo#1052699) Moderate SUSE bug 1052699 CVE-2017-12678 openSUSE Leap 42.3 This update for git fixes the following security issues: - CVE-2017-1000117: A malicious third-party could have caused a git client to execute arbitrary commands via crafted "ssh://..." URLs, including submodules (boo#1052481) Important SUSE bug 1052481 CVE-2017-1000117 openSUSE Leap 42.3 This update for subversion to 1.9.7 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-9800: A remote attacker could have caused svn clients to execute arbitrary code via specially crafted URLs in svn:externals and svn:sync-from-url properties. (boo#1051362) - CVE-2005-4900: SHA-1 collisions may cause repository inconsistencies (boo#1026936) The following bugfix changes are included: - Add instructions for running svnserve as a user different from "svn", and remove sysconfig variables that are no longer effective with the systemd unit. (boo#1049448) Important SUSE bug 1026936 SUSE bug 1049448 SUSE bug 1051362 CVE-2017-9800 openSUSE Leap 42.3 This update for mercurial fixes the following issues: Mercurial was updated to 4.2.3, a security fix update for - CVE-2017-1000115: Incomplete symlink auditing allowed writing to files outside of the repository (boo#1053344) - CVE-2017-1000116: Client-side code execution via argument injection in SSH URLs (boo#1052696) Important SUSE bug 1052696 SUSE bug 1053344 CVE-2017-1000115 CVE-2017-1000116 openSUSE Leap 42.3 This update for libxml2 fixes the following security issue: - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1038444 CVE-2017-8872 openSUSE Leap 42.3 This update for openjpeg2 fixes the following issues: - CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857) - CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 979907 SUSE bug 997857 CVE-2015-8871 CVE-2016-7163 openSUSE Leap 42.3 This update for minicom fixes the following issue: This security issue was fixed: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1033783 CVE-2017-7467 openSUSE Leap 42.3 This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (bsc#1044946) - CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bsc#1048299) Non-security fixes: - GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282) - New upstream LTS release 6.11.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.1 - New upstream LTS release 6.11.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.0 - New upstream LTS release 6.10.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.3 - New upstream LTS release 6.10.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.2 - New upstream LTS release 6.10.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.1 - New upstream LTS release 6.10.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.0 - New upstream LTS release 4.8.4 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.4 - New upstream LTS release 4.8.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.3 - New upstream LTS release 4.8.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.2 - New upstream LTS release 4.8.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.1 - New upstream LTS release 4.8.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0 This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1041282 SUSE bug 1041283 SUSE bug 1044946 SUSE bug 1048299 CVE-2017-1000381 CVE-2017-11499 openSUSE Leap 42.3 This update for fossil to version 2.3 fixes the following issues: - Potential XSS vulnerability on the /help webpage (boo#1053267) This update also contains all upstream improvements and fixes in version 2.3: - Update internal Unicode character tables, used in regular expression handling, from version 9.0 to 10.0. - Show the last-sync-URL on the /urllist page - Added the "Event Summary" activity report - Added the "Security Audit" page, available to administrators only - Added the Last Login time to the user list page, for administrators only - Added the --numstat option to the fossil diff command - Limit the size of the heap and stack on unix systems, as a proactive defense against the Stack Clash attack - Fix "database locked" warnings caused by "PRAGMA optimize" - Documentation updates Moderate SUSE bug 1053267 openSUSE Leap 42.3 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1051643 SUSE bug 1051644 CVE-2017-1000100 CVE-2017-1000101 openSUSE Leap 42.3 This update for shutter fixes one security issue: - CVE-2016-10081: Remote attackers could trick users into assisting them in executing arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action (boo#1017571) Moderate SUSE bug 1017571 CVE-2016-10081 openSUSE Leap 42.3 This update for libplist fixes the following issues: Security issues fixed: - CVE-2017-6439: Heap-based buffer overflow in the parse_string_node function. (bsc#1029638) - CVE-2017-6438: Heap-based buffer overflow in the parse_unicode_node function. (bsc#1029706) - CVE-2017-6437: The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file. (bsc#1029707) - CVE-2017-6436: Integer overflow in parse_string_node. (bsc#1029751) - CVE-2017-6435: Crafted plist file could lead to Heap-buffer overflow. (bsc#1029639) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1029638 SUSE bug 1029639 SUSE bug 1029706 SUSE bug 1029707 SUSE bug 1029751 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 openSUSE Leap 42.3 This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues: Security issues fixed: - CVE-2017-10053: Improved image post-processing steps (bsc#1049305) - CVE-2017-10067: Additional jar validation steps (bsc#1049306) - CVE-2017-10074: Image conversion improvements (bsc#1049307) - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308) - CVE-2017-10081: Right parenthesis issue (bsc#1049309) - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310) - CVE-2017-10087: Better Thread Pool execution (bsc#1049311) - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312) - CVE-2017-10090: Better handling of channel groups (bsc#1049313) - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314) - CVE-2017-10101: Better reading of text catalogs (bsc#1049315) - CVE-2017-10102: Improved garbage collection (bsc#1049316) - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317) - CVE-2017-10107: Less Active Activations (bsc#1049318) - CVE-2017-10108: Better naming attribution (bsc#1049319) - CVE-2017-10109: Better sourcing of code (bsc#1049320) - CVE-2017-10110: Better image fetching (bsc#1049321) - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322) - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323) - CVE-2017-10115: Higher quality DSA operations (bsc#1049324) - CVE-2017-10116: Proper directory lookup processing (bsc#1049325) - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326) - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327) - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328) - CVE-2017-10176: Additional elliptic curve support (bsc#1049329) - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330) - CVE-2017-10198: Clear certificate chain connections (bsc#1049331) - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332) Bug fixes: - Check registry registration location - Improved certificate processing - JMX diagnostic improvements - Update to libpng 1.6.28 - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New features: - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1049302 SUSE bug 1049305 SUSE bug 1049306 SUSE bug 1049307 SUSE bug 1049308 SUSE bug 1049309 SUSE bug 1049310 SUSE bug 1049311 SUSE bug 1049312 SUSE bug 1049313 SUSE bug 1049314 SUSE bug 1049315 SUSE bug 1049316 SUSE bug 1049317 SUSE bug 1049318 SUSE bug 1049319 SUSE bug 1049320 SUSE bug 1049321 SUSE bug 1049322 SUSE bug 1049323 SUSE bug 1049324 SUSE bug 1049325 SUSE bug 1049326 SUSE bug 1049327 SUSE bug 1049328 SUSE bug 1049329 SUSE bug 1049330 SUSE bug 1049331 SUSE bug 1049332 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 openSUSE Leap 42.3 This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marquee during window resizing - CVE-2017-7784: Use-after-free with image observers - CVE-2017-7802: Use-after-free resizing image elements - CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM - CVE-2017-7786: Buffer overflow while painting non-displayable SVG - CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements# - CVE-2017-7787: Same-origin policy bypass with iframes through page reloads - CVE-2017-7807: Domain hijacking through AppCache fallback - CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID - CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts - CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections - CVE-2017-7803: CSP containing 'sandbox' improperly applied - CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 The following bugs were fixed: - Unwanted inline images shown in rogue SPAM messages - Deleting message from the POP3 server not working when maildir storage was used - Message disposition flag (replied / forwarded) lost when reply or forwarded message was stored as draft and draft was sent later - Inline images not scaled to fit when printing - Selected text from another message sometimes included in a reply - No authorisation prompt displayed when inserting image into email body although image URL requires authentication - Large attachments taking a long time to open under some circumstances Important SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - CVE-2017-11643: Heap overflow in WriteRGBImage() in coders/rgb.c could lead to denial of service [boo#1050611] - CVE-2017-11636: Heap overflow in WriteCMYKImage()function in coders/cmyk.c could lead to denial of service [boo#1050674] Moderate SUSE bug 1050611 SUSE bug 1050674 CVE-2017-11636 CVE-2017-11643 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c (bsc#1042812) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1042812 SUSE bug 1042826 SUSE bug 1043289 SUSE bug 1049072 CVE-2017-11403 CVE-2017-9439 CVE-2017-9440 CVE-2017-9501 openSUSE Leap 42.3 This update for freeradius-server fixes the following issues: - update to 3.0.15 (bsc#1049086) * Bind the lifetime of program name and python path to the module * CVE-2017-10978: FR-GV-201: Check input / output length in make_secret() (bsc#1049086) * CVE-2017-10983: FR-GV-206: Fix read overflow when decoding DHCP option 63 (bsc#1049086) * CVE-2017-10984: FR-GV-301: Fix write overflow in data2vp_wimax() (bsc#1049086) * CVE-2017-10985: FR-GV-302: Fix infinite loop and memory exhaustion with 'concat' attributes (bsc#1049086) * CVE-2017-10986: FR-GV-303: Fix infinite read in dhcp_attr2vp() (bsc#1049086) * CVE-2017-10987: FR-GV-304: Fix buffer over-read in fr_dhcp_decode_suboptions() (bsc#1049086) * CVE-2017-10988: FR-GV-305: Decode 'signed' attributes correctly. (bsc#1049086) * FR-AD-001: use strncmp() instead of memcmp() for bounded data * Print messages when we see deprecated configuration items * Show reasons why we couldn't parse a certificate expiry time * Be more accepting about truncated ASN1 times. * Fix OpenSSL API issue which could leak small amounts of memory. * For Access-Reject, call rad_authlog() after running the post-auth section, just like for Access-Accept. * Don't crash when reading corrupted data from session resumption cache. * Parse port in dhcpclient. * Don't leak memory for OpenSSL. * Portability fixes taken from OpenBSD port collection. * run rad_authlog after post-auth for Access-Reject. * Don't process VMPS packets twice. * Fix attribute truncation in rlm_perl * Fix bug when processing huntgroups. * FR-AD-002 - Bind the lifetime of program name and python path to the module * FR-AD-003 - Pass correct statement length into sqlite3_prepare[_v2] This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1049086 CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 CVE-2017-10988 openSUSE Leap 42.3 This update for openvswitch fixes the following issues: - CVE-2017-9263: OpenFlow role status message can cause a call to abort() leading to application crash (bsc#1041470) - CVE-2017-9265: Buffer over-read while parsing message could lead to crash or maybe arbitrary code execution (bsc#1041447) - Do not restart the ovs-vswitchd and ovsdb-server services on package updates (bsc#1002734) - Do not restart the ovs-vswitchd, ovsdb-server and openvswitch services on package removals. This facilitates potential future package moves but also preserves connectivity when the package is removed (bsc#1050896) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1002734 SUSE bug 1041447 SUSE bug 1041470 SUSE bug 1050896 CVE-2017-9263 CVE-2017-9265 openSUSE Leap 42.3 This update for gnome-shell provides the following fixes: - Fix not intuitive login screen for root user (bsc#1047262) - Disable session selection button when it's hidden in user switch dialog (bsc#1034584, bsc#1034827) - Fix app windows overlay app list in overview screen (bsc#1008539) - Properly handle failures when loading extensions (bsc#1036494, CVE-2017-8288) This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1008539 SUSE bug 1034584 SUSE bug 1034827 SUSE bug 1036494 SUSE bug 1047262 CVE-2017-8288 openSUSE Leap 42.3 This update for exim fixes the following issues: Changes in exim: - specify users with ref:mail, to make them dynamic. (boo#1046971) - CVE-2017-1000369: Fixed memory leaks that could be exploited to "stack crash" local privilege escalation (boo#1044692) - Require user(mail) group(mail) to meet new users handling in TW. - Prerequire permissions (fixes rpmlint). - conditionally disable DANE on SuSE versions with OpenSSL < 1.0 - CVE-2016-1531: when installed setuid root, allows local users to gain privileges via the perl_startup argument. - CVE-2016-9963: DKIM information leakage (boo#1015930) - Makefile tuning: + add sqlite support + disable WITH_OLD_DEMIME + enable AUTH_CYRUS_SASL + enable AUTH_TLS + enable SYSLOG_LONG_LINES + enable SUPPORT_PAM + MAX_NAMED_LIST=64 + enable EXPERIMENTAL_DMARC + enable EXPERIMENTAL_EVENT + enable EXPERIMENTAL_PROXY + enable EXPERIMENTAL_CERTNAMES + enable EXPERIMENTAL_DSN + enable EXPERIMENTAL_DANE + enable EXPERIMENTAL_SOCKS + enable EXPERIMENTAL_INTERNATIONAL Important SUSE bug 1015930 SUSE bug 1044692 SUSE bug 1046971 CVE-2016-1531 CVE-2016-9963 CVE-2017-1000369 openSUSE Leap 42.3 Postgresql93 was updated to 9.3.18 to fix the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for the release is here: https://www.postgresql.org/docs/9.3/static/release-9-3-18.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 openSUSE Leap 42.3 This update for git-annex fixes the following issues: - CVE-2017-12976: Disallow hostname starting with a dash, which would get passed to ssh and be treated an option. This could be used by an attacker who provides a crafted repository url to cause the victim to execute arbitrary code via -oProxyCommand. (boo#1054653). Moderate SUSE bug 1054653 CVE-2017-12976 openSUSE Leap 42.3 This update provides Samba 4.6.7, which fixes the following issues: - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext (the Ticket) rather than the authenticated and encrypted KDC response. (bsc#1048278) - Fix cephwrap_chdir(). (bsc#1048790) - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb. (bsc#1048339) - Fix inconsistent ctdb socket path. (bsc#1048352) - Fix non-admin cephx authentication. (bsc#1048387) - CTDB cannot start when there is no persistent database. (bsc#1052577) The CTDB resource agent was also fixed to not fail when the database is empty. This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1048278 SUSE bug 1048339 SUSE bug 1048352 SUSE bug 1048387 SUSE bug 1048790 SUSE bug 1052577 SUSE bug 1054017 CVE-2017-11103 openSUSE Leap 42.3 The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984) - Fix gpg-pubkey release (creation time) computation. (bsc#1036659) - Update lsof blacklist. (bsc#1046417) - Re-probe on refresh if the repository type changes. (bsc#1048315) - Propagate proper error code to DownloadProgressReport. (bsc#1047785) - Allow to trigger an appdata refresh unconditionally. (bsc#1009745) - Support custom repo variables defined in /etc/zypp/vars.d. yast2-pkg-bindings: - Do not crash when the repository URL is not defined. (bsc#1043218) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1009745 SUSE bug 1036659 SUSE bug 1038984 SUSE bug 1043218 SUSE bug 1045735 SUSE bug 1046417 SUSE bug 1047785 SUSE bug 1048315 CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 openSUSE Leap 42.3 This update for freerdp fixes the following issues: - CVE-2017-2834: Out-of-bounds write in license_recv() (bsc#1050714) - CVE-2017-2835: Out-of-bounds write in rdp_recv_tpkt_pdu (bsc#1050712) - CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of Service (bsc#1050699) - CVE-2017-2837: Client GCC Read Server Security Data DoS (bsc#1050704) - CVE-2017-2838: Client License Read Product Info Denial of Service Vulnerability (bsc#1050708) - CVE-2017-2839: Client License Read Challenge Packet Denial of Service (bsc#1050711) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1050699 SUSE bug 1050704 SUSE bug 1050708 SUSE bug 1050711 SUSE bug 1050712 SUSE bug 1050714 CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 openSUSE Leap 42.3 This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047236 SUSE bug 1047240 CVE-2016-9063 CVE-2017-9233 openSUSE Leap 42.3 This update for php7 fixes the following issues: - CVE-2016-10397: parse_url() can be bypassed to return fake host. (bsc#1047454) - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/php_variables. (bsc#1048100) - CVE-2017-11144: The opensslextension PEM sealing code did not check the return value of the OpenSSL sealingfunction, which could lead to a crash. (bsc#1048096) - CVE-2017-11145: Lack of bounds checks in timelib_meridian coud lead to information leak. (bsc#1048112) - CVE-2017-11146: Lack of bounds checks in timelib_meridian parse code could lead to information leak. (bsc#1048111) - CVE-2017-11147: The PHAR archive handler could beused by attackers supplying malicious archive files to crash the PHP interpreteror potentially disclose information. (bsc#1048094) - CVE-2017-11628: Stack-base dbuffer overflow in zend_ini_do_op() could lead to denial of service (bsc#1050726) - CVE-2017-7890: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function could lead to denial of service (bsc#1050241) - CVE-2016-5766: Integer Overflow in _gd2GetHeader() resulting in heap overflow could lead to denial of service or code execution (bsc#986386) Other fixes: - Soap Request with References (bsc#1053645) - php7-pear should explicitly require php7-pear-Archive_Tar otherwise this dependency must be declared in every php7-pear-* package explicitly. [bnc#1052389] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1047454 SUSE bug 1048094 SUSE bug 1048096 SUSE bug 1048100 SUSE bug 1048111 SUSE bug 1048112 SUSE bug 1050241 SUSE bug 1050726 SUSE bug 1052389 SUSE bug 1053645 SUSE bug 986386 CVE-2016-10397 CVE-2016-5766 CVE-2017-11142 CVE-2017-11144 CVE-2017-11145 CVE-2017-11146 CVE-2017-11147 CVE-2017-11628 CVE-2017-7890 openSUSE Leap 42.3 This update for wireshark to version 2.2.9 fixes the following issues: Minor vulnerabilities that could be used to trigger dissector crashes, infinite loops, or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file: * CVE-2017-13767: MSDP dissector infinite loop (boo#1056248) * CVE-2017-13766: Profinet I/O buffer overrun (boo#1056249) * CVE-2017-13765: IrCOMM dissector buffer overrun (boo#1056251) * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.9.html Moderate SUSE bug 1056248 SUSE bug 1056249 SUSE bug 1056251 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 openSUSE Leap 42.3 This update for pspp fixes the following issues: - CVE-2017-12958: Illegal address access in function output_hex() could lead to denial of service or unexpected state (boo#1054585) - CVE-2017-12959: Assertion in function dict_add_mrset() could lead to denial of service (boo#1054588) - CVE-2017-12960: Assertion in function dict_rename_var() could lead to denial of service (boo#1054587) - CVE-2017-12961: Assertion in function parse_attributes() could lead to denial of service (boo#1054586) Moderate SUSE bug 1054585 SUSE bug 1054586 SUSE bug 1054587 SUSE bug 1054588 CVE-2017-10791 CVE-2017-10792 CVE-2017-12958 CVE-2017-12959 CVE-2017-12960 CVE-2017-12961 openSUSE Leap 42.3 This update for cacti and cacti-spine fixes security issues and bugs. The following vulnerabilities were fixed: * CVE-2017-12927: Cross-site scripting vulnerability in methodparameter (bsc#1054390) * CVE-2017-12978:Cross-site scripting vulnerability via the title field (bsc#1054742) It also contains all upstream bug fixes and improvements in the 1.1.18 release: * Sort devices by polling time to allow long running d * Allow user to hide Graphs from disabled Devices * Create a separate Realm for Realtime Graphs * Fix various JavaScript errors * updated translations * Can now export Device table results to CSV * Allow Log Rotation to be other than Daily, and other log rotation improvements Moderate SUSE bug 1054390 SUSE bug 1054742 CVE-2017-12927 CVE-2017-12978 openSUSE Leap 42.3 This update for kernel-firmware fixes the following issues: - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715) This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1068032 CVE-2017-5715 openSUSE Leap 42.3 This update for python3 provides the following fixes: These security issues were fixed: - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could have used this flaw to cause denial of service (bsc#1088004). - CVE-2018-1060: Prevent catastrophic backtracking in pop3lib's apop() method. An attacker could have used this flaw to cause denial of service (bsc#1088009). These non-security issues were fixed: - Sort files and directories when creating tarfile archives so that they are created in a more predictable way. (bsc#1086001) - Add -fwrapv to OPTS (bsc#1107030) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1107030 CVE-2018-1060 CVE-2018-1061 openSUSE Leap 42.3 This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Fixed erroneous debug message when paired with OpenSSL (bsc#1089533) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1089533 SUSE bug 1106019 CVE-2018-14618 openSUSE Leap 42.3 This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5089: Various memory safety bugs (bsc#1077291). These security issues were fixed: - Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found. - Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices - Calendar: Unintended task deletion if numlock is enabled Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occured for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-13094: Prevent OOPS that might have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-12896: Prevent integer overflow in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun could have been larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user could have caused a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking (bnc#1107689). - CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903). - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748). - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748). - CVE-2018-10938: A crafted network packet sent remotely by an attacker could have forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016). - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517). - CVE-2018-10902: The raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bnc#1105322). - CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292). The following non-security bugs were fixed: - 9p/net: Fix zero-copy path in the 9p virtio transport (bnc#1012382). - 9p/virtio: fix off-by-one error in sg list bounds check (bnc#1012382). - 9p: fix multiple NULL-pointer-dereferences (bnc#1012382). - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices (bnc#1012382). - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle (bnc#1012382). - ACPI / PM: save NVS memory for ASUS 1025C laptop (bnc#1012382). - ACPI: save NVS memory for Lenovo G50-45 (bnc#1012382). - ALSA: cs5535audio: Fix invalid endian conversion (bnc#1012382). - ALSA: emu10k1: Rate-limit error messages about page errors (bnc#1012382). - ALSA: emu10k1: add error handling for snd_ctl_add (bnc#1012382). - ALSA: fm801: add error handling for snd_ctl_add (bnc#1012382). - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs (bnc#1012382). - ALSA: hda - Turn CX8200 into D3 as well upon reboot (bnc#1012382). - ALSA: hda/ca0132: fix build failure when a local macro is defined (bnc#1012382). - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry (bnc#1012382). - ALSA: memalloc: Do not exceed over the requested size (bnc#1012382). - ALSA: rawmidi: Change resized buffers atomically (bnc#1012382). - ALSA: snd-aoa: add of_node_put() in error path (bsc#1099810). - ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback (bnc#1012382). - ALSA: virmidi: Fix too long output trigger loop (bnc#1012382). - ALSA: vx222: Fix invalid endian conversions (bnc#1012382). - ALSA: vxpocket: Fix invalid endian conversions (bnc#1012382). - ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP (bnc#1012382). - ARC: Explicitly add -mmedium-calls to CFLAGS (bnc#1012382). - ARC: Fix CONFIG_SWAP (bnc#1012382). - ARC: mm: allow mprotect to make stack mappings executable (bnc#1012382). - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot (bnc#1012382). - ARM: dts: Cygnus: Fix I2C controller interrupt type (bnc#1012382). - ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller (bnc#1012382). - ARM: dts: am437x: make edt-ft5x06 a wakeup source (bnc#1012382). - ARM: dts: da850: Fix interrups property for gpio (bnc#1012382). - ARM: dts: imx6sx: fix irq for pcie bridge (bnc#1012382). - ARM: fix put_user() for gcc-8 (bnc#1012382). - ARM: imx_v4_v5_defconfig: Select ULPI support (bnc#1012382). - ARM: imx_v6_v7_defconfig: Select ULPI support (bnc#1012382). - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume (bnc#1012382). - ARM: tegra: Fix Tegra30 Cardhu PCA954x reset (bnc#1012382). - ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS driver (git-fixes). - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bnc#1012382). - ASoC: dpcm: do not merge format from invalid codec dai (bnc#1012382). - ASoC: dpcm: fix BE dai not hw_free and shutdown (bnc#1012382). - ASoC: pxa: Fix module autoload for platform drivers (bnc#1012382). - ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012382). - Add reference to bsc#1091171 (bnc#1012382; bsc#1091171). - Bluetooth: avoid killing an already killed socket (bnc#1012382). - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bnc#1012382). - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1087092). - Bluetooth: btusb: Use DMI matching for QCA reset_resume quirking (bsc#1087092). - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning (bnc#1012382). - Documentation/spec_ctrl: Do some minor cleanups (bnc#1012382). - HID: hid-plantronics: Re-resend Update to map button for PTT products (bnc#1012382). - HID: i2c-hid: check if device is there before really probing (bnc#1012382). - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos (bnc#1012382). - IB/core: Make testing MR flags for writability a static inline function (bnc#1012382). - IB/core: Remove duplicate declaration of gid_cache_wq (bsc#1056596). - IB/iser: Do not reduce max_sectors (bsc#1063646). - IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (git-fixes). - IB/mlx4: Mark user MR as writable if actual virtual memory is writable (bnc#1012382). - IB/mlx5: Fetch soft WQE's on fatal error state (bsc#1015342 bsc#1015343). - IB/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - IB/ocrdma: fix out of bounds access to local buffer (bnc#1012382). - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bnc#1012382). - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bnc#1012382). - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bnc#1012382). - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel (bnc#1012382). - KVM: MMU: always terminate page walks at level 1 (bsc#1062604). - KVM: MMU: simplify last_pte_bitmap (bsc#1062604). - KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012382). - KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012382). - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer (bnc#1012382). - KVM: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012382). - MIPS: Fix off-by-one in pci_resource_to_user() (bnc#1012382). - MIPS: ath79: fix register address in ath79_ddr_wb_flush() (bnc#1012382). - MIPS: lib: Provide MIPS64r6 __multi3() for GCC lower than 7 (bnc#1012382). - NET: stmmac: align DMA stuff to largest cache line length (bnc#1012382). - PCI: Prevent sysfs disable of device while driver is attached (bnc#1012382). - PCI: Skip MPS logic for Virtual Functions (VFs) (bnc#1012382). - PCI: hotplug: Do not leak pci_slot on registration failure (bnc#1012382). - PCI: pciehp: Fix use-after-free on unplug (bnc#1012382). - PCI: pciehp: Request control of native hotplug only if supported (bnc#1012382). - PM / sleep: wakeup: Fix build error caused by missing SRCU support (bnc#1012382). - RDMA/i40iw: Avoid panic when objects are being created and destroyed (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint (bsc#969476 bsc#969477). - RDMA/i40iw: Avoid reference leaks when processing the AEQ (bsc#969476 bsc#969477). - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1024376). - RDMA/mad: Convert BUG_ONs to error flows (bnc#1012382). - RDMA/mlx5: Use proper spec flow label type (bsc#1015342 bsc#1015343). - Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum" (bnc#1012382). - Revert "UBIFS: Fix potential integer overflow in allocation" (bnc#1012382). - Revert "f2fs: handle dirty segments inside refresh_sit_entry" (bsc#1106281). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1107078). - Smack: Mark inode instant in smack_task_to_inode (bnc#1012382). - USB: musb: fix external abort on suspend (bsc#1085536). - USB: option: add support for DW5821e (bnc#1012382). - USB: serial: metro-usb: stop I/O after failed open (bsc#1085539). - USB: serial: sierra: fix potential deadlock at close (bnc#1012382). - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1107319). - afs: Fix directory permissions check (bsc#1106283). - arc: fix build errors in arc/include/asm/delay.h (bnc#1012382). - arc: fix type warnings in arc/mm/cache.c (bnc#1012382). - arm64: make secondary_start_kernel() notrace (bnc#1012382). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012382). - ath: Add regulatory mapping for APL13_WORLD (bnc#1012382). - ath: Add regulatory mapping for APL2_FCCA (bnc#1012382). - ath: Add regulatory mapping for Bahamas (bnc#1012382). - ath: Add regulatory mapping for Bermuda (bnc#1012382). - ath: Add regulatory mapping for ETSI8_WORLD (bnc#1012382). - ath: Add regulatory mapping for FCC3_ETSIC (bnc#1012382). - ath: Add regulatory mapping for Serbia (bnc#1012382). - ath: Add regulatory mapping for Tanzania (bnc#1012382). - ath: Add regulatory mapping for Uganda (bnc#1012382). - atl1c: reserve min skb headroom (bnc#1012382). - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - audit: allow not equal op for audit by executable (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1106929). - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1106929). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - be2net: remove unused old custom busy-poll fields (bsc#1021121 ). - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663). - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663). - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs (bsc#1083663). - block: do not use interruptible wait anywhere (bnc#1012382). - bnx2x: Fix invalid memory access in rss hash config path (bnc#1012382). - bnx2x: Fix receiving tx-timeout in error or recovery state (bnc#1012382). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#963575). - bnxt_en: Fix for system hang if request_irq fails (bnc#1012382). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1020412 ). - bpf: fix references to free_bpf_prog_info() in comments (bnc#1012382). - brcmfmac: Add support for bcm43364 wireless chipset (bnc#1012382). - brcmfmac: stop watchdog before detach and free everything (bnc#1012382). - bridge: Propagate vlan add failure to user (bnc#1012382). - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups (bnc#1012382). - btrfs: do not leak ret from do_chunk_alloc (bnc#1012382). - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bnc#1012382). - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (git-fixes). - btrfs: round down size diff when shrinking/growing device (bsc#1097105). - can: ems_usb: Fix memory leak on ems_usb_disconnect() (bnc#1012382). - can: mpc5xxx_can: check of_iomap return before use (bnc#1012382). - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bnc#1012382). - can: xilinx_can: fix RX overflow interrupt not being enabled (bnc#1012382). - can: xilinx_can: fix device dropping off bus on RX overrun (bnc#1012382). - can: xilinx_can: fix incorrect clear of non-processed interrupts (bnc#1012382). - can: xilinx_can: fix recovery from error states not being propagated (bnc#1012382). - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bnc#1012382). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012382). - ceph: fix incorrect use of strncpy (bsc#1107319). - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320). - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf() (bsc#1012382). - cifs: add missing debug entries for kconfig options (bnc#1012382). - cifs: check kmalloc before use (bsc#1012382). - cifs: store the leaseKey in the fid on SMB2_open (bsc#1012382). - clk: tegra: Fix PLL_U post divider and initial rate on Tegra30 (bnc#1012382). - crypto: ablkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: authenc - do not leak pointers to authenc keys (bnc#1012382). - crypto: authencesn - do not leak pointers to authenc keys (bnc#1012382). - crypto: blkcipher - fix crash flushing dcache in error path (bnc#1012382). - crypto: padlock-aes - Fix Nano workaround data corruption (bnc#1012382). - crypto: vmac - require a block cipher with 128-bit block size (bnc#1012382). - crypto: vmac - separate tfm and request context (bnc#1012382). - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1048317). - cxgb4: when disabling dcb set txq dcb priority to 0 (bnc#1012382). - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014. - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() (bnc#1012382). - disable loading f2fs module on PAGE_SIZE > 4KB (bnc#1012382). - dm cache metadata: save in-core policy_hint_size to on-disk superblock (bnc#1012382). - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA (bnc#1012382). - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bnc#1012382). - dmaengine: pxa_dma: remove duplicate const qualifier (bnc#1012382). - driver core: Partially revert "driver core: correct device's shutdown order" (bnc#1012382). - drivers: net: lmc: fix case value for target abort error (bnc#1012382). - drm/armada: fix colorkey mode property (bnc#1012382). - drm/atmel-hlcdc: check stride values in the first plane (bsc#1106929). - drm/atomic: Handling the case when setting old crtc for plane (bnc#1012382). - drm/bridge: adv7511: Reset registers on hotplug (bnc#1012382). - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up (bsc#1101822). - drm/drivers: add support for using the arch wc mapping API (git-fixes). - drm/exynos/dsi: mask frame-done interrupt (bsc#1106929). - drm/exynos: decon5433: Fix WINCONx reset value (bnc#1012382). - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes (bnc#1012382). - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes (bnc#1012382). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bnc#1012382). - drm/i915/userptr: reject zero user_size (bsc#1090888). - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1087092). - drm/imx: fix typo in ipu_plane_formats (bsc#1106929). - drm/imx: imx-ldb: check if channel is enabled before printing warning (bnc#1012382). - drm/imx: imx-ldb: disable LDB on driver bind (bnc#1012382). - drm/msm/hdmi: Use bitwise operators when building register values (bsc#1106929). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bnc#1012382). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1105769). - drm/radeon: fix mode_valid's return type (bnc#1012382). - drm: Add DP PSR2 sink enable bit (bnc#1012382). - drm: Reject getfb for multi-plane framebuffers (bsc#1106929). - enic: do not call enic_change_mtu in enic_probe (git-fixes). - enic: handle mtu change for vf properly (bnc#1012382). - enic: initialize enic->rfs_h.lock in enic_probe (bnc#1012382). - ext4: check for NUL characters in extended attribute's name (bnc#1012382). - ext4: fix spectre gadget in ext4_mb_regular_allocator() (bnc#1012382). - ext4: reset error code in ext4_find_entry in fallback (bnc#1012382). - ext4: sysfs: print ext4_super_block fields as little-endian (bsc#1106229). - f2fs: fix to do not trigger writeback during recovery (bnc#1012382). - fat: fix memory allocation failure handling of match_strdup() (bnc#1012382). - fb: fix lost console when the user unplugs a USB adapter (bnc#1012382). - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1106929). - fix __legitimize_mnt()/mntput() race (bnc#1012382). - fix mntput/mntput race (bnc#1012382). - fork: unconditionally clear stack on fork (bnc#1012382). - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed (bnc#1012382). - fs/dax.c: fix inefficiency in dax_writeback_mapping_range() (bsc#1106185). - fs/quota: Fix spectre gadget in do_quotactl (bnc#1012382). - fs: aio: fix the increment of aio-nr and counting against aio-max-nr (bsc#1068075, bsc#1078921). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012382). - fuse: Do not access pipe->buffers without pipe_lock() (bnc#1012382). - fuse: Fix oops at process_init_reply() (bnc#1012382). - fuse: fix double request_end() (bnc#1012382). - fuse: fix unlocked access to processing queue (bnc#1012382). - fuse: umount should wait for all requests (bnc#1012382). - genirq/proc: Return proper error code when irq_set_affinity() fails (bnc#1105392). - getxattr: use correct xattr length (bnc#1012382). - hfsplus: Do not clear SGID when inheriting ACLs (bsc#1030552). - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bnc#1012382). - hwrng: exynos - Disable runtime PM on driver unbind (git-fixes). - i2c: davinci: Avoid zero value of CLKH (bnc#1012382). - i2c: imx: Fix race condition in dma read (bnc#1012382). - i2c: imx: Fix reinit_completion() use (bnc#1012382). - i2c: ismt: fix wrong device address when unmap the data buffer (bnc#1012382). - i40e: use cpumask_copy instead of direct assignment (bsc#1053685). - i40iw: Fix memory leak in error path of create QP (bsc#969476 bsc#969477). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#969476 bsc#969477). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - ieee802154: at86rf230: use __func__ macro for debug messages (bnc#1012382). - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bnc#1012382). - igb: Fix not adding filter elements to the list (bsc#1024361 bsc#1024365). - iio: ad9523: Fix displayed phase (bnc#1012382). - iio: ad9523: Fix return value for ad952x_store() (bnc#1012382). - inet: frag: enforce memory limits earlier (bnc#1012382 bsc#970506). - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105). - iommu/vt-d: Add definitions for PFSID (bnc#1012382). - iommu/vt-d: Fix dev iotlb pfsid use (bnc#1012382). - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bnc#1012382). - ip: hash fragments consistently (bnc#1012382). - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull (bnc#1012382). - ipconfig: Correctly initialise ic_nameservers (bnc#1012382). - ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV (bnc#1012382). - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns (bnc#1012382). - ipv4: remove BUG_ON() from fib_compute_spec_dst (bnc#1012382). - ipv6: fix useless rol32 call on hash (bnc#1012382). - ipv6: mcast: fix unsolicited report interval after receiving querys (bnc#1012382). - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1033962). - iscsi target: fix session creation failure handling (bnc#1012382). - isdn: Disable IIOCDBGVAR (bnc#1012382). - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen() (bsc#969476 bsc#969477). - iwlwifi: pcie: fix race in Rx buffer allocator (bnc#1012382). - ixgbe: Be more careful when modifying MAC filters (bnc#1012382). - jfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - jump_label: Add RELEASE barrier after text changes (bsc#1105271). - jump_label: Fix concurrent static_key_enable/disable() (bsc#1105271). - jump_label: Move CPU hotplug locking (bsc#1105271). - jump_label: Provide hotplug context variants (bsc#1105271). - jump_label: Reduce the size of struct static_key (bsc#1105271). - jump_label: Reorder hotplug lock and jump_label_lock (bsc#1105271). - jump_label: Split out code under the hotplug lock (bsc#1105271). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1105271). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kasan: do not emit builtin calls when sanitization is off (bnc#1012382). - kasan: fix shadow_size calculation error in kasan_module_alloc (bnc#1012382). - kbuild: verify that $DEPMOD is installed (bnc#1012382). - kernel: improve spectre mitigation (bnc#1106934, LTC#171029). - kprobes/x86: Fix %p uses in error messages (bnc#1012382). - kprobes: Make list and blacklist root user read only (bnc#1012382). - kthread, tracing: Do not expose half-written comm when creating kthreads (bsc#1104897). - kvm: x86: vmx: fix vpid leak (bnc#1012382). - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache (bnc#1012382). - lib/rhashtable: consider param->min_size when setting initial table size (bnc#1012382). - libata: Fix command retry decision (bnc#1012382). - libceph: check authorizer reply/challenge length before reading (bsc#1096748). - libceph: factor out __ceph_x_decrypt() (bsc#1096748). - libceph: factor out __prepare_write_connect() (bsc#1096748). - libceph: factor out encrypt_authorizer() (bsc#1096748). - libceph: store ceph_auth_handshake pointer in ceph_connection (bsc#1096748). - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (bsc#1096748). - llc: use refcount_inc_not_zero() for llc_sap_find() (bnc#1012382). - locking/lockdep: Do not record IRQ state within lockdep code (bnc#1012382). - locks: pass inode pointer to locks_free_lock_context (bsc@1099832). - locks: prink more detail when there are leaked locks (bsc#1099832). - locks: restore a warn for leaked locks on close (bsc#1099832). - m68k: fix "bad page state" oops on ColdFire boot (bnc#1012382). - mac80211: add stations tied to AP_VLANs during hw reconfig (bnc#1012382). - md/raid10: fix that replacement cannot complete recovery after reassemble (bnc#1012382). - md: fix NULL dereference of mddev->pers in remove_and_add_spares() (bnc#1012382). - media: omap3isp: fix unbalanced dma_iommu_mapping (bnc#1012382). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bnc#1012382). - media: rtl28xxu: be sure that it won't go past the array size (bsc#1050431). - media: s5p-jpeg: fix number of components macro (bsc#1050431). - media: saa7164: Fix driver name in debug output (bnc#1012382). - media: si470x: fix __be16 annotations (bnc#1012382). - media: siano: get rid of __le32/__le16 cast warnings (bnc#1012382). - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bnc#1012382). - media: videobuf2-core: do not call memop 'finish' when queueing (bnc#1012382). - memory: tegra: Apply interrupts mask per SoC (bnc#1012382). - memory: tegra: Do not handle spurious interrupts (bnc#1012382). - mfd: cros_ec: Fail early if we cannot identify the EC (bnc#1012382). - microblaze: Fix simpleImage format generation (bnc#1012382). - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not supported (bnc#1106697). - mm/memory.c: check return value of ioremap_prot (bnc#1012382). - mm/slub.c: add __printf verification to slab_err() (bnc#1012382). - mm/tlb: Remove tlb_remove_table() non-concurrent condition (bnc#1012382). - mm: Add vm_insert_pfn_prot() (bnc#1012382). - mm: fix cache mode tracking in vm_insert_mixed() (bnc#1012382). - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1012382). - mm: vmalloc: avoid racy handling of debugobjects in vunmap (bnc#1012382). - mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 (bnc#1012382). - mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages (bnc#1012382). - mtd: ubi: wl: Fix error return code in ubi_wl_init() (git-fixes). - mwifiex: correct histogram data with appropriate index (bnc#1012382). - mwifiex: handle race during mwifiex_usb_disconnect (bnc#1012382). - net/9p/client.c: version pointer uninitialized (bnc#1012382). - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() (bnc#1012382). - net/ethernet/freescale/fman: fix cross-build error (bnc#1012382). - net/ipv4: Set oif in fib_compute_spec_dst (bnc#1012382). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bnc#1012382). - net/mlx5: Add missing SET_DRIVER_VERSION command translation (bsc#1015342 bsc#1015343). - net/mlx5: E-Switch, Include VF RDMA stats in vport statistics (bsc#966170 bsc#966172). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1015342 bsc#1015343). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#966170 bsc#966172). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#966170 bsc#966172). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1015342 bsc#1015343). - net/mlx5e: Err if asked to offload TC match on frag being first (bsc#1015342 bsc#1015343). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1015342 bsc#1015343). - net/mlx5e: Refine ets validation function (bsc#966170 bsc#966172). - net: 6lowpan: fix reserved space for single frames (bnc#1012382). - net: Do not copy pfmemalloc flag in __copy_skb_header() (bnc#1012382). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: axienet: Fix double deregister of mdio (bnc#1012382). - net: caif: Add a missing rcu_read_unlock() in caif_flow_cb (bnc#1012382). - net: davinci_emac: match the mdio device against its compatible if possible (bnc#1012382). - net: dsa: Do not suspend/resume closed slave_dev (bnc#1012382). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1027968). - net: fix amd-xgbe flow-control issue (bnc#1012382). - net: hamradio: use eth_broadcast_addr (bnc#1012382). - net: lan78xx: Fix misplaced tasklet_schedule() call (bnc#1012382). - net: lan78xx: fix rx handling before first packet is send (bnc#1012382). - net: mac802154: tx: expand tailroom if necessary (bnc#1012382). - net: phy: fix flag masking in __set_phy_supported (bnc#1012382). - net: prevent ISA drivers from building on PPC32 (bnc#1012382). - net: propagate dev_get_valid_name return code (bnc#1012382). - net: qca_spi: Avoid packet drop during initial sync (bnc#1012382). - net: qca_spi: Fix log level if probe fails (bnc#1012382). - net: qca_spi: Make sure the QCA7000 reset is triggered (bnc#1012382). - net: socket: fix potential spectre v1 gadget in socketcall (bnc#1012382). - net: usb: rtl8150: demote allmulti message to dev_dbg() (bnc#1012382). - net: vmxnet3: use new api ethtool_{get|set}_link_ksettings (bsc#1091860 bsc#1098253). - net_sched: Fix missing res info when create new tc_index filter (bnc#1012382). - net_sched: fix NULL pointer dereference when delete tcindex filter (bnc#1012382). - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state (bnc#1012382). - netfilter: ipset: List timing out entries with "timeout 1" instead of zero (bnc#1012382). - netfilter: ipv6: nf_defrag: reduce struct net memory waste (bnc#1012382). - netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule (bsc#1102797). - netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet (bsc#1102797). - netfilter: x_tables: set module owner for icmp(6) matches (bnc#1012382). - netlink: Do not shift on 64 for ngroups (bnc#1012382). - netlink: Do not shift with UB on nlk->ngroups (bnc#1012382). - netlink: Do not subscribe to non-existent groups (bnc#1012382). - netlink: Fix spectre v1 gadget in netlink_create() (bnc#1012382). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (bnc#1012382). - nl80211: Add a missing break in parse_station_flags (bnc#1012382). - nohz: Fix local_timer_softirq_pending() (bnc#1012382). - nvme-fc: release io queues to allow fast fail (bsc#1102486). - nvme: if_ready checks to fail io to deleting controller (bsc#1102486). - nvme: kABI-compliant version of nvmf_fail_nonready_command() (bsc#1102486). - nvmet-fc: fix target sgl list on large transfers (bsc#1102486). - osf_getdomainname(): use copy_to_user() (bnc#1012382). - ovl: Do d_type check only if work dir creation was successful (bnc#1012382). - ovl: Ensure upper filesystem supports d_type (bnc#1012382). - ovl: warn instead of error if d_type is not supported (bnc#1012382). - packet: refine ring v3 block size test to hold one frame (bnc#1012382). - packet: reset network header if packet shorter than ll reserved space (bnc#1012382). - parisc: Define mb() and add memory barriers to assembler unlock sequences (bnc#1012382). - parisc: Enable CONFIG_MLONGCALLS by default (bnc#1012382). - parisc: Remove ordered stores from syscall.S (bnc#1012382). - parisc: Remove unnecessary barriers from spinlock.h (bnc#1012382). - perf auxtrace: Fix queue resize (bnc#1012382). - perf llvm-utils: Remove bashism from kernel include fetch script (bnc#1012382). - perf report powerpc: Fix crash if callchain is empty (bnc#1012382). - perf test session topology: Fix test on s390 (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check for NHM (bnc#1012382). - perf/x86/intel/uncore: Correct fixed counter index check in generic code (bnc#1012382). - perf: fix invalid bit in diagnostic entry (bnc#1012382). - pinctrl: at91-pio4: add missing of_node_put (bnc#1012382). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bnc#1012382). - pnfs/blocklayout: off by one in bl_map_stripe() (bnc#1012382). - powerpc/32: Add a missing include header (bnc#1012382). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032. - powerpc/64s: Fix compiler store ordering to SLB shadow area (bnc#1012382). - powerpc/8xx: fix invalid register expression in head_8xx.S (bnc#1012382). - powerpc/chrp/time: Make some functions static, add missing header include (bnc#1012382). - powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet (bnc#1012382). - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1066223). - powerpc/powermac: Add missing prototype for note_bootable_part() (bnc#1012382). - powerpc/powermac: Mark variable x as unused (bnc#1012382). - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler (bnc#1012382). - powerpc/topology: Get topology for shared processors at boot (bsc#1104683). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157. - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc: make feature-fixup tests fortify-safe (bsc#1066223). - provide special timeout module parameters for EC2 (bsc#1065364). - ptp: fix missing break in switch (bnc#1012382). - pwm: tiehrpwm: Fix disabling of output of PWMs (bnc#1012382). - qed: Add sanity check for SIMD fastpath handler (bnc#1012382). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix possible memory leak in Rx error path handling (bsc#1019695 bsc#1019699 bsc#1022604 ). - qed: Fix possible race for the link state value (bnc#1012382). - qed: Fix setting of incorrect eswitch mode (bsc#1019695 bsc#1019699 bsc#1022604). - qed: Fix use of incorrect size in memcpy call (bsc#1019695 bsc#1019699 bsc#1022604). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1019695 bsc#1019699 bsc#1022604). - qlge: Fix netdev features configuration (bsc#1098822). - qlogic: check kstrtoul() for errors (bnc#1012382). - random: mix rdrand with entropy sent in from userspace (bnc#1012382). - readahead: stricter check for bdi io_pages (VM Functionality). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bnc#1012382). - reiserfs: fix broken xattr handling (heap corruption, bad retval) (bnc#1012382). - ring_buffer: tracing: Inherit the tracing setting to next ring buffer (bnc#1012382). - root dentries need RCU-delayed freeing (bnc#1012382). - rsi: Fix 'invalid vdd' warning in mmc (bnc#1012382). - rtc: ensure rtc_set_alarm fails when alarms are not supported (bnc#1012382). - rtnetlink: add rtnl_link_state check in rtnl_configure_link (bnc#1012382). - s390/cpum_sf: Add data entry sizes to sampling trailer entry (bnc#1012382). - s390/kvm: fix deadlock when killed by oom (bnc#1012382). - s390/lib: use expoline for all bcr instructions (bnc#1106934, LTC#171029). - s390/pci: fix out of bounds access during irq setup (bnc#1012382). - s390/qdio: reset old sbal_state flags (bnc#1012382). - s390/qeth: do not clobber buffer on async TX completion (bnc#1104485, LTC#170349). - s390/qeth: fix race when setting MAC address (bnc#1104485, LTC#170726). - s390: add explicit linux/stringify.h for jump label (bsc#1105271). - s390: detect etoken facility (bnc#1106934, LTC#171029). - s390: fix br_r1_trampoline for machines without exrl (bnc#1012382 bnc#1106934 LTC#171029). - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - scripts/tar-up.sh: Do not package gitlog-excludes file Also fix the evaluation of gitlog-excludes file, too - scsi: 3w-9xxx: fix a missing-check bug (bnc#1012382). - scsi: 3w-xxxx: fix a missing-check bug (bnc#1012382). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012382). - scsi: fcoe: drop frames in ELS LOGO error path (bnc#1012382). - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346). - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bnc#1012382). - scsi: megaraid: silence a static checker bug (bnc#1012382). - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs (bnc#1012382). - scsi: qla2xxx: Fix ISP recovery on unload (bnc#1012382). - scsi: qla2xxx: Return error when TMF returns (bnc#1012382). - scsi: scsi_dh: replace too broad "TP9" string with the exact models (bnc#1012382). - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled (bnc#1012382). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bnc#1012382). - scsi: ufs: fix exception event handling (bnc#1012382). - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (bnc#1012382). - scsi: xen-scsifront: add error handling for xenbus_printf (bnc#1012382). - scsi_debug: call resp_XXX function after setting host_scribble (bsc#1069138). - scsi_debug: reset injection flags for every_nth > 0 (bsc#1069138). - selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC (bnc#1012382). - selftest/seccomp: Fix the seccomp(2) signature (bnc#1012382). - selftests/ftrace: Add snapshot and tracing_on test case (bnc#1012382). - selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs (bnc#1012382). - selftests: pstore: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: static_keys: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: sync: add config fragment for testing sync framework (bnc#1012382). - selftests: user: return Kselftest Skip code for skipped tests (bnc#1012382). - selftests: zram: return Kselftest Skip code for skipped tests (bnc#1012382). - serial: 8250_dw: always set baud rate in dw8250_set_termios (bnc#1012382). - sfc: stop the TX queue before pushing new buffers (bsc#1017967 ). - skbuff: Unconditionally copy pfmemalloc in __skb_clone() (bnc#1012382). - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060). - smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012382). - smb3: do not request leases in symlink creation and query (bnc#1012382). - spi: davinci: fix a NULL pointer dereference (bnc#1012382). - squashfs: be more careful about metadata corruption (bnc#1012382). - squashfs: more metadata hardening (bnc#1012382). - squashfs: more metadata hardenings (bnc#1012382). - staging: android: ion: check for kref overflow (bnc#1012382). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1107319). - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995). - target_core_rbd: use RCU in free_device (bsc#1105524). - tcp: Fix missing range_truesize enlargement in the backport (bnc#1012382). - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode (bnc#1012382). - tcp: add one more quick ack after after ECN events (bnc#1012382). - tcp: do not aggressively quick ack after ECN events (bnc#1012382). - tcp: do not cancel delay-AcK on DCTCP special ACK (bnc#1012382). - tcp: do not delay ACK in DCTCP upon CE status change (bnc#1012382). - tcp: do not force quickack when receiving out-of-order packets (bnc#1012382). - tcp: fix dctcp delayed ACK schedule (bnc#1012382). - tcp: helpers to send special DCTCP ack (bnc#1012382). - tcp: identify cryptic messages as TCP seq # bugs (bnc#1012382). - tcp: refactor tcp_ecn_check_ce to remove sk type cast (bnc#1012382). - tcp: remove DELAYED ACK events in DCTCP (bnc#1012382). - tg3: Add higher cpu clock for 5762 (bnc#1012382). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bnc#1012382). - timekeeping: Eliminate the stale declaration of ktime_get_raw_and_real_ts64() (bsc#969470). - tools/power turbostat: Read extended processor family from CPUID (bnc#1012382). - tools/power turbostat: fix -S on UP systems (bnc#1012382). - tools: usb: ffs-test: Fix build on big endian systems (bnc#1012382). - tpm: fix race condition in tpm_common_write() (bnc#1012382). - tracing/blktrace: Fix to allow setting same value (bnc#1012382). - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure (bnc#1012382). - tracing: Do not call start/stop() functions when tracing_on does not change (bnc#1012382). - tracing: Fix double free of event_trigger_data (bnc#1012382). - tracing: Fix possible double free in event_enable_trigger_func() (bnc#1012382). - tracing: Quiet gcc warning about maybe unused link variable (bnc#1012382). - tracing: Use __printf markup to silence compiler (bnc#1012382). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bnc#1012382). - turn off -Wattribute-alias (bnc#1012382). - ubi: Be more paranoid while seaching for the most recent Fastmap (bnc#1012382). - ubi: Fix Fastmap's update_vol() (bnc#1012382). - ubi: Fix races around ubi_refill_pools() (bnc#1012382). - ubi: Introduce vol_ignored() (bnc#1012382). - ubi: Rework Fastmap attach base code (bnc#1012382). - ubi: fastmap: Erase outdated anchor PEBs during attach (bnc#1012382). - ubifs: Check data node size before truncate (bsc#1106276). - ubifs: Fix memory leak in lprobs self-check (bsc#1106278). - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1106275). - ubifs: xattr: Do not operate on deleted inodes (bsc#1106271). - udl-kms: change down_interruptible to down (bnc#1012382). - udl-kms: fix crash due to uninitialized memory (bnc#1012382). - udl-kms: handle allocation failure (bnc#1012382). - udlfb: set optimal write delay (bnc#1012382). - uprobes: Use synchronize_rcu() not synchronize_sched() (bnc#1012382). - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bnc#1012382). - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1099810). - usb: cdc_acm: Add quirk for Castles VEGA3000 (bnc#1012382). - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1100132). - usb: dwc2: fix isoc split in transfer with no data (bnc#1012382). - usb: gadget: composite: fix delayed_status race condition when set_interface (bnc#1012382). - usb: gadget: dwc2: fix memory leak in gadget_init() (bnc#1012382). - usb: gadget: f_fs: Only return delayed status when len is 0 (bnc#1012382). - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bnc#1012382). - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue() (bnc#1012382). - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller() (bnc#1012382). - usb: hub: Do not wait for connect state at resume for powered-off ports (bnc#1012382). - usb: renesas_usbhs: gadget: fix spin_lock_init() for uep->lock (bsc#1085536). - usb: xhci: increase CRS timeout value (bnc#1012382). - usbip: usbip_detach: Fix memory, udev context and udev leak (bnc#1012382). - userns: move user access out of the mutex (bnc#1012382). - virtio_balloon: fix another race between migration and ballooning (bnc#1012382). - virtio_console: fix uninitialized variable use (git-fixes). - vmw_balloon: VMCI_DOORBELL_SET does not check status (bnc#1012382). - vmw_balloon: do not use 2MB without batching (bnc#1012382). - vmw_balloon: fix VMCI use when balloon built into kernel (bnc#1012382). - vmw_balloon: fix inflation of 64-bit GFNs (bnc#1012382). - vmxnet3: Replace msleep(1) with usleep_range() (bsc#1091860 bsc#1098253). - vmxnet3: add receive data ring support (bsc#1091860 bsc#1098253). - vmxnet3: add support for get_coalesce, set_coalesce ethtool operations (bsc#1091860 bsc#1098253). - vmxnet3: allow variable length transmit data ring buffer (bsc#1091860 bsc#1098253). - vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc() (bsc#1091860 bsc#1098253). - vmxnet3: avoid format strint overflow warning (bsc#1091860 bsc#1098253). - vmxnet3: avoid xmit reset due to a race in vmxnet3 (bsc#1091860 bsc#1098253). - vmxnet3: fix incorrect dereference when rxvlan is disabled (bsc#1091860 bsc#1098253). - vmxnet3: fix non static symbol warning (bsc#1091860 bsc#1098253). - vmxnet3: fix tx data ring copy for variable size (bsc#1091860 bsc#1098253). - vmxnet3: increase default rx ring sizes (bsc#1091860 bsc#1098253). - vmxnet3: introduce command to register memory region (bsc#1091860 bsc#1098253). - vmxnet3: introduce generalized command interface to configure the device (bsc#1091860 bsc#1098253). - vmxnet3: prepare for version 3 changes (bsc#1091860 bsc#1098253). - vmxnet3: remove redundant initialization of pointer 'rq' (bsc#1091860 bsc#1098253). - vmxnet3: remove unused flag "rxcsum" from struct vmxnet3_adapter (bsc#1091860 bsc#1098253). - vmxnet3: set the DMA mask before the first DMA map operation (bsc#1091860 bsc#1098253). - vmxnet3: update to version 3 (bsc#1091860 bsc#1098253). - vmxnet3: use DMA memory barriers where required (bsc#1091860 bsc#1098253). - vmxnet3: use correct flag to indicate LRO feature (bsc#1091860 bsc#1098253). - vsock: split dwork to avoid reinitializations (bnc#1012382). - vti6: Fix dev->max_mtu setting (bsc#1033962). - vti6: fix PMTU caching and reporting on xmit (bnc#1012382). - wlcore: sdio: check for valid platform device data before suspend (bnc#1012382). - x86/MCE: Remove min interval polling limitation (bnc#1012382). - x86/amd: do not set X86_BUG_SYSRET_SS_ATTRS when running under Xen (bnc#1012382). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bnc#1012382). - x86/bugs: Move the l1tf function and define pr_fmt properly (bnc#1012382). - x86/bugs: Respect nospec command line option (bsc#1068032). - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (bnc#1012382). - x86/cpu: Make alternative_msr_write work for 32-bit code (bnc#1012382). - x86/cpu: Re-apply forced caps every time CPU caps are re-read (bnc#1012382). - x86/cpufeature: preserve numbers (kabi). - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (bnc#1012382). - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (bnc#1012382). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bnc#1012382). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/init: fix build with CONFIG_SWAP=n (bnc#1012382). - x86/irqflags: Mark native_restore_fl extern inline (bnc#1012382). - x86/irqflags: Provide a declaration for native_save_fl (git-fixes). - x86/mm/kmmio: Make the tracer robust against L1TF (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA (bnc#1012382). - x86/mm/pat: Fix L1TF stable backport for CPA, 2nd call (bnc#1012382). - x86/mm/pat: Make set_memory_np() L1TF safe (bnc#1012382). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bnc#1012382). - x86/mm: Disable ioremap free page handling on x86-PAE (bnc#1012382). - x86/mm: Give each mm TLB flush generation a unique ID (bnc#1012382). - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (bnc#1012382). - x86/paravirt: Make native_save_fl() extern inline (bnc#1012382). - x86/process: Correct and optimize TIF_BLOCKSTEP switch (bnc#1012382). - x86/process: Optimize TIF checks in __switch_to_xtra() (bnc#1012382). - x86/process: Optimize TIF_NOTSC switch (bnc#1012382). - x86/process: Re-export start_thread() (bnc#1012382). - x86/spectre: Add missing family 6 check to microcode check (bnc#1012382). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bnc#1012382). - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (bnc#1012382). - x86/speculation/l1tf: Extend 64bit swap file size limit (bnc#1012382). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#1012382). - x86/speculation/l1tf: Fix up CPU feature flags (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Invert all not present mappings (bnc#1012382). - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (bnc#1012382). - x86/speculation/l1tf: Protect PAE swap entries against L1TF (bnc#1012382). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (bnc#1012382). - x86/speculation: Add asm/msr-index.h dependency (bnc#1012382). - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (bnc#1012382). - x86/speculation: Clean up various Spectre related details (bnc#1012382). - x86/speculation: Correct Speculation Control microcode blacklist again (bnc#1012382). - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP (bnc#1012382). - x86/speculation: Update Speculation Control microcode blacklist (bnc#1012382). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86/speculation: Use IBRS if available before calling into firmware (bnc#1012382). - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (bnc#1012382). - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths (bnc#1012382). - xen-netfront: wait xenbus state change when load module manually (bnc#1012382). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen: set cpu capabilities from xen_start_kernel() (bnc#1012382). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382). - xfrm: free skb if nlsk pointer is NULL (bnc#1012382). - xfrm_user: prevent leaking 2 bytes of kernel memory (bnc#1012382). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xhci: Fix perceived dead host due to runtime suspend race with event handler (bnc#1012382). - zswap: re-check zswap_is_full() after do zswap_shrink() (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1015342 SUSE bug 1015343 SUSE bug 1017967 SUSE bug 1019695 SUSE bug 1019699 SUSE bug 1020412 SUSE bug 1021121 SUSE bug 1022604 SUSE bug 1024361 SUSE bug 1024365 SUSE bug 1024376 SUSE bug 1027968 SUSE bug 1030552 SUSE bug 1031492 SUSE bug 1033962 SUSE bug 1042286 SUSE bug 1048317 SUSE bug 1050431 SUSE bug 1053685 SUSE bug 1055014 SUSE bug 1056596 SUSE bug 1062604 SUSE bug 1063646 SUSE bug 1064232 SUSE bug 1065364 SUSE bug 1066223 SUSE bug 1068032 SUSE bug 1068075 SUSE bug 1069138 SUSE bug 1078921 SUSE bug 1080157 SUSE bug 1083663 SUSE bug 1085042 SUSE bug 1085536 SUSE bug 1085539 SUSE bug 1087092 SUSE bug 1089066 SUSE bug 1090888 SUSE bug 1091171 SUSE bug 1091860 SUSE bug 1092903 SUSE bug 1096254 SUSE bug 1096748 SUSE bug 1097105 SUSE bug 1098253 SUSE bug 1098822 SUSE bug 1099597 SUSE bug 1099810 SUSE bug 1099832 SUSE bug 1099922 SUSE bug 1099999 SUSE bug 1100000 SUSE bug 1100001 SUSE bug 1100132 SUSE bug 1101822 SUSE bug 1102346 SUSE bug 1102486 SUSE bug 1102517 SUSE bug 1102715 SUSE bug 1102797 SUSE bug 1104485 SUSE bug 1104683 SUSE bug 1104897 SUSE bug 1105271 SUSE bug 1105292 SUSE bug 1105296 SUSE bug 1105322 SUSE bug 1105323 SUSE bug 1105392 SUSE bug 1105396 SUSE bug 1105524 SUSE bug 1105536 SUSE bug 1105769 SUSE bug 1106016 SUSE bug 1106105 SUSE bug 1106185 SUSE bug 1106191 SUSE bug 1106229 SUSE bug 1106271 SUSE bug 1106275 SUSE bug 1106276 SUSE bug 1106278 SUSE bug 1106281 SUSE bug 1106283 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1106697 SUSE bug 1106929 SUSE bug 1106934 SUSE bug 1106995 SUSE bug 1107060 SUSE bug 1107078 SUSE bug 1107319 SUSE bug 1107320 SUSE bug 1107689 SUSE bug 1107735 SUSE bug 1107937 SUSE bug 1107966 SUSE bug 963575 SUSE bug 966170 SUSE bug 966172 SUSE bug 969470 SUSE bug 969476 SUSE bug 969477 SUSE bug 970506 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-1128 CVE-2018-1129 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-15572 CVE-2018-16658 CVE-2018-6554 CVE-2018-6555 CVE-2018-9363 openSUSE Leap 42.3 This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). Bug fixes: - bsc#1067720: Avoid overwriting of customer's configuration during update. - bsc#1095472: Add Obsoletes for tomcat6 packages. This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1067720 SUSE bug 1093697 SUSE bug 1095472 SUSE bug 1102379 SUSE bug 1102400 SUSE bug 1102410 CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 openSUSE Leap 42.3 This update for clamav fixes the following issues: - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - update upstream keys in the keyring - provide and obsolete clamav-nodb to trigger it's removal in Leap bsc#1040662 This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1040662 SUSE bug 1049423 SUSE bug 1052448 SUSE bug 1052449 SUSE bug 1052466 SUSE bug 1077732 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 openSUSE Leap 42.3 This update for exempi fixes the following security issue: - CVE-2017-18236: The ASF_Support::ReadHeaderObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted .asf file (bsc#1085589) - CVE-2017-18233: Prevent integer overflow in the Chunk class that allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file (bsc#1085584) - CVE-2017-18238: The TradQT_Manager::ParseCachedBoxes function allowed remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file (bsc#1085583) Low SUSE bug 1085583 SUSE bug 1085584 SUSE bug 1085589 CVE-2017-18233 CVE-2017-18236 CVE-2017-18238 openSUSE Leap 42.3 This update for chromium to 64.0.3282.119 fixes several issues. These security issues were fixed: - CVE-2018-6031: Use after free in PDFium (boo#1077571) - CVE-2018-6032: Same origin bypass in Shared Worker (boo#1077571) - CVE-2018-6033: Race when opening downloaded files (boo#1077571) - CVE-2018-6034: Integer overflow in Blink (boo#1077571) - CVE-2018-6035: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6036: Integer underflow in WebAssembly (boo#1077571) - CVE-2018-6037: Insufficient user gesture requirements in autofill (boo#1077571) - CVE-2018-6038: Heap buffer overflow in WebGL (boo#1077571) - CVE-2018-6039: XSS in DevTools (boo#1077571) - CVE-2018-6040: Content security policy bypass (boo#1077571) - CVE-2018-6041: URL spoof in Navigation (boo#1077571) - CVE-2018-6042: URL spoof in OmniBox (boo#1077571) - CVE-2018-6043: Insufficient escaping with external URL handlers (boo#1077571) - CVE-2018-6045: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6046: Insufficient isolation of devtools from extensions (boo#1077571) - CVE-2018-6047: Cross origin URL leak in WebGL (boo#1077571) - CVE-2018-6048: Referrer policy bypass in Blink (boo#1077571) - CVE-2017-15420: URL spoofing in Omnibox (boo#1077571) - CVE-2018-6049: UI spoof in Permissions (boo#1077571) - CVE-2018-6050: URL spoof in OmniBox (boo#1077571) - CVE-2018-6051: Referrer leak in XSS Auditor (boo#1077571) - CVE-2018-6052: Incomplete no-referrer policy implementation (boo#1077571) - CVE-2018-6053: Leak of page thumbnails in New Tab Page (boo#1077571) - CVE-2018-6054: Use after free in WebUI (boo#1077571) Re was updated to version 2018-01-01 (boo#1073323) Important SUSE bug 1073323 SUSE bug 1077571 SUSE bug 1077722 CVE-2017-15420 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS (bsc#1106858) - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855) - CVE-2018-14434: Fixed a memory leak for a colormap in WriteMPCImage (bsc#1102003) - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (bsc#1102007) - CVE-2018-14436: Fixed a memory leak in ReadMIFFImage in coders/miff.c (bsc#1102005) - CVE-2018-14437: Fixed a memory leak in parse8BIM in coders/meta.c (bsc#1102004) - Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml (bsc#1105592) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1102003 SUSE bug 1102004 SUSE bug 1102005 SUSE bug 1102007 SUSE bug 1105592 SUSE bug 1106855 SUSE bug 1106858 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-16323 CVE-2018-16329 openSUSE Leap 42.3 This update for liblouis fixes the following issues: Security issues fixed: - CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (bsc#1095189) - CVE-2018-11577: Fixed a segmentation fault in lou_logPrint in logging.c (bsc#1095945) - CVE-2018-11683: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1095827) - CVE-2018-11684: Fixed stack-based buffer overflow in the function includeFile() in compileTranslationTable.c (bsc#1095826) - CVE-2018-11685: Fixed a stack-based buffer overflow in the function compileHyphenation() in compileTranslationTable.c (bsc#1095825) - CVE-2018-12085: Fixed a stack-based buffer overflow in the function parseChars() in compileTranslationTable.c (different vulnerability than CVE-2018-11440) (bsc#1097103) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1095189 SUSE bug 1095825 SUSE bug 1095826 SUSE bug 1095827 SUSE bug 1095945 SUSE bug 1097103 CVE-2018-11440 CVE-2018-11577 CVE-2018-11683 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085 openSUSE Leap 42.3 This update for apache2 fixes several issues. These security issues were fixed: - CVE-2017-9789: When under stress (closing many connections) the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour (bsc#1048575). - CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process (bsc#1045160). These non-security issues were fixed: - Use the full path to a2enmod and a2dismod in the apache-22-24-upgrade script (bsc#1042037) - Fall back to 'localhost' as hostname in gensslcert (bsc#1057406) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1042037 SUSE bug 1045160 SUSE bug 1048575 SUSE bug 1057406 CVE-2017-7659 CVE-2017-9789 openSUSE Leap 42.3 This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1090638 CVE-2017-17833 openSUSE Leap 42.3 This update for nodejs6 to version 6.14.4 fixes the following issues: Security issues fixed: CVE-2018-12115: Fixed an out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (bsc#1105019) CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter (bsc#1097158) Other issues fixed: - Recommend same major version npm package (bsc#1097748) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1097158 SUSE bug 1097748 SUSE bug 1105019 CVE-2018-0732 CVE-2018-12115 openSUSE Leap 42.3 This update for bouncycastle fixes the following security issue: - CVE-2018-1000180: Fixed flaw in the Low-level interface to RSA key pair generator. RSA Key Pairs generated in low-level API with added certainty may had less M-R tests than expected (bsc#1096291). Moderate SUSE bug 1096291 CVE-2018-1000180 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following security issue: - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283). An earlier update added a change that also fixed this issues that was unknown at the time of release: - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282). Low SUSE bug 1108282 SUSE bug 1108283 CVE-2018-16749 CVE-2018-16750 openSUSE Leap 42.3 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the "Location" or other outbound header key or value. (bsc#1104826) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1016715 SUSE bug 1104826 CVE-2016-4975 CVE-2016-8743 openSUSE Leap 42.3 This update for gd fixes the following issues: Security issue fixed: - CVE-2018-1000222: Fixed a double free vulnerability in gdImageBmpPtr() that could result in remote code execution. This could have been exploited via a specially crafted JPEG image files. (bsc#1105434) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1105434 CVE-2018-1000222 openSUSE Leap 42.3 This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1047002 SUSE bug 1105437 SUSE bug 1105459 SUSE bug 1105460 CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 openSUSE Leap 42.3 This update for php5-smarty3 fixes the following issues: - CVE-2018-16381: Prevent traversal vulnerability due to insufficient template code sanitization that allowed attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files (bsc#1108741). Moderate SUSE bug 1108741 CVE-2018-16381 openSUSE Leap 42.3 This update for libzypp, zypper fixes the following issues: Update libzypp to version 16.17.20: Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45: Other bugs fixed: - XML <install-summary> attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1036304 SUSE bug 1049825 SUSE bug 1070851 SUSE bug 1076192 SUSE bug 1088705 SUSE bug 1091624 SUSE bug 1092413 SUSE bug 1096803 SUSE bug 1099847 SUSE bug 1100028 SUSE bug 1101349 SUSE bug 1102429 CVE-2018-7685 openSUSE Leap 42.3 This update for shadow fixes the following security issue: - CVE-2018-16588: Prevent useradd from creating intermediate directories with mode 0777 (bsc#1106914) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1106914 CVE-2018-16588 openSUSE Leap 42.3 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-10779: Fixed a heap-based buffer overflow in TIFFWriteScanline() in tif_write.c (bsc#1092480) - CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186) - CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1074186 SUSE bug 1092480 SUSE bug 983440 CVE-2016-5319 CVE-2017-17942 CVE-2018-10779 openSUSE Leap 42.3 This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1105443 CVE-2018-1000632 openSUSE Leap 42.3 This update for php7 fixes the following issues: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1108753 CVE-2018-17082 openSUSE Leap 42.3 This update fixes the following issue in yast2-smt: - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1097560 openSUSE Leap 42.3 This update for gd fixes one issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1076391 CVE-2018-5711 openSUSE Leap 42.3 This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1089039 SUSE bug 1101246 SUSE bug 1101470 SUSE bug 1104789 SUSE bug 1106197 SUSE bug 997043 CVE-2018-0737 openSUSE Leap 42.3 This update for zsh to version 5.6.2 fixes the following issues: These security issues were fixed: - CVE-2018-0502: The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line (bsc#1107296) - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one (bsc#1107294) - CVE-2018-1100: Prevent stack-based buffer overflow in the utils.c:checkmailpath function that allowed local attackers to execute arbitrary code in the context of another user (bsc#1089030). - CVE-2018-1071: Prevent stack-based buffer overflow in the exec.c:hashcmd() function that allowed local attackers to cause a denial of service (bsc#1084656). - CVE-2018-1083: Prevent buffer overflow in the shell autocomplete functionality that allowed local unprivileged users to create a specially crafted directory path which lead to code execution in the context of the user who tries to use autocomplete to traverse the mentioned path (bsc#1087026). - Disallow evaluation of the initial values of integer variables imported from the environment These non-security issues were fixed: - Fixed that the signal SIGWINCH was being ignored when zsh is not in the foreground. - Fixed two regressions with pipelines getting backgrounded and emitting the signal SIGTTOU - The effect of the NO_INTERACTIVE_COMMENTS option extends into $(...) and `...` command substitutions when used on the command line. - The 'exec' and 'command' precommand modifiers, and options to them, are now parsed after parameter expansion. - Functions executed by ZLE widgets no longer have their standard input closed, but redirected from /dev/null instead. - There is an option WARN_NESTED_VAR, a companion to the existing WARN_CREATE_GLOBAL that causes a warning if a function updates a variable from an enclosing scope without using typeset -g. - zmodload now has an option -s to be silent on a failure to find a module but still print other errors. - Fix typo in chflags completion - Fixed invalid git commands completion - VCS info system: vcs_info git: Avoid a fork. - Fix handling of "printf -" and "printf --" - fix broken completion for filterdiff (boo#1019130) - Unicode9 support, this needs support from your terminal to work correctly. - The new word modifier ':P' computes the physical path of the argument. - The output of "typeset -p" uses "export" commands or the "-g" option for parameters that are not local to the current scope. - vi-repeat-change can repeat user-defined widgets if the widget calls zle -f vichange. - The parameter $registers now makes the contents of vi register buffers available to user-defined widgets. - New vi-up-case and vi-down-case builtin widgets bound to gU/gu (or U/u in visual mode) for doing case conversion. - A new select-word-match function provides vim-style text objects with configurable word boundaries using the existing match-words-by-style mechanism. - Support for the conditional expression [[ -v var ]] to test if a variable is set for compatibility with other shells. - The print and printf builtins have a new option -v to assign the output to a variable. - New x: syntax in completion match specifications make it possible to disable match specifications hardcoded in completion functions. - Re-add custom zshrc and zshenv to unbreak compatibility with old usage (boo#998858). - Read /etc/profile as zsh again. - The new module zsh/param/private can be loaded to allow the shell to define parameters that are private to a function scope (i.e. are not propagated to nested functions called within this function). - The GLOB_STAR_SHORT option allows the pattern **/* to be shortened to just ** if no / follows. so **.c searches recursively for a file whose name has the suffix ".c". - The effect of the WARN_CREATE_GLOBAL option has been significantly extended, so expect it to cause additional warning messages about parameters created globally within function scope. - The print builtin has new options -x and -X to expand tabs. - Several new command completions and numerous updates to others. - Options to "fc" to segregate internal and shared history. - All emulations including "sh" use multibyte by default; several repairs to multibyte handling. - ZLE supports "bracketed paste" mode to avoid interpreting pasted newlines as accept-line. Pastes can be highlighted for visibility and to make it more obvious whether accept-line has occurred. - Improved (though still not perfect) POSIX compatibility for getopts builtin when POSIX_BUILTINS is set. - New setopt APPEND_CREATE for POSIX-compatible NO_CLOBBER behavior. - Completion of date values now displays in a calendar format when the complist module is available. Controllable by zstyle. - New parameter UNDO_LIMIT_NO for more control over ZLE undo repeat. - Several repairs/improvements to the contributed narrow-to-region ZLE function. - Many changes to child-process and signal handling to eliminate race conditions and avoid deadlocks on descriptor and memory management. - New builtin sysopen in zsh/system module for detailed control of file descriptor modes. - Fix a printf regression boo#934175 - Global aliases can be created for syntactic tokens such as command separators (";", "&", "|", "&&", "||"), redirection operators, etc. - There have been various further improvements to builtin handling with the POSIX_BUILTINS option (off by default) for compatibility with the POSIX standard. - 'whence -v' is now more informative, and 'whence -S' shows you how a full chain of symbolic links resolves to a command. - The 'p' parameter flag now allows an argument to be specified as a reference to a variable, e.g. ${(ps.$sep.)foo} to split $foo on a string given by $sep. - The option FORCE_FLOAT now forces variables, not just constants, to floating point in arithmetic expressions. - The type of an assignment in arithmetic expressions, e.g. the type seen by the variable res in $(( res = a = b )), is now more logical and C-like. - The default binding of 'u' in vi command mode has changed to undo multiple changes when invoked repeatedly. '^R' is now bound to redo changes. To revert to toggling of the last edit use: bindkey -a u vi-undo-change - Compatibility with Vim has been improved for vi editing mode. Most notably, Vim style text objects are supported and the region can be manipulated with vi commands in the same manner as Vim's visual mode. - Elements of the watch variable may now be patterns. - The logic for retrying history locking has been improved. - Fix openSUSE versions in osc completion - Add back rpm completion file (boo#900424) Important SUSE bug 1019130 SUSE bug 1084656 SUSE bug 1087026 SUSE bug 1089030 SUSE bug 1107294 SUSE bug 1107296 SUSE bug 900424 SUSE bug 934175 SUSE bug 998858 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-13259 openSUSE Leap 42.3 This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Important SUSE bug 1109673 CVE-2018-17407 openSUSE Leap 42.3 This update for libtasn1 fixes one issue. This security issue was fixed: - CVE-2018-6003: Prevent a stack exhaustion in _asn1_decode_simple_ber (lib/decoding.c) when decoding BER encoded structure allowed for DoS (bsc#1076832). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1076832 CVE-2018-6003 openSUSE Leap 42.3 This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the "CS" and "SC" PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in "ztype" could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect "restoration of privilege" checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1106171 SUSE bug 1106172 SUSE bug 1106173 SUSE bug 1106195 SUSE bug 1107410 SUSE bug 1107411 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107422 SUSE bug 1107423 SUSE bug 1107426 SUSE bug 1107581 SUSE bug 1108027 SUSE bug 1109105 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 openSUSE Leap 42.3 This update for unzip fixes the following security issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). This non-security issue was fixed: - Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1013992 SUSE bug 1013993 SUSE bug 1080074 SUSE bug 910683 SUSE bug 914442 SUSE bug 950110 SUSE bug 950111 CVE-2014-9636 CVE-2014-9913 CVE-2015-7696 CVE-2015-7697 CVE-2016-9844 CVE-2018-1000035 openSUSE Leap 42.3 This update for php5 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade was mishandled in the php_handler function (bsc#1108753) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1108753 CVE-2018-17082 openSUSE Leap 42.3 This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1040039 SUSE bug 1047184 SUSE bug 1076118 CVE-2017-3145 openSUSE Leap 42.3 This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to "
" - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1106812 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 openSUSE Leap 42.3 This update for mgetty fixes the following issues: - CVE-2018-16741: Fixed a command injection in fax/faxq-helper.c (boo#1108752) - CVE-2018-16742: Stack-based buffer overflow in contrib/scrts.c triggered via command line parameter (boo#1108762) - CVE-2018-16743: Stack-based buffer overflow with long username in contrib/next-login/login.c (boo#1108761) - CVE-2018-16744: Command injection in faxrec.c (boo#1108757) - CVE-2018-16745: Stack-based buffer overflow in fax_notify_mail() in faxrec.c (boo#1108756) - sets maximum length of a string to prevent buffer overflow and thus possible command injection - The obsolete contrib/scrts.c tool was deleted, which contained a buffer overflow. Moderate SUSE bug 1108752 SUSE bug 1108756 SUSE bug 1108757 SUSE bug 1108761 SUSE bug 1108762 CVE-2018-16741 CVE-2018-16742 CVE-2018-16743 CVE-2018-16744 CVE-2018-16745 openSUSE Leap 42.3 This update for git fixes the following issues: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Important SUSE bug 1110949 CVE-2018-17456 openSUSE Leap 42.3 This update for brings postgresql10 version 10.5 to openSUSE Leap 42.3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a "x.y" format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1108308 openSUSE Leap 42.3 This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279). - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166). - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046). - CVE-2017-18258: The xz_head function allowed remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality did not restrict memory usage to what is required for a legitimate file (bsc#1088601). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1088279 SUSE bug 1088601 SUSE bug 1102046 SUSE bug 1105166 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 CVE-2018-9251 openSUSE Leap 42.3 This update for libvirt provides several fixes. This security issue was fixed: - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed: - Add a qemu hook script providing functionality similar to Xen's block-dmmd script. (fate#324177) - schema: Make disk driver name attribute optional. (bsc#1073973) - virt-create-rootfs: Handle all SLE 12 versions. (bsc#1072887) - libvirt-guests: Fix the 'stop' operation when action is 'suspend'. (bsc#1070130) - s390: Fix missing host cpu model info. (bsc#1065766) - cpu: Add new EPYC CPU model. (bsc#1052825, fate#324038) - pci: Fix the detection of the link's maximum speed. (bsc#1064947) - nodedev: Increase the netlink socket buffer size. (bsc#1035442) - storage: Fix a race between the volume creation and the pool refresh. (bsc#1062571) - daemon: Drop the minsize directive from hypervisor logrotate files. (bsc#1062760) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1035442 SUSE bug 1052825 SUSE bug 1062571 SUSE bug 1062760 SUSE bug 1064947 SUSE bug 1065766 SUSE bug 1070130 SUSE bug 1072887 SUSE bug 1073973 SUSE bug 1076500 CVE-2018-5748 openSUSE Leap 42.3 This update for nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes: - Update to LTS release 6.12.2 (bsc#1072322): * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ * https://nodejs.org/en/blog/release/v6.12.2/ * https://nodejs.org/en/blog/release/v6.12.1/ * https://nodejs.org/en/blog/release/v6.12.0/ * https://nodejs.org/en/blog/release/v6.11.5/ * https://nodejs.org/en/blog/release/v6.11.4/ * https://nodejs.org/en/blog/release/v6.11.3/ * https://nodejs.org/en/blog/release/v6.11.2/ This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056058 SUSE bug 1066242 SUSE bug 1072322 CVE-2017-14919 CVE-2017-15896 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 openSUSE Leap 42.3 This update for systemd fixes several issues. This security issue was fixed: - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). These non-security issues were fixed: - core: don't choke if a unit another unit triggers vanishes during reload - delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX - delta: extend skip logic to work on full directory paths (prefix+suffix) (bsc#1070428) - delta: check if a prefix needs to be skipped only once - delta: skip symlink paths when split-usr is enabled (#4591) - sysctl: use raw file descriptor in sysctl_write (#7753) - sd-netlink: don't take possesion of netlink fd from caller on failure (bsc#1074254) - Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It was missing the following case: "/dev/disk/by-id/cr_-xxx". - sysctl: disable buffer while writing to /proc (bsc#1071558) - Use read_line() and LONG_LINE_MAX to read values configuration files. (bsc#1071558) - sysctl: no need to check for eof twice - def: add new constant LONG_LINE_MAX - fileio: add new helper call read_line() as bounded getline() replacement - service: Don't stop unneeded units needed by restarted service (#7526) (bsc#1066156) - gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280) - gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab (bsc#897422) - fstab-util: introduce fstab_has_fstype() helper - fstab-generator: ignore root=/dev/nfs (#3591) - fstab-generator: don't process root= if it happens to be "gpt-auto" (#3452) - virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581) (bsc#1048510) - analyze: replace --no-man with --man=no in the man page (bsc#1068251) - udev: net_setup_link: don't error out when we couldn't apply link config (#7328) - Add missing /etc/systemd/network directory - Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510) - sd-bus: use -- when passing arguments to ssh (#6706) - systemctl: make sure we terminate the bus connection first, and then close the pager (#3550) - sd-bus: bump message queue size (bsc#1075724) - tmpfiles: downgrade warning about duplicate line This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1048510 SUSE bug 1065276 SUSE bug 1066156 SUSE bug 1068251 SUSE bug 1070428 SUSE bug 1071558 SUSE bug 1074254 SUSE bug 1075724 SUSE bug 1076308 SUSE bug 897422 CVE-2017-15908 CVE-2018-1049 openSUSE Leap 42.3 This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of "high" resolution time to 1ms. + bsc#1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown (CVE-2017-5753 and CVE-2017-5715). Update to version 2.18.4: + Make WebDriver implementation more spec compliant. + Fix a bug when trying to remove cookies before a web process is spawned. + WebKitWebDriver process no longer links to libjavascriptcoregtk. + Fix several memory leaks in GStreamer media backend. + bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. Update to version 2.18.3: + Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. + Fix handling of null capabilities in WebDriver implementation. + Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803. Update to version 2.18.2: + Fix rendering of arabic text. + Fix a crash in the web process when decoding GIF images. + Fix rendering of wind in Windy.com. + Fix several crashes and rendering issues. Update to version 2.18.1: + Improve performance of GIF animations. + Fix garbled display in GMail. + Fix rendering of several material design icons when using the web font. + Fix flickering when resizing the window in Wayland. + Prevent default kerberos authentication credentials from being used in ephemeral sessions. + Fix a crash when webkit_web_resource_get_data() is cancelled. + Correctly handle touchmove and touchend events in WebKitWebView. + Fix the build with enchant 2.1.1. + Fix the build in HPPA and Alpha. + Fix several crashes and rendering issues. + Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. - Enable gold linker on s390/s390x on SLE15/Tumbleweed. This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1020950 SUSE bug 1024749 SUSE bug 1050469 SUSE bug 1066892 SUSE bug 1069925 SUSE bug 1073654 SUSE bug 1075419 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7156 CVE-2017-7157 openSUSE Leap 42.3 This update for ImageMagick fixes the following security issues: - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage() function in coders/mpc.c via a crafted file allowing for DoS (bsc#1050129) - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function (bsc#1108283) - CVE-2018-16749: Added missing NULL check in ReadOneJNGImage that allowed an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file (bsc#1108282) - CVE-2018-16642: The function InsertRow allowed remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write (bsc#1107616) - CVE-2018-16640: Prevent memory leak in the function ReadOneJNGImage (bsc#1107619) - CVE-2018-16643: The functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage did check the return value of the fputc function, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107612) - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) - CVE-2018-16413: Prevent heap-based buffer over-read in the PushShortPixel function leading to DoS (bsc#1106989) This update also relaxes the restrictions of use of Postscript like formats to "write" only. (bsc#1105592) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1050129 SUSE bug 1105592 SUSE bug 1106989 SUSE bug 1107604 SUSE bug 1107609 SUSE bug 1107612 SUSE bug 1107616 SUSE bug 1107619 SUSE bug 1108282 SUSE bug 1108283 CVE-2017-11532 CVE-2018-16413 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) Moderate SUSE bug 1111069 CVE-2018-18024 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13096: A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image (bnc#1100062). - CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG) (bnc#1100061). - CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode (bnc#1100060). - CVE-2018-13099: A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr (bnc#1100059). - CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error (bnc#1100056). - CVE-2018-14613: There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c (bnc#1102896). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829). - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-16597: Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). The following non-security bugs were fixed: - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bnc#1012382). - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bnc#1012382). - alsa: hda - Fix cancel_work_sync() stall from jackpoll work (bnc#1012382). - alsa: msnd: Fix the default sample sizes (bnc#1012382). - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bnc#1012382). - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bnc#1012382). - arc: [plat-axs*]: Enable SWAP (bnc#1012382). - arm64: bpf: jit JMP_JSET_{X,K} (bsc#1110613). - arm64: Correct type for PUD macros (bsc#1110600). - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger (bnc#1012382). - arm64: fix erroneous __raw_read_system_reg() cases (bsc#1110606). - arm64: Fix potential race with hardware DBM in ptep_set_access_flags() (bsc#1110605). - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1110603). - arm64: kasan: avoid bad virt_to_pfn() (bsc#1110612). - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1110619). - arm64/kasan: do not allocate extra shadow memory (bsc#1110611). - arm64: kernel: Update kerneldoc for cpu_suspend() rename (bsc#1110602). - arm64: kgdb: handle read-only text / modules (bsc#1110604). - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1110618). - arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails (bsc#1110601). - arm64: supported.conf: mark armmmci as not supported - arm64 Update config files. (bsc#1110468) Set MMC_QCOM_DML to build-in and delete driver from supported.conf - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1110614). - arm: exynos: Clear global variable on init error path (bnc#1012382). - arm: hisi: check of_iomap and fix missing of_node_put (bnc#1012382). - arm: hisi: fix error handling and missing of_node_put (bnc#1012382). - arm: hisi: handle of_iomap and fix missing of_node_put (bnc#1012382). - asm/sections: add helpers to check for section data (bsc#1063026). - asoc: cs4265: fix MMTLR Data switch control (bnc#1012382). - asoc: wm8994: Fix missing break in switch (bnc#1012382). - ata: libahci: Correct setting of DEVSLP register (bnc#1012382). - ath10k: disable bundle mgmt tx completion event support (bnc#1012382). - ath10k: prevent active scans on potential unusable channels (bnc#1012382). - audit: fix use-after-free in audit_add_watch (bnc#1012382). - autofs: fix autofs_sbi() does not check super block type (bnc#1012382). - binfmt_elf: Respect error return from `regset->active' (bnc#1012382). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979). - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bnc#1012382). - Bluetooth: hidp: Fix handling of strncpy for hid->name information (bnc#1012382). - bpf: fix overflow in prog accounting (bsc#1012382). - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382). - btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096). - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012382). - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,). - cfq: Give a chance for arming slice idle timer in case of group_idle (bnc#1012382). - cifs: check if SMB2 PDU size has been padded and suppress the warning (bnc#1012382). - cifs: fix wrapping bugs in num_entries() (bnc#1012382). - cifs: integer overflow in in SMB2_ioctl() (bsc#1012382). - cifs: prevent integer overflow in nxt_dir_entry() (bnc#1012382). - clk: imx6ul: fix missing of_node_put() (bnc#1012382). - coresight: Handle errors in finding input/output ports (bnc#1012382). - coresight: tpiu: Fix disabling timeouts (bnc#1012382). - cpu/hotplug: Fix SMT supported evaluation (bsc#1089343). - crypto: clarify licensing of OpenSSL asm code (). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bnc#1012382). - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes). - debugobjects: Make stack check warning more informative (bnc#1012382). - Define early_radix_enabled() (bsc#1094244). - Delete patches.fixes/slab-__GFP_ZERO-is-incompatible-with-a-constructor.patch (bnc#1110297) we still have a code which uses both __GFP_ZERO and constructors. The code seems to be correct and the warning does more harm than good so revert for the the meantime until we catch offenders. - dmaengine: pl330: fix irq race with terminate_all (bnc#1012382). - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382). - dm-mpath: do not try to access NULL rq (bsc#1110337). - dm-mpath: finally fixup cmd_flags (bsc#1110930). - drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config (bnc#1012382). - drivers: net: cpsw: fix segfault in case of bad phy-handle (bnc#1012382). - drm/amdkfd: Fix error codes in kfd_get_process (bnc#1012382). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bnc#1012382). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bnc#1012382). - EDAC: Fix memleak in module init error path (bsc#1109441). - EDAC, i7core: Fix memleaks and use-after-free on probe and remove (1109441). - ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle (bnc#1012382). - ethtool: Remove trailing semicolon for static inline (bnc#1012382). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bnc#1012382). - ext4: do not mark mmp buffer head dirty (bnc#1012382). - ext4: fix online resize's handling of a too-small final block group (bnc#1012382). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bnc#1012382). - ext4: recalucate superblock checksum after updating free blocks/inodes (bnc#1012382). - f2fs: do not set free of current section (bnc#1012382). - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize (bnc#1012382). - fat: validate ->i_start before using (bnc#1012382). - fbdev: Distinguish between interlaced and progressive modes (bnc#1012382). - fbdev/via: fix defined but not used warning (bnc#1012382). - Follow-up fix for patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch. (bsc#1108803) - fork: do not copy inconsistent signal handler state to child (bnc#1012382). - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (bnc#1012382). - fs/eventpoll: loosen irq-safety when possible (bsc#1096052). - genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382). - gfs2: Special-case rindex for gfs2_grow (bnc#1012382). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bnc#1012382). - gpio: ml-ioh: Fix buffer underwrite on probe error path (bnc#1012382). - gpio: tegra: Move driver registration to subsys_init level (bnc#1012382). - gso_segment: Reset skb->mac_len after modifying network header (bnc#1012382). - hfsplus: do not return 0 when fill_super() failed (bnc#1012382). - hfs: prevent crash on exit from failed search (bnc#1012382). - HID: sony: Support DS4 dongle (bnc#1012382). - HID: sony: Update device ids (bnc#1012382). - i2c: i801: fix DNV's SMBCTRL register offset (bnc#1012382). - i2c: xiic: Make the start and the byte count write atomic (bnc#1012382). - i2c: xlp9xx: Add support for SMBAlert (bsc#1103308). - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1103308). - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1103308). - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1103308). - ib/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bnc#1012382). - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562). - input: atmel_mxt_ts - only use first T9 instance (bnc#1012382). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bnc#1012382). - iommu/ipmmu-vmsa: Fix allocation in atomic context (bnc#1012382). - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308). - ipv6: fix possible use-after-free in ip6_xmit() (bnc#1012382). - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bnc#1012382). - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382). - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() (bnc#1012382). - iw_cxgb4: only allow 1 flush on user qps (bnc#1012382). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - kabi protect hnae_ae_ops (bsc#1107924). - kbuild: add .DELETE_ON_ERROR special target (bnc#1012382). - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382). - kernel/params.c: downgrade warning for unsafe parameters (bsc#1050549). - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - kthread: fix boot hang (regression) on MIPS/OpenRISC (bnc#1012382). - kthread: Fix use-after-free if kthread fork fails (bnc#1012382). - kvm: nVMX: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240). - kvm: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240). - kvm: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240). - kvm: x86: fix APIC page invalidation (bsc#1106240). - kvm/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240). - kvm: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (bsc#1106240). - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810). - locking/osq_lock: Fix osq_lock queue corruption (bnc#1012382). - locking/rwsem-xadd: Fix missed wakeup due to reordering of load (bnc#1012382). - lpfc: fixup crash in lpfc_els_unsol_buffer() (bsc#1107318). - mac80211: restrict delayed tailroom needed decrement (bnc#1012382). - macintosh/via-pmu: Add missing mmio accessors (bnc#1012382). - md/raid1: exit sync request if MD_RECOVERY_INTR is set (git-fixes). - md/raid5: fix data corruption of replacements after originals dropped (bnc#1012382). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bnc#1012382). - mei: bus: type promotion bug in mei_nfc_if_version() (bnc#1012382). - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382). - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bnc#1012382). - misc: hmc6352: fix potential Spectre v1 (bnc#1012382). - misc: mic: SCIF Fix scif_get_new_port() error handling (bnc#1012382). - misc: ti-st: Fix memory leak in the error path of probe() (bnc#1012382). - mmc: mmci: stop building qcom dml as module (bsc#1110468). - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382). - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1110006). - mm: get rid of vmacache_flush_all() entirely (bnc#1012382). - mm: shmem.c: Correctly annotate new inodes for lockdep (bnc#1012382). - mtdchar: fix overflows in adjustment of `count` (bnc#1012382). - mtd/maps: fix solutionengine.c printk format warnings (bnc#1012382). - neighbour: confirm neigh entries when ARP packet is received (bnc#1012382). - net/9p: fix error path of p9_virtio_probe (bnc#1012382). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (bnc#1012382). - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382). - net: dcb: For wild-card lookups, use priority -1, not 0 (bnc#1012382). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240). - net: ena: fix device destruction to gracefully free resources (bsc#1108240). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240). - net: ena: fix incorrect usage of memory barriers (bsc#1108240). - net: ena: fix missing calls to READ_ONCE (bsc#1108240). - net: ena: fix missing lock during device destruction (bsc#1108240). - net: ena: fix potential double ena_destroy_device() (bsc#1108240). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108240). - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (bsc#1110616). - net: ethernet: ti: cpsw: fix mdio device reference leak (bnc#1012382). - netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user (bnc#1012382). - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924). - net: hns: add the code for cleaning pkt in chip (bsc#1107924). - net: hp100: fix always-true check for link up state (bnc#1012382). - net: mvneta: fix mtu change on port without link (bnc#1012382). - net: mvneta: fix mvneta_config_rss on armada 3700 (bsc#1110615). - nfc: Fix possible memory corruption when handling SHDLC I-Frame commands (bnc#1012382). - nfc: Fix the number of pipes (bnc#1012382). - nfs: Use an appropriate work queue for direct-write completion (bsc#1082519). - nfsv4.0 fix client reference leak in callback (bnc#1012382). - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189). - nvmet: fixup crash on NULL device path (bsc#1082979). - ocfs2: fix ocfs2 read block panic (bnc#1012382). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512) - ovl: proper cleanup of workdir (bnc#1012382). - ovl: rename is_merge to is_lowest (bnc#1012382). - parport: sunbpp: fix error return code (bnc#1012382). - partitions/aix: append null character to print data from disk (bnc#1012382). - partitions/aix: fix usage of uninitialized lv_info and lvname structures (bnc#1012382). - PCI: altera: Fix bool initialization in tlp_read_packet() (bsc#1109806). - PCI: designware: Fix I/O space page leak (bsc#1109806). - PCI: designware: Fix pci_remap_iospace() failure path (bsc#1109806). - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382). - PCI: OF: Fix I/O space page leak (bsc#1109806). - PCI: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1109806). - PCI: shpchp: Fix AMD POGO identification (bsc#1109806). - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (bsc#1109806). - PCI: versatile: Fix I/O space page leak (bsc#1109806). - PCI: versatile: Fix pci_remap_iospace() failure path (bsc#1109806). - PCI: xgene: Fix I/O space page leak (bsc#1109806). - PCI: xilinx: Add missing of_node_put() (bsc#1109806). - perf powerpc: Fix callchain ip filtering (bnc#1012382). - perf powerpc: Fix callchain ip filtering when return address is in a register (bnc#1012382). - perf tools: Allow overriding MAX_NR_CPUS at compile time (bnc#1012382). - phy: qcom-ufs: add MODULE_LICENSE tag (bsc#1110468). - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bnc#1012382). - pipe: actually allow root to exceed the pipe buffer limit (git-fixes). - platform/x86: alienware-wmi: Correct a memory leak (bnc#1012382). - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bnc#1012382). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bnc#1012382). - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244). - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244). - powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244). - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check (git-fixes). - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1066223). - powerpc/powernv: opal_put_chars partial write fix (bnc#1012382). - powerpc/powernv: Rename machine_check_pSeries_early() to powernv (bsc#1094244). - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bnc#1012382). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - printk: do not spin in printk when in nmi (bsc#1094244). - pstore: Fix incorrect persistent ram buffer mapping (bnc#1012382). - rdma/cma: Do not ignore net namespace for unbound cm_id (bnc#1012382). - rdma/cma: Protect cma dev list with lock (bnc#1012382). - rdma/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header (bsc#1082979). - reiserfs: change j_timestamp type to time64_t (bnc#1012382). - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" (bnc#1012382). - Revert "dma-buf/sync-file: Avoid enable fence signaling if poll(.timeout=0)" (bsc#1111363). - Revert "Drop kernel trampoline stack." This reverts commit 85dead31706c1c1755adff90405ff9861c39c704. - Revert "kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)" This reverts commit edde1f21880e3bfe244c6f98a3733b05b13533dc. - Revert "mm: get rid of vmacache_flush_all() entirely" (kabi). - Revert "NFC: Fix the number of pipes" (kabi). - ring-buffer: Allow for rescheduling when removing pages (bnc#1012382). - rtc: bq4802: add error handling for devm_ioremap (bnc#1012382). - s390/dasd: fix hanging offline processing due to canceled worker (bnc#1012382). - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT (bnc#1108315, LTC#171326). - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382 bnc#1106934). - s390/qeth: fix race in used-buffer accounting (bnc#1012382). - s390/qeth: reset layer2 attribute on layer switch (bnc#1012382). - s390/qeth: use vzalloc for QUERY OAT buffer (bnc#1108315, LTC#171527). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (Git-fixes). - sch_hhf: fix null pointer dereference on init failure (bnc#1012382). - sch_htb: fix crash on init failure (bnc#1012382). - sch_multiq: fix double free on init failure (bnc#1012382). - sch_netem: avoid null pointer deref on init failure (bnc#1012382). - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382). - scripts: modpost: check memory allocation results (bnc#1012382). - scsi: 3ware: fix return 0 on the error path of probe (bnc#1012382). - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427). - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427). - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555). - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555). - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427). - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555). - scsi: qla2xxx: correctly shift host byte (bsc#1094555). - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555). - scsi: qla2xxx: Delete session for nport id change (bsc#1094555). - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427). - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555). - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555). - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555). - scsi: qla2xxx: fix error message on <qla2400 (bsc#1094555). - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427). - scsi: qla2xxx: Fix function argument descriptions (bsc#1094555). - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1094555). - scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (bsc#1094555). - scsi: qla2xxx: Fix login retry count (bsc#1094555). - scsi: qla2xxx: Fix Management Server NPort handle reservation logic (bsc#1094555). - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1094555). - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427). - scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555). - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (bsc#1094555). - scsi: qla2xxx: Fix race between switch cmd completion and timeout (bsc#1094555). - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1094555). - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1094555). - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427). - scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1094555). - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1094555). - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1094555). - scsi: qla2xxx: Fix stalled relogin (bsc#1094555). - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1094555). - scsi: qla2xxx: Fix unintended Logout (bsc#1094555). - scsi: qla2xxx: Fix unintialized List head crash (bsc#1094555). - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1094555). - scsi: qla2xxx: fx00 copypaste typo (bsc#1094555). - scsi: qla2xxx: Migrate NVME N2N handling into state machine (bsc#1094555). - scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1094555). - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1094555). - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1094555). - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1094555). - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1094555). - scsi: qla2xxx: Remove nvme_done_list (bsc#1084427). - scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1094555). - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe (bsc#1084427). - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084427). - scsi: qla2xxx: Return busy if rport going away (bsc#1084427). - scsi: qla2xxx: Save frame payload size from ICB (bsc#1094555). - scsi: qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote() (bsc#1084427). - scsi: qla2xxx: Silent erroneous message (bsc#1094555). - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427). - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1094555). - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1094555). - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555). - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1094555). - scsi: target: fix __transport_register_session locking (bnc#1012382). - selftests/powerpc: Kill child processes on SIGINT (bnc#1012382). - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress (bnc#1012382). - selinux: use GFP_NOWAIT in the AVC kmem_caches (bnc#1012382). - smb3: fix reset of bytes read and written stats (bnc#1012382). - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS (bnc#1012382). - srcu: Allow use of Tiny/Tree SRCU from both process and interrupt context (bsc#1050549). - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free (bnc#1012382). - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bnc#1012382). - staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page (bnc#1012382). - staging/rts5208: Fix read overflow in memcpy (bnc#1012382). - stop_machine: Atomically queue and wake stopper threads (git-fixes). - tcp: do not restart timewait timer on rst reception (bnc#1012382). - Tools: hv: Fix a bug in the key delete code (bnc#1012382). - tty: Drop tty->count on tty_reopen() failure (bnc#1105428). As this depends on earlier tty patches, they were moved to the sorted section too. - tty: rocket: Fix possible buffer overwrite on register_PCI (bnc#1012382). - tty: vt_ioctl: fix potential Spectre v1 (bnc#1012382). - uio: potential double frees if __uio_register_device() fails (bnc#1012382). - Update patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-request.patch (bsc#1088087, bsc#1103156). - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bnc#1012382). - USB: Add quirk to support DJI CineSSD (bnc#1012382). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bnc#1012382). - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() (bnc#1012382). - usb: Do not die twice if PCI xhci host is not responding in resume (bnc#1012382). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bnc#1012382). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bnc#1012382). - USB: net2280: Fix erroneous synchronization change (bnc#1012382). - USB: serial: io_ti: fix array underflow in completion handler (bnc#1012382). - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bnc#1012382). - USB: yurex: Fix buffer over-read in yurex_write() (bnc#1012382). - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405). - video: goldfishfb: fix memory leak on driver remove (bnc#1012382). - vmw_balloon: include asm/io.h (bnc#1012382). - vti6: remove !skb->ignore_df check from vti6_xmit() (bnc#1012382). - watchdog: w83627hf: Added NCT6102D support (bsc#1106434). - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/boot: Fix "run_size" calculation (bsc#1110006). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bnc#1012382). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bnc#1012382). - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382). - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006). - x86/vdso: Fix vDSO build if a retpoline is emitted (bsc#1110006). - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006). - x86/vdso: Only enable vDSO retpolines when enabled and supported (bsc#1110006). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen-netfront: fix queue name setting (bnc#1012382). - xen/netfront: fix waiting for xenbus state change (bnc#1012382). - xen-netfront: fix warn message as irq device name has '/' (bnc#1012382). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bnc#1012382). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: fix transaction allocation deadlock in IO path (bsc#1090535). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: only run torn log write detection on dirty logs (bsc#1095753). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor in-core log state update to helper (bsc#1095753). - xfs: refactor unmount record detection into helper (bsc#1095753). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: separate log head record discovery from verification (bsc#1095753). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). - xfrm: fix 'passing zero to ERR_PTR()' warning (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1044189 SUSE bug 1050549 SUSE bug 1063026 SUSE bug 1065600 SUSE bug 1066223 SUSE bug 1082519 SUSE bug 1082863 SUSE bug 1082979 SUSE bug 1084427 SUSE bug 1084536 SUSE bug 1088087 SUSE bug 1089343 SUSE bug 1090535 SUSE bug 1094244 SUSE bug 1094555 SUSE bug 1094562 SUSE bug 1095344 SUSE bug 1095753 SUSE bug 1096052 SUSE bug 1096547 SUSE bug 1099597 SUSE bug 1099810 SUSE bug 1100056 SUSE bug 1100059 SUSE bug 1100060 SUSE bug 1100061 SUSE bug 1100062 SUSE bug 1102495 SUSE bug 1102715 SUSE bug 1102870 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103156 SUSE bug 1103269 SUSE bug 1103308 SUSE bug 1103405 SUSE bug 1105428 SUSE bug 1105795 SUSE bug 1106095 SUSE bug 1106105 SUSE bug 1106240 SUSE bug 1106293 SUSE bug 1106434 SUSE bug 1106512 SUSE bug 1106594 SUSE bug 1106934 SUSE bug 1107318 SUSE bug 1107829 SUSE bug 1107924 SUSE bug 1108096 SUSE bug 1108170 SUSE bug 1108240 SUSE bug 1108315 SUSE bug 1108399 SUSE bug 1108803 SUSE bug 1108823 SUSE bug 1109333 SUSE bug 1109336 SUSE bug 1109337 SUSE bug 1109441 SUSE bug 1109806 SUSE bug 1110006 SUSE bug 1110297 SUSE bug 1110337 SUSE bug 1110363 SUSE bug 1110468 SUSE bug 1110600 SUSE bug 1110601 SUSE bug 1110602 SUSE bug 1110603 SUSE bug 1110604 SUSE bug 1110605 SUSE bug 1110606 SUSE bug 1110611 SUSE bug 1110612 SUSE bug 1110613 SUSE bug 1110614 SUSE bug 1110615 SUSE bug 1110616 SUSE bug 1110618 SUSE bug 1110619 SUSE bug 1110930 SUSE bug 1111363 CVE-2018-13096 CVE-2018-13097 CVE-2018-13098 CVE-2018-13099 CVE-2018-13100 CVE-2018-14613 CVE-2018-14617 CVE-2018-14633 CVE-2018-16276 CVE-2018-16597 CVE-2018-17182 CVE-2018-7480 CVE-2018-7757 openSUSE Leap 42.3 This update for php7 fixes several issues. These security issues were fixed: - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220). - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1076220 SUSE bug 1076391 CVE-2018-5711 CVE-2018-5712 openSUSE Leap 42.3 Samba was updated to 4.6.15, bringing bug and security fixes. (bsc#1110943) Following security issues were fixed: - CVE-2018-10919: Fix unauthorized attribute access via searches. (bsc#1095057); Non-security bugs fixed: - Fix ctdb_mutex_ceph_rados_helper deadlock (bsc#1102230). - Allow idmap_rid to have primary group other than "Domain Users" (bsc#1087931). - winbind: avoid using fstrcpy in _dual_init_connection. - Fix ntlm authentications with "winbind use default domain = yes" (bsc#1068059). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1068059 SUSE bug 1087931 SUSE bug 1095057 SUSE bug 1102230 SUSE bug 1110943 CVE-2018-10919 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18024: Fixed an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (bsc#1111069) - CVE-2018-18016: Fixed a memory leak in WritePCXImage (bsc#1111072). - CVE-2018-17965: Fixed a memory leak in WriteSGIImage (bsc#1110747). - CVE-2018-17966: Fixed a memory leak in WritePDBImage (bsc#1110746). - CVE-2018-12600: ReadDIBImage and WriteDIBImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098545) - CVE-2018-12599: ReadBMPImage and WriteBMPImage allowed attackers to cause an out of bounds write via a crafted file. (bsc#1098546) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1098545 SUSE bug 1098546 SUSE bug 1110746 SUSE bug 1110747 SUSE bug 1111069 SUSE bug 1111072 CVE-2017-13058 CVE-2018-12599 CVE-2018-12600 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 openSUSE Leap 42.3 This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to "no". - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add "-z undefs" command line option as the inverse of the "-z defs" option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1029907 SUSE bug 1029908 SUSE bug 1029909 SUSE bug 1030296 SUSE bug 1030297 SUSE bug 1030298 SUSE bug 1030584 SUSE bug 1030585 SUSE bug 1030588 SUSE bug 1030589 SUSE bug 1031590 SUSE bug 1031593 SUSE bug 1031595 SUSE bug 1031638 SUSE bug 1031644 SUSE bug 1031656 SUSE bug 1037052 SUSE bug 1037057 SUSE bug 1037061 SUSE bug 1037066 SUSE bug 1037273 SUSE bug 1044891 SUSE bug 1044897 SUSE bug 1044901 SUSE bug 1044909 SUSE bug 1044925 SUSE bug 1044927 SUSE bug 1065643 SUSE bug 1065689 SUSE bug 1065693 SUSE bug 1068640 SUSE bug 1068643 SUSE bug 1068887 SUSE bug 1068888 SUSE bug 1068950 SUSE bug 1069176 SUSE bug 1069202 SUSE bug 1074741 SUSE bug 1077745 SUSE bug 1079103 SUSE bug 1079741 SUSE bug 1080556 SUSE bug 1081527 SUSE bug 1083528 SUSE bug 1083532 SUSE bug 1085784 SUSE bug 1086608 SUSE bug 1086784 SUSE bug 1086786 SUSE bug 1086788 SUSE bug 1090997 SUSE bug 1091015 SUSE bug 1091365 SUSE bug 1091368 CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 openSUSE Leap 42.3 This update for icinga fixes the following issues: Update to 1.14.0 - CVE-2015-8010: Fixed XSS in the icinga classic UI (boo#952777) - CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root (boo#1011630 and boo#1018047) - CVE-2016-0726: removed the pre-configured administrative account with fixed password for the WebUI - (boo#961115) Moderate SUSE bug 1011630 SUSE bug 1018047 SUSE bug 952777 SUSE bug 961115 CVE-2015-8010 CVE-2016-0726 CVE-2016-10089 CVE-2016-8641 openSUSE Leap 42.3 This update for libssh fixes the following security issue: - CVE-2018-10933: Fixed a server mode authentication bypass (boo#1108020). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1108020 CVE-2018-10933 openSUSE Leap 42.3 This update for freeimage fixes one issues. This security issue was fixed: - CVE-2016-5684: Prevent out-of-bounds write vulnerability in the XMP image handling functionality. A specially crafted XMP file could have caused an arbitrary memory overwrite resulting in code execution (boo#1002621). Important SUSE bug 1002621 CVE-2016-5684 openSUSE Leap 42.3 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-13065: Prevent NULL pointer dereference in the function SVGStartElement (bsc#1055038) - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021). - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051). Moderate SUSE bug 1055038 SUSE bug 1075939 SUSE bug 1076021 SUSE bug 1076051 CVE-2017-13063 CVE-2017-13065 CVE-2017-18027 CVE-2017-18029 CVE-2018-5685 openSUSE Leap 42.3 This update for fuse fixes the following security issue: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1101797 CVE-2018-10906 openSUSE Leap 42.3 This update for libXfont fixes several issues. These security issues were fixed: - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1049692 SUSE bug 1050459 SUSE bug 1054285 CVE-2017-13720 CVE-2017-13722 openSUSE Leap 42.3 This update for pam_pkcs11 provides the following fixes: Security issues fixed (bsc#1105012): - Fixed a logic bug in pampkcs11.c, leading to an authentication replay vulnerability - Fixed a stack-based buffer overflow in opensshmapper.c - Make sure memory is properly cleaned before invoking free() Other changes: - Add a systemd service file. (bsc#1049219) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1049219 SUSE bug 1105012 openSUSE Leap 42.3 This update for apache-pdfbox fixes the following security issue: - CVE-2018-8036: A crafted file could have triggered an infinite loop which lead to DoS (bsc#1099721). - CVE-2018-11797: A carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. (bsc#1111009): This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1099721 SUSE bug 1111009 CVE-2018-11797 CVE-2018-8036 openSUSE Leap 42.3 This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This non-security issue was fixed: - Use ksym-provides tool [bsc#1077692] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1077692 SUSE bug 943457 CVE-2017-7500 CVE-2017-7501 openSUSE Leap 42.3 This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1106853 SUSE bug 1108627 SUSE bug 1108637 SUSE bug 1110358 CVE-2017-11613 CVE-2017-9935 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 openSUSE Leap 42.3 This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed (bsc#1112111): - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox - CVE-2018-17465: Use after free in V8 - CVE-2018-17466: Memory corruption in Angle - CVE-2018-17467: URL spoof in Omnibox - CVE-2018-17468: Cross-origin URL disclosure in Blink - CVE-2018-17469: Heap buffer overflow in PDFium - CVE-2018-17470: Memory corruption in GPU Internals - CVE-2018-17471: Security UI occlusion in full screen mode - CVE-2018-17473: URL spoof in Omnibox - CVE-2018-17474: Use after free in Blink - CVE-2018-17475: URL spoof in Omnibox - CVE-2018-17476: Security UI occlusion in full screen mode - CVE-2018-5179: Lack of limits on update() in ServiceWorker - CVE-2018-17477: UI spoof in Extensions VAAPI hardware accelerated rendering is now enabled by default. This update contains the following packaging changes: - Use the system libusb-1.0 library - Use bundled harfbuzz library - Disable gnome-keyring to avoid crashes Important SUSE bug 1112111 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17472 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-17477 CVE-2018-5179 openSUSE Leap 42.3 This update for ecryptfs-utils fixes the following issues: - CVE-2015-8946: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning (bsc#989121) - CVE-2016-6224: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive (bsc#989122) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 989121 SUSE bug 989122 CVE-2015-8946 CVE-2016-6224 openSUSE Leap 42.3 This update for tomcat fixes the following issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1110850 CVE-2018-11784 openSUSE Leap 42.3 This update for zziplib fixes the following issues: - CVE-2018-17828: Remove any "../" components from pathnames of extracted files to avoid path traversal during unpacking. (bsc#1110687) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1110687 CVE-2018-17828 openSUSE Leap 42.3 This update for postgresql96 to 9.6.10 fixes the following issues: These security issues were fixed: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202) For addition details please see https://www.postgresql.org/docs/current/static/release-9-6-10.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1104199 SUSE bug 1104202 CVE-2018-10915 CVE-2018-10925 openSUSE Leap 42.3 This update for chromium to version 64.0.3282.140 fixes the following security issues: - CVE-2018-6406: Various asan fixes (boo#1078463, boo#1079021) The regular expression library re2 was updated to 2018-02-01. Moderate SUSE bug 1078463 SUSE bug 1079021 CVE-2018-6406 openSUSE Leap 42.3 This update for NTP to version 4.2.8p12 fixes the following vulnerabilities (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 openSUSE Leap 42.3 MySQL Community Server was updated to 5.6.42, fixing bugs and security issues: Changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-42.html Fixed CVEs: - CVE-2016-9843 [boo#1013882], CVE-2018-3143 [boo#1112421], - CVE-2018-3156 [boo#1112417], CVE-2018-3251 [boo#1112397], - CVE-2018-3133 [boo#1112369], CVE-2018-3247 [boo#1112398], - CVE-2018-3174 [boo#1112368], CVE-2018-3276 [boo#1112393], - CVE-2018-3278 [boo#1112390], CVE-2018-3282 [boo#1112432], Important SUSE bug 1013882 SUSE bug 1112368 SUSE bug 1112369 SUSE bug 1112390 SUSE bug 1112393 SUSE bug 1112397 SUSE bug 1112398 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 CVE-2016-9843 CVE-2018-3133 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3247 CVE-2018-3251 CVE-2018-3276 CVE-2018-3278 CVE-2018-3282 openSUSE Leap 42.3 This update for webkit2gtk3 to version 2.20.3 fixes the issues: The following security vulnerabilities were addressed: - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999) - CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect (bsc#1077535). - CVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535). - CVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1075775). - CVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280). - CVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1092279). - CVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4113: An issue in the JavaScriptCore function in the "WebKit" component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182) - CVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1088182, bsc#1102530). - CVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182) - CVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1092278). - CVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted web site (bsc#1088182). - CVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1088182). - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693) - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free (bsc#1097693) - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted web site (bsc#1097693) - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1097693) - CVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted web site that leverages type confusion (bsc#1104169) - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611) - CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182). - CVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection (bsc#1096060). - CVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061). This update for webkit2gtk3 fixes the following issues: - Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932). - Fixed crash when using Wayland with QXL/virtio (bsc#1079512) - Disable Gigacage if mmap fails to allocate in Linux. - Add user agent quirk for paypal website. - Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations. - Fix a network process crash when trying to get cookies of about:blank page. - Fix UI process crash when closing the window under Wayland. - Fix several crashes and rendering issues. - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid painting backing stores for zero-opacity layers. - Fix downloads started by context menu failing in some websites due to missing user agent HTTP header. - Fix video unpause when GStreamerGL is disabled. - Fix several GObject introspection annotations. - Update user agent quiks to fix Outlook.com and Chase.com. - Fix several crashes and rendering issues. - Improve error message when Gigacage cannot allocate virtual memory. - Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h. - Improve web process memory monitor thresholds. - Fix a web process crash when the web view is created and destroyed quickly. - Fix a network process crash when load is cancelled while searching for stored HTTP auth credentials. - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled. - New API to retrieve and delete cookies with WebKitCookieManager. - New web process API to detect when form is submitted via JavaScript. - Several improvements and fixes in the touch/gestures support. - Support for the “system” CSS font family. - Complex text rendering improvements and fixes. - More complete and spec compliant WebDriver implementation. - Ensure DNS prefetching cannot be re-enabled if disabled by settings. - Fix seek sometimes not working. - Fix rendering of emojis that were using the wrong scale factor in some cases. - Fix rendering of combining enclosed keycap. - Fix rendering scale of some layers in HiDPI. - Fix a crash in Wayland when closing the web view. - Fix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower. - Fix memory leaks in GStreamer media backend when using GStreamer 1.14. - Fix several crashes and rendering issues. - Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support. - Fix a crash a under Wayland when using mesa software rasterization. - Make fullscreen video work again. - Fix handling of missing GStreamer elements. - Fix rendering when webm video is played twice. - Fix kinetic scrolling sometimes jumping around. - Fix build with ICU configured without collation support. - WebSockets use system proxy settings now (requires libsoup 2.61.90). - Show the context menu on long-press gesture. - Add support for Shift + mouse scroll to scroll horizontally. - Fix zoom gesture to actually zoom instead of changing the page scale. - Implement support for Graphics ARIA roles. - Make sleep inhibitors work under Flatpak. - Add get element CSS value command to WebDriver. - Fix a crash aftter a swipe gesture. - Fix several crashes and rendering issues. - Fix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk. - Fix parsing of timeout values in WebDriver. - Implement get timeouts command in WebDriver. - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. - Fix several crashes and rendering issues. - Add web process API to detect when form is submitted via JavaScript. - Add new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated. - Add WebKitWebView::web-process-terminated signal and deprecate web-process-crashed. - Fix rendering issues when editing text areas. - Use FastMalloc based GstAllocator for GStreamer. - Fix web process crash at startup in bmalloc. - Fix several memory leaks in GStreamer media backend. - WebKitWebDriver process no longer links to libjavascriptcoregtk. - Fix several crashes and rendering issues. - Add new API to add, retrieve and delete cookies via WebKitCookieManager. - Add functions to WebSettings to convert font sizes between points and pixels. - Ensure cookie operations take effect when they happen before a web process has been spawned. - Automatically adjust font size when GtkSettings:gtk-xft-dpi changes. - Add initial resource load statistics support. - Add API to expose availability of certain editing commands in WebKitEditorState. - Add API to query whether a WebKitNavigationAction is a redirect or not. - Improve complex text rendering. - Add support for the "system" CSS font family. - Disable USE_GSTREAMER_GL This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1075775 SUSE bug 1077535 SUSE bug 1079512 SUSE bug 1088182 SUSE bug 1088932 SUSE bug 1092278 SUSE bug 1092279 SUSE bug 1092280 SUSE bug 1095611 SUSE bug 1096060 SUSE bug 1096061 SUSE bug 1097693 SUSE bug 1101999 SUSE bug 1102530 SUSE bug 1104169 CVE-2017-13884 CVE-2017-13885 CVE-2017-7153 CVE-2017-7160 CVE-2017-7161 CVE-2017-7165 CVE-2018-11646 CVE-2018-11712 CVE-2018-11713 CVE-2018-12911 CVE-2018-4088 CVE-2018-4096 CVE-2018-4101 CVE-2018-4113 CVE-2018-4114 CVE-2018-4117 CVE-2018-4118 CVE-2018-4119 CVE-2018-4120 CVE-2018-4121 CVE-2018-4122 CVE-2018-4125 CVE-2018-4127 CVE-2018-4128 CVE-2018-4129 CVE-2018-4133 CVE-2018-4146 CVE-2018-4161 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4190 CVE-2018-4199 CVE-2018-4200 CVE-2018-4204 CVE-2018-4218 CVE-2018-4222 CVE-2018-4232 CVE-2018-4233 CVE-2018-4246 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-10794: When GraphicsMagick processed an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occured, related to QuantumTransferMode. (boo#1112392) - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. (boo#1112399) Moderate SUSE bug 1112392 SUSE bug 1112399 CVE-2017-10794 CVE-2017-14997 openSUSE Leap 42.3 This update for gimp fixes the following issues: - Don't build gimp with webkit1 support, as it is no longer maintained and has plenty of security bugs. This disables the GIMP's built-in help browser; it will use an external browser when configured this way. This works around a number of security vulnerabilities in Webkit1. This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1050469 openSUSE Leap 42.3 This update for translate-toolkit to 2.2.4 fixes several issues. This security issue was fixed: - Prevent inclusion of external ressources (XXE) (boo#1073535) These non-security issues were fixed: - Added support for nested and WebExtension JSON dialects. - po2txt no longer converts non-translatable strings. - Improvement for puncspace check. - Support for .xliff extension. - Added MinimalChecker and ReducedChecker checkers. - Fixed resolving of country names translations. - Refactored functions for resolving language/country names translation to be memory efficient. - Improvements for ts and subtitles formats. - Fixed Montenegrin language name. - Avoid resolving external entities while parsing XML. - Improvements for Android, ts and resx formats. - Added support for PHP nested arrays. - Added Kabyle language Moderate SUSE bug 1073535 openSUSE Leap 42.3 This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: - CVE-2017-14997: GraphicsMagick allowed remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. [bsc#1112399] - CVE-2018-16644: An regression in the security fix for the pict coder was fixed (bsc#1107609) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1107609 SUSE bug 1112399 CVE-2017-14997 CVE-2018-16644 openSUSE Leap 42.3 This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1027353 SUSE bug 1081164 SUSE bug 1102775 SUSE bug 1111122 CVE-2018-18065 openSUSE Leap 42.3 This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes (bsc#1085256). - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. (bsc#1095219) - CVE-2018-10887: It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may have lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker could have used this flaw to leak memory addresses or cause a Denial of Service. (bsc#1100613) - CVE-2018-10888: A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. (bsc#1100612) - CVE-2018-15501: A remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. (bsc#1104641) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1085256 SUSE bug 1095219 SUSE bug 1100612 SUSE bug 1100613 SUSE bug 1104641 CVE-2018-10887 CVE-2018-10888 CVE-2018-11235 CVE-2018-15501 CVE-2018-8099 openSUSE Leap 42.3 This update for libmspack fixes the following issues: Security issues fixed: - CVE-2018-18584: The CAB block input buffer was one byte too small for the maximal Quantum block, leading to an out-of-bounds write. (bsc#1113038) - CVE-2018-18585: chmd_read_headers accepted a filename that has '\0' as its first or second character (such as the "/\0" name). (bsc#1113039) - CVE-2018-18586: chmextract.c in the chmextract sample program did not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application. (boo#1113040) - Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. Moderate SUSE bug 1113038 SUSE bug 1113039 SUSE bug 1113040 CVE-2018-18584 CVE-2018-18585 CVE-2018-18586 openSUSE Leap 42.3 This update for xen fixes the following issues: XEN was updated to the Xen 4.9.3 bug fix only release (bsc#1027519) - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15470: oxenstored might not have enforced the configured quota-maxentity. This allowed a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. (XSA-272) (bsc#1103279) - CVE-2018-15469: ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). (XSA-268) (bsc#1103275) Note that SUSE does not ship ARM Xen, so we are not affected. - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. (XSA-273) (bsc#1091107) Non security issues fixed: - The affinity reporting via 'xl vcpu-list' was broken (bsc#1106263) - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1078292 SUSE bug 1091107 SUSE bug 1094508 SUSE bug 1103275 SUSE bug 1103276 SUSE bug 1103279 SUSE bug 1106263 SUSE bug 1111014 CVE-2018-15468 CVE-2018-15469 CVE-2018-15470 CVE-2018-17963 CVE-2018-3646 openSUSE Leap 42.3 This update for apache-commons-email fixes one issues. This security issue was fixed: - CVE-2018-1294: Added validation to prevent information disclosure via unchecked bounce addresses (boo#1077893). Moderate SUSE bug 1077893 CVE-2018-1294 openSUSE Leap 42.3 This update for soundtouch fixes the following issues: - CVE-2018-17098: The WavFileBase class allowed remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. (bsc#1108632) - CVE-2018-17097: The WavFileBase class allowed remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. (double free) (bsc#1108631) - CVE-2018-17096: The BPMDetect class allowed remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. (bsc#1108630) - CVE-2018-1000223: soundtouch contained a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution. This attack appear to be exploitable via victim must open maliocius file in soundstretch utility. (boo#1103676) Important SUSE bug 1103676 SUSE bug 1108630 SUSE bug 1108631 SUSE bug 1108632 CVE-2018-1000223 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 openSUSE Leap 42.3 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: - bsc#1086001: python tarfile uses random order. This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1086001 SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1109663 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 openSUSE Leap 42.3 This update for qemu fixes the following issues: These security issues were fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735). - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223). With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). This feature was added: - Add support for block resize support for disks through the monitor (bsc#1094725). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1092885 SUSE bug 1094725 SUSE bug 1096223 SUSE bug 1098735 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 openSUSE Leap 42.3 This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1032089 SUSE bug 1037008 SUSE bug 1037009 SUSE bug 1057514 SUSE bug 1059100 SUSE bug 1059134 SUSE bug 1059139 CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 openSUSE Leap 42.3 This update for audiofile fixes the following issues: - CVE-2018-17095: A heap-based buffer overflow in Expand3To4Module::run could occurred when running sfconvert leading to crashes or code execution when handling untrusted soundfiles (bsc#1111586). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1111586 CVE-2018-17095 openSUSE Leap 42.3 This update for ntfs-3g_ntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege (bsc#1022500) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1022500 CVE-2017-0358 openSUSE Leap 42.3 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1109961 CVE-2018-11763 openSUSE Leap 42.3 This update for curl fixes the following issues: - CVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1112758 SUSE bug 1113660 CVE-2018-16840 CVE-2018-16842 openSUSE Leap 42.3 This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1104812 SUSE bug 1106998 SUSE bug 1106999 SUSE bug 1107033 SUSE bug 1107034 SUSE bug 1107037 SUSE bug 1107038 SUSE bug 1107039 SUSE bug 1107097 SUSE bug 1107107 SUSE bug 1108318 CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16422 CVE-2018-16423 CVE-2018-16426 CVE-2018-16427 openSUSE Leap 42.3 This update for flatpak to version 0.8.9 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2018-6560: sandbox escape in the flatpak dbus proxy (boo#1078923) - CVE-2017-9780: Malicious apps could have included inappropriate permissions (boo#1078989) - old-style eavesdropping in the dbus proxy (boo#1078993) This update also includes all upstream improvements and fixes in this stable release series. Moderate SUSE bug 1078923 SUSE bug 1078989 SUSE bug 1078993 CVE-2017-9780 CVE-2018-6560 openSUSE Leap 42.3 This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes: - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1049305 SUSE bug 1049306 SUSE bug 1049307 SUSE bug 1049309 SUSE bug 1049310 SUSE bug 1049311 SUSE bug 1049312 SUSE bug 1049313 SUSE bug 1049314 SUSE bug 1049315 SUSE bug 1049316 SUSE bug 1049317 SUSE bug 1049318 SUSE bug 1049319 SUSE bug 1049320 SUSE bug 1049321 SUSE bug 1049322 SUSE bug 1049323 SUSE bug 1049324 SUSE bug 1049325 SUSE bug 1049326 SUSE bug 1049327 SUSE bug 1049328 SUSE bug 1049329 SUSE bug 1049330 SUSE bug 1049331 SUSE bug 1049332 SUSE bug 1052318 SUSE bug 1064071 SUSE bug 1064072 SUSE bug 1064073 SUSE bug 1064075 SUSE bug 1064077 SUSE bug 1064078 SUSE bug 1064079 SUSE bug 1064080 SUSE bug 1064081 SUSE bug 1064082 SUSE bug 1064083 SUSE bug 1064084 SUSE bug 1064085 SUSE bug 1064086 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 openSUSE Leap 42.3 This update for libsndfile fixes the following issues: - CVE-2017-16942: Divide-by-zero in the function wav_w64_read_fmt_chunk(), which may lead to Denial of service (bsc#1069874). - CVE-2017-6892: Fixed an out-of-bounds read memory access in the aiff_read_chanmap() (bsc#1043978). - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911) - CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912) - CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1043978 SUSE bug 1059911 SUSE bug 1059912 SUSE bug 1059913 SUSE bug 1069874 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-6892 openSUSE Leap 42.3 This update for libjpeg-turbo fixes the following security issue: - CVE-2017-15232: Fix NULL pointer dereference in jdpostct.c and jquant1.c - additional fixes (bsc#1062937) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1062937 CVE-2017-15232 openSUSE Leap 42.3 This update for amanda fixes the following security issue: - CVE-2016-10729: Local privilege escalation from amanda user to root via unsafe tar command options (bsc#1112916) Moderate SUSE bug 1112916 CVE-2016-10729 openSUSE Leap 42.3 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if "missing ok" (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for "add support for sector-size= option" - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make "tmpfs" dependencies on swapfs a "default" dep, not an "implicit" (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1106923 SUSE bug 1108835 SUSE bug 1109252 SUSE bug 1110445 SUSE bug 1111278 SUSE bug 1112024 SUSE bug 1113083 SUSE bug 1113632 SUSE bug 1113665 CVE-2018-15686 CVE-2018-15688 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: A lack of certain checks in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file might have resulted in receiving userspace buffer overflow and an out-of-bounds write or to the infinite loop. (bnc#1108498). The following non-security bugs were fixed: - 6lowpan: iphc: reset mac_header after decompress to fix panic (bnc#1012382). - Add azure kernel description. - Add bug reference to patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack-fix1.patch - Add graphviz to buildreq for image conversion - Add reference to bsc#1104124 to patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-counting-agai.patch - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382). - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bnc#1012382). - apparmor: remove no-op permission check in policy_unpack (git-fixes). - ARC: build: Get rid of toolchain check (bnc#1012382). - ARC: clone syscall to setp r25 as thread pointer (bnc#1012382). - arch/hexagon: fix kernel/dma.c build warning (bnc#1012382). - arch-symbols: use bash as interpreter since the script uses bashism. - arm64: cpufeature: Track 32bit EL0 support (bnc#1012382). - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" (bnc#1012382). - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bnc#1012382). - arm64: KVM: Tighten guest core register access from userspace (bnc#1012382). - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bnc#1012382). - ARM: dts: dra7: fix DCAN node addresses (bnc#1012382). - ARM: mvebu: declare asm symbols as character arrays in pmsu.c (bnc#1012382). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bnc#1012382). - ASoC: sigmadsp: safeload should not have lower byte limit (bnc#1012382). - ASoC: wm8804: Add ACPI support (bnc#1012382). - ath10k: fix scan crash due to incorrect length calculation (bnc#1012382). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bnc#1012382). - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bnc#1012382). - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bnc#1012382). - bnxt_en: Fix TX timeout during netpoll (bnc#1012382). - bonding: avoid possible dead-lock (bnc#1012382). - bpf: fix cb access in socket filter programs on tail calls (bsc#1012382). - bpf: fix map not being uncharged during map creation failure (bsc#1012382). - bpf, s390: fix potential memleak when later bpf_jit_prog fails (git-fixes). - bpf, s390x: do not reload skb pointers in non-skb context (git-fixes). - bsc#1106913: Replace with upstream variants Delete patches.suse/11-x86-mm-only-set-ibpb-when-the-new-thread-cannot-ptrace-current-thread.patch. - bs-upload-kernel: do not set %opensuse_bs Since SLE15 it is not set in the distribution project so do not set it for kernel projects either. - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: add missing initialization in btrfs_check_shared (Git-fixes bsc#1112262). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: add wrapper for counting BTRFS_MAX_EXTENT_SIZE (dependency for bsc#1031392). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag (Follow up fixes for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535). - Btrfs: fix invalid attempt to free reserved space on failure to cow range (dependency for bsc#1031392). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: Fix race condition between delayed refs and blockgroup removal (Git-fixes bsc#1112263). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist (dependency for bsc#1031392). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - Btrfs: pass delayed_refs directly to btrfs_find_delayed_ref_head (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroups: opencode qgroup_free helper (dependency for bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - Btrfs: rework outstanding_extents (dependency for bsc#1031392). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: Take trans lock before access running trans in check_delayed_ref (Follow up fixes for bsc#1031392). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1112007). - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bnc#1012382). - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bnc#1012382). - cgroup: Fix deadlock in cpu hotplug path (bnc#1012382). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - CIFS: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: connect to servername instead of IP for IPC$ share (bsc#1106359). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - cifs: read overflow in is_valid_oplock_break() (bnc#1012382). - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bnc#1012382). - config.sh: set BUGZILLA_PRODUCT for SLE12-SP3 - crypto: mxs-dcp - Fix wait logic on chan threads (bnc#1012382). - crypto: skcipher - Fix -Wstringop-truncation warnings (bnc#1012382). - Define dependencies of in-kernel KMPs statically This allows us to use rpm's internal dependency generator (bsc#981083). - dm cache: fix resize crash if user does not reload cache table (bnc#1012382). - dm thin metadata: fix __udivdi3 undefined on 32-bit (bnc#1012382). - dm thin metadata: try to avoid ever aborting transactions (bnc#1012382). - Do not ship firmware (bsc#1054239). Pull firmware from kernel-firmware instead. - drivers/tty: add error handling for pcmcia_loop_config (bnc#1012382). - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bnc#1012382). - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bnc#1012382). - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1106929) - Drop dtb-source.spec and move the sources to kernel-source (bsc#1011920) - Drop multiversion(kernel) from the KMP template () - e1000: check on netif_running() before calling e1000_up() (bnc#1012382). - e1000: ensure to free old tx/rx rings in set_ringparam() (bnc#1012382). - ebtables: arpreply: Add the standard target sanity check (bnc#1012382). - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114648). - Enable kernel-obs-{build,qa} also in the vanilla branches - ethtool: restore erroneously removed break in dev_ethtool (bsc#1114229). - fbdev: fix broken menu dependencies (bsc#1106929) - fbdev/omapfb: fix omapfb_memory_read infoleak (bnc#1012382). - Fix file list to remove REPORTING-BUGS - Fix html and pdf creation in Documetation/media/* - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bnc#1012382). - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bnc#1012382). - fs/cifs: suppress a string overflow warning (bnc#1012382). - gpio: adp5588: Fix sleep-in-atomic-context bug (bnc#1012382). - hexagon: modify ffs() and fls() to return int (bnc#1012382). - HID: hid-ntrig: add error handling for sysfs_create_group (bnc#1012382). - housekeeping: btrfs selftests: fold backport fix into backport patch - housekeeping: move btrfs patches to sorted section. No code changes. - hv: avoid crash in vmbus sysfs files (bnc#1108377). - hwmon: (adt7475) Make adt7475_read_word() return errors (bnc#1012382). - hwmon: (ina2xx) fix sysfs shunt resistor read access (bnc#1012382). - hwrng: core - document the quality field (git-fixes). - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bnc#1012382). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bnc#1012382). - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bnc#1012382). - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bnc#1012382). - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop (bnc#1012382). - Input: atakbd - fix Atari CapsLock behaviour (bnc#1012382). - Input: atakbd - fix Atari keymap (bnc#1012382). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bnc#1012382). - ip6_tunnel: be careful when accessing the inner header (bnc#1012382). - ip_tunnel: be careful when accessing the inner header (bnc#1012382). - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (bnc#1012382). - ixgbe: pci_set_drvdata must be called before register_netdev (Git-fixes bsc#1109923). - jffs2: return -ERANGE when xattr buffer is too small (bnc#1012382). - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bnc#1012382). - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch (bnc#1012382). - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1106110). - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382). - mac80211: fix a race between restart and CSA flows (bnc#1012382). - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bnc#1012382). - mac80211: Fix station bandwidth setting after channel switch (bnc#1012382). - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382). - mac80211: mesh: fix HWMP sequence numbering to follow standard (bnc#1012382). - mac80211: shorten the IBSS debug messages (bnc#1012382). - mach64: detect the dot clock divider correctly on sparc (bnc#1012382). - md-cluster: clear another node's suspend_area after the copy is finished (bnc#1012382). - media: af9035: prevent buffer overflow on write (bnc#1012382). - media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() (bnc#1012382). - media: fsl-viu: fix error handling in viu_of_probe() (bnc#1012382). - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data (bnc#1012382). - media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431). - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bnc#1012382). - media: soc_camera: ov772x: correct setting of banding filter (bnc#1012382). - media: tm6000: add error handling for dvb_register_adapter (bnc#1012382). - media: uvcvideo: Support realtek's UVC 1.5 device (bnc#1012382). - media: v4l: event: Prevent freeing event subscriptions while accessed (bnc#1012382). - media: videobuf-dma-sg: Fix dma_{sync,unmap}_sg() calls (bsc#1050431). - memory_hotplug: cond_resched in __remove_pages (bnc#1114178). - mfd: omap-usb-host: Fix dts probe of children (bnc#1012382). - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (bnc#1012382). - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907). - mm/vmstat.c: fix outdated vmstat_text (bnc#1012382). - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (bnc#1012382). - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (git fixes). - module: exclude SHN_UNDEF symbols from kallsyms api (bnc#1012382). - move changes without Git-commit out of sorted section - net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() (bnc#1012382). - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES (bnc#1012382). - net: ipv4: update fnhe_pmtu when first hop's MTU changes (bnc#1012382). - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (bnc#1012382). - netlabel: check for IPV4MASK in addrinfo_get (bnc#1012382). - net: macb: disable scatter-gather for macb on sama5d3 (bnc#1012382). - net/mlx4: Use cpumask_available for eq->affinity_mask (bnc#1012382). - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (bnc#1012382). - net: systemport: Fix wake-up interrupt race during resume (bnc#1012382). - net/usb: cancel pending work when unbinding smsc75xx (bnc#1012382). - NFS: add nostatflush mount option (bsc#1065726). - NFS: Avoid quadratic search when freeing delegations (bsc#1084760). - nfsd: fix corrupted reply to badly ordered compound (bnc#1012382). - ocfs2: fix locking for res->tracking and dlm->tracking_list (bnc#1012382). - of: unittest: Disable interrupt node tests for old world MAC systems (bnc#1012382). - ovl: Copy inode attributes after setting xattr (bsc#1107299). - Pass x86 as architecture on x86_64 and i386 (bsc#1093118). - PCI: hv: Use effective affinity mask (bsc#1109772). - PCI: Reprogram bridge prefetch registers on resume (bnc#1012382). - perf probe powerpc: Ignore SyS symbols irrespective of endianness (bnc#1012382). - perf script python: Fix export-to-postgresql.py occasional failure (bnc#1012382). - PM / core: Clear the direct_complete flag on errors (bnc#1012382). - powerpc/kdump: Handle crashkernel memory reservation failure (bnc#1012382). - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784). - powerpc/perf/hv-24x7: Fix passing of catalog version number (bsc#1053043). - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes). - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes). - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158). - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158). - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158). - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870). - power: vexpress: fix corruption in notifier registration (bnc#1012382). - proc: restrict kernel stack dumps to root (bnc#1012382). - qlcnic: fix Tx descriptor corruption on 82xx devices (bnc#1012382). - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bnc#1012382). - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (bnc#1012382). - rculist: add list_for_each_entry_from_rcu() (bsc#1084760). - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760). - RDMA/ucma: check fd type in ucma_migrate_id() (bnc#1012382). - README: Clean-up trailing whitespace - reiserfs: add check to detect corrupted directory entry (bsc#1109818). - reiserfs: do not panic on bad directory entries (bsc#1109818). - resource: Include resource end in walk_*() interfaces (bsc#1114648). - Revert "btrfs: qgroups: Retry after commit on getting EDQUOT" (bsc#1031392). - Revert "drm: Do not pass negative delta to ktime_sub_ns()" (bsc#1106929) - Revert "drm/i915: Initialize HWS page address after GPU reset" (bsc#1106929) - Revert "KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch" (kabi). - Revert "media: v4l: event: Prevent freeing event subscriptions while accessed" (kabi). - Revert "proc: restrict kernel stack dumps to root" (kabi). - Revert "rpm/constraints.in: Lower default disk space requirement from 25G to 24G" This reverts commit 406abda1467c038842febffe264faae1fa2e3c1d. ok, did not wait long enough to see the failure. - Revert "Skip intel_crt_init for Dell XPS 8700" (bsc#1106929) - Revert "tcp: add tcp_ooo_try_coalesce() helper" (kabi). - Revert "tcp: call tcp_drop() from tcp_data_queue_ofo()" (kabi). - Revert "tcp: fix a stale ooo_last_skb after a replace" (kabi). - Revert "tcp: free batches of packets in tcp_prune_ofo_queue()" (kabi). - Revert "tcp: use an RB tree for ooo receive queue" (kabi). - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" (bnc#1012382). - Revert "x86/fpu: Finish excising 'eagerfpu'" (kabi). - Revert "x86/fpu: Remove struct fpu::counter" (kabi). - Revert "x86/fpu: Remove use_eager_fpu()" (kabi). - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() (bnc#1012382). - rpm/apply-patches: Fix failure if there are no vanilla patches The grep command returns 1 if there are no patches and we are using pipefail. - rpm/constraints.in: build ARM on at least 2 cpus - rpm/constraints.in: Lower default disk space requirement from 25G to 24G 25G is rejected by the build service on ARM. - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (bnc#1012382). - s390/chsc: Add exception handler for CHSC instruction (git-fixes). - s390/extmem: fix gcc 8 stringop-overflow warning (bnc#1012382). - s390/kdump: Fix elfcorehdr size calculation (git-fixes). - s390/kdump: Make elfcorehdr size calculation ABI compliant (git-fixes). - s390/mm: correct allocate_pgste proc_handler callback (git-fixes). - s390/qeth: do not dump past end of unknown HW header (bnc#1012382). - s390/qeth: handle failure on workqueue creation (git-fixes). - s390: revert ELF_ET_DYN_BASE base changes (git-fixes). - s390/stacktrace: fix address ranges for asynchronous and panic stack (git-fixes). - scsi: bnx2i: add error handling for ioremap_nocache (bnc#1012382). - scsi: ibmvscsi: Improve strings handling (bnc#1012382). - scsi: klist: Make it safe to use klists in atomic context (bnc#1012382). - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size (bnc#1012382). - selftests/efivarfs: add required kernel configs (bnc#1012382). - serial: cpm_uart: return immediately from console poll (bnc#1012382). - serial: imx: restore handshaking irq for imx1 (bnc#1012382). - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006). - slub: make ->cpu_partial unsigned int (bnc#1012382). - smb2: fix missing files in root share directory listing (bnc#1012382). - smb3: fill in statfs fsid and correct namelen (bsc#1112905). - sound: enable interrupt after dma buffer initialization (bnc#1012382). - spi: rspi: Fix interrupted DMA transfers (bnc#1012382). - spi: rspi: Fix invalid SPI use during system suspend (bnc#1012382). - spi: sh-msiof: Fix handling of write value for SISTR register (bnc#1012382). - spi: sh-msiof: Fix invalid SPI use during system suspend (bnc#1012382). - spi: tegra20-slink: explicitly enable/disable clock (bnc#1012382). - staging: android: ashmem: Fix mmap size validation (bnc#1012382). - staging: rts5208: fix missing error check on call to rtsx_write_register (bnc#1012382). - stmmac: fix valid numbers of unicast filter entries (bnc#1012382). - target: log Data-Out timeouts as errors (bsc#1095805). - target: log NOP ping timeouts as errors (bsc#1095805). - target: split out helper for cxn timeout error stashing (bsc#1095805). - target: stash sess_err_stats on Data-Out timeout (bsc#1095805). - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805). - tcp: add tcp_ooo_try_coalesce() helper (bnc#1012382). - tcp: call tcp_drop() from tcp_data_queue_ofo() (bnc#1012382). - tcp: fix a stale ooo_last_skb after a replace (bnc#1012382). - tcp: free batches of packets in tcp_prune_ofo_queue() (bnc#1012382). - tcp: increment sk_drops for dropped rx packets (bnc#1012382). - tcp: use an RB tree for ooo receive queue (bnc#1012382). - team: Forbid enslaving team device to itself (bnc#1012382). - thermal: of-thermal: disable passive polling when thermal zone is disabled (bnc#1012382). - tools/vm/page-types.c: fix "defined but not used" warning (bnc#1012382). - tools/vm/slabinfo.c: fix sign-compare warning (bnc#1012382). - tpm: Restore functionality to xen vtpm driver (bsc#1020645, git-fixes). - tsl2550: fix lux1_input error in low light (bnc#1012382). - ubifs: Check for name being NULL while mounting (bnc#1012382). - ucma: fix a use-after-free in ucma_resolve_ip() (bnc#1012382). - USB: fix error handling in usb_driver_claim_interface() (bnc#1012382). - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bnc#1012382). - usb: gadget: serial: fix oops when data rx'd after close (bnc#1012382). - USB: handle NULL config in usb_find_alt_setting() (bnc#1012382). - USB: remove LPM management from usb_driver_claim_interface() (bnc#1012382). - USB: serial: kobil_sct: fix modem-status error handling (bnc#1012382). - USB: serial: simple: add Motorola Tetra MTP6550 id (bnc#1012382). - USB: usbdevfs: restore warning for nonsensical flags (bnc#1012382). - USB: usbdevfs: sanitize flags more (bnc#1012382). - usb: wusbcore: security: cast sizeof to int for comparison (bnc#1012382). - USB: yurex: Check for truncation in yurex_read() (bnc#1012382). - Use make --output-sync feature when available (bsc#1012422). The mesages in make output can interleave making it impossible to extract warnings reliably. Since version 4 GNU Make supports --output-sync flag that prints output of each sub-command atomically preventing this issue. Detect the flag and use it if available. SLE11 has make 3.81 so it is required to include make 4 in the kernel OBS projects to take advantege of this. - Use upstream version of pci-hyperv change 35a88a18d7 - uwb: hwa-rc: fix memory leak at probe (bnc#1012382). - vmci: type promotion bug in qp_host_get_user_memory() (bnc#1012382). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bnc#1012382). - wlcore: Fix memory leak in wlcore_cmd_wait_for_event_or_timeout (git-fixes). - x86/cpufeature: deduplicate X86_FEATURE_L1TF_PTEINV (kabi). - x86/entry/64: Add two more instruction suffixes (bnc#1012382). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/fpu: Finish excising 'eagerfpu' (bnc#1012382). - x86/fpu: Remove second definition of fpu in __fpu__restore_sig() (bsc#1110006). - x86/fpu: Remove struct fpu::counter (bnc#1012382). - x86/fpu: Remove use_eager_fpu() (bnc#1012382). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772). - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114648). - x86/numa_emulation: Fix emulated-to-physical node mapping (bnc#1012382). - x86/paravirt: Fix some warning messages (bnc#1065600). - x86/percpu: Fix this_cpu_read() (bsc#1110006). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555). - x86/spec_ctrl: Fix spec_ctrl reporting (bsc#1106913, bsc#1111516). - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913). - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913). - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913). - x86/time: Correct the attribute on jiffies' definition (bsc#1110006). - x86/tsc: Add missing header to tsc_msr.c (bnc#1012382). - xen: avoid crash in disable_hotplug_cpu (bnc#1012382 bsc#1106594 bsc#1042422). - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (bnc#1012382). - xen/manage: do not complain about an empty value in control/sysrq node (bnc#1012382). - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bnc#1012382). - xhci: Do not print a warning when setting link state for disabled ports (bnc#1012382). - rpm/kernel-binary.spec.in: Add missing export BRP_SIGN_FILES (bsc#1115587) The export line was accidentally dropped at merging scripts branch, which resulted in the invalid module signature. Important SUSE bug 1011920 SUSE bug 1012382 SUSE bug 1012422 SUSE bug 1020645 SUSE bug 1031392 SUSE bug 1035053 SUSE bug 1042422 SUSE bug 1043591 SUSE bug 1048129 SUSE bug 1050431 SUSE bug 1053043 SUSE bug 1054239 SUSE bug 1057199 SUSE bug 1062303 SUSE bug 1065600 SUSE bug 1065726 SUSE bug 1067906 SUSE bug 1073579 SUSE bug 1076393 SUSE bug 1078788 SUSE bug 1079524 SUSE bug 1083215 SUSE bug 1083527 SUSE bug 1084760 SUSE bug 1091158 SUSE bug 1093118 SUSE bug 1094825 SUSE bug 1095805 SUSE bug 1098050 SUSE bug 1098996 SUSE bug 1101555 SUSE bug 1104124 SUSE bug 1105025 SUSE bug 1105931 SUSE bug 1106110 SUSE bug 1106359 SUSE bug 1106594 SUSE bug 1106913 SUSE bug 1106929 SUSE bug 1107060 SUSE bug 1107299 SUSE bug 1107535 SUSE bug 1107870 SUSE bug 1108377 SUSE bug 1108498 SUSE bug 1109158 SUSE bug 1109772 SUSE bug 1109784 SUSE bug 1109818 SUSE bug 1109907 SUSE bug 1109919 SUSE bug 1109923 SUSE bug 1110006 SUSE bug 1111516 SUSE bug 1111870 SUSE bug 1112007 SUSE bug 1112262 SUSE bug 1112263 SUSE bug 1112894 SUSE bug 1112902 SUSE bug 1112903 SUSE bug 1112905 SUSE bug 1113667 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114178 SUSE bug 1114229 SUSE bug 1114648 SUSE bug 1115587 SUSE bug 981083 SUSE bug 997172 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-9516 openSUSE Leap 42.3 This update for squid fixes the following issues: Security issues fixed: - CVE-2018-19131: Fixed Cross-Site-Scripting vulnerability in the TLS error handling (bsc#1113668). - CVE-2018-19132: Fixed small memory leak in processing of SNMP packets (bsc#1113669). Non-security issues fixed: - Create runtime directories needed when SMP mode is enabled (bsc#1112695, bsc#1112066). - Install license correctly (bsc#1082318). Important SUSE bug 1082318 SUSE bug 1112066 SUSE bug 1112695 SUSE bug 1113668 SUSE bug 1113669 CVE-2018-19131 CVE-2018-19132 openSUSE Leap 42.3 This update for pound fixes one issue. This security issue was fixed: - CVE-2016-10711: Prevent request smuggling via crafted headers (bsc#1078298). Moderate SUSE bug 1078298 CVE-2016-10711 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage of coders/msl.c (bsc#1113064). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging Moderate SUSE bug 1113064 CVE-2018-18544 openSUSE Leap 42.3 This update for SDL2_image fixes the following issues: Security issues fixed: - CVE-2018-3839: Fixed an exploitable code execution vulnerability that existed in the XCF image rendering functionality of the Simple DirectMedia Layer (bsc#1089087). - CVE-2018-3977: Fixed a possible code execution via creafted XCF image that could have caused a heap overflow (bsc#1114519). Moderate SUSE bug 1089087 SUSE bug 1114519 CVE-2018-3839 CVE-2018-3977 openSUSE Leap 42.3 This update contains Chromium 70.0.3538.102 and fixes security issues and bugs. Vulnerabilities fixed: - CVE-2018-17478: Out of bounds memory access in V8 (boo#1115537) - Various fixes from internal audits, fuzzing and other initiatives Packaging changes: - noto-emoji-fonts is no longer a recommended dependency Moderate SUSE bug 1115537 CVE-2018-17478 openSUSE Leap 42.3 This update for spice-vdagent provides the following fixes: This security issue was fixed: - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed (bsc#1070724). This non-security issue was fixed: - Implement endian swapping, required for big-endian guests to connect to the spice client successfully. (bsc#1012215) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1012215 SUSE bug 1070724 CVE-2017-15108 openSUSE Leap 42.3 This update for libwpd fixes the following issues: Security issue fixed: - CVE-2018-19208: Fixed illegal address access inside libwpd at function WP6ContentListener:defineTable (bsc#1115713). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1115713 CVE-2018-19208 openSUSE Leap 42.3 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021) - CVE-2017-17681: Prevent infinite loop in the function ReadPSDChannelZip in coders/psd.c, which allowed attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file (bsc#1072901). - CVE-2017-18008: Prevent memory Leak in ReadPWPImage which allowed attackers to cause a denial of service via a PWP file (bsc#1074309). - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635) - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098) - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353). - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354). - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908). - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037). - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072). - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100). - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442). - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470). - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708). - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717). - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721). - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768). - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777). - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781). - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600). - CVE-2017-13059: Prevent memory leak in the function WriteOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file (bsc#1055068). - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374). - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455). - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456). - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000). - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162). - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752). - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362). - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120). - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125). - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1047908 SUSE bug 1050037 SUSE bug 1050072 SUSE bug 1050098 SUSE bug 1050100 SUSE bug 1050635 SUSE bug 1051442 SUSE bug 1052470 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052721 SUSE bug 1052768 SUSE bug 1052777 SUSE bug 1052781 SUSE bug 1054600 SUSE bug 1055068 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1055456 SUSE bug 1057000 SUSE bug 1060162 SUSE bug 1062752 SUSE bug 1072362 SUSE bug 1072901 SUSE bug 1074120 SUSE bug 1074125 SUSE bug 1074185 SUSE bug 1074309 SUSE bug 1075939 SUSE bug 1076021 SUSE bug 1076051 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13059 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14649 CVE-2017-15218 CVE-2017-17504 CVE-2017-17681 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18008 CVE-2017-18027 CVE-2017-18029 CVE-2017-9261 CVE-2017-9262 CVE-2018-5246 CVE-2018-5685 openSUSE Leap 42.3 This update for mariadb to version 10.0.33 fixes several issues. These security issues were fixed: - CVE-2017-10378: Vulnerability in subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1064115). - CVE-2017-10268: Vulnerability in subcomponent: Server: Replication. Difficult to exploit vulnerability allowed high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1064101). These non-security issues were fixed: - CHECK TABLE no longer returns an error when run on a CONNECT table - 'Undo log record is too big.' error occurring in very narrow range of string lengths - Race condition between INFORMATION_SCHEMA.INNODB_SYS_TABLESTATS and ALTER/DROP/TRUNCATE TABLE - Wrong result after altering a partitioned table fixed bugs in InnoDB FULLTEXT INDEX - InnoDB FTS duplicate key error - InnoDB crash after failed ADD INDEX and table_definition_cache eviction - fts_create_doc_id() unnecessarily allocates 8 bytes for every inserted row - IMPORT TABLESPACE may corrupt ROW_FORMAT=REDUNDANT tables For additional details please see https://kb.askmonty.org/en/mariadb-10033-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1058722 SUSE bug 1064101 SUSE bug 1064115 SUSE bug 1076505 CVE-2017-10268 CVE-2017-10378 openSUSE Leap 42.3 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pg_dump emits CREATE TRIGGER could have caused privilege escalation (bsc#1114837). Non-security issues fixed: - Update to release 10.6: * https://www.postgresql.org/docs/current/static/release-10-6.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1114837 CVE-2018-16850 openSUSE Leap 42.3 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1112209 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 CVE-2018-0734 CVE-2018-5407 openSUSE Leap 42.3 This update for plasma5-workspace fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma, allowing for client IP discovery (boo#1079429) - CVE-2018-6791: A specially crafted file system label may have allowed execution of arbitrary code (boo#1079751) The following bugs were fixed: - Plasma could freeze with certain notifications (boo#1013550) Important SUSE bug 1013550 SUSE bug 1079429 SUSE bug 1079751 CVE-2018-6790 CVE-2018-6791 openSUSE Leap 42.3 This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 964336 CVE-2018-15473 openSUSE Leap 42.3 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1099257 SUSE bug 1113094 SUSE bug 1113672 CVE-2018-12900 CVE-2018-18557 CVE-2018-18661 openSUSE Leap 42.3 This update for python-mistune to version 0.8.3 fixes several issues. These security issues were fixed: - CVE-2017-16876: Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py allowed remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument (bsc#1072307). - CVE-2017-15612: Prevent XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions (bsc#1064640). These non-security issues were fixed: - Fix nested html issue - Fix _keyify with lower case. - Remove non breaking spaces preprocessing - Remove rev and rel attribute for footnotes - Fix escape_link method - Handle block HTML with no content - Use expandtabs for tab - Fix escape option for text renderer - Fix HTML attribute regex pattern - Fix strikethrough regex - Fix HTML attribute regex - Fix close tag regex - Fix hard_wrap options on renderer. - Fix emphasis regex pattern - Fix base64 image link - Fix link security per - Fix inline html when there is no content per Moderate SUSE bug 1064640 SUSE bug 1072307 CVE-2017-15612 CVE-2017-16876 openSUSE Leap 42.3 This update for postgresql94 to 9.4.19 fixes the following security issue: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199). A dump/restore is not required for this update unless you use the functions query_to_xml, cursor_to_xml, cursor_to_xmlschema, query_to_xmlschema, and query_to_xml_and_xmlschema. In this case please see the first entry of https://www.postgresql.org/docs/9.4/static/release-9-4-18.html This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1104199 CVE-2018-10915 openSUSE Leap 42.3 This update for dpdk to version 16.11.8 provides the following security fix: - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application (ovs-dpdk) memory which could have lead all VM to lose connectivity (bsc#1089638) and following non-security fixes: - Enable the broadcom chipset family Broadcom NetXtreme II BCM57810 (bsc#1073363) - Fix a latency problem by using cond_resched rather than schedule_timeout_interruptible (bsc#1069601) - Fix a syntax error affecting csh environment configuration (bsc#1102310) - Fixes in net/bnxt: * Fix HW Tx checksum offload check * Fix incorrect IO address handling in Tx * Fix Rx ring count limitation * Check access denied for HWRM commands * Fix RETA size * Fix close operation - Fixes in eal/linux: * Fix an invalid syntax in interrupts * Fix return codes on thread naming failure - Fixes in kni: * Fix crash with null name * Fix build with gcc 8.1 - Fixes in net/thunderx: * Fix build with gcc optimization on * Avoid sq door bell write on zero packet - net/bonding: Fix MAC address reset - vhost: Fix missing increment of log cache count This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1069601 SUSE bug 1073363 SUSE bug 1089638 SUSE bug 1102310 CVE-2018-1059 openSUSE Leap 42.3 This update for mupdf fixes several issues. These security issues were fixed: - CVE-2018-6187: Prevent heap-based buffer overflow in the do_pdf_save_document function. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file (bsc#1077407). - CVE-2018-6544: pdf_load_obj_stm could have referenced the object stream recursively and therefore run out of error stack, which allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1079100). - CVE-2018-6192: The pdf_read_new_xref function allowed remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file (bsc#1077755). Moderate SUSE bug 1077407 SUSE bug 1077755 SUSE bug 1079100 CVE-2018-6187 CVE-2018-6192 CVE-2018-6544 openSUSE Leap 42.3 This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1059809 SUSE bug 1059811 CVE-2017-14632 CVE-2017-14633 openSUSE Leap 42.3 This update for php5 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1117107 CVE-2018-19518 openSUSE Leap 42.3 This update for php7 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw (bsc#1117107). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1117107 CVE-2018-19518 openSUSE Leap 42.3 This update for ncurses fixes the following issue: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1115929 CVE-2018-19211 openSUSE Leap 42.3 This update for docker, docker-runc, containerd, golang-github-docker-libnetwork fixes several issues. These security issues were fixed: - CVE-2017-16539: The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi pathnames, which allowed attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP (bnc#1066801) - CVE-2017-14992: Lack of content verification in docker allowed a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. (bnc#1066210) These non-security issues were fixed: - bsc#1059011: The systemd service helper script used a timeout of 60 seconds to start the daemon, which is insufficient in cases where the daemon takes longer to start. Instead, set the service type from 'simple' to 'notify' and remove the now superfluous helper script. - bsc#1057743: New requirement with new version of docker-libnetwork. - bsc#1032287: Missing docker systemd configuration. - bsc#1057743: New "symbol" for libnetwork requirement. - bsc#1057743: Update secrets patch to handle "old" containers that have orphaned secret data no longer available on the host. - bsc#1055676: Update patches to correctly handle volumes and mounts when Docker is running with user namespaces enabled. - bsc#1045628:: Add patch to make the dm storage driver remove a container's rootfs mountpoint before attempting to do libdm operations on it. This helps avoid complications when live mounts will leak into containers. - bsc#1069758: Upgrade Docker to v17.09.1_ce (and obsolete docker-image-migrator). - bsc#1021227: bsc#1029320 bsc#1058173 -- Enable docker devicemapper support for deferred removal/deletion within Containers module. - bsc#1046024: Correct interaction between Docker and SuSEFirewall2, to avoid breaking Docker networking after boot. - bsc#1048046: Build with -buildmode=pie to make all binaries PIC. - bsc#1072798: Remove dependency on obsolete bridge-utils. - bsc#1064926: Set --start-timeout=2m by default to match upstream. - bsc#1065109, bsc#1053532: Use the upstream makefile so that Docker can get the commit ID in `docker info`. Please note that the "docker-runc" package is just a rename of the old "runc" package to match that we now ship the Docker fork of runc. This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1021227 SUSE bug 1029320 SUSE bug 1032287 SUSE bug 1045628 SUSE bug 1046024 SUSE bug 1048046 SUSE bug 1051429 SUSE bug 1053532 SUSE bug 1055676 SUSE bug 1057743 SUSE bug 1058173 SUSE bug 1059011 SUSE bug 1064926 SUSE bug 1065109 SUSE bug 1066210 SUSE bug 1066801 SUSE bug 1069468 SUSE bug 1069758 SUSE bug 1072798 CVE-2017-14992 CVE-2017-16539 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2018-18544: Fixed memory leak in the function WriteMSLImage (bsc#1113064). Non-security issues fixed: - Improve import documentation (bsc#1057246). - Allow override system security policy (bsc#1117463). - asan_build: build ASAN included - debug_build: build more suitable for debugging This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1057246 SUSE bug 1113064 SUSE bug 1117463 CVE-2018-18544 openSUSE Leap 42.3 This update for compat-openssl098 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1104789 SUSE bug 1110018 SUSE bug 1113534 SUSE bug 1113652 CVE-2016-8610 CVE-2018-0734 CVE-2018-5407 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines". - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a "pointer leak (bnc#1073928). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel had a race condition in inet->hdrincl that lead to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229 1073230). - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2018-1000004: In the Linux kernel versions a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed: - 509: fix printing uninitialized stack memory when OID is empty (bsc#1075078). - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382). - acpi / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382). - af_key: fix buffer overread in verify_address_len() (bnc#1012382). - afs: Adjust mode bits processing (bnc#1012382). - afs: Connect up the CB.ProbeUuid (bnc#1012382). - afs: Fix afs_kill_pages() (bnc#1012382). - afs: Fix missing put_page() (bnc#1012382). - afs: Fix page leak in afs_write_begin() (bnc#1012382). - afs: Fix the maths in afs_fs_store_data() (bnc#1012382). - afs: Flush outstanding writes when an fd is closed (bnc#1012382). - afs: Migrate vlocation fields to 64-bit (bnc#1012382). - afs: Populate and use client modification time (bnc#1012382). - afs: Populate group ID from vnode status (bnc#1012382). - afs: Prevent callback expiry timer overflow (bnc#1012382). - alpha: fix build failures (bnc#1012382). - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717). - alsa: aloop: Release cable upon open error path (bsc#1031717). - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717). - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717). - arc: uaccess: dont use "l" gcc inline asm constraint modifier (bnc#1012382). - arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032). - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032). - arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032). - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032). - arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032). - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032). - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 (bsc#1068032). - arm64: debug: remove unused local_dbg_{enable, disable} macros (bsc#1068032). - arm64: Define cputype macros for Falkor CPU (bsc#1068032). - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032). - arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187). - arm64: do not pull uaccess.h into *.S (bsc#1068032). - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032). - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032). - arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032). - arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032). - arm64: entry: remove pointless SPSR mode check (bsc#1068032). - arm64: entry.S convert el0_sync (bsc#1068032). - arm64: entry.S: convert el1_sync (bsc#1068032). - arm64: entry.S: convert elX_irq (bsc#1068032). - arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032). - arm64: entry.S: Remove disable_dbg (bsc#1068032). - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code (bsc#1068032). - arm64: explicitly mask all exceptions (bsc#1068032). - arm64: factor out entry stack manipulation (bsc#1068032). - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032). - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032). - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032). - arm64: factor work_pending state machine to C (bsc#1068032). - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382). - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032). - arm64: Handle faults caused by inadvertent user access with PAN enabled (bsc#1068032). - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032). - arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032). - arm64: Implement branch predictor hardening for Falkor (bsc#1068032). - arm64: Initialise high_memory global variable earlier (bnc#1012382). - arm64: introduce an order for exceptions (bsc#1068032). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032). - arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 (bsc#1068032). - arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032). - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032). - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032). - arm64: kill ESR_LNX_EXEC (bsc#1068032). - arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032). - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls (bsc#1076232). - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm64: KVM: Make PSCI_VERSION a fast path (bsc#1068032). - arm64: KVM: Use per-CPU vector when BP hardening is enabled (bsc#1068032). - arm64: Mask all exceptions during kernel_exit (bsc#1068032). - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032). - arm64: mm: Allocate ASIDs in pairs (bsc#1068032). - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: hardcode rodata=true (bsc#1068032). - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032). - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032). - arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032). - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032). - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 (bsc#1068032). - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032). - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Use non-global mappings for kernel space (bsc#1068032). - arm64: Move BP hardening to check_and_switch_context (bsc#1068032). - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032). - arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032). - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032). - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032). - arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032). - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032). - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032). - arm64: thunderx2: remove branch predictor hardening References: bsc#1076232 This causes undefined instruction abort on the smc call from guest kernel. Disable until kvm is fixed. - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032). - arm64: Turn on KPTI only on CPUs that need it (bsc#1076187). - arm64: use alternative auto-nop (bsc#1068032). - arm64: use RET instruction for exiting the trampoline (bsc#1068032). - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032). - arm/arm64: KVM: Make default HYP mappings non-excutable (bsc#1068032). - arm: avoid faulting on qemu (bnc#1012382). - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382). - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382). - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382). - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382). - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382). - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382). - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382). - arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382). - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382). - arm: OMAP2+: Fix device node reference counts (bnc#1012382). - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382). - arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382). - asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes). - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382). - asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382). - ath9k: fix tx99 potential info leak (bnc#1012382). - atm: horizon: Fix irq release error (bnc#1012382). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382). - axonram: Fix gendisk handling (bnc#1012382). - backlight: pwm_bl: Fix overflow condition (bnc#1012382). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: bch_allocator_thread() is not freezable (bsc#1076110). - bcache: bch_writeback_thread() is not freezable (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bnc#1012382). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix wrong cache_misses statistics (bnc#1012382). - bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110, bsc#1019784). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache.txt: standardize document format (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - be2net: restore properly promisc mode after queues reconfiguration (bsc#963844 FATE#320192). - block: wake up all tasks blocked in get_request() (bnc#1012382). - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382). - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382). - bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382). - bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382). - btrfs: add missing memset while reading compressed inline extents (bnc#1012382). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: gs_usb: fix return value of the "set_bittiming" callback (bnc#1012382). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382). - can: kvaser_usb: free buf in error paths (bnc#1012382). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382). - can: peak: fix potential bug in packet fragmentation (bnc#1012382). - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - ceph: more accurate statfs (bsc#1077068). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382). - clk: mediatek: add the option for determining PLL source clock (bnc#1012382). - clk: tegra: Fix cclk_lp divisor register (bnc#1012382). - config: arm64: enable HARDEN_BRANCH_PREDICTOR - config: arm64: enable UNMAP_KERNEL_AT_EL0 - cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382). - cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382). - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382). - crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382). - crypto: chacha20poly1305 - validate the digest size (bnc#1012382). - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325). - crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382). - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382). - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382). - crypto: n2 - cure use after free (bnc#1012382). - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382). - crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382). - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382). - cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223). - dax: Pass detailed error code from __dax_fault() (bsc#1072484). - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382). - delay: add poll_event_interruptible (bsc#1048585). - dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704). - dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382). - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() (bnc#1012382). - dmaengine: pl330: fix double lock (bnc#1012382). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382). - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382). - drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032). - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382). - drm: extra printk() wrapper macros (bnc#1012382). - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382). - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382). - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382). - drm/radeon: reinstate oland workaround for sclk (bnc#1012382). - drm/radeon/si: add dpm quirk for Oland (bnc#1012382). - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382). - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382). - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382). - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382). - edac, sb_edac: Fix missing break in switch (bnc#1012382). - efi/esrt: Cleanup bad memory map log messages (bnc#1012382). - efi: Move some sysfs files to be read-only by root (bnc#1012382). - eventpoll.h: add missing epoll event masks (bnc#1012382). - ext4: fix crash when a directory's i_size is too small (bnc#1012382). - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484). - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382). - fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382). - Fix build error in vma.c (bnc#1012382). - Fixup hang when calling 'nvme list' on all paths down (bsc#1070052). - fjes: Fix wrong netdevice feature flags (bnc#1012382). - flow_dissector: properly cap thoff field (bnc#1012382). - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382). - fork: clear thread stack upon allocation (bsc#1077560). - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382). - futex: Prevent overflow by strengthen input validation (bnc#1012382). - gcov: disable for COMPILE_TEST (bnc#1012382). - gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382). - gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382). - hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382). - hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382). - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382). - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382). - i40iw: Account for IPv6 header when setting MSS (bsc#1024376 FATE#321249). - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249). - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249). - i40iw: Clear CQP Head/Tail during initialization (bsc#1024376 FATE#321249). - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249). - i40iw: Correct Q1/XF object count equation (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Do not allow posting WR after QP is flushed (bsc#1024376 FATE#321249). - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE (bsc#1024376 FATE#321249). - i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249). - i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376 FATE#321249). - i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249). - i40iw: Fix sequence number for the first partial FPDU (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix the connection ORD value for loopback (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376 FATE#321249). - i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376 FATE#321249). - i40iw: Move exception_lan_queue to VSI structure (bsc#1024376 FATE#321249). - i40iw: Move MPA request event for loopback after connect (bsc#1024376 FATE#321249). - i40iw: Notify user of established connection after QP in RTS (bsc#1024376 FATE#321249). - i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249). - i40iw: Remove limit on re-posting AEQ entries to HW (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Selectively teardown QPs on IP addr change event (bsc#1024376 FATE#321249). - i40iw: Validate correct IRD/ORD connection parameters (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242). - ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818 FATE#319242). - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes). - ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350). - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382). - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382). - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382). - ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872). - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066). - ibmvnic: fix firmware version when no firmware level has been provided by the VIOS server (bsc#1079038). - ibmvnic: Fix IP offload control buffer (bsc#1076899). - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899). - ibmvnic: Fix pending MAC address changes (bsc#1075627). - ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872). - ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872). - ibmvnic: Wait for device response when changing MAC (bsc#1078681). - ib/qib: Fix comparison error with qperf compare/swap test (FATE#321231 FATE#321473). - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818, fate#319242). - ib/srpt: Disable RDMA access by the initiator (bnc#1012382). - ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265). - igb: check memory allocation failure (bnc#1012382). - ima: fix hash algorithm initialization (bnc#1012382). - inet: frag: release spinlock before calling icmp_send() (bnc#1012382). - input: 88pm860x-ts - fix child-node lookup (bnc#1012382). - input: elantech - add new icbody type 15 (bnc#1012382). - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382). - input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382). - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382). - input: twl6040-vibra - fix child-node lookup (bnc#1012382). - input: twl6040-vibra - fix DT node memory management (bnc#1012382). - intel_th: pci: Add Gemini Lake support (bnc#1012382). - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382). - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382). - ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246). - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382). - ipmi: Stop timers before cleaning up the module (bnc#1012382). - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382). - ipv4: igmp: guard against silly MTU values (bnc#1012382). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382). - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382). - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes). - ipv6: mcast: better catch silly mtu values (bnc#1012382). - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382). - ipvlan: fix ipv6 outbound device (bnc#1012382). - ipvlan: remove excessive packet scrubbing (bsc#1070799). - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382). - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382). - iscsi_iser: Re-enable 'iser_pi_guard' module parameter (bsc#1062129). - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382). - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bnc#1012382). - isdn: kcapi: avoid uninitialized data (bnc#1012382). - iser-target: Fix possible use-after-free in connection establishment error (FATE#321732). - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382). - ixgbe: fix use of uninitialized padding (bnc#1012382). - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382). - kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076805). - kABI: protect struct bpf_map (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect struct t10_alua_tg_pt_gp (kabi). - kABI: protect struct usbip_device (kabi). - kabi/severities: arm64: ignore cpu capability array - kabi/severities: do not care about stuff_RSB - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382). - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382). - kernel/acct.c: fix the acct->needcheck check in check_free_space() (bnc#1012382). - kernel: make groups_sort calling a responsibility group_info allocators (bnc#1012382). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (bnc#1012382). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (bnc#1012382). - keys: add missing permission check for request_key() destination (bnc#1012382). - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382). - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382). - kpti: Report when enabled (bnc#1012382). - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382). - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset (bnc#1012382). - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382). - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382). - kvm: s390: Enable all facility bits that are known good for passthrough (bsc#1076805). - kvm: s390: wire up bpb feature (bsc#1076805). - kvm: VMX: Fix enable VPID conditions (bnc#1012382). - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382). - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032). - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382). - kvm: x86: correct async page present tracepoint (bnc#1012382). - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382). - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382). - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382). - lan78xx: Fix failure in USB Full Speed (bnc#1012382). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012382). - libata: drop WARN from protocol error in ata_sff_qc_issue() (bnc#1012382). - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382). - macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382). - md: more open-coded offset_in_page() (bsc#1076110). - media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382). - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382). - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382). - mfd: twl6040: Fix child-node lookup (bnc#1012382). - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382). - mlxsw: reg: Fix SPVM max record count (bnc#1012382). - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers (bnc#1012382). - mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382). - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382). - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382). - mm/mprotect: add a cond_resched() inside change_pmd_range() (bnc#1077871, bnc#1078002). - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP (bnc#1012382). - module: Add retpoline tag to VERMAGIC (bnc#1012382). - module: set __jump_table alignment to 8 (bnc#1012382). - more bio_map_user_iov() leak fixes (bnc#1012382). - net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382). - net/appletalk: Fix kernel memory disclosure (bnc#1012382). - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382). - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values (bnc#1012382). - net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382). - net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382). - net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (bnc#1012382). - net: core: fix module type in sock_diag_bind (bnc#1012382). - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces (bnc#1012382). - net: fec: fix multicast filtering hardware setup (bnc#1012382). - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382). - netfilter: do not track fragmented packets (bnc#1012382). - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382). - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382). - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134). - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table (bnc#1012382). - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382). - netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382). - net: Fix double free and memory corruption in get_net_ns_by_id() (bnc#1012382). - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382). - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382). - net: initialize msg.msg_flags in recvfrom (bnc#1012382). - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382). - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382). - net/mlx5: Avoid NULL pointer dereference on steering cleanup (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare (bsc#1015342). - net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382). - net: mvneta: clear interface link status on port disable (bnc#1012382). - net: mvneta: eliminate wrong call to handle rx descriptor error (fate#319899). - net: mvneta: use proper rxq_number in loop on rx queues (fate#319899). - net/packet: fix a race in packet_bind() and packet_notifier() (bnc#1012382). - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382). - net: qdisc_pkt_len_init() should be more robust (bnc#1012382). - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382). - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382). - net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382). - net: Resend IGMP memberships upon peer notification (bnc#1012382). - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382). - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382). - net: systemport: Pad packet before inserting TSB (bnc#1012382). - net: systemport: Utilize skb_put_padto() (bnc#1012382). - net: tcp: close sock if net namespace is exiting (bnc#1012382). - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382). - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779). - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382). - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382). - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382). - nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382). - nfs: Fix a typo in nfs_rename() (bnc#1012382). - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382). - nfsv4: Fix client recovery when server reboots multiple times (bnc#1012382). - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bnc#1012382). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382). - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811). - nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811). - nvme-fc: merge error on sles12sp3 for reset_work (bsc#1079195). - nvme-pci: Remove watchdog timer (bsc#1066163). - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382). - packet: fix crash in fanout_demux_rollover() (bnc#1012382). - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel (bnc#1012382). - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382). - partially revert tipc improve link resiliency when rps is activated (bsc#1068038). - pci/AER: Report non-fatal errors only to the affected endpoint (bnc#1012382). - pci: Avoid bus reset if bridge itself is broken (bnc#1012382). - pci: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382). - pci: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382). - pci/PME: Handle invalid data when reading Root Status (bnc#1012382). - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382). - perf symbols: Fix symbols__fixup_end heuristic for corner cases (bnc#1012382). - perf test attr: Fix ignored test case result (bnc#1012382). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382). - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382). - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075087). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087). - powerpc/ipic: Fix status get and status clear (bnc#1012382). - powerpc/perf: Dereference BHRB entries safely (bsc#1066223). - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382). - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382). - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075087). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087). - ppp: Destroy the mutex when cleanup (bnc#1012382). - pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382). - pti: unbreak EFI (bsc#1074709). - r8152: fix the list rx_done may be used without initialization (bnc#1012382). - r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382). - r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382). - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382). - ravb: Remove Rx overflow log messages (bnc#1012382). - rbd: set max_segments to USHRT_MAX (bnc#1012382). - rdma/cma: Avoid triggering undefined behavior (bnc#1012382). - rdma/i40iw: Remove MSS change support (bsc#1024376 FATE#321249). - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382). - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382). - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382). - regulator: core: Rely on regulator_dev_release to free constraints (bsc#1074847). - regulator: da9063: Return an error code on probe failure (bsc#1074847). - regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847). - regulator: Try to resolve regulators supplies on registration (bsc#1074847). - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" (bnc#1012382). - Revert "drm/armada: Fix compile fail" (bnc#1012382). - Revert "kaiser: vmstat show NR_KAISERTABLE as nr_overhead" (kabi). - Revert "lib/genalloc.c: make the avail variable an atomic_long_t" (kabi). - Revert "module: Add retpoline tag to VERMAGIC" (bnc#1012382 kabi). - Revert "module: Add retpoline tag to VERMAGIC" (kabi). - Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()" (bnc#1012382). - Revert "s390/kbuild: enable modversions for symbols exported from asm" (bnc#1012382). - Revert "sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks" (kabi). - Revert "scsi: libsas: align sata_device's rps_resp on a cacheline" (kabi). - Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" (bnc#1012382). - Revert "userfaultfd: selftest: vm: allow to build in vm/ directory" (bnc#1012382). - Revert "x86/efi: Build our own page table structures" (bnc#1012382). - Revert "x86/efi: Hoist page table switching code into efi_call_virt()" (bnc#1012382). - Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers" (bnc#1012382). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087). - ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382). - route: also update fnhe_genid when updating a route cache (bnc#1012382). - route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382). - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592). - rtc: pcf8563: fix output clock rate (bnc#1012382). - rtc: pl031: make interrupt optional (bnc#1012382). - rtc: set the alarm to the next expiring timer (bnc#1012382). - s390: always save and restore all registers on context switch (bnc#1012382). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390: fix compat system call table (bnc#1012382). - s390/pci: do not require AIS facility (bnc#1012382). - s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382 bnc#1053472). - s390/runtime instrumentation: simplify task exit handling (bnc#1012382). - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382). - sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382). - sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382). - sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382). - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382). - sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes). - scsi: bfa: integer overflow in debugfs (bnc#1012382). - scsi: cxgb4i: fix Tx skb leak (bnc#1012382). - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138). - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382). - scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382). - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382). - scsi: lpfc: Use after free in lpfc_rq_buf_free() (bsc#1037838). - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382). - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382). - scsi: sd: change manage_start_stop to bool in sysfs interface (bnc#1012382). - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382). - scsi: sr: wait for the medium to become ready (bsc#1048585). - sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382). - sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382). - sctp: Replace use of sockets_allocated with specified macro (bnc#1012382). - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (bnc#1012382). - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382). - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382). - selftests/x86: Add test_vsyscall (bnc#1012382). - selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382). - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382). - series.conf: move core networking (including netfilter) into sorted section - series.conf: whitespace cleanup - Set supported_modules_check 1 (bsc#1072163). - sfc: do not warn on successful change of MAC (bnc#1012382). - sh_eth: fix SH7757 GEther initialization (bnc#1012382). - sh_eth: fix TSU resource handling (bnc#1012382). - sit: update frag_off info (bnc#1012382). - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382). - sparc64/mm: set fields in deferred pages (bnc#1012382). - spi_ks8995: fix "BUG: key accdaa28 not in .data!" (bnc#1012382). - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382). - spi: xilinx: Detect stall with Unknown commands (bnc#1012382). - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (bnc#1012382). - sunrpc: Fix rpc_task_begin trace point (bnc#1012382). - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - sysrq : fix Show Regs call trace on ARM (bnc#1012382). - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK (bnc#1012382). - target/file: Do not return error for UNMAP if length is zero (bnc#1012382). - target: fix ALUA transition timeout handling (bnc#1012382). - target:fix condition return in core_pr_dump_initiator_port() (bnc#1012382). - target: fix race during implicit transition work flushes (bnc#1012382). - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() (bnc#1012382). - target: Use system workqueue for ALUA transitions (bnc#1012382). - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382). - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382). - tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382). - tcp: __tcp_hdrlen() helper (bnc#1012382). - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382). - thermal: hisilicon: Handle return value of clk_prepare_enable (bnc#1012382). - tipc: fix cleanup at module unload (bnc#1012382). - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382). - tipc: improve link resiliency when rps is activated (bsc#1068038). - tracing: Allocate mask_str buffer dynamically (bnc#1012382). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012382). - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382). - tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382). - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382). - tty fix oops when rmmod 8250 (bnc#1012382). - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382). - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382). - udf: Avoid overflow when session starts at large offset (bnc#1012382). - um: link vmlinux with -no-pie (bnc#1012382). - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382). - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382). - usb: core: Add type-specific length check of BOS descriptors (bnc#1012382). - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382). - usb: devio: Prevent integer overflow in proc_do_submiturb() (bnc#1012382). - usb: Fix off by one in type-specific length check of BOS SSP capability (git-fixes). - usb: fix usbmon BUG trigger (bnc#1012382). - usb: gadget: configs: plug memory leak (bnc#1012382). - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping (bnc#1012382). - usb: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382). - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382). - usb: gadget: udc: remove pointer dereference after free (bnc#1012382). - usb: hub: Cycle HUB power when initialization fails (bnc#1012382). - usb: Increase usbfs transfer limit (bnc#1012382). - usbip: Fix implicit fallthrough warning (bnc#1012382). - usbip: Fix potential format overflow in userspace tools (bnc#1012382). - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382). - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (bnc#1012382). - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (bnc#1012382). - usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382). - usbip: prevent leaking socket pointer address in messages (bnc#1012382). - usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382). - usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382). - usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382). - usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382). - usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382). - usb: musb: da8xx: fix babble condition handling (bnc#1012382). - usb: phy: isp1301: Add OF device ID table (bnc#1012382). - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes). - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382). - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382). - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382). - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382). - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382). - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382). - usb: serial: option: add Quectel BG96 id (bnc#1012382). - usb: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382). - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382). - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bnc#1012382). - usb: usbfs: Filter flags passed in from user space (bnc#1012382). - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382). - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382). - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382). - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382). - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382). - virtio: release virtio index when fail to device_register (bnc#1012382). - vmxnet3: repair memory leak (bnc#1012382). - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382). - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382). - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382). - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq (bnc#1012382). - writeback: fix memory leak in wb_queue_work() (bnc#1012382). - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078). - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (bnc#1012382). - x86/alternatives: Fix optimize_nops() checking (bnc#1012382). - x86/apic/vector: Fix off by one in error path (bnc#1012382). - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025). - x86/cpu: Rename "WESTMERE2" family to "NEHALEM_G" (bsc#985025). - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382). - x86/Documentation: Add PTI description (bnc#1012382). - x86/efi: Build our own page table structures (fate#320512). - x86/efi: Hoist page table switching code into efi_call_virt() (fate#320512). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bnc#1012382). - x86/hpet: Prevent might sleep splat on resume (bnc#1012382). - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382). - x86/kasan: Write protect kasan zero shadow (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382). - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382). - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (git-fixes). - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (fate#320588). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382). - x86/pti: Document fix wrong index (bnc#1012382). - x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382). - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (bnc#1012382). - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() (bnc#1012382). - xen-netfront: Improve error handling during initialization (bnc#1012382). - xfrm: Copy policy family in clone_policy (bnc#1012382). - xfs: add configurable error support to metadata buffers (bsc#1068569). - xfs: add configuration handlers for specific errors (bsc#1068569). - xfs: add configuration of error failure speed (bsc#1068569). - xfs: add "fail at unmount" error handling configuration (bsc#1068569). - xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569). - xfs: address kabi for xfs buffer retry infrastructure (kabi). - xfs: configurable error behavior via sysfs (bsc#1068569). - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real (bnc#1012382). - xfs: fix log block underflow during recovery cycle verification (bnc#1012382). - xfs: fix up inode32/64 (re)mount handling (bsc#1069160). - xfs: introduce metadata IO error class (bsc#1068569). - xfs: introduce table-based init for error behaviors (bsc#1068569). - xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569). - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787). - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1077513). - xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382). - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (bnc#1012382). - xhci: plat: Register shutdown for xhci_plat (bnc#1012382). - zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1015342 SUSE bug 1015343 SUSE bug 1019784 SUSE bug 1022595 SUSE bug 1022912 SUSE bug 1024296 SUSE bug 1024376 SUSE bug 1031492 SUSE bug 1031717 SUSE bug 1037838 SUSE bug 1038078 SUSE bug 1038085 SUSE bug 1040182 SUSE bug 1043652 SUSE bug 1048325 SUSE bug 1048585 SUSE bug 1053472 SUSE bug 1060279 SUSE bug 1062129 SUSE bug 1066163 SUSE bug 1066223 SUSE bug 1068032 SUSE bug 1068038 SUSE bug 1068569 SUSE bug 1068984 SUSE bug 1069138 SUSE bug 1069160 SUSE bug 1070052 SUSE bug 1070799 SUSE bug 1072163 SUSE bug 1072484 SUSE bug 1073229 SUSE bug 1073230 SUSE bug 1073928 SUSE bug 1074134 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1074709 SUSE bug 1074839 SUSE bug 1074847 SUSE bug 1075066 SUSE bug 1075078 SUSE bug 1075087 SUSE bug 1075091 SUSE bug 1075397 SUSE bug 1075428 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075627 SUSE bug 1075811 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076110 SUSE bug 1076187 SUSE bug 1076232 SUSE bug 1076805 SUSE bug 1076847 SUSE bug 1076872 SUSE bug 1076899 SUSE bug 1077068 SUSE bug 1077513 SUSE bug 1077560 SUSE bug 1077592 SUSE bug 1077704 SUSE bug 1077779 SUSE bug 1077871 SUSE bug 1078002 SUSE bug 1078681 SUSE bug 1078787 SUSE bug 1079038 SUSE bug 1079195 SUSE bug 963844 SUSE bug 966170 SUSE bug 966172 SUSE bug 969476 SUSE bug 969477 SUSE bug 973818 SUSE bug 985025 CVE-2017-15129 CVE-2017-17712 CVE-2017-17862 CVE-2017-17864 CVE-2017-18017 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 openSUSE Leap 42.3 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-18849: Fixed an out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin (bsc#1114423). - CVE-2018-18883: Fixed a NULL pointer dereference that could have been triggered by nested VT-x that where not properly restricted (XSA-278)(bsc#1114405). - CVE-2018-19965: Fixed denial of service issue from attempting to use INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040). Non-security issues fixed: - Added upstream bug fixes (bsc#1027519). This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1108940 SUSE bug 1114405 SUSE bug 1114423 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 CVE-2018-18849 CVE-2018-18883 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 openSUSE Leap 42.3 This update for libxml2 fixes three security issues: - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1077993 SUSE bug 1078806 SUSE bug 1078813 CVE-2016-5131 CVE-2017-15412 CVE-2017-5130 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.165-81.1 to receive various bugfixes. The following non-security bugs were fixed: - 9p locks: fix glock.client_id leak in do_lock (bnc#1012382). - 9p: clear dangling pointers in p9stat_free (bnc#1012382). - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bnc#1012382). - ACPI / platform: Add SMB0001 HID to forbidden_id_list (bnc#1012382). - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bnc#1012382). - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bnc#1012382). - ALSA: hda: Check the non-cached stream buffers more explicitly (bnc#1012382). - ALSA: timer: Fix zero-division by continue of uninitialized instance (bnc#1012382). - ARM64: PCI: ACPI support for legacy IRQs parsing and consolidation with DT code (bsc#985031). - ARM: 8799/1: mm: fix pci_ioremap_io() offset check (bnc#1012382). - ARM: dts: apq8064: add ahci ports-implemented mask (bnc#1012382). - ARM: dts: imx53-qsb: disable 1.2GHz OPP (bnc#1012382). - ASoC: ak4613: Enable cache usage to fix crashes on resume (bnc#1012382). - ASoC: spear: fix error return code in spdif_in_probe() (bnc#1012382). - ASoC: wm8940: Enable cache usage to fix crashes on resume (bnc#1012382). - Bluetooth: SMP: fix crash in unpairing (bnc#1012382). - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bnc#1012382). - Btrfs: fix data corruption due to cloning of eof block (bnc#1012382). - Btrfs: fix null pointer dereference on compressed write path error (bnc#1012382). - Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bnc#1012382). - CIFS: handle guest access errors to Windows shares (bnc#1012382). - Cramfs: fix abad comparison when wrap-arounds occur (bnc#1012382). - Fix kABI for "Ensure we commit after writeback is complete" (bsc#1111809). - HID: hiddev: fix potential Spectre v1 (bnc#1012382). - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bnc#1012382). - IB/ucm: Fix Spectre v1 vulnerability (bnc#1012382). - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bnc#1012382). - KEYS: put keyring if install_session_keyring_to_cred() fails (bnc#1012382). - KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240). - MD: fix invalid stored role for a disk (bnc#1012382). - MD: fix invalid stored role for a disk - try2 (bnc#1012382). - MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression (bnc#1012382). - MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue (bnc#1012382). - MIPS: Handle non word sized instructions when examining frame (bnc#1012382). - MIPS: Loongson-3: Fix BRIDGE irq delivery problem (bnc#1012382). - MIPS: Loongson-3: Fix CPU UART irq delivery problem (bnc#1012382). - MIPS: OCTEON: fix out of bounds array access on CN68XX (bnc#1012382). - MIPS: kexec: Mark CPU offline before disabling local IRQ (bnc#1012382). - MIPS: microMIPS: Fix decoding of swsp16 instruction (bnc#1012382). - NFS: Ensure we commit after writeback is complete (bsc#1111809). - NFSv4.1: Fix the r/wsize checking (bnc#1012382). - PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1109806). - PCI/ASPM: Fix link_state teardown on device removal (bsc#1109806). - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk (bnc#1012382). - PCI: vmd: Detach resources after stopping root bus (bsc#1106105). - PM / devfreq: tegra: fix error return code in tegra_devfreq_probe() (bnc#1012382). - Provide a temporary fix for STIBP on-by-default See bsc#1116497 for details. - RDMA/ucma: Fix Spectre v1 vulnerability (bnc#1012382). - Reorder a few commits in kGraft out of tree section - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" (bnc#1012382). - Revert "ceph: fix dentry leak in splice_dentry()" (bsc#1114839). - Revert "media: v4l: event: Add subscription to list before calling "add" operation" (kabi). - Revert "media: videobuf2-core: do not call memop 'finish' when queueing" (bnc#1012382). - Revert "x86/kconfig: Fall back to ticket spinlocks" (kabi). - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() (bnc#1012382). - TC: Set DMA masks for devices (bnc#1012382). - USB: fix the usbfs flag sanitization for control transfers (bnc#1012382). - USB: misc: appledisplay: add 20" Apple Cinema Display (bnc#1012382). - USB: quirks: Add no-lpm quirk for Raydium touchscreens (bnc#1012382). - af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers (bnc#1012382). - ahci: do not ignore result code of ahci_reset_controller() (bnc#1012382). - amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105). - arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 (bnc#1012382). - arm64: Disable asm-operand-width warning for clang (bnc#1012382). - arm64: dts: stratix10: Correct System Manager register size (bnc#1012382). - arm64: hardcode rodata_enabled=true earlier in the series (bsc#1114763). - arm64: percpu: Initialize ret in the default case (bnc#1012382). - arm: fix mis-applied iommu identity check (bsc#1116924). - asix: Check for supported Wake-on-LAN modes (bnc#1012382). - ataflop: fix error handling during setup (bnc#1012382). - ath10k: schedule hardware restart if WMI command times out (bnc#1012382). - ax88179_178a: Check for supported Wake-on-LAN modes (bnc#1012382). - bcache: fix miss key refill->end in writeback (bnc#1012382). - binfmt_elf: fix calculations for bss padding (bnc#1012382). - bitops: protect variables in bit_clear_unless() macro (bsc#1116285). - block: fix inheriting request priority from bio (bsc#1116924). - block: respect virtual boundary mask in bvecs (bsc#1113412). - bna: ethtool: Avoid reading past end of buffer (bnc#1012382). - bpf: generally move prog destruction to RCU deferral (bnc#1012382). - bridge: do not add port to router list when receives query with source 0.0.0.0 (bnc#1012382). - btrfs: Handle owner mismatch gracefully when walking up tree (bnc#1012382). - btrfs: do not attempt to trim devices that do not support it (bnc#1012382). - btrfs: fix backport error in submit_stripe_bio (bsc#1114763). - btrfs: fix pinned underflow after transaction aborted (bnc#1012382). - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list (bnc#1012382). - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock (bnc#1012382). - btrfs: make sure we create all new block groups (bnc#1012382). - btrfs: qgroup: Dirty all qgroups before rescan (bnc#1012382). - btrfs: reset max_extent_size on clear in a bitmap (bnc#1012382). - btrfs: set max_extent_size properly (bnc#1012382). - btrfs: wait on caching when putting the bg cache (bnc#1012382). - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bnc#1012382). - cdc-acm: correct counting of UART states in serial state notification (bnc#1012382). - ceph: call setattr_prepare from ceph_setattr instead of inode_change_ok (bsc#1114763). - ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839). - ceph: quota: fix null pointer dereference in quota check (bsc#1114839). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bnc#1012382). - clk: s2mps11: Add used attribute to s2mps11_dt_match (git-fixes). - clk: s2mps11: Fix matching when built as module and DT node contains compatible (bnc#1012382). - clk: samsung: exynos5420: Enable PERIS clocks for suspend (bnc#1012382). - clockevents/drivers/i8253: Add support for PIT shutdown quirk (bnc#1012382). - configfs: replace strncpy with memcpy (bnc#1012382). - cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE (bnc#1012382). - crypto, x86: aesni - fix token pasting for clang (bnc#1012382). - crypto: arm64/sha - avoid non-standard inline asm tricks (bnc#1012382). - crypto: lrw - Fix out-of bounds access on counter overflow (bnc#1012382). - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned (bnc#1012382). - cxgb4: Add support for new flash parts (bsc#1102439). - cxgb4: Fix FW flash errors (bsc#1102439). - cxgb4: assume flash part size to be 4MB, if it can't be determined (bsc#1102439). - cxgb4: fix missing break in switch and indent return statements (bsc#1102439). - cxgb4: support new ISSI flash parts (bsc#1102439). - dm ioctl: harden copy_params()'s copy_from_user() from malicious users (bnc#1012382). - dm raid: stop using BUG() in __rdev_sectors() (bsc#1046264). - dmaengine: dma-jz4780: Return error if not probed from DT (bnc#1012382). - dpaa_eth: fix dpaa_get_stats64 to match prototype (bsc#1114763). - driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bnc#1012382). - drivers/misc/sgi-gru: fix Spectre v1 vulnerability (bnc#1012382). - drm/ast: Remove existing framebuffers before loading driver (boo#1112963) - drm/dp_mst: Check if primary mstb is null (bnc#1012382). - drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113766) - drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113766) - drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bnc#1012382). - drm/nouveau/fbcon: fix oops without fbdev emulation (bnc#1012382). - drm/omap: fix memory barrier bug in DMM driver (bnc#1012382). - drm/rockchip: Allow driver to be shutdown on reboot/kexec (bnc#1012382). - e1000: avoid null pointer dereference on invalid stat type (bnc#1012382). - e1000: fix race condition between e1000_down() and e1000_watchdog (bnc#1012382). - efi/libstub/arm64: Force 'hidden' visibility for section markers (bnc#1012382). - efi/libstub/arm64: Set -fpie when building the EFI stub (bnc#1012382). - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bnc#1012382). - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bnc#1012382). - ext4: add missing brelse() update_backups()'s error path (bnc#1012382). - ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bnc#1012382). - ext4: avoid possible double brelse() in add_new_gdb() on error path (bnc#1012382). - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bnc#1012382). - ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bnc#1012382). - ext4: fix buffer leak in __ext4_read_dirblock() on error path (bnc#1012382). - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bnc#1012382). - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bnc#1012382). - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bnc#1012382). - ext4: fix possible leak of sbi->s_group_desc_leak in error path (bnc#1012382). - ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bnc#1012382). - ext4: release bs.bh before re-using in ext4_xattr_block_find() (bnc#1012382). - fcoe: remove duplicate debugging message in fcoe_ctlr_vn_add (bsc#1114763). - flow_dissector: do not dissect l4 ports for fragments (bnc#1012382). - fs, elf: make sure to page align bss in load_elf_library (bnc#1012382). - fs/exofs: fix potential memory leak in mount option parsing (bnc#1012382). - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() (bnc#1012382). - fscache: fix race between enablement and dropping of object (bsc#1107385). - fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_read() (bnc#1012382). - fuse: Fix use-after-free in fuse_dev_do_write() (bnc#1012382). - fuse: fix blocked_waitq wakeup (bnc#1012382). - fuse: fix leaked notify reply (bnc#1012382). - fuse: set FR_SENT while locked (bnc#1012382). - genirq: Fix race on spurious interrupt detection (bnc#1012382). - gfs2: Put bitmap buffers in put_super (bnc#1012382). - gfs2_meta: ->mount() can get NULL dev_name (bnc#1012382). - gpio: msic: fix error return code in platform_msic_gpio_probe() (bnc#1012382). - gpu: host1x: fix error return code in host1x_probe() (bnc#1012382). - hfs: prevent btree data loss on root split (bnc#1012382). - hfsplus: prevent btree data loss on root split (bnc#1012382). - hugetlbfs: dirty pages as they are added to pagecache (bnc#1012382). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (bnc#1012382). - hwmon: (ibmpowernv) Remove bogus __init annotations (bnc#1012382). - hwmon: (pmbus) Fix page count auto-detection (bnc#1012382). - ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - ibmvnic: fix accelerated VLAN handling (). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ibmvnic: remove ndo_poll_controller (). - igb: Remove superfluous reset to PHY and page 0 selection (bnc#1012382). - iio: adc: at91: fix acking DRDY irq on simple conversions (bnc#1012382). - iio: adc: at91: fix wrong channel number in triggered buffer mode (bnc#1012382). - ima: fix showing large 'violations' or 'runtime_measurements_count' (bnc#1012382). - iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237). - iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105). - iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105). - iommu/vt-d: Use memunmap to free memremap (bsc#1106105). - ip_tunnel: do not force DF when MTU is locked (bnc#1012382). - ipmi: Fix timer race with module unload (bnc#1012382). - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (bnc#1012382). - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (bnc#1012382). - ipv6: mcast: fix a use-after-free in inet6_mc_check (bnc#1012382). - ipv6: orphan skbs in reassembly unit (bnc#1012382). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: suppress sparse warnings in IP6_ECN_set_ce() (bnc#1012382). - jbd2: fix use after free in jbd2_log_do_checkpoint() (bnc#1012382). - jffs2: free jffs2_sb_info through jffs2_kill_sb() (bnc#1012382). - kABI: protect struct azx (kabi). - kABI: protect struct cfs_bandwidth (kabi). - kABI: protect struct esp (kabi). - kABI: protect struct fuse_io_priv (kabi). - kabi: revert sig change on pnfs_read_resend_pnfs (git-fixes). - kbuild, LLVMLinux: Add -Werror to cc-option to support clang (bnc#1012382). - kbuild: Add __cc-option macro (bnc#1012382). - kbuild: Add better clang cross build support (bnc#1012382). - kbuild: Add support to generate LLVM assembly files (bnc#1012382). - kbuild: Consolidate header generation from ASM offset information (bnc#1012382). - kbuild: Set KBUILD_CFLAGS before incl. arch Makefile (bnc#1012382). - kbuild: allow to use GCC toolchain not in Clang search path (bnc#1012382). - kbuild: clang: Disable 'address-of-packed-member' warning (bnc#1012382). - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS (bnc#1012382). - kbuild: clang: disable unused variable warnings only when constant (bnc#1012382). - kbuild: clang: fix build failures with sparse check (bnc#1012382). - kbuild: clang: remove crufty HOSTCFLAGS (bnc#1012382). - kbuild: consolidate redundant sed script ASM offset generation (bnc#1012382). - kbuild: drop -Wno-unknown-warning-option from clang options (bnc#1012382). - kbuild: fix asm-offset generation to work with clang (bnc#1012382). - kbuild: fix kernel/bounds.c 'W=1' warning (bnc#1012382). - kbuild: fix linker feature test macros when cross compiling with Clang (bnc#1012382). - kbuild: move cc-option and cc-disable-warning after incl. arch Makefile (bnc#1012382). - kbuild: set no-integrated-as before incl. arch Makefile (bnc#1012382). - kbuild: use -Oz instead of -Os when using clang (bnc#1012382). - kernel-source.spec: Align source numbering. - kgdboc: Passing ekgdboc to command line causes panic (bnc#1012382). - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bnc#1012382). - lan78xx: Check for supported Wake-on-LAN modes (bnc#1012382). - lib/raid6: Fix arm64 test build (bnc#1012382). - libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839). - libfc: sync strings with upstream versions (bsc#1114763). - libnvdimm: Hold reference on parent while scheduling async init (bnc#1012382). - lockd: fix access beyond unterminated strings in prints (bnc#1012382). - locking/lockdep: Fix debug_locks off performance problem (bnc#1012382). - mac80211: Always report TX status (bnc#1012382). - mac80211_hwsim: do not omit multicast announce of first added radio (bnc#1012382). - mach64: fix display corruption on big endian machines (bnc#1012382). - mach64: fix image corruption due to reading accelerator registers (bnc#1012382). - media: em28xx: fix input name for Terratec AV 350 (bnc#1012382). - media: em28xx: make v4l2-compliance happier by starting sequence on zero (bnc#1012382). - media: em28xx: use a default format if TRY_FMT fails (bnc#1012382). - media: pci: cx23885: handle adding to list failure (bnc#1012382). - media: tvp5150: fix width alignment during set_selection() (bnc#1012382). - media: v4l: event: Add subscription to list before calling "add" operation (bnc#1012382). - misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data (bnc#1012382). - mm, elf: handle vm_brk error (bnc#1012382). - mm: do not bug_on on incorrect length in __mm_populate() (bnc#1012382). - mm: migration: fix migration of huge PMD shared pages (bnc#1012382). - mm: refuse wrapped vm_brk requests (bnc#1012382). - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (bnc#1012382). - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bnc#1012382). - modules: mark __inittest/__exittest as __maybe_unused (bnc#1012382). - mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bnc#1012382). - mount: Prevent MNT_DETACH from disconnecting locked mounts (bnc#1012382). - mount: Retest MNT_LOCKED in do_umount (bnc#1012382). - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bnc#1012382). - mtd: spi-nor: Add support for is25wp series chips (bnc#1012382). - net-gro: reset skb->pkt_type in napi_reuse_skb() (bnc#1012382). - net/af_iucv: drop inbound packets with invalid flags (bnc#1114475, LTC#172679). - net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114475, LTC#172679). - net/ibmnvic: Fix deadlock problem in reset (). - net/ipv4: defensive cipso option parsing (bnc#1012382). - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (bnc#1012382). - net: bridge: remove ipv6 zero address check in mcast queries (bnc#1012382). - net: cxgb3_main: fix a missing-check bug (bnc#1012382). - net: drop skb on failure in ip_check_defrag() (bnc#1012382). - net: drop write-only stack variable (bnc#1012382). - net: ena: Fix Kconfig dependency on X86 (bsc#1117562). - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1117562). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1117562). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1117562). - net: ena: complete host info to match latest ENA spec (bsc#1117562). - net: ena: enable Low Latency Queues (bsc#1117562). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1117562). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1117562). - net: ena: fix auto casting to boolean (bsc#1117562). - net: ena: fix compilation error in xtensa architecture (bsc#1117562). - net: ena: fix crash during failed resume from hibernation (bsc#1117562). - net: ena: fix indentations in ena_defs for better readability (bsc#1117562). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1117562). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1117562). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1117562). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1117562). - net: ena: minor performance improvement (bsc#1117562). - net: ena: remove ndo_poll_controller (bsc#1117562). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1117562). - net: ena: update driver version to 2.0.1 (bsc#1117562). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1117562). - net: ibm: fix return type of ndo_start_xmit function (). - net: qla3xxx: Remove overflowing shift statement (bnc#1012382). - net: sched: gred: pass the right attribute to gred_change_table_def() (bnc#1012382). - net: socket: fix a missing-check bug (bnc#1012382). - net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (bnc#1012382). - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() (bnc#1012382). - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net (bnc#1012382). - netfilter: xt_IDLETIMER: add sysfs filename checking routine (bnc#1012382). - new helper: uaccess_kernel() (bnc#1012382). - nfsd: Fix an Oops in free_session() (bnc#1012382). - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bnc#1012382). - pNFS/flexfiles: Fix up the ff_layout_write_pagelist failure path (git-fixes). - pNFS/flexfiles: When checking for available DSes, conditionally check for MDS io (git-fixes). - pNFS: Fix a deadlock between read resends and layoutreturn (git-fixes). - parisc: Fix address in HPMC IVA (bnc#1012382). - parisc: Fix map_pages() to not overwrite existing pte entries (bnc#1012382). - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bnc#1012382). - perf tools: Cleanup trace-event-info 'tdata' leak (bnc#1012382). - perf tools: Disable parallelism for 'make clean' (bnc#1012382). - perf tools: Free temporary 'sys' string in read_event_files() (bnc#1012382). - perf/core: Do not leak event in the syscall error path (bnc#1012382). - perf/ring_buffer: Prevent concurent ring buffer access (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix drive strength setting (bnc#1012382). - pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bnc#1012382). - pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bnc#1012382). - pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bnc#1012382). - platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bnc#1012382). - pnfs: set NFS_IOHDR_REDO in pnfs_read_resend_pnfs (git-fixes). - powerpc/boot: Ensure _zimage_start is a weak symbol (bnc#1012382). - powerpc/msi: Fix compile error on mpc83xx (bnc#1012382). - powerpc/nohash: fix undefined behaviour when testing page size support (bnc#1012382). - powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1066223). - powerpc/powernv: Do not select the cpufreq governors (bsc#1066223). - powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1066223). - powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709). - powerpc/pseries: Fix DTL buffer registration (bsc#1066223). - powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1066223). - printk: Fix panic caused by passing log_buf_len to command line (bnc#1012382). - ptp: fix Spectre v1 vulnerability (bnc#1012382). - pxa168fb: prepare the clock (bnc#1012382). - r8152: Check for supported Wake-on-LAN Modes (bnc#1012382). - r8169: fix NAPI handling under high load (bnc#1012382). - reiserfs: propagate errors from fill_with_dentries() properly (bnc#1012382). - rpcrdma: Add RPCRDMA_HDRLEN_ERR (git-fixes). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - rtc: hctosys: Add missing range error reporting (bnc#1012382). - rtnetlink: Disallow FDB configuration for non-Ethernet device (bnc#1012382). - s390/mm: Fix ERROR: "__node_distance" undefined! (bnc#1012382). - s390/qeth: fix HiperSockets sniffer (bnc#1114475, LTC#172953). - s390/vdso: add missing FORCE to build targets (bnc#1012382). - s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114475, LTC#172682). - s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1114475, LTC#172682). - sc16is7xx: Fix for multi-channel stall (bnc#1012382). - sch_red: update backlog as well (bnc#1012382). - sched/cgroup: Fix cgroup entity load tracking tear-down (bnc#1012382). - sched/fair: Fix throttle_list starvation with low CFS quota (bnc#1012382). - scsi: aacraid: Fix typo in blink status (bnc#1012382). - scsi: core: Allow state transitions from OFFLINE to BLOCKED (bsc#1112246). - scsi: esp_scsi: Track residual for PIO transfers (bnc#1012382). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - scsi: libfc: retry PRLI if we cannot analyse the payload (bsc#1104731). - scsi: lpfc: Correct soft lockup when running mds diagnostics (bnc#1012382). - scsi: megaraid_sas: fix a missing-check bug (bnc#1012382). - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure (bsc#1094973). - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (bnc#1012382). - scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure (bsc#1094973). - sctp: fix race on sctp_id2asoc (bnc#1012382). - selftests: ftrace: Add synthetic event syntax testcase (bnc#1012382). - ser_gigaset: use container_of() instead of detour (bnc#1012382). - signal/GenWQE: Fix sending of SIGKILL (bnc#1012382). - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init (bnc#1012382). - smb3: allow stats which track session and share reconnects to be reset (bnc#1012382). - smb3: do not attempt cifs operation in smb3 query info error path (bnc#1012382). - smb3: on kerberos mount if server does not specify auth type use krb5 (bnc#1012382). - smsc75xx: Check for Wake-on-LAN modes (bnc#1012382). - smsc95xx: Check for Wake-on-LAN modes (bnc#1012382). - soc/tegra: pmc: Fix child-node lookup (bnc#1012382). - sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata (bnc#1012382). - sparc64 mm: Fix more TSB sizing issues (bnc#1012382). - sparc64: Fix exception handling in UltraSPARC-III memcpy (bnc#1012382). - sparc: Fix single-pcr perf event counter management (bnc#1012382). - spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe() (bnc#1012382). - spi/bcm63xx: fix error return code in bcm63xx_spi_probe() (bnc#1012382). - spi: xlp: fix error return code in xlp_spi_probe() (bnc#1012382). - sr9800: Check for supported Wake-on-LAN modes (bnc#1012382). - sunrpc: correct the computation for page_ptr when truncating (bnc#1012382). - svcrdma: Remove unused variable in rdma_copy_tail() (git-fixes). - swim: fix cleanup on setup error (bnc#1012382). - termios, tty/tty_baudrate.c: fix buffer overrun (bnc#1012382). - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (bnc#1012382). - thermal: allow spear-thermal driver to be a module (bnc#1012382). - thermal: allow u8500-thermal driver to be a module (bnc#1012382). - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bnc#1012382). - tracing: Skip more functions when doing stack tracing of events (bnc#1012382). - tty: check name length in tty_find_polling_driver() (bnc#1012382). - tty: serial: sprd: fix error return code in sprd_probe() (bnc#1012382). - tun: Consistently configure generic netdev params via rtnetlink (bnc#1012382). - uio: Fix an Oops on load (bnc#1012382). - uio: ensure class is registered before devices (bnc#1012382). - uio: make symbol 'uio_class_registered' static (git-fixes). - um: Avoid longjmp/setjmp symbol clashes with libpthread.a (bnc#1012382). - um: Give start_idle_thread() a return code (bnc#1012382). - usb-storage: fix bogus hardware error messages for ATA pass-thru devices (bnc#1012382). - usb: cdc-acm: add entry for Hiro (Conexant) modem (bnc#1012382). - usb: chipidea: Prevent unbalanced IRQ disable (bnc#1012382). - usb: dwc3: omap: fix error return code in dwc3_omap_probe() (bnc#1012382). - usb: ehci-omap: fix error return code in ehci_hcd_omap_probe() (bnc#1012382). - usb: gadget: storage: Fix Spectre v1 vulnerability (bnc#1012382). - usb: imx21-hcd: fix error return code in imx21_probe() (bnc#1012382). - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bnc#1012382). - vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bnc#1012382). - vhost: Fix Spectre V1 vulnerability (bnc#1012382). - video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe() (bnc#1012382). - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382). - w1: omap-hdq: fix missing bus unregister at removal (bnc#1012382). - x86/boot: #undef memcpy() et al in string.c (bnc#1012382). - x86/build: Fix stack alignment for CLang (bnc#1012382). - x86/build: Specify stack alignment for clang (bnc#1012382). - x86/build: Use __cc-option for boot code compiler options (bnc#1012382). - x86/build: Use cc-option to validate stack alignment parameter (bnc#1012382). - x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bnc#1012382). - x86/kbuild: Use cc-option to enable -falign-{jumps/loops} (bnc#1012382). - x86/kconfig: Fall back to ticket spinlocks (bnc#1012382). - x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility (bnc#1012382). - x86/mm/pat: Prevent hang during boot when mapping pages (bnc#1012382). - x86: boot: Fix EFI stub alignment (bnc#1012382). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1012382). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen: fix race in xen_qlock_wait() (bnc#1012382). - xen: fix xen_qlock_wait() (bnc#1012382). - xen: make xen_qlock_wait() nestable (bnc#1012382). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382). - xfrm: Clear sk_dst_cache when applying per-socket policy (bnc#1012382). - xfrm: Validate address prefix lengths in the xfrm selector (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfrm: validate template mode (bnc#1012382). - xfs/dmapi: restore event in xfs_getbmap (bsc#1114763). - xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes). - xprtrdma: Disable RPC/RDMA backchannel debugging messages (git-fixes). - xprtrdma: Disable pad optimization by default (git-fixes). - xprtrdma: Fix Read chunk padding (git-fixes). - xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock) (git-fixes). - xprtrdma: Fix backchannel allocation of extra rpcrdma_reps (git-fixes). - xprtrdma: Fix receive buffer accounting (git-fixes). - xprtrdma: Serialize credit accounting again (git-fixes). - xprtrdma: checking for NULL instead of IS_ERR() (git-fixes). - xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len (git-fixes). - xprtrdma: xprt_rdma_free() must not release backchannel reqs (git-fixes). - xtensa: add NOTES section to the linker script (bnc#1012382). - xtensa: fix boot parameters address translation (bnc#1012382). - xtensa: make sure bFLT stack is 16 byte aligned (bnc#1012382). - zram: close udev startup race condition as default groups (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1027457 SUSE bug 1042286 SUSE bug 1046264 SUSE bug 1066223 SUSE bug 1094973 SUSE bug 1102439 SUSE bug 1103624 SUSE bug 1104731 SUSE bug 1106105 SUSE bug 1106237 SUSE bug 1106240 SUSE bug 1107385 SUSE bug 1108145 SUSE bug 1109330 SUSE bug 1109806 SUSE bug 1111062 SUSE bug 1111809 SUSE bug 1112246 SUSE bug 1112963 SUSE bug 1113412 SUSE bug 1113766 SUSE bug 1114190 SUSE bug 1114475 SUSE bug 1114763 SUSE bug 1114839 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1115709 SUSE bug 1116285 SUSE bug 1116497 SUSE bug 1116924 SUSE bug 1116950 SUSE bug 1117562 SUSE bug 985031 openSUSE Leap 42.3 This update for jhead fixes the following issues: - CVE-2018-6612: Fixed a heap-based buffer over-read (boo#1079349 CVE-2018-6612) Moderate SUSE bug 1079349 CVE-2018-6612 openSUSE Leap 42.3 This update for cups fixes the following security issue: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1115750 CVE-2018-4700 openSUSE Leap 42.3 This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117274 SUSE bug 1117313 SUSE bug 1117327 SUSE bug 1117331 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 openSUSE Leap 42.3 This update to Chromium 71.0.3578.98 fixes the following issues: Security issues fixed (boo#1118529): - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium - CVE-2018-18337: Use after free in Blink - CVE-2018-18338: Heap buffer overflow in Canvas - CVE-2018-18339: Use after free in WebAudio - CVE-2018-18340: Use after free in MediaRecorder - CVE-2018-18341: Heap buffer overflow in Blink - CVE-2018-18342: Out of bounds write in V8 - CVE-2018-18343: Use after free in Skia - CVE-2018-18344: Inappropriate implementation in Extensions - Multiple issues in SQLite via WebSQL - CVE-2018-18345: Inappropriate implementation in Site Isolation - CVE-2018-18346: Incorrect security UI in Blink - CVE-2018-18347: Inappropriate implementation in Navigation - CVE-2018-18348: Inappropriate implementation in Omnibox - CVE-2018-18349: Insufficient policy enforcement in Blink - CVE-2018-18350: Insufficient policy enforcement in Blink - CVE-2018-18351: Insufficient policy enforcement in Navigation - CVE-2018-18352: Inappropriate implementation in Media - CVE-2018-18353: Inappropriate implementation in Network Authentication - CVE-2018-18354: Insufficient data validation in Shell Integration - CVE-2018-18355: Insufficient policy enforcement in URL Formatter - CVE-2018-18356: Use after free in Skia - CVE-2018-18357: Insufficient policy enforcement in URL Formatter - CVE-2018-18358: Insufficient policy enforcement in Proxy - CVE-2018-18359: Out of bounds read in V8 - Inappropriate implementation in PDFium - Use after free in Extensions - Inappropriate implementation in Navigation - Insufficient policy enforcement in Navigation - Insufficient policy enforcement in URL Formatter - Various fixes from internal audits, fuzzing and other initiatives - CVE-2018-17481: Use after free in PDFium (boo#1119364) The following changes are included: - advertisements posing as error messages are now blocked - Automatic playing of content at page load mostly disabled - New JavaScript API for relative time display Important SUSE bug 1118529 SUSE bug 1119364 CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-18350 CVE-2018-18351 CVE-2018-18352 CVE-2018-18353 CVE-2018-18354 CVE-2018-18355 CVE-2018-18356 CVE-2018-18357 CVE-2018-18358 CVE-2018-18359 openSUSE Leap 42.3 This update for freetype2 fixes the following security issues: - CVE-2016-10244: Make sure that the parse_charstrings function in type1/t1load.c does ensure that a font contains a glyph name to prevent a DoS through a heap-based buffer over-read or possibly have unspecified other impact via a crafted file (bsc#1028103) - CVE-2017-8105: Fix an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) - Fix several integer overflow issues in truetype/ttinterp.c (bsc#1079600) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1028103 SUSE bug 1035807 SUSE bug 1036457 SUSE bug 1079600 CVE-2016-10244 CVE-2017-7864 CVE-2017-8105 CVE-2017-8287 openSUSE Leap 42.3 This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit (bsc#1104467). - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding (bsc#1104467). - CVE-2018-17204:When decoding a group mod, it validated the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tried to use the type and command earlier, when it might still be invalid. This caused an assertion failure (via OVS_NOT_REACHED) (bsc#1104467). These non-security issues were fixed: - ofproto/bond: Fix bond reconfiguration race condition. - ofproto/bond: Fix bond post recirc rule leak. - ofproto/bond: fix interal flow leak of tcp-balance bond - systemd: Restart openvswitch service if a daemon crashes - conntrack: Fix checks for TCP, UDP, and IPv6 header sizes. - ofp-actions: Fix translation of set_field for nw_ecn - netdev-dpdk: Fix mempool segfault. - ofproto-dpif-upcall: Fix flow setup/delete race. - learn: Fix memory leak in learn_parse_sepc() - netdev-dpdk: fix mempool_configure error state - vswitchd: Add --cleanup option to the 'appctl exit' command - ofp-parse: Fix memory leak on error path in parse_ofp_group_mod_file(). - actions: Fix memory leak on error path in parse_ct_lb_action(). - dpif-netdev: Fix use-after-free error in reconfigure_datapath(). - bridge: Fix memory leak in bridge_aa_update_trunks(). - dpif-netlink: Fix multiple-free and fd leak on error path. - ofp-print: Avoid array overread in print_table_instruction_features(). - flow: Fix buffer overread in flow_hash_symmetric_l3l4(). - systemd: start vswitchd after udev - ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod(). - ovsdb-types: Fix memory leak on error path. - tnl-ports: Fix loss of tunneling upon removal of a single tunnel port. - netdev: check for NULL fields in netdev_get_addrs - netdev-dpdk: vhost get stats fix. - netdev-dpdk: use 64-bit arithmetic when converting rates. - ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). - ofp-util: Fix memory leaks when parsing OF1.5 group properties. - ofp-actions: Fix buffer overread in decode_LEARN_specs(). - flow: Fix buffer overread for crafted IPv6 packets. - ofp-actions: Properly interpret "output:in_port". - ovs-ofctl: Avoid read overrun in ofperr_decode_msg(). - odp-util: Avoid misaligned references to ip6_hdr. - ofproto-dpif-upcall: Fix action attr iteration. - ofproto-dpif-upcall: Fix key attr iteration. - netdev-dpdk: vhost get stats fix. - netdev-dpdk: use 64-bit arithmetic when converting rates. - ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). - ofp-util: Fix memory leaks when parsing OF1.5 group properties. - odp-util: Fix buffer overread in parsing string form of ODP flows. - ovs-vsctl: Fix segfault when attempting to del-port from parent bridge. This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1104467 CVE-2018-17204 CVE-2018-17205 CVE-2018-17206 openSUSE Leap 42.3 This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Non-security issues fixed: - Improving disk performance for qemu on xen (bsc#1100408) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1100408 SUSE bug 1106222 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1114422 CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 openSUSE Leap 42.3 This update for pdns-recursor fixes the following issues: Security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). Moderate SUSE bug 1114157 SUSE bug 1114169 SUSE bug 1114170 CVE-2018-10851 CVE-2018-14626 CVE-2018-14644 openSUSE Leap 42.3 This update for ghostscript fixes several security issues: - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879). - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643). - CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1032230). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891). - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889). - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888). - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887). - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184). - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1032138 SUSE bug 1032230 SUSE bug 1040643 SUSE bug 1050879 SUSE bug 1050887 SUSE bug 1050888 SUSE bug 1050889 SUSE bug 1050891 SUSE bug 1051184 CVE-2016-10219 CVE-2016-10317 CVE-2017-11714 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 openSUSE Leap 42.3 This update for salt fixes the following issues: - Crontab module fix: file attributes option missing (boo#1114824) - Fix git_pillar merging across multiple __env__ repositories (boo#1112874) - Bugfix: unable to detect os arch when RPM is not installed (boo#1114197) - Fix LDAP authentication issue when a valid token is generated by the salt-api even when invalid user credentials are passed. (U#48901) - Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations. (boo#1113784) - Fix remote command execution and incorrect access control when using salt-api. (boo#1113699) (CVE-2018-15751) - Fix Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events. (boo#1113698) (CVE-2018-15750) - Add multi-file support and globbing to the filetree (U#50018) - Bugfix: supportconfig non-root permission issues (U#50095) - Open profiles permissions to everyone for read-only - Preserving signature in "module.run" state (U#50049) - Install default salt-support profiles - Remove unit test, came from a wrong branch. Fix merging failure. - Add CPE_NAME for osversion* grain parsing - Get os_family for RPM distros from the RPM macros - Install support profiles - Fix async call to process manager (boo#1110938) - Salt-based supportconfig implementation (technology preview) - Bugfix: any unicode string of length 16 will raise TypeError - Fix IPv6 scope (boo#1108557) - Handle zypper ZYPPER_EXIT_NO_REPOS exit code (boo#1108834, boo#1109893) - Bugfix for pkg_resources crash (boo#1104491) - Fix loosen azure sdk dependencies in azurearm cloud driver (boo#1107333) - Fix broken "resolve_capabilities" on Python 3 (boo#1108995) Moderate SUSE bug 1104491 SUSE bug 1107333 SUSE bug 1108557 SUSE bug 1108834 SUSE bug 1108995 SUSE bug 1109893 SUSE bug 1110938 SUSE bug 1112874 SUSE bug 1113698 SUSE bug 1113699 SUSE bug 1113784 SUSE bug 1114197 SUSE bug 1114824 CVE-2018-15750 CVE-2018-15751 openSUSE Leap 42.3 This update for leptonica fixes the following issues: - CVE-2018-3836: Fixes a command injection vulnerability (boo#1079358 TALOS-2018-0516) Important SUSE bug 1079358 CVE-2018-3836 openSUSE Leap 42.3 This update for tryton to version 4.2.19 fixes the following issues (boo#1107771): Security issue fixed: - CVE-2018-19443: Fixed an information leakage by attemping to initiate an unencrypted connection, which would fail eventually, but might leak session information of the user (boo#1117105) This update also contains newer versions of tryton related packages with general bug fixes and updates: - trytond 4.2.17 - trytond_account 4.2.10 - trytond_account_invoice 4.2.7 - trytond_currency 4.2.2 - trytond_purchase 4.2.6 - trytond_purchase_request 4.2.4 - trytond_stock 4.2.8 - trytond_stock_supply 4.2.3 Moderate SUSE bug 1107771 SUSE bug 1117105 CVE-2018-19443 openSUSE Leap 42.3 This update for tcpdump fixes the following security issue: - CVE-2018-19519: Fixed a stack-based buffer over-read in the print_prefix function (bsc#1117267) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1117267 CVE-2018-19519 openSUSE Leap 42.3 This update for ipsec-tools fixes one issue. This security issue was fixed: - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order (bsc#1047443). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047443 CVE-2016-10396 openSUSE Leap 42.3 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-3613: Fixed AuthVariable Timestamp zeroing issue on APPEND_WRITE (bsc#1115916). - CVE-2017-5731: Fixed privilege escalation via processing of malformed files in TianoCompress.c (bsc#1115917). - CVE-2017-5732: Fixed privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (bsc#1115917). - CVE-2017-5733: Fixed privilege escalation via heap-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5734: Fixed privilege escalation via stack-based buffer overflow in MakeTable() function (bsc#1115917). - CVE-2017-5735: Fixed privilege escalation via heap-based buffer overflow in Decode() function (bsc#1115917). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1115916 SUSE bug 1115917 CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 openSUSE Leap 42.3 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1118595 SUSE bug 1118596 CVE-2018-15518 CVE-2018-19873 openSUSE Leap 42.3 This update for go1.10 fixes the following issues: Security vulnerabilities fixed: - CVE-2018-16873 (bsc#1118897): cmd/go: remote command execution during "go get -u". - CVE-2018-16874 (bsc#1118898): cmd/go: directory traversal in "go get" via curly braces in import paths - CVE-2018-16875 (bsc#1118899): crypto/x509: CPU denial of service Other issues fixed: - Fix build error with PIE linker flags on ppc64le. (bsc#1113978, bsc#1098017) - Review dependencies (requires, recommends and supports) (bsc#1082409) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing "..." (bsc#1119706) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1082409 SUSE bug 1098017 SUSE bug 1113978 SUSE bug 1118897 SUSE bug 1118898 SUSE bug 1118899 SUSE bug 1119634 SUSE bug 1119706 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 openSUSE Leap 42.3 This update for pdns fixes the following issues: Security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). Moderate SUSE bug 1114157 CVE-2018-10851 openSUSE Leap 42.3 This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1017693 SUSE bug 1054594 SUSE bug 1115717 SUSE bug 990460 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-6223 CVE-2017-12944 CVE-2018-19210 openSUSE Leap 42.3 This update for netatalk fixes the following issues: Security issue fixed: - CVE-2018-1160 Fixed a missing bounds check in the handling of the DSI OPEN SESSION request, which allowed an unauthenticated to overwrite memory with data of their choice leading for arbitrary code execution with root privileges. (bsc#1119540) Important SUSE bug 1119540 CVE-2018-1160 openSUSE Leap 42.3 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (boo#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 openSUSE Leap 42.3 This update for libraw fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-5804: Fixed a type confusion error within the identify function that could trigger a division by zero, leading to a denial of service (Dos). (boo#1097975) - CVE-2018-5805: Fixed a boundary error within the quicktake_100_load_raw function that could cause a stack-based buffer overflow and subsequently trigger a crash. (boo#1097973) - CVE-2018-5806: Fixed an error within the leaf_hdr_load_raw function that could trigger a NULL pointer deference, leading to a denial of service (DoS). (boo#1097974) - CVE-2018-5808: Fixed an error within the find_green function that could cause a stack-based buffer overflow and subsequently execute arbitrary code. (boo#1118894) - CVE-2018-5816: Fixed a type confusion error within the identify function that could trigger a division by zero, leading to a denial of service (DoS). (boo#1097975) Moderate SUSE bug 1097973 SUSE bug 1097974 SUSE bug 1097975 SUSE bug 1118894 CVE-2018-5804 CVE-2018-5805 CVE-2018-5806 CVE-2018-5808 CVE-2018-5816 openSUSE Leap 42.3 This update for libreoffice fixes the following issues: LibreOffice was updated to 5.4.5.1: - CVE-2018-6871: Fixes data exposure when using WEBSERVICE (bsc#1080249) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1080249 CVE-2018-6871 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c (bsc#1119822) - CVE-2018-20189: Fixed denial of service vulnerability in ReadDIBImage function of coders/dib.c (bsc#1119790) Moderate SUSE bug 1119790 SUSE bug 1119822 CVE-2018-20184 CVE-2018-20189 openSUSE Leap 42.3 This update for chromium to version 64.0.3282.167 fixes the following issue: * CVE-2018-6056: Incorrect derived class instantiation in V8 (bsc#1080920) Important SUSE bug 1080920 CVE-2018-6056 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - The dcm coder was updated to newest code, covering all currently known security issues. Security issues fixed: - CVE-2017-17502: ReadCMYKImage in ImportCMYKQuantumType had a heap-based buffer over-read via a crafted file. [boo#1073081] - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed [boo#1049374] - CVE-2017-11140: coders/jpeg.c allowed remote attackers to cause a denial of service (application crash). [boo#1047900] - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. [boo#1058009] - CVE-2017-17912: A heap-based buffer over-read in ReadNewsProfile in coders/tiff.c was fixed. [boo#1074307] - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. [boo#1076182] - CVE-2017-11722: The WriteOnePNGImage function in coders/png.c allowed attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. (bsc#1051411) Moderate SUSE bug 1047900 SUSE bug 1049374 SUSE bug 1051411 SUSE bug 1058009 SUSE bug 1073081 SUSE bug 1074307 SUSE bug 1076182 CVE-2017-11140 CVE-2017-11450 CVE-2017-11722 CVE-2017-14224 CVE-2017-17502 CVE-2017-17912 CVE-2017-18028 openSUSE Leap 42.3 This update for mupdf fixes the following issues: - CVE-2018-1000051: Fixed a use-after-free vulnerability in fz_keep_key_storable that can potentially result in DoS / remote code execution (boo#1080531) Moderate SUSE bug 1080531 CVE-2018-1000051 openSUSE Leap 42.3 This update for openssl-steam fixes the following issues: - Merged changes from upstream openssl (Factory rev 137) into this fork for Steam. Updated to openssl 1.0.2k: * CVE-2016-7055: Montgomery multiplication may produce incorrect results (boo#1009528) * CVE-2016-7056: ECSDA P-256 timing attack key recovery (boo#1019334) * CVE-2017-3731: Truncated packet could crash via OOB read (boo#1022085) * CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (boo#1022086) Update to openssl-1.0.2j: * CVE-2016-7052: Missing CRL sanity check (boo#1001148) OpenSSL Security Advisory [22 Sep 2016] (boo#999665) - Severity: High * CVE-2016-6304: OCSP Status Request extension unbounded memory growth (boo#999666) - Severity: Low * CVE-2016-2177: Pointer arithmetic undefined behaviour (boo#982575) * CVE-2016-2178: Constant time flag not preserved in DSA signing (boo#983249) * CVE-2016-2179: DTLS buffered message DoS (boo#994844) * CVE-2016-2180: OOB read in TS_OBJ_print_bio() (boo#990419) * CVE-2016-2181: DTLS replay protection DoS (boo#994749) * CVE-2016-2182: OOB write in BN_bn2dec() (boo#993819) * CVE-2016-2183: Birthday attack against 64-bit block ciphers (SWEET32) (boo#995359) * CVE-2016-6302: Malformed SHA512 ticket DoS (boo#995324) * CVE-2016-6303: OOB write in MDC2_Update() (boo#995377) * CVE-2016-6306: Certificate message OOB reads (boo#999668) ALso fixed: - fixed a crash in print_notice (boo#998190) - fix X509_CERT_FILE path (boo#1022271) and rename - resume reading from /dev/urandom when interrupted by a signal (boo#995075) - fix problems with locking in FIPS mode (boo#992120) * duplicates: boo#991877, boo#991193, boo#990392, boo#990428 and boo#990207 - drop openssl-fips_RSA_compute_d_with_lcm.patch (upstream) (boo#984323) - don't check for /etc/system-fips (boo#982268) Important SUSE bug 1001148 SUSE bug 1009528 SUSE bug 1019334 SUSE bug 1022085 SUSE bug 1022086 SUSE bug 1022271 SUSE bug 982268 SUSE bug 982575 SUSE bug 983249 SUSE bug 984323 SUSE bug 990207 SUSE bug 990392 SUSE bug 990419 SUSE bug 990428 SUSE bug 991193 SUSE bug 991877 SUSE bug 992120 SUSE bug 993819 SUSE bug 994749 SUSE bug 994844 SUSE bug 995075 SUSE bug 995324 SUSE bug 995359 SUSE bug 995377 SUSE bug 998190 SUSE bug 999665 SUSE bug 999666 SUSE bug 999668 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 CVE-2016-7055 CVE-2016-7056 CVE-2017-3731 CVE-2017-3732 openSUSE Leap 42.3 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka "Spectre" and "Meltdown" attacks (bsc#1074562, bsc#1068032) - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). These non-security issues were fixed: - bsc#1067317: pass cache=writeback|unsafe|directsync to qemu depending on the libxl disk settings - bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2 - bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up - bsc#1027519: Added several upstream patches This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1035442 SUSE bug 1051729 SUSE bug 1061081 SUSE bug 1067317 SUSE bug 1068032 SUSE bug 1070158 SUSE bug 1070159 SUSE bug 1070160 SUSE bug 1070163 SUSE bug 1074562 SUSE bug 1076116 SUSE bug 1076180 CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-5683 openSUSE Leap 42.3 This update for exim fixes the following issues: - CVE-2018-6789: Fixed a buffer overflow in the base64decode function, which could be used to execute code remotely. (boo#1079832) Important SUSE bug 1079832 CVE-2018-6789 openSUSE Leap 42.3 This update for irssi fixes the following security issues: - CVE-2018-7054: Use after free when server is disconnected during netsplits - CVE-2018-7053: Use after free when SASL messages are received in unexpected order - CVE-2018-7050: Null pointer dereference when an "empty" nick has been observed - CVE-2018-7052: When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference - CVE-2018-7051: Certain nick names could result in out of bounds access when printing theme strings Moderate SUSE bug 1081238 CVE-2018-7050 CVE-2018-7051 CVE-2018-7052 CVE-2018-7053 CVE-2018-7054 openSUSE Leap 42.3 This update for ffmpeg fixes the following issues: Updated ffmpeg to new bugfix release 3.4.2 * Fix integer overflows, multiplication overflows, undefined shifts, and verify buffer lengths. * avfilter/vf_transpose: Fix used plane count [boo#1078488, CVE-2018-6392] * avcodec/utvideodec: Fix bytes left check in decode_frame() [boo#1079368, CVE-2018-6621] - Enable use of libzvbi for displaying teletext subtitles. - Fixed a DoS in swri_audio_convert() [boo#1072366, CVE-2017-17555]. Update to new bugfix release 3.4.1 * Fixed integer overflows, division by zero, illegal bit shifts * Fixed the gmc_mmx function which failed to validate width and height [boo#1070762, CVE-2017-17081] * Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840] * ffplay: use SDL2 audio API - install also doc/ffserver.conf - Update to new upstream release 3.4 * New video filters: deflicker, doublewave, lumakey, pixscope, oscilloscope, robterts, limiter, libvmaf, unpremultiply, tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion. * New audio filters: afir, crossfeed, surround, headphone, superequalizer, haas. * Some video filters with several inputs now use a common set of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They must always be used by name. * librsvg support for svg rasterization * spec-compliant VP9 muxing support in MP4 * Remove the libnut and libschroedinger muxer/demuxer wrappers * drop deprecated qtkit input device (use avfoundation instead) * SUP/PGS subtitle muxer * VP9 tile threading support * KMS screen grabber * CUDA thumbnail filter * V4L2 mem2mem HW assisted codecs * Rockchip MPP hardware decoding * (Not in openSUSE builds, only original ones:) * Gremlin Digital Video demuxer and decoder * Additional frame format support for Interplay MVE movies * Dolby E decoder and SMPTE 337M demuxer * raw G.726 muxer and demuxer, left- and right-justified * NewTek NDI input/output device * FITS demuxer, muxer, decoder and encoder - Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186] - Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672] Moderate SUSE bug 1064577 SUSE bug 1066428 SUSE bug 1069407 SUSE bug 1070762 SUSE bug 1072366 SUSE bug 1078488 SUSE bug 1079368 CVE-2017-15186 CVE-2017-15672 CVE-2017-16840 CVE-2017-17081 CVE-2017-17555 CVE-2018-6392 CVE-2018-6621 openSUSE Leap 42.3 This update for mpv fixes the following issues: MPV was updated to version 0.27.2 Security issues fixed: * CVE-2018-6360: Additional fix for where mpv allowed remote attackers to execute arbitrary code via a crafted web site, because it read HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. (boo#1077894) Fixes and minor enhancements: * ytdl_hook: whitelist subtitle URLs as well (#5456) MPV was updated to version 0.27.1 Security issues fixed: * CVE-2018-6360: mpv allowed remote attackers to execute arbitrary code via a crafted web site, because it read HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. (boo#1077894) Fixes and minor enhancements: * ytdl_hook: whitelist protocols from urls retrieved from youtube-dl (#5456) Version 0.27.0: Added features: * libmpv: options: add a thread-safe way to notify option updates * vd_lavc/vo_opengl: support embedded ICC profiles * vo: rendering API abstraction for future non-GL video outputs * vo_opengl: add a gamut warning feature to highlight out-of-gamut colors (--gamut-warning) * vo_opengl: add direct rendering support (--vd-lavc-dr) * vo_opengl: implement (faster) compute shader based EWA kernel * vo_opengl: implement HLG OOTF inverse * vo_opengl: support HDR peak detection (--hdr-compute-peak) * vo_opengl: support float input pixel formats * vo_opengl: support loading custom user textures (#4586) * vo_opengl: support user compute shaders Removed features: * Remove video equalizer handling from vo_direct3d, vo_sdl, vo_vaapi, and vo_xv (GPL, not worth the effort to support legacy VOs) Added options and commands: * player: add --track-auto-selection option Changed options and commands: * input: use mnemonic names for mouse buttons, same as Qt: https://doc.qt.io/qt-5/qt.html#MouseButton-enum * options: change --loop semantics * player: make --lavfi-complex changeable at runtime * vf_eq: remove this filter (GPL; uses libavfilter’s eq filter now, with changed semantics) * video: change --deinterlace behavior * vo_opengl: generalize HDR tone mapping to gamut mapping, --hdr-tone-mapping → --tone-mapping Removed options and commands: * --field-dominance (GPL-only author, no chance of relicensing) * input: drop deprecated "osd" command * options: drop --video-aspect-method=hybrid (GPL-only) Fixes and minor enhancements: * TOOLS/autocrop.lua: fix cropdetect black limit for 10-bit videos * TOOLS/lua/autodeint: update to lavfi-bridge * TOOLS/lua/status-line: improve and update * af_lavrresample: don't call swr_set_compensation() unless necessary (#4716) * ao_oss: fix period_size calculation (#4642) * ao_rsound: allow setting the host * audio: fix spdif mode * filter_kernels: correct spline64 kernel * options: fix --include (#4673) * player: fix --end with large values (#4650) * player: fix confusion in audio resync code (#4688) * player: make refresh seeks slightly more robust (#4757) * player: readd smi subtitle extension (#4626) * vd_lavc: change auto-probe order to prefer cuda over vdpau-copy * vd_lavc: fix device leak with copy-mode hwaccels (#4735) * vd_lavc: fix hwdec compatibility with yuvj420p formats * vd_lavc: fix mid-stream hwdec fallback * vf_vapoursynth: fix inverted sign and restore 10 bit support (#4720) * video: increase --monitorpixelaspect range * vo_opengl: adjust the rules for linearization (#4631) * vo_opengl: scale deband-grain to the signal range * vo_opengl: tone map on the maximum signal component * x11: fix that window could be resized when using embedding (#4784) * ytdl_hook: resolve relative paths when joining segment urls (#4827) * ytdl_hook: support fragments with relative paths, fixes segmented DASH Version 0.26.0: * Built-in V4L TV support is disabled by default. av://v4l2 can be used instead. * Support for C plugins is now enabled by default (#4491). * Many more parts of the player are now licensed under LGPL, see Copyright file. Added features: * csputils: implement sony s-gamut * vo_opengl: add new HDR tone mapping algorithm (mobius, now default) * vo_opengl: hwdec_cuda: Support separate decode and display devices * vo_opengl: implement sony s-log1 and s-log2 trc * vo_opengl: implement support for OOTFs and non-display referred content Removed features: * vf_dlopen: remove this filter Added options and commands: * vo_opengl: add --tone-mapping-desaturate * vo_opengl: support tone-mapping-param for `clip` * ytdl_hook: add option to exclude URLs from being parsed Changed options and commands: * allow setting profile option with libmpv * audio: move replaygain control to top-level options * external_files: parse ~ in --{sub,audio}-paths * options: change --sub-fix-timing default to no (#4484) * options: expose string list actions for --sub-file option * options: slight cleanup of --sub-ass-style-override + signfs → scale + --sub-ass-style-override → --sub-ass-override * renamed the HDR TRCs `st2084` and `std-b67` to `pq` and `hlg` respectively * replace vf_format's `peak` suboption by `sig-peak`, which is relative to the reference white level instead of in cd/m^2 * the following options change to append-by-default (and possibly separator): --script * video: change --video-aspect-method default value to `container` Deprecated options and commands: * m_option: deprecate multiple items for -add etc. * player: deprecate "osd" command * --audio-file-paths => --audio-file-path * --sub-paths => --sub-file-path * --opengl-shaders => --opengl-shader * --sub-paths => --sub-file-paths * the following options are deprecated for setting via API: + "script" (use "scripts") + "sub-file" (use "sub-files") + "audio-file" (use "audio-files") + "external-file" (use "external-files") (the compatibility hacks for this will be removed after this release) Removed options and commands: * chmap: remove misleading "downmix" channel layout name (#4545) * demux_lavf: remove --demuxer-lavf-cryptokey option (#4579) * input.conf: drop TV/DVB bindings * options: remove remaining deprecated audio device selection options + --alsa-device + --oss-device + --coreaudio-exclusive + --pulse-sink + --rsound-host/--rsound-port + --ao-sndio-device + --ao-wasapi-exclusive + --ao-wasapi-device * remove option --target-brightness * remove property "video-params/nom-peak" Fixes and minor enhancements: * TOOLS/lua/autoload.lua: actually sort files case insensitive (#4398) * TOOLS/lua/autoload.lua: ignores all files starting with "." * ao_pulse: reorder format choice to prefer float and S32 over S16 as fallback format * command: add missing change notification for playlist-shuffle (#4573) * demux_disc: fix bluray subtitle language retrieval (#4611) * demux_mkv: fix alpha with vp9 + libvpx * demux_mkv: support FFmpeg A_MS/ACM extensions * ipc-unix: don’t truncate the message on EAGAIN (#4452) * ipc: raise json nesting limit (#4394) * mpv_identify: replace deprecated fps property (#4550) * options/path: fallback to USERPROFILE if HOME isn't set * player: close audio device on no audio track * player: fix potential segfault when playing dvd:// with DVD disabled (#4393) * player: prevent seek position to jump around adjacent keyframes, e.g. when dragging the OSC bar on short videos (#4183) * vo_opengl: bump up SHADER_MAX_HOOKS and MAX_TEXTURE_HOOKS to 64 * vo_opengl: correct off-by-one in scale=oversample * vo_opengl: do not use vaapi-over-GLX (#4555) * vo_opengl: fall back to ordered dither instead of blowing up (#4519) * vo_opengl: tone map in linear XYZ instead of RGB * x11: add 128x128 sized icon support * ytdl_hook: add a header to support geo-bypass * ytdl_hook: don't override start time set by saved state * ytdl_hook: don't override user-set start time * ytdl_hook: treat single-entry playlists as a single video * gen: make output reproducible by ensuring stable output of pairs() by wrapping it where it matters. (Closes #18) version 3.3.15 * Fix af/vf filter argument expansion (#15) * Remove some invalid suggestions for some options (#14) * Recognize all --profile-style options as such and complete them version 3.3.14 * Reflect changed --list-options output for --vf-add-style options - Let mpv own /etc/mpv/scripts as a ghost dir so other packages can create it and install scripts there. Moderate SUSE bug 1077894 CVE-2018-6360 openSUSE Leap 42.3 This update for rubygem-puppet fixes the following issues: - CVE-2017-10689: Reset permissions when unpacking tar in PMT. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions (boo#1080288) Moderate SUSE bug 1080288 CVE-2017-10689 openSUSE Leap 42.3 This update for rrdtool fixes the following issues: - CVE-2013-2131: Added check to the imginfo format to prevent crash or exploit (boo#828003) - Fixed an infinite loop and crashing with pango [boo#1080251] Moderate SUSE bug 1080251 SUSE bug 828003 CVE-2013-2131 openSUSE Leap 42.3 This version update for qpdf to 7.1.1 fixes the following issues: - Update to version 7.1.1 * Fix one linearization bug affecting files whose first /ID component is not 16 bytes long - Update to version 7.1.0 * Allow raw encryption key to be specified in libary and command line with the QPDF::setPasswordIsHexKey method and --password-is-hex-key option. Allow encryption key to be displayed with --show-encryption-key option. See https://blog.didierstevens.com/2017/12/28/cracking-encrypted-pdfs-part-3/ for a discussion of using this for cracking encrypted PDFs. I hope that a future release of qpdf will include some additional recovery options that may also make use of this capability. * Fix lexical error: the PDF specification allows floating point numbers to end with "." * Fix link order in the build to avoid conflicts when building from source while an older version of qpdf is installed * Add support for TIFF predictor for LZW and Flate streams. Now * Clarify documentation around options that control parsing but not output creation. Two options: --suppress-recovery and --ignore-xref-streams, were documented in the "Advanced Transformation Options" section of the manual and --help output even though they are not related to output. These are now described in a separate section called "Advanced Parsing Options." * Implement remaining PNG filters for decode. Prior versions could decode only the "up" filter. Now all PNG filters (sub, up, average, Paeth, optimal) are supported for decoding. The implementation of the remaining PNG filters changed the interface to the private Pl_PNGFilter class, but this class's header file is not in the installation, and there is no public interface to the class. Within the library, the class is never allocated on the stack; it is only ever dynamically allocated. As such, this does not actually break binary compatibility of the library. all predictor functions are supported - Update to version 7.0.0 * License is now Apache-2.0 * Add new libjpeg8-devel dependency * Improve the error message that is issued when QPDFWriter encounters a stream that can't be decoded. In particular, mention that the stream will be copied without filtering to avoid data loss. * Add new methods to the C API to correspond to new additions to QPDFWriter: - qpdf_set_compress_streams - qpdf_set_decode_level - qpdf_set_preserve_unreferenced_objects - qpdf_set_newline_before_endstream * Add support for writing PCLm files * QPDF now supports reading and writing streams encoded with JPEG or RunLength encoding. Library API enhancements and command-line options have been added to control this behavior. See command-line options --compress-streams and --decode-level and methods QPDFWriter::setCompressStreams and QPDFWriter::setDecodeLevel. * Page rotation is now supported and accessible from both the library and the command line. * Fixes CVE-2017-12595 boo#1055960, CVE-2017-9208 boo#1040311 CVE-2017-9209 boo#1040312, CVE-2017-9210 boo#1040313, CVE-2017-11627 boo#1050577, CVE-2017-11626 boo#1050578, CVE-2017-11625 boo#1050579, CVE-2017-11624 boo#1050581 - Update to version 6.0.0 * Bump shared library version since 5.2.0 broke ABI. - Update to version 5.2.0 * Support for deterministic /IDs for non-encrypted files. This is off by default. * Handle more invalid xref tables Moderate SUSE bug 1040311 SUSE bug 1040312 SUSE bug 1040313 SUSE bug 1050577 SUSE bug 1050578 SUSE bug 1050579 SUSE bug 1050581 SUSE bug 1055960 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 openSUSE Leap 42.3 This update for quagga fixes the following issues: - CVE-2017-16227: Fixed bgpd DoS via specially crafted BGP UPDATE messages (boo#1065641) - CVE-2018-5378: Fixed bgpd bounds check issue via attribute length (Quagga-2018-0543,boo#1079798) - CVE-2018-5379: Fixed bgpd double free when processing UPDATE message (Quagga-2018-1114,boo#1079799) - CVE-2018-5380: Fixed bgpd code-to-string conversion tables overrun (Quagga-2018-1550,boo#1079800) - CVE-2018-5381: Fixed bgpd infinite loop on certain invalid OPEN messages (Quagga-2018-1975,boo#1079801) Important SUSE bug 1065641 SUSE bug 1079798 SUSE bug 1079799 SUSE bug 1079800 SUSE bug 1079801 CVE-2017-16227 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 openSUSE Leap 42.3 This update for irssi to version 1.0.6 fixes several issues that may affect the stability of irssi: - CVE-2018-5205: Data access beyond the end of the string when using incomplete escape codes - CVE-2018-5206: NULL pointer dereference when the channel topic is set without specifying a sender - CVE-2018-5207: When using an incomplete variable argument, Irssi may access data beyond the end of the string - CVE-2018-5208: Heap buffer overflow when completing certain strings Moderate SUSE bug 1074958 CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 openSUSE Leap 42.3 This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293) Non security bugs fixed: - Release read lock after resetting timeout (bsc#1073990) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1037930 SUSE bug 1051791 SUSE bug 1073990 SUSE bug 1074293 SUSE bug 1079036 CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 openSUSE Leap 42.3 This update for sox fixes the following issues: * CVE-2017-11332: Fixed the startread function in wav.c, which allowed remote attackers to cause a DoS (divide-by-zero) via a crafted wav file. (boo#1081140) * CVE-2017-11358: Fixed the read_samples function in hcom.c, which allowed remote attackers to cause a DoS (invalid memory read) via a crafted hcom file. (boo#1081141) * CVE-2017-11359: Fixed the wavwritehdr function in wav.c, which allowed remote attackers to cause a DoS (divide-by-zero) when converting a a crafted snd file to a wav file. (boo#1081142) * CVE-2017-15370: Fixed a heap-based buffer overflow in the ImaExpandS function of ima_rw.c, which allowed remote attackers to cause a DoS during conversion of a crafted audio file. (boo#1063439) * CVE-2017-15371: Fixed an assertion abort in the function sox_append_comment() in formats.c, which allowed remote attackers to cause a DoS during conversion of a crafted audio file. (boo#1063450) * CVE-2017-15372: Fixed a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c, which allowed remote attackers to cause a DoS during conversion of a crafted audio file. (boo#1063456) * CVE-2017-15642: Fixed an Use-After-Free vulnerability in lsx_aiffstartread in aiff.c, which could be triggered by an attacker by providing a malformed AIFF file. (boo#1064576) * CVE-2017-18189: Fixed a NULL pointer dereference triggered by a corrupt header specifying zero channels in the startread function in xa.c, which allowed remote attackers to cause a DoS (boo#1081146). Moderate SUSE bug 1063439 SUSE bug 1063450 SUSE bug 1063456 SUSE bug 1064576 SUSE bug 1081140 SUSE bug 1081141 SUSE bug 1081142 SUSE bug 1081146 CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371 CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 openSUSE Leap 42.3 This update for mbedtls fixes the following issues: - CVE-2018-0487: Fixed a buffer overflow in RSASSA-PSS signature verification, which allowed remote attackers to execute arbitrary code or cause a denial of service via a crafted certificate chain. (boo#1080826) - CVE-2018-0488: Fixed a heap vulnerability, which allowed remote attackers to execute arbitrary code or cause a DoS via a crafted application packet when the truncated HMAC extension and CBC are used. (boo#1080828) - CVE-2017-18187: Fixed bound check in ssl_parse_client_psk_identity(), which might lead to an overflow. (boo#1080973) Moderate SUSE bug 1080826 SUSE bug 1080828 SUSE bug 1080973 CVE-2017-18187 CVE-2018-0487 CVE-2018-0488 openSUSE Leap 42.3 This update for SDL_image and SDL2_image fixes the following security issue: - CVE-2017-2887: A specially crafted file could have been used to cause a stack overflow resulting in potential code execution (bsc#1062777) Moderate SUSE bug 1062777 CVE-2017-2887 openSUSE Leap 42.3 This update for p7zip fixes the following security issues: - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650) - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725) - CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1077724 SUSE bug 1077725 SUSE bug 1077978 SUSE bug 984650 CVE-2016-1372 CVE-2017-17969 CVE-2018-5996 openSUSE Leap 42.3 This update for dovecot22 fixes one issue. This security issue was fixed: - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1075608 CVE-2017-15132 openSUSE Leap 42.3 This update for diffoscope to version 85 fixes one issues. This security issue was fixed: - CVE-2017-0359: Prevent write to arbitrary locations (boo#1025086). For other changes please see the GIT log. Moderate SUSE bug 1025086 CVE-2017-0359 openSUSE Leap 42.3 This update for transfig fixes the following issues: * CVE-2017-16899: Do some input sanitizing when reading FIG files to avoid crashes (boo#1069257) Moderate SUSE bug 1069257 CVE-2017-16899 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: * CVE-2017-11637: Fixed a NULL pointer dereference in WritePCLImage() in coders/pcl.c (boo#1050669) * CVE-2017-11638, CVE-2017-11642: Fixed a NULL pointer dereference in theWriteMAPImage() in coders/map.c (boo#1050617) * CVE-2017-17503: Fixed a heap-based buffer overflow in the ReadGRAYImage (boo#1072934) * CVE-2017-14060: Fixed a NULL Pointer Dereference issue in the ReadCUTImage function in coders/cut.c that could cause a Denial of Service (boo#1056768) Moderate SUSE bug 1050617 SUSE bug 1050669 SUSE bug 1056768 SUSE bug 1072934 CVE-2017-11637 CVE-2017-11638 CVE-2017-11642 CVE-2017-14060 CVE-2017-17503 openSUSE Leap 42.3 This update for libXcursor fixes the following issues: * CVE-2017-16612: It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. (boo#1065386) Moderate SUSE bug 1065386 CVE-2017-16612 openSUSE Leap 42.3 NonFree This update for xv fixes the following issues: - Specially crafted images may have caused xv to crash (boo#1043479) Moderate SUSE bug 1043479 openSUSE Leap 42.3 This update for libdb-4_8 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1043886 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.104 to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / "SpectreAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the "nospec" kernel commandline option. - CVE-2017-5754 / "MeltdownAttack": Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called "KAISER". The terms used here are "KAISER" / "Kernel Address Isolation" and "PTI" / "Page Table Isolation". Note that this is only done on affected platforms. This feature can be enabled / disabled by the "pti=[on|off|auto]" or "nopti" commandline options. The following security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed: - Add undefine _unique_build_ids (bsc#964063) - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bcache: Fix building error on MIPS (bnc#1012382). - bnxt_en: Do not print "Link speed -1 no longer supported" messages (bsc#1070116). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - btrfs: clear space cache inode generation always (bnc#1012382). - btrfs: embed extent_changeset::range_changed to the structure (dependent patch, bsc#1031395). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (bsc#1031395). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (bsc#1031395). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependent patch, bsc#1031395). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (bsc#1031395). - btrfs: qgroup-test: Fix backport error in qgroup selftest (just to make CONFIG_BTRFS_FS_RUN_SANITY_TESTS pass compile). - btrfs: ulist: make the finalization function public (dependent patch, bsc#1031395). - btrfs: ulist: rename ulist_fini to ulist_release (dependent patch, bsc#1031395). - carl9170: prevent speculative execution (bnc#1068032). - ceph: drop negative child dentries before try pruning inode's alias (bsc#1073525). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cifs: Fix NULL pointer deref on SMB2_tcon() failure (bsc#1071009). - cw1200: prevent speculative execution (bnc#1068032). - drm/radeon: fix atombios on big endian (bnc#1012382). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - Fix unsed variable warning in has_unmovable_pages (bsc#1073868). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ib/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp() (FATE#321231 FATE#321473 FATE#322153 FATE#322149). - ip_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246). - ipv6: prevent speculative execution (bnc#1068032). - iw_cxgb4: fix misuse of integer variable (bsc#963897,FATE#320114). - iw_cxgb4: only insert drain cqes if wq is flushed (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - iw_cxgb4: reflect the original WR opcode in drain cqes (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - iw_cxgb4: when flushing, complete all wrs in a chain (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - kabi fix for new hash_cred function (bsc#1012917). - kaiser: add "nokaiser" boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: disabled on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - net/mlx5e: DCBNL, Implement tc with ets type and zero bandwidth (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix ETS BW check (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix error flow in CREATE_QP command (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net: mpls: prevent speculative execution (bnc#1068032). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfs: revalidate "." etc correctly on "open" (bsc#1068951). - nfs: revalidate "." etc correctly on "open" (git-fixes). Fix References: tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - nvme-fabrics: introduce init command check for a queue that is not alive (bsc#1072890). - nvme-fc: check if queue is ready in queue_rq (bsc#1072890). - nvme-fc: do not use bit masks for set/test_bit() numbers (bsc#1072890). - nvme-loop: check if queue is ready in queue_rq (bsc#1072890). - nvmet-fc: cleanup nvmet add_port/remove_port (bsc#1072890). - nvmet_fc: correct broken add_port (bsc#1072890). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - Revert "drm/radeon: dont switch vt on suspend" (bnc#1012382). - Revert "ipsec: Fix aborted xfrm policy dump crash" (kabi). - Revert "netlink: add a start callback for starting a netlink dump" (kabi). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/qeth: add missing hash table initializations (bnc#1072216, LTC#162173). - s390/qeth: fix early exit from error path (bnc#1072216, LTC#162173). - s390/qeth: fix thinko in IPv4 multicast address tracking (bnc#1072216, LTC#162173). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi: lpfc: correct sg_seg_cnt attribute min vs default (bsc#1072166). - scsi: qedi: Limit number for CQ queues (bsc#1072866). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return "Illegal Request - Logical unit not supported" and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - sfc: pass valid pointers from efx_enqueue_unwind (bsc#1017967 FATE#321663). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - Thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - Update config files: enable KAISER. - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add "nospec" chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). Important SUSE bug 1005778 SUSE bug 1005780 SUSE bug 1005781 SUSE bug 1012382 SUSE bug 1012917 SUSE bug 1015342 SUSE bug 1015343 SUSE bug 1017967 SUSE bug 1022476 SUSE bug 1022912 SUSE bug 1031395 SUSE bug 1031717 SUSE bug 1039616 SUSE bug 1047487 SUSE bug 1063043 SUSE bug 1064311 SUSE bug 1065180 SUSE bug 1068032 SUSE bug 1068951 SUSE bug 1070116 SUSE bug 1071009 SUSE bug 1072166 SUSE bug 1072216 SUSE bug 1072556 SUSE bug 1072866 SUSE bug 1072890 SUSE bug 1072962 SUSE bug 1073090 SUSE bug 1073525 SUSE bug 1073792 SUSE bug 1073809 SUSE bug 1073868 SUSE bug 1073874 SUSE bug 1073912 SUSE bug 1074562 SUSE bug 1074578 SUSE bug 963897 SUSE bug 964063 SUSE bug 966170 SUSE bug 966172 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 openSUSE Leap 42.3 This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_5. (bsc#1043886) Moderate SUSE bug 1043886 openSUSE Leap 42.3 This update for python3-openpyxl fixes one security issue: - CVE-2017-5992: Prevent resolving external entities by default, which allowed remote attackers to conduct XXE attacks via a crafted .xlsx document (bsc#1025592). Moderate SUSE bug 1025592 CVE-2017-5992 openSUSE Leap 42.3 This update for postgresql96 to version 9.6.7 fixes the following issues: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) A full changelog is available here: https://www.postgresql.org/docs/9.6/static/release-9-6-7.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1077983 CVE-2018-1053 openSUSE Leap 42.3 This update for postgresql95 fixes the following issues: Upate to PostgreSQL 9.5.11: Security issues fixed: * https://www.postgresql.org/docs/9.5/static/release-9-5-11.html * CVE-2018-1053, boo#1077983: Ensure that all temporary files made by pg_upgrade are non-world-readable. * boo#1079757: Rename pg_rewind's copy_file_range function to avoid conflict with new Linux system call of that name. In version 9.5.10: * https://www.postgresql.org/docs/9.5/static/release-9-5-10.html * CVE-2017-15098, boo#1067844: Memory disclosure in JSON functions. * CVE-2017-15099, boo#1067841: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges. In version 9.5.9: * https://www.postgresql.org/docs/9.5/static/release-9-5-9.html * Show foreign tables in information_schema.table_privileges view. * Clean up handling of a fatal exit (e.g., due to receipt of SIGTERM) that occurs while trying to execute a ROLLBACK of a failed transaction. * Remove assertion that could trigger during a fatal exit. * Correctly identify columns that are of a range type or domain type over a composite type or domain type being searched for. * Fix crash in pg_restore when using parallel mode and using a list file to select a subset of items to restore. * Change ecpg's parser to allow RETURNING clauses without attached C variables. In version 9.5.8 * https://www.postgresql.org/docs/9.5/static/release-9-5-8.html * CVE-2017-7547, boo#1051685: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. * CVE-2017-7546, boo#1051684: Disallow empty passwords in all password-based authentication methods. * CVE-2017-7548, boo#1053259: lo_put() function ignores ACLs. Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 SUSE bug 1067841 SUSE bug 1067844 SUSE bug 1077983 SUSE bug 1079757 CVE-2017-15098 CVE-2017-15099 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 CVE-2018-1053 openSUSE Leap 42.3 This update for libmad fixes the following issues: - CVE-2017-8374: Fixed a heap-based buffer overflow (read) in mad_bit_skip (boo#1036967) Moderate SUSE bug 1036967 CVE-2017-8374 openSUSE Leap 42.3 This update for phpMyAdmin 4.7.8 fixes the following issues: - CVE-2018-7260: self-cross site scripting (XSS) vulnerability in the central columns feature (boo#1082188) This version also fixes some minor functionality bugs. The previous update already fixed CVE-2017-1000499. Moderate SUSE bug 1082188 CVE-2017-1000499 CVE-2018-7260 openSUSE Leap 42.3 This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119). These non-security issues were fixed: - Optimized if and when DNS client context and ports are initted (bsc#1073935) - Relax permission of dhclient-script for libguestfs (bsc#987170) - Modify dhclient-script to handle static route updates (bsc#1023415). - Use only the 12 least significant bits of an inbound packet's TCI value as the VLAN ID to fix some packages being wrongly discarded by the Linux packet filter. (bsc#1059061) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1023415 SUSE bug 1059061 SUSE bug 1073935 SUSE bug 1076119 SUSE bug 987170 CVE-2017-3144 openSUSE Leap 42.3 This update for timidity fixes the following issues: Security issues fixed: - CVE-2017-11546: Fix division-by-zero with malformed MIDI file (boo#1081694) - CVE-2017-11547: Fix out-of-bound accesses in the resamplers (boo#1081694) Other issues fixed: - Drop tcl/tk dependency; it's already broken with Tcl/Tk 8.6 Moderate SUSE bug 1081694 CVE-2017-11546 CVE-2017-11547 openSUSE Leap 42.3 This update for php5 fixes the following issues: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled (e.g., during file uploads). (bsc#1080234) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1080234 CVE-2016-10712 openSUSE Leap 42.3 This update for Wireshark to version 2.2.13 fixes a number of minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files: (boo#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash - CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332, CVE-2018-7333, CVE-2018-7421: Multiple dissectors could go into large infinite loops - CVE-2018-7334: The UMTS MAC dissector could crash - CVE-2018-7337: The DOCSIS dissector could crash - CVE-2018-7336: The FCP dissector could crash - CVE-2018-7320: The SIGCOMP dissector could crash - CVE-2018-7420: The pcapng file parser could crash - CVE-2018-7417: The IPMI dissector could crash - CVE-2018-7418: The SIGCOMP dissector could crash - CVE-2018-7419: The NBAP disssector could crash This update also contains further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.13.html Moderate SUSE bug 1082692 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-11533: An infoleak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (boo#1050132) - CVE-2017-17682: A large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (boo#1072898) - CVE-2017-17500: A heap-based buffer overread in the ImportRGBQuantumType was fixed that could lead to information leak or a crash (boo#1077737) Moderate SUSE bug 1050132 SUSE bug 1072898 SUSE bug 1077737 CVE-2017-11533 CVE-2017-17500 CVE-2017-17682 openSUSE Leap 42.3 This update for lame fixes the following issues: Lame was updated to version 3.100: * Improved detection of MPEG audio data in RIFF WAVE files. sf#3545112 Invalid sampling detection * New switch --gain <decibel>, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the use of --scale <factor>. * Fix for sf#3558466 Bug in path handling * Fix for sf#3567844 problem with Tag genre * Fix for sf#3565659 no progress indication with pipe input * Fix for sf#3544957 scale (empty) silent encode without warning * Fix for sf#3580176 environment variable LAMEOPT doesn't work anymore * Fix for sf#3608583 input file name displayed with wrong character encoding (on windows console with CP_UTF8) * Fix dereference NULL and Buffer not NULL terminated issues. (CVE-2017-15019 bsc#1082317 CVE-2017-13712 bsc#1082399 CVE-2015-9100 bsc#1082401) * Fix dereference of a null pointer possible in loop. * Make sure functions with SSE instructions maintain their own properly aligned stack. Thanks to Fabian Greffrath * Multiple Stack and Heap Corruptions from Malicious File. (CVE-2017-9872 bsc#1082391 CVE-2017-9871 bsc#1082392 CVE-2017-9870 bsc#1082393 CVE-2017-9869 bsc#1082395 CVE-2017-9411 bsc#1082397 CVE-2015-9101 bsc#1082400) * CVE-2017-11720: Fix a division by zero vulnerability. (bsc#1082311) * CVE-2017-9410: Fix fill_buffer_resample function in libmp3lame/util.c heap-based buffer over-read and ap (bsc#1082333) * CVE-2017-9411: Fix fill_buffer_resample function in libmp3lame/util.c invalid memory read and application crash (bsc#1082397) * CVE-2017-9412: FIx unpack_read_samples function in frontend/get_audio.c invalid memory read and application crash (bsc#1082340) * Fix clip detect scale suggestion unaware of scale input value * HIP decoder bug fixed: decoding mixed blocks of lower sample frequency Layer3 data resulted in internal buffer overflow. * Add lame_encode_buffer_interleaved_int() Important SUSE bug 1082311 SUSE bug 1082317 SUSE bug 1082333 SUSE bug 1082340 SUSE bug 1082391 SUSE bug 1082392 SUSE bug 1082393 SUSE bug 1082395 SUSE bug 1082397 SUSE bug 1082399 SUSE bug 1082400 SUSE bug 1082401 CVE-2015-9100 CVE-2015-9101 CVE-2017-11720 CVE-2017-13712 CVE-2017-15019 CVE-2017-9410 CVE-2017-9411 CVE-2017-9412 CVE-2017-9869 CVE-2017-9870 CVE-2017-9871 CVE-2017-9872 openSUSE Leap 42.3 This update for zziplib to 0.13.67 contains multiple bug and security fixes: - If an extension block is too small to hold an extension, do not use the information therein. - CVE-2018-6540: If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. (bsc#1079096) - CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. (bsc#1078701) - CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes should be identical. (bsc#1078497) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1024532 SUSE bug 1024536 SUSE bug 1034539 SUSE bug 1078497 SUSE bug 1078701 SUSE bug 1079096 CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 openSUSE Leap 42.3 This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. This could be used by local attackers to gain privileges (bsc#1077925) Non Security issues fixed: - core: use id unit when retrieving unit file state (#8038) (bsc#1075801) - cryptsetup-generator: run cryptsetup service before swap unit (#5480) - udev-rules: all values can contain escaped double quotes now (#6890) - strv: fix buffer size calculation in strv_join_quoted() - tmpfiles: change ownership of symlinks too - stdio-bridge: Correctly propagate error - stdio-bridge: remove dead code - remove bus-proxyd (bsc#1057974) - core/timer: Prevent timer looping when unit cannot start (bsc#1068588) - Make systemd-timesyncd use the openSUSE NTP servers by default Previously systemd-timesyncd used the Google Public NTP servers time{1..4}.google.com - Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224) But we still ship a copy in /var. Users who want to use tmpfs on /tmp are supposed to add a symlink in /etc/ pointing to the copy shipped in /var. To support the update path we automatically create the symlink if tmp.mount in use is located in /usr. - Enable systemd-networkd on Leap distros only (bsc#1071311) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1057974 SUSE bug 1068588 SUSE bug 1071224 SUSE bug 1071311 SUSE bug 1075801 SUSE bug 1077925 CVE-2017-18078 openSUSE Leap 42.3 This update for freexl fixes the following issues: freexl was updated to version 1.0.5: * No changelog provided by upstream * Various heapoverflows in 1.0.4 have been fixed: * CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record (boo#1082774) * CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parse_unicode_string (boo#1082775) * CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776) * CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST (boo#1082777) * CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778) Important SUSE bug 1082774 SUSE bug 1082775 SUSE bug 1082776 SUSE bug 1082777 SUSE bug 1082778 CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438 CVE-2018-7439 openSUSE Leap 42.3 This update for go fixes the following issues: Security issues fix in version 1.9.4: - CVE-2018-6574: "go get" remote command execution during source code build (bsc#1080006). Bug fixes: - bsc#1082409: Review dependencies (requires, recommends and supports). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1080006 SUSE bug 1082409 CVE-2018-6574 openSUSE Leap 42.3 This update for tor to version 0.3.2.10 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2018-0490: remote crash vulnerability against directory authorities (boo#1083845, TROVE-2018-001) - CVE-2018-0491: remote relay crash (boo#1083846, TROVE-2018-002) This new upstream stable version also contains a new system for improved resistance to DoS attacks against relays and various other bug fixes. Moderate SUSE bug 1083845 SUSE bug 1083846 CVE-2018-0490 CVE-2018-0491 openSUSE Leap 42.3 This update for cups fixes the following issues: - CVE-2017-18190: Removed localhost.localdomain from list of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP command execution in conjunction with DNS rebinding. (bsc#1081557) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1081557 CVE-2017-18190 openSUSE Leap 42.3 This update for leptonica fixes the following issues: - CVE-2018-7247: Fixed a buffer overflow in in src/viewfiles.c with unsanitized input (rootname) (boo#1081631) - CVE-2018-7186: Fixed multiple stack-based buffer overflows in gplotRead() and ptaReadStream() (boo#1081576) - CVE-2018-3836: Added additional bad characters, to prevent command injection by invoking it via $(command) (boo#1079358) Moderate SUSE bug 1079358 SUSE bug 1081576 SUSE bug 1081631 CVE-2018-3836 CVE-2018-7186 CVE-2018-7247 openSUSE Leap 42.3 This update for wavpack fixes the following issues: - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory. (bsc#1021483) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1021483 CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 openSUSE Leap 42.3 This update for jgraphx fixes the following issues: Security issue fixed: - CVE-2017-18197: Fixed missing flags in SAXParserFactory instance in convert() to prevent XML External Entity (XXE) attacks (boo#1083413). Moderate SUSE bug 1083413 CVE-2017-18197 openSUSE Leap 42.3 This update for openexr fixes the following issues: - CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107) - CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. (bsc#1040114) - CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact. (bsc#1052522) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1040107 SUSE bug 1040114 SUSE bug 1052522 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-11170: ReadTGAImage in coders\tga.c allowed for memory exhaustion via invalid colors data in the header of a TGA or VST file (bsc#1048272) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122) - CVE-2017-11531: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. (bsc#1050126) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-14060: A NULL Pointer Dereference issue in the ReadCUTImage function in coders/cut.c was fixed that could have caused a Denial of Service (bsc#1056768) - CVE-2017-14139: A memory leak vulnerability in WriteMSLImage in coders/msl.c was fixed. (bsc#1057163) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-17934: A memory leak in the function MSLPopImage and ProcessMSLScript could have lead to a denial of service (bsc#1074170) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-5357: ImageMagick had memory leaks in the ReadDCMImage function in coders/dcm.c. (bsc#1075821) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1042824 SUSE bug 1042911 SUSE bug 1048110 SUSE bug 1048272 SUSE bug 1049374 SUSE bug 1049375 SUSE bug 1050048 SUSE bug 1050119 SUSE bug 1050122 SUSE bug 1050126 SUSE bug 1050132 SUSE bug 1050617 SUSE bug 1052207 SUSE bug 1052248 SUSE bug 1052251 SUSE bug 1052254 SUSE bug 1052472 SUSE bug 1052688 SUSE bug 1052711 SUSE bug 1052747 SUSE bug 1052750 SUSE bug 1052754 SUSE bug 1052761 SUSE bug 1055069 SUSE bug 1055229 SUSE bug 1056768 SUSE bug 1057163 SUSE bug 1058009 SUSE bug 1072898 SUSE bug 1074119 SUSE bug 1074170 SUSE bug 1075821 SUSE bug 1076182 SUSE bug 1078433 CVE-2017-11166 CVE-2017-11170 CVE-2017-11448 CVE-2017-11450 CVE-2017-11528 CVE-2017-11530 CVE-2017-11531 CVE-2017-11533 CVE-2017-11537 CVE-2017-11638 CVE-2017-11642 CVE-2017-12418 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12654 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 CVE-2017-12674 CVE-2017-13058 CVE-2017-13131 CVE-2017-14060 CVE-2017-14139 CVE-2017-14224 CVE-2017-17682 CVE-2017-17885 CVE-2017-17934 CVE-2017-18028 CVE-2017-9405 CVE-2017-9407 CVE-2018-5357 CVE-2018-6405 openSUSE Leap 42.3 This update for go1.8 fixes the following issues: Security issues fixed: - CVE-2018-6574: "go get" allows for remote command execution during source code build (bsc#1080006). Bug fixes: - bsc#1082409: Review dependencies (requires, recommends and supports) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1080006 SUSE bug 1082409 CVE-2018-6574 openSUSE Leap 42.3 This update for rsync fixes one issues. This security issue was fixed: - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1076503 CVE-2018-5764 openSUSE Leap 42.3 This update for squid fixes the following issues: Security issues fixed: - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1077003 SUSE bug 1077006 CVE-2018-1000024 CVE-2018-1000027 openSUSE Leap 42.3 This update for shotwell fixes the following issues: Security issue fixed: - CVE-2017-1000024: Use HTTPS encryption all over the publishing plugins (bsc#1054311). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1054311 CVE-2017-1000024 openSUSE Leap 42.3 This update for php7 provides the following fix: Security issues fixed: - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex (bsc#1083639). Bug fixes: - Fix a memory leak in the pg_escape_bytea function of the pgsql extension. (bsc#1076970) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1076970 SUSE bug 1083639 CVE-2018-7584 openSUSE Leap 42.3 This update for augeas fixes the following issues: Security issue fixed: - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171). This update was imported from the SUSE:SLE-12-SP3:Update update project. Low SUSE bug 1054171 CVE-2017-7555 openSUSE Leap 42.3 This update for mysql-connector-java to version to 5.1.42 fixes several issues. These security issues were fixed: - CVE-2017-3589: An unspecified vulnerability in MySQL Connector/J could have resulted in unauthorized update, insert or delete access to some of MySQL Connectors accessible data (bnc#1035210) - CVE-2017-3523: An unspecified vulnerability in MySQL Connector/J could have lead to takeover of MySQL Connectors (bnc#1035697) - CVE-2017-3586: An unspecified vulnerability in MySQL Connectors could have lead to unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data (bnc#1035211) More infos are available at http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1035210 SUSE bug 1035211 SUSE bug 1035697 CVE-2017-3523 CVE-2017-3586 CVE-2017-3589 openSUSE Leap 42.3 This update for shadow fixes the following issues: - CVE-2018-7169: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (bsc#1081294) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1081294 CVE-2018-7169 openSUSE Leap 42.3 This update for glibc fixes the following issues: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1081556 CVE-2017-12133 openSUSE Leap 42.3 This update for adminer fixes the following issues: * Sync up conditional sub-packages with devel package to disable uninstallable pacakges for boo#1002214. * Update to version v4.4.0 for boo#1083948 to resolve CVE-2018-7667 Moderate SUSE bug 1002214 SUSE bug 1083948 CVE-2018-7667 openSUSE Leap 42.3 This update for java-1_8_0-openjdk fixes the following issues: Security issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366): - CVE-2018-2579: Improve key keying case - CVE-2018-2582: Better interface invocations - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages - CVE-2018-2603: Improve PKCS usage - CVE-2018-2618: Stricter key generation - CVE-2018-2629: Improve GSS handling - CVE-2018-2633: Improve LDAP lookup robustness - CVE-2018-2634: Improve property negotiations - CVE-2018-2637: Improve JMX supportive features - CVE-2018-2641: Improve GTK initialization - CVE-2018-2663: More refactoring for deserialization cases - CVE-2018-2677: More refactoring for client deserialization cases - CVE-2018-2678: More refactoring for naming deserialization cases This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1076366 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 openSUSE Leap 42.3 This update for Mozilla Firefox to version 52.7.0esr fixes multiple issues. Security issues fixed (bsc#1085130, MFSA 2018-07): - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 The following bug fixes are included: - bsc#1076907: provide mimehandler(text/html) Important SUSE bug 1076907 SUSE bug 1085130 SUSE bug 1261175 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 openSUSE Leap 42.3 This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed in OpenJDK 7u171 (January 2018 CPU)(bsc#1076366): - CVE-2018-2579: Improve key keying case - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages - CVE-2018-2603: Improve PKCS usage - CVE-2018-2618: Stricter key generation - CVE-2018-2629: Improve GSS handling - CVE-2018-2633: Improve LDAP lookup robustness - CVE-2018-2634: Improve property negotiations - CVE-2018-2637: Improve JMX supportive features - CVE-2018-2641: Improve GTK initialization - CVE-2018-2663: More refactoring for deserialization cases - CVE-2018-2677: More refactoring for client deserialization cases - CVE-2018-2678: More refactoring for naming This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1076366 CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 openSUSE Leap 42.3 This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.15, the full release notes are here: https://www.postgresql.org/docs/9.4/static/release-9-4-15.html - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1077983 CVE-2018-1053 openSUSE Leap 42.3 This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix a ethernet flow control vulnerability in SRIOV devices (bsc#1077355) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1077355 CVE-2015-1142857 openSUSE Leap 42.3 This update for Chromium to version 65.0.3325.162 fixes the following issues: - CVE-2017-11215: Use after free in Flash - CVE-2017-11225: Use after free in Flash - CVE-2018-6060: Use after free in Blink - CVE-2018-6061: Race condition in V8 - CVE-2018-6062: Heap buffer overflow in Skia - CVE-2018-6057: Incorrect permissions on shared memory - CVE-2018-6063: Incorrect permissions on shared memory - CVE-2018-6064: Type confusion in V8 - CVE-2018-6065: Integer overflow in V8 - CVE-2018-6066: Same Origin Bypass via canvas - CVE-2018-6067: Buffer overflow in Skia - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab - CVE-2018-6069: Stack buffer overflow in Skia - CVE-2018-6070: CSP bypass through extensions - CVE-2018-6071: Heap bufffer overflow in Skia - CVE-2018-6072: Integer overflow in PDFium - CVE-2018-6073: Heap bufffer overflow in WebGL - CVE-2018-6074: Mark-of-the-Web bypass - CVE-2018-6075: Overly permissive cross origin downloads - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink - CVE-2018-6077: Timing attack using SVG filters - CVE-2018-6078: URL Spoof in OmniBox - CVE-2018-6079: Information disclosure via texture data in WebGL - CVE-2018-6080: Information disclosure in IPC call - CVE-2018-6081: XSS in interstitials - CVE-2018-6082: Circumvention of port blocking - CVE-2018-6083: Incorrect processing of AppManifests Important SUSE bug 1084296 CVE-2017-11215 CVE-2017-11225 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081 CVE-2018-6082 CVE-2018-6083 openSUSE Leap 42.3 This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043 Important SUSE bug 1085207 CVE-2017-5715 openSUSE Leap 42.3 This update for php5 fixes the following issues: Security issues fixed: - CVE-2018-7584: Fixed stack-based buffer under-read while parsing an HTTPresponse in the php_stream_url_wrap_http_ex (bsc#1083639). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1083639 CVE-2018-7584 openSUSE Leap 42.3 This update for mariadb fixes the following issues: MariaDB was updated to 10.0.34 (bsc#1078431) The following security vulnerabilities are fixed: - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. - CVE-2018-2622: Vulnerability in the MySQL Server subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2640: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2665: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2668: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2612: Vulnerability in the MySQL Server subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The MariaDB external release notes and changelog for this release: * https://kb.askmonty.org/en/mariadb-10034-release-notes * https://kb.askmonty.org/en/mariadb-10034-changelog This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1078431 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 openSUSE Leap 42.3 This update for xmltooling fixes the following issues: - CVE-2018-0489: Fixed a security bug when xmltooling mishandled digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. (bsc#1083247) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1083247 CVE-2018-0486 CVE-2018-0489 openSUSE Leap 42.3 This update for libid3tag fixes the following issues: - CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c, which previously misparsed ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until OOM leading to DoS. (bsc#1081959 bsc#1081961) - CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown encodings when parsing ID3 tags. (bsc#1081962 bsc#387731) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1081959 SUSE bug 1081961 SUSE bug 1081962 SUSE bug 387731 CVE-2004-2779 CVE-2008-2109 CVE-2017-11550 CVE-2017-11551 openSUSE Leap 42.3 This update for Mozilla Firefox to version 52.7.2esr fixes security issues and bugs. Security issues fixed: - CVE-2018-5146: Specially crafted vorbis files could have been used to execute arbitrary code via an Out of bounds memory write (bsc#1085671, MFSA 2018-08) - CVE-2018-5147: Specially crafted vorbis files could have been used to execute arbitrary code via an Out of bounds memory write - used on ARM platforms (bsc#1085671, MFSA 2018-08) The following bug fixes are included: - Stability improvements in the Italian locale Important SUSE bug 1085671 CVE-2018-5146 openSUSE Leap 42.3 This update for postgresql95 fixes the following issues: Security issue fixed in PostgreSQL 9.5.12: - CVE-2018-1058: Uncontrolled search path element in pg_dump and other client applications (boo#1081925). Moderate SUSE bug 1081925 CVE-2018-1058 openSUSE Leap 42.3 This update for SDL2 and SDL2_image fixes the following issues: - CVE-2017-14441: Code execution in the ICO image rendering (bsc#1084282). - CVE-2017-14440: Potential code execution in the ILBM image rendering functionality (bsc#1084257). - CVE-2017-12122: Potential code execution in the ILBM image rendering fuctionality (bsc#1084256). - CVE-2017-14448: Heap buffer overflow in the XCF image rendering functionality (bsc#1084303). - CVE-2017-14449: Double-Free in the XCF image rendering (bsc#1084297). - CVE-2017-14442: Stack buffer overflow the BMP image rendering functionality (bsc#1084304). - CVE-2017-14450: Buffer overflow in the GIF image parsing (bsc#1084288). Bug fixes: - boo#1025413: Add dbus-ime.diff and build with fcitx. Important SUSE bug 1025413 SUSE bug 1084256 SUSE bug 1084257 SUSE bug 1084282 SUSE bug 1084288 SUSE bug 1084297 SUSE bug 1084303 SUSE bug 1084304 CVE-2017-12122 CVE-2017-14440 CVE-2017-14441 CVE-2017-14442 CVE-2017-14448 CVE-2017-14449 CVE-2017-14450 openSUSE Leap 42.3 This update for libraw fixes the following issues: - CVE-2018-5800: Specially crafted RAW files may have caused an application crash via a heap-based buffer overflow (boo#1084690) - CVE-2018-5801: Specially crafted RAW files may have been used to trigger a NULL pointer de-reference (boo#1084691) - CVE-2018-5802: Specially crafted RAW files may have caused an application crash via a heap-based buffer overflow (boo#1084688) Moderate SUSE bug 1084688 SUSE bug 1084690 SUSE bug 1084691 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 openSUSE Leap 42.3 This update for exempi fixes the following issues: - CVE-2018-7728: Specially crafted TIFF images could have been used to cause a denial of service via a heap-based buffer overflow (boo#1085297) - CVE-2018-7730: Specially crafted Excel files could have been used cause a denial of service via a heap-based buffer overflow (boo#1085295) Moderate SUSE bug 1085295 SUSE bug 1085297 CVE-2018-7728 CVE-2018-7730 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - CVE-2017-18230: Specially crafted CINEON images may have caused a Null pointer dereference (boo#1085233) - CVE-2017-16353: Specially crafted MIFF images could have allowed for information disclosure (boo#1066170) - CVE-2017-16352: Specially crafted MIFF images may have caused a heap-based buffer overflow (boo#1066168) - CVE-2017-14314: Specially crafted image files may have caused a denial of service (boo#1058630) - CVE-2017-14505: Specially crafted image files may have caused a Null pointer dereference (boo#1059735) - CVE-2017-15016: Specially crafted EMF images may have caused a Null pointer dereference (boo#1082291) - CVE-2017-15017: Specially crafted MSG images may have caused a Null pointer dereference (boo#1082283) - CVE-2017-18219: Specially crafted image files may have been used to cause an application crash (boo#1084060) - CVE-2017-18220: Specially crafted PNG images may have been used to cause a denial of service (boo#1084062) Moderate SUSE bug 1058630 SUSE bug 1059735 SUSE bug 1066168 SUSE bug 1066170 SUSE bug 1082283 SUSE bug 1082291 SUSE bug 1084060 SUSE bug 1084062 SUSE bug 1085233 CVE-2017-14314 CVE-2017-14505 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18219 CVE-2017-18220 CVE-2017-18230 openSUSE Leap 42.3 The Spectre Variant 2 in the Linux Kernel is mitigated using "retpolines". This update rebuilds all openSUSE Leap 42.3 KMPs to use "retpolines" and so be able to mitigate the Spectre v2 attack. (bsc#1068032 CVE-2017-5715) Important SUSE bug 1068032 CVE-2017-5715 openSUSE Leap 42.3 This update for postgresql96 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.6/static/release-9-6-8.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1081925 CVE-2018-1058 openSUSE Leap 42.3 This update for Chromium to version 65.0.3325.181 fixes the following issue: - boo#1086124: Various security relevant fixes from audits, fuzzing and other initiatives Additionally, re2 was updated to the 2018-03-01 version. Moderate SUSE bug 1086124 openSUSE Leap 42.3 This update for qemu fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. (CVE-2017-5715 bsc#1068032) The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We replaced our initial patch by the patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) These two patches will be removed when we can reasonably assume everyone is running with the appropriate updates. Spectre fixes for IBM Z Series were included by providing more hw features to guests (bsc#1076813) Also security fixes for the following CVE issues are included: - CVE-2017-17381: The Virtio Vring implementation in QEMU allowed local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. (bsc#1071228) - CVE-2017-16845: The PS2 driver in Qemu did not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. (bsc#1068613) - CVE-2017-15119: The Network Block Device (NBD) server in Quick Emulator (QEMU), was vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. (bsc#1070144) - CVE-2017-18043: Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allowed a user to cause a denial of service (Qemu process crash). (bsc#1076775) - CVE-2018-5683: The VGA driver in Qemu allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. (bsc#1076114) - CVE-2018-7550: The multiboot functionality in Quick Emulator (aka QEMU) allowed local guest OS users to execute arbitrary code on the QEMU host via an out-of-bounds read or write memory access. (bsc#1083291) - CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. (bsc#1073489) Additional bugs fixed: - Fix pcihp for 1.6 and older machine types (bsc#1074572) - Fix packaging dependencies (coreutils) for qemu-ksm package (bsc#1040202) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1040202 SUSE bug 1068032 SUSE bug 1068613 SUSE bug 1070144 SUSE bug 1071228 SUSE bug 1073489 SUSE bug 1074572 SUSE bug 1076114 SUSE bug 1076775 SUSE bug 1076813 SUSE bug 1082276 SUSE bug 1083291 CVE-2017-15119 CVE-2017-15124 CVE-2017-16845 CVE-2017-17381 CVE-2017-18043 CVE-2017-5715 CVE-2018-5683 CVE-2018-7550 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a denial of service (memory consumption) by triggering an out-of-array error case (bnc#1085053). - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver was fixed. (bnc#1072865). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-17975: Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure (bnc#1074426). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2017-15951: The KEYS subsystem in did not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls (bnc#1062840 bnc#1065615). - CVE-2018-1000026: A insufficient input validation vulnerability in the bnx2x network card driver could result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via an attacker that must pass a very large, specially crafted packet to the bnx2x card. This could be done from an untrusted guest VM. (bnc#1079384). - CVE-2017-18174: In the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, which could lead to a double free (bnc#1080533). - CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). - CVE-2018-1068: Insufficient user provided offset checking in the ebtables compat code allowed local attackers to overwrite kernel memory and potentially execute code. (bsc#1085107) The following non-security bugs were fixed: - acpi / bus: Leave modalias empty for devices which are not present (bnc#1012382). - acpi, nfit: fix health event notification (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - acpi, nfit: fix register dimm error handling (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - acpi: sbshc: remove raw pointer from printk() message (bnc#1012382). - Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382). - ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382). - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI (bnc#1012382). - ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382). - alpha: fix crash if pthread_create races with signal delivery (bnc#1012382). - alpha: fix reboot on Avanti platform (bnc#1012382). - alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382). - alsa: hda - Fix headset mic detection problem for two Dell machines (bnc#1012382). - alsa: hda/realtek - Add headset mode support for Dell laptop (bsc#1031717). - alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382). - alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717). - alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717). - alsa: seq: Fix racy pool initializations (bnc#1012382). - alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382). - alsa: usb-audio: add implicit fb quirk for Behringer UFX1204 (bnc#1012382). - alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bnc#1012382). - amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382). - arm64: add PTE_ADDR_MASK (bsc#1068032). - arm64: barrier: Add CSDB macros to control data-value prediction (bsc#1068032). - arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382). - arm64: Disable unhandled signal log messages by default (bnc#1012382). - arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382). - arm64: entry: Apply BP hardening for high-priority synchronous exceptions (bsc#1068032). - arm64: entry: Apply BP hardening for suspicious interrupts from EL0 (bsc#1068032). - arm64: entry: Ensure branch through syscall table is bounded under speculation (bsc#1068032). - arm64: entry: Reword comment about post_ttbr_update_workaround (bsc#1068032). - arm64: Force KPTI to be disabled on Cavium ThunderX (bsc#1068032). - arm64: futex: Mask __user pointers prior to dereference (bsc#1068032). - arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives (bsc#1068032). - arm64: Implement array_index_mask_nospec() (bsc#1068032). - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set (bnc#1012382). - arm64: kpti: Add ->enable callback to remap swapper using nG mappings (bsc#1068032). - arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() (bsc#1068032). - arm64: Make USER_DS an inclusive limit (bsc#1068032). - arm64: mm: Permit transitioning from Global to Non-Global without BBM (bsc#1068032). - arm64: move TASK_* definitions to <asm/processor.h> (bsc#1068032). - arm64: Run enable method for errata work arounds on late CPUs (bsc#1085045). - arm64: uaccess: Do not bother eliding access_ok checks in __{get, put}_user (bsc#1068032). - arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user (bsc#1068032). - arm64: uaccess: Prevent speculative use of the current addr_limit (bsc#1068032). - arm64: Use pointer masking to limit uaccess speculation (bsc#1068032). - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch (bnc#1012382). - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (bnc#1012382). - arm: dts: am4372: Correct the interrupts_properties of McASP (bnc#1012382). - arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen (bnc#1012382). - arm: dts: ls1021a: fix incorrect clock references (bnc#1012382). - arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382). - arm: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property (bnc#1012382). - arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bnc#1012382). - arm: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (bnc#1012382). - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes). - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382). - arm: spear13xx: Fix dmas cells (bnc#1012382). - arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382). - arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382). - arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382). - asoc: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717). - asoc: Intel: Kconfig: fix build when ACPI is not enabled (bnc#1012382). - asoc: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' (bsc#1031717). - asoc: mediatek: add i2c dependency (bnc#1012382). - asoc: nuc900: Fix a loop timeout test (bsc#1031717). - asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - asoc: rockchip: disable clock on error (bnc#1012382). - asoc: rsnd: avoid duplicate free_irq() (bnc#1012382). - asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382). - asoc: simple-card: Fix misleading error message (bnc#1012382). - asoc: ux500: add MODULE_LICENSE tag (bnc#1012382). - ata: ahci_xgene: free structure returned by acpi_get_object_info() (bsc#1082979). - ata: pata_artop: remove redundant initialization of pio (bsc#1082979). - ata: sata_dwc_460ex: remove incorrect locking (bsc#1082979). - b2c2: flexcop: avoid unused function warnings (bnc#1012382). - binder: add missing binder_unlock() (bnc#1012382). - binder: check for binder_thread allocation failure in binder_poll() (bnc#1012382). - binfmt_elf: compat: avoid unused function warning (bnc#1012382). - blacklist acb1feab320e powerpc/64: Do not trace irqs-off at interrupt return to soft-disabled context - blacklist.conf: blacklist too intrusive patches (bsc#1082979) - blacklist.conf: commit fd5f7cde1b85d4c8e09 ("printk: Never set console_may_schedule in console_trylock()") - blk-mq: add warning to __blk_mq_run_hw_queue() for ints disabled (bsc#1084772). - blk-mq: stop 'delayed_run_work' in blk_mq_stop_hw_queue() (bsc#1084967). - blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk (bsc#1084772). - blktrace: fix unlocked registration of tracepoints (bnc#1012382). - block: fix an error code in add_partition() (bsc#1082979). - block: Fix __bio_integrity_endio() documentation (bsc#1082979). - bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382). - bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version (bnc#1012382). - bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382). - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine (bnc#1012382). - bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382). - bpf: avoid false sharing of map refcount with max_entries (bnc#1012382). - bpf: fix 32-bit divide by zero (bnc#1012382). - bpf: fix bpf_tail_call() x64 JIT (bnc#1012382). - bpf: fix divides by zero (bnc#1012382). - bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382). - bpf: reject stores into ctx via st and xadd (bnc#1012382). - bridge: implement missing ndo_uninit() (bsc#1042286). - bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: fix crash due to not cleaning up tree log block's dirty bits (bnc#1012382). - btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382). - btrfs: fix deadlock when writing out space cache (bnc#1012382). - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree (bnc#1012382). - btrfs: Fix quota reservation leak on preallocated files (bsc#1079989). - btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382). - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker (bnc#1012382). - can: flex_can: Correct the checking for frame length in flexcan_start_xmit() (bnc#1012382). - cdrom: turn off autoclose by default (bsc#1080813). - ceph: fix incorrect snaprealm when adding caps (bsc#1081735). - ceph: fix un-balanced fsc->writeback_count update (bsc#1081735). - cfg80211: check dev_set_name() return value (bnc#1012382). - cfg80211: fix cfg80211_beacon_dup (bnc#1012382). - cifs: dump IPC tcon in debug proc file (bsc#1071306). - cifs: Fix autonegotiate security settings mismatch (bnc#1012382). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382). - cifs: make IPC a regular tcon (bsc#1071306). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306). - cifs: zero sensitive data when freeing (bnc#1012382). - clk: fix a panic error caused by accessing NULL pointer (bnc#1012382). - console/dummy: leave .con_font_get set to NULL (bnc#1012382). - cpufreq: Add Loongson machine dependencies (bnc#1012382). - crypto: aesni - handle zero length dst buffer (bnc#1012382). - crypto: af_alg - whitelist mask and type (bnc#1012382). - crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382). - crypto: cryptd - pass through absence of ->setkey() (bnc#1012382). - crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382). - crypto: poly1305 - remove ->setkey() method (bnc#1012382). - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382). - crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382). - crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382). - cw1200: fix bogus maybe-uninitialized warning (bnc#1012382). - dccp: limit sk_filter trim to payload (bsc#1042286). - dell-wmi, dell-laptop: depends DMI (bnc#1012382). - direct-io: Fix sleep in atomic due to sync AIO (bsc#1084888). - dlm: fix double list_del() (bsc#1082795). - dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795). - dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved (bnc#1012382). - dmaengine: dmatest: fix container_of member in dmatest_callback (bnc#1012382). - dmaengine: ioat: Fix error handling path (bnc#1012382). - dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382). - dmaengine: zx: fix build warning (bnc#1012382). - dm: correctly handle chained bios in dec_pending() (bnc#1012382). - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock (bnc#1012382). - do not put symlink bodies in pagecache into highmem (bnc#1012382). - dpt_i2o: fix build warning (bnc#1012382). - driver-core: use 'dev' argument in dev_dbg_ratelimited stub (bnc#1012382). - drivers: hv: balloon: Correctly update onlined page count (fate#315887, bsc#1082632). - drivers: hv: balloon: Initialize last_post_time on startup (fate#315887, bsc#1082632). - drivers: hv: balloon: Show the max dynamic memory assigned (fate#315887, bsc#1082632). - drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id (fate#315887, bsc#1082632). - drivers: hv: Turn off write permission on the hypercall page (fate#315887, bsc#1082632). - drivers: hv: vmbus: Fix rescind handling (fate#315887, bsc#1082632). - drivers: hv: vmbus: Fix rescind handling issues (fate#315887, bsc#1082632). - drivers/net: fix eisa_driver probe section mismatch (bnc#1012382). - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382). - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode (bnc#1012382). - drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382). - drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382). - drm/armada: fix leak of crtc structure (bnc#1012382). - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382). - drm/gma500: remove helper function (bnc#1012382). - drm/gma500: Sanity-check pipe index (bnc#1012382). - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382). - drm/nouveau/pci: do a msi rearm on init (bnc#1012382). - drm/radeon: adjust tested variable (bnc#1012382). - drm: rcar-du: Fix race condition when disabling planes at CRTC stop (bnc#1012382). - drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382). - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all (bnc#1012382). - drm/ttm: check the return value of kzalloc (bnc#1012382). - drm/vmwgfx: use *_32_bits() macros (bnc#1012382). - e1000: fix disabling already-disabled warning (bnc#1012382). - edac, octeon: Fix an uninitialized variable warning (bnc#1012382). - em28xx: only use mt9v011 if camera support is enabled (bnc#1012382). - enable DST_CACHE in non-vanilla configs except s390x/zfcpdump - ext4: correct documentation for grpid mount option (bnc#1012382). - ext4: do not unnecessarily allocate buffer in recently_deleted() (bsc#1080344). - ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864). - ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382). - f2fs: fix a bug caused by NULL extent tree (bsc#1082478). Does not affect SLE release but should be merged into leap updates - fbdev: auo_k190x: avoid unused function warnings (bnc#1012382). - fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382). - fbdev: sis: enforce selection of at least one backend (bnc#1012382). - fbdev: sm712fb: avoid unused function warnings (bnc#1012382). - fs: Avoid invalidation in interrupt context in dio_complete() (bsc#1073407 bsc#1069135). - fs: Fix page cache inconsistency when mixing buffered and AIO DIO (bsc#1073407 bsc#1069135). - fs: invalidate page cache after end_io() in dio completion (bsc#1073407 bsc#1069135). - ftrace: Remove incorrect setting of glob search field (bnc#1012382). - geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286). - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg (bnc#1012382). - genirq/msi: Fix populating multiple interrupts (bsc#1085047). - genirq: Restore trigger settings in irq_modify_status() (bsc#1085056). - genksyms: Fix segfault with invalid declarations (bnc#1012382). - gianfar: fix a flooded alignment reports because of padding issue (bnc#1012382). - go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382). - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382). - gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382). - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382). - gre: build header correctly for collect metadata tunnels (bsc#1042286). - gre: do not assign header_ops in collect metadata mode (bsc#1042286). - gre: do not keep the GRE header around in collect medata mode (bsc#1042286). - gre: reject GUE and FOU in collect metadata mode (bsc#1042286). - hdpvr: hide unused variable (bnc#1012382). - hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working (bnc#1012382). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bnc#1012382). - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) (bnc#1012382). - hv_netvsc: Add ethtool handler to set and get TCP hash levels (fate#315887, bsc#1082632). - hv_netvsc: Add ethtool handler to set and get UDP hash levels (fate#315887, bsc#1082632). - hv_netvsc: Add initialization of tx_table in netvsc_device_add() (fate#315887, bsc#1082632). - hv_netvsc: Change the hash level variable to bit flags (fate#315887, bsc#1082632). - hv_netvsc: Clean up an unused parameter in rndis_filter_set_rss_param() (fate#315887, bsc#1082632). - hv_netvsc: Clean up unused parameter from netvsc_get_hash() (fate#315887, bsc#1082632). - hv_netvsc: Clean up unused parameter from netvsc_get_rss_hash_opts() (fate#315887, bsc#1082632). - hv_netvsc: copy_to_send buf can be void (fate#315887, bsc#1082632). - hv_netvsc: do not need local xmit_more (fate#315887, bsc#1082632). - hv_netvsc: drop unused macros (fate#315887, bsc#1082632). - hv_netvsc: empty current transmit aggregation if flow blocked (fate#315887, bsc#1082632). - hv_netvsc: Fix rndis_filter_close error during netvsc_remove (fate#315887, bsc#1082632). - hv_netvsc: fix send buffer failure on MTU change (fate#315887, bsc#1082632). - hv_netvsc: Fix the channel limit in netvsc_set_rxfh() (fate#315887, bsc#1082632). - hv_netvsc: Fix the real number of queues of non-vRSS cases (fate#315887, bsc#1082632). - hv_netvsc: Fix the receive buffer size limit (fate#315887, bsc#1082632). - hv_netvsc: Fix the TX/RX buffer default sizes (fate#315887, bsc#1082632). - hv_netvsc: hide warnings about uninitialized/missing rndis device (fate#315887, bsc#1082632). - hv_netvsc: make const array ver_list static, reduces object code size (fate#315887, bsc#1082632). - hv_netvsc: optimize initialization of RNDIS header (fate#315887, bsc#1082632). - hv_netvsc: pass netvsc_device to receive callback (fate#315887, bsc#1082632). - hv_netvsc: remove open_cnt reference count (fate#315887, bsc#1082632). - hv_netvsc: Rename ind_table to rx_table (fate#315887, bsc#1082632). - hv_netvsc: Rename tx_send_table to tx_table (fate#315887, bsc#1082632). - hv_netvsc: replace divide with mask when computing padding (fate#315887, bsc#1082632). - hv_netvsc: report stop_queue and wake_queue (fate#315887, bsc#1082632). - hv_netvsc: simplify function args in receive status path (fate#315887, bsc#1082632). - hv_netvsc: Simplify the limit check in netvsc_set_channels() (fate#315887, bsc#1082632). - hv_netvsc: track memory allocation failures in ethtool stats (fate#315887, bsc#1082632). - hv: preserve kabi by keeping hv_do_hypercall (bnc#1082632). - hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382). - hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382). - hyper-v: trace vmbus_ongpadl_created() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_ongpadl_torndown() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_on_message() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_on_msg_dpc() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_onoffer() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_onoffer_rescind() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_onopen_result() (fate#315887, bsc#1082632). - hyper-v: trace vmbus_onversion_response() (fate#315887, bsc#1082632). - hyper-v: Use fast hypercall for HVCALL_SIGNAL_EVENT (fate#315887, bsc#1082632). - i2c: remove __init from i2c_register_board_info() (bnc#1012382). - ib/hfi1: Fix for potential refcount leak in hfi1_open_file() (FATE#321231 FATE#321473). - ib/iser: Handle lack of memory management extentions correctly (bsc#1082979). - ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports (bnc#1012382). - ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382). - ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239). - ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239). - ibmvnic: Allocate max queues stats buffers (bsc#1081498). - ibmvnic: Allocate statistics buffers during probe (bsc#1082993). - ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134, git-fixes). - ibmvnic: Clean RX pool buffers during device close (bsc#1081134). - ibmvnic: Clean up device close (bsc#1084610). - ibmvnic: Correct goto target for tx irq initialization failure (bsc#1082223). - ibmvnic: Do not attempt to login if RX or TX queues are not allocated (bsc#1082993). - ibmvnic: Do not disable device during failover or partition migration (bsc#1084610). - ibmvnic: Ensure that buffers are NULL after free (bsc#1080014). - ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes). - ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038). - ibmvnic: Fix login buffer memory leaks (bsc#1081134). - ibmvnic: Fix NAPI structures memory leak (bsc#1081134). - ibmvnic: Fix recent errata commit (bsc#1085239). - ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014). - ibmvnic: Fix TX descriptor tracking again (bsc#1082993). - ibmvnic: Fix TX descriptor tracking (bsc#1081491). - ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change (bsc#1081498). - ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134). - ibmvnic: Generalize TX pool structure (bsc#1085224). - ibmvnic: Handle TSO backing device errata (bsc#1085239). - ibmvnic: Harden TX/RX pool cleaning (bsc#1082993). - ibmvnic: Improve TX buffer accounting (bsc#1085224). - ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491). - ibmvnic: Make napi usage dynamic (bsc#1081498). - ibmvnic: Move active sub-crq count settings (bsc#1081498). - ibmvnic: Pad small packets to minimum MTU size (bsc#1085239). - ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263). - ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384). - ibmvnic: Rename active queue count variables (bsc#1081498). - ibmvnic: Reorganize device close (bsc#1084610). - ibmvnic: Report queue stops and restarts as debug output (bsc#1082993). - ibmvnic: Reset long term map ID counter (bsc#1080364). - ibmvnic: Split counters for scrq/pools/napi (bsc#1082223). - ibmvnic: Update and clean up reset TX pool routine (bsc#1085224). - ibmvnic: Update release RX pool routine (bsc#1085224). - ibmvnic: Update TX and TX completion routines (bsc#1085224). - ibmvnic: Update TX pool initialization routine (bsc#1085224). - ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134). - ib/srpt: Remove an unused structure member (bsc#1082979). - idle: i7300: add PCI dependency (bnc#1012382). - igb: Free IRQs when device is hotplugged (bnc#1012382). - iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels (bnc#1012382). - iio: adis_lib: Initialize trigger before requesting interrupt (bnc#1012382). - iio: buffer: check if a buffer has been set up when poll is called (bnc#1012382). - input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning (bnc#1012382). - input: tca8418_keypad - remove double read of key event register (git-fixes). - iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772). - iommu/amd: Enforce alignment for MSI IRQs (bsc#975772). - iommu/amd: Fix alloc_irq_index() increment (bsc#975772). - iommu/amd: Limit the IOVA page range to the specified addresses (fate#321026). - iommu/arm-smmu-v3: Cope with duplicated Stream IDs (bsc#1084926). - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range (bsc#1084928). - iommu/vt-d: Use domain instead of cache fetching (bsc#975772). - ip6: add ip6_make_flowinfo helper (bsc#1042286). - ip6mr: fix stale iterator (bnc#1012382). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - ip_tunnel: fix preempt warning in ip tunnel creation/updating (bnc#1012382). - ip_tunnel: replace dst_cache with generic implementation (bnc#1012382). - ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286). - ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286). - ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382). - ipv4: update comment to document GSO fragmentation cases (bsc#1042286). - ipv6: datagram: Refactor dst lookup and update codes to a new function (bsc#1042286). - ipv6: datagram: Refactor flowi6 init codes to a new function (bsc#1042286). - ipv6: datagram: Update dst cache of a connected datagram sk during pmtu update (bsc#1042286). - ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286). - ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382). - ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286). - ipv6: remove unused in6_addr struct (bsc#1042286). - ipv6: tcp: fix endianness annotation in tcp_v6_send_response (bsc#1042286). - ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286). - ipvlan: Add the skb->mark as flow4's member to lookup route (bnc#1012382). - ipvlan: fix multicast processing (bsc#1042286). - ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286). - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (bnc#1012382). - isdn: eicon: reduce stack size of sig_ind function (bnc#1012382). - isdn: icn: remove a #warning (bnc#1012382). - isdn: sc: work around type mismatch warning (bnc#1012382). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (git-fixes). - kABI: protect struct cpuinfo_x86 (kabi). - kABI: protect struct ethtool_link_settings (bsc#1085050). - kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all (kabi). - kABI: reintroduce crypto_poly1305_setkey (kabi). - kabi: restore kabi after "net: replace dst_cache ip6_tunnel implementation with the generic one" (bsc#1082897). - kabi: restore nft_set_elem_destroy() signature (bsc#1042286). - kabi: restore rhashtable_insert_slow() signature (bsc#1042286). - kabi/severities: add sclp to KABI ignore list - kabi/severities: add __x86_indirect_thunk_rsp - kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have spoken, let there be light. - kabi/severities: Ignore kvm for KABI severities - kabi: uninline sk_receive_skb() (bsc#1042286). - kaiser: fix compile error without vsyscall (bnc#1012382). - kaiser: fix intel_bts perf crashes (bnc#1012382). - kasan: rework Kconfig settings (bnc#1012382). - kernel/async.c: revert "async: simplify lowest_in_progress()" (bnc#1012382). - kernel: fix rwlock implementation (bnc#1079886, LTC#164371). - kernfs: fix regression in kernfs_fop_write caused by wrong type (bnc#1012382). - keys: encrypted: fix buffer overread in valid_master_desc() (bnc#1012382). - kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382). - kvm: add X86_LOCAL_APIC dependency (bnc#1012382). - kvm: ARM64: fix phy counter access failure in guest (bsc#1085015). - kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 (bsc#1079029). - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types (bnc#1012382). - kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bnc#1012382). - kvm: nVMX: invvpid handling improvements (bnc#1012382). - kvm: nVMX: kmap() can't fail (bnc#1012382). - kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail (bnc#1012382). - kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled (bsc#1066223). - kvm: s390: Add operation exception interception handler (FATE#324070, LTC#158959). - kvm: s390: Add sthyi emulation (FATE#324070, LTC#158959). - kvm: s390: Enable all facility bits that are known good for passthrough (FATE#324071, LTC#158956). - kvm: s390: Extend diag 204 fields (FATE#324070, LTC#158959). - kvm: s390: Fix STHYI buffer alignment for diag224 (FATE#324070, LTC#158959). - kvm: s390: instruction-execution-protection support (LTC#162428). - kvm: s390: Introduce BCD Vector Instructions to the guest (FATE#324072, LTC#158953). - kvm: s390: Introduce Vector Enhancements facility 1 to the guest (FATE#324072, LTC#158953). - kvm: s390: Limit sthyi execution (FATE#324070, LTC#158959). - kvm: s390: Populate mask of non-hypervisor managed facility bits (FATE#324071, LTC#158956). - kvm: VMX: clean up declaration of VPID/EPT invalidation types (bnc#1012382). - kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382). - kvm: VMX: Make indirect call speculation safe (bnc#1012382). - kvm: x86: Do not re-execute instruction when not passing CR2 value (bnc#1012382). - kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure (bnc#1012382). - kvm: x86: fix escape of guest dr6 to the host (bnc#1012382). - kvm: X86: Fix operand/address-size during instruction decoding (bnc#1012382). - kvm: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered (bnc#1012382). - kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race (bnc#1012382). - kvm: x86: ioapic: Preserve read-only values in the redirection table (bnc#1012382). - kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382). - kvm/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods (bnc#1012382). - l2tp: fix use-after-free during module unload (bsc#1042286). - led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - libceph: check kstrndup() return value (bsc#1081735). - lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382). - lib/uuid.c: introduce a few more generic helpers (fate#315887, bsc#1082632). - lib/uuid.c: use correct offset in uuid parser (fate#315887, bsc#1082632). - livepatch: introduce shadow variable API (bsc#1082299 fate#313296). Shadow variables support. - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299 fate#313296). Shadow variables support. - lockd: fix "list_add double add" caused by legacy signal interface (bnc#1012382). - loop: fix concurrent lo_open/lo_release (bnc#1012382). - mac80211: fix the update of path metric for RANN frame (bnc#1012382). - mac80211: mesh: drop frames appearing to be from us (bnc#1012382). - Make DST_CACHE a silent config option (bnc#1012382). - mdio-sun4i: Fix a memory leak (bnc#1012382). - md/raid1: Use a new variable to count flighting sync requests(bsc#1083048) - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382). - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (bnc#1012382). - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (bnc#1012382). - media: r820t: fix r820t_write_reg for KASAN (bnc#1012382). - media: s5k6aa: describe some function parameters (bnc#1012382). - media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382). - media: usbtv: add a new usbid (bnc#1012382). - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF (bnc#1012382). - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382). - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 (bnc#1012382). - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 (bnc#1012382). - media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382). - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382). - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382). - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382). - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs (bnc#1012382). - media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 (bnc#1012382). - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382). - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (bnc#1012382). - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382). - MIPS: Implement __multi3 for GCC7 MIPS64r6 builds (bnc#1012382). - mmc: bcm2835: Do not overwrite max frequency unconditionally (bsc#983145, git-fixes). - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382). - mm: hide a #warning for COMPILE_TEST (bnc#1012382). - mm/kmemleak.c: make cond_resched() rate-limiting more efficient (git-fixes). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (bnc#1012382). - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy (bnc#1012382). - modsign: hide openssl output in silent builds (bnc#1012382). - module/retpoline: Warn about missing retpoline in module (bnc#1012382). - mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583). - mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382). - mtd: cfi: convert inline functions to macros (bnc#1012382). - mtd: cfi: enforce valid geometry configuration (bnc#1012382). - mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382). - mtd: maps: add __init attribute (bnc#1012382). - mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bnc#1012382). - mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382). - mtd: sh_flctl: pass FIFO as physical address (bnc#1012382). - mvpp2: fix multicast address filter (bnc#1012382). - ncpfs: fix unused variable warning (bnc#1012382). - ncr5380: shut up gcc indentation warning (bnc#1012382). - net: add dst_cache support (bnc#1012382). - net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382). - net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382). - net: cdc_ncm: initialize drvflags before usage (bnc#1012382). - net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382). - net: ena: add detection and recovery mechanism for handling missed/misrouted MSI-X (bsc#1083548). - net: ena: add new admin define for future support of IPv6 RSS (bsc#1083548). - net: ena: add power management ops to the ENA driver (bsc#1083548). - net: ena: add statistics for missed tx packets (bsc#1083548). - net: ena: fix error handling in ena_down() sequence (bsc#1083548). - net: ena: fix race condition between device reset and link up setup (bsc#1083548). - net: ena: fix rare kernel crash when bar memory remap fails (bsc#1083548). - net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548). - net: ena: improve ENA driver boot time (bsc#1083548). - net: ena: increase ena driver version to 1.3.0 (bsc#1083548). - net: ena: increase ena driver version to 1.5.0 (bsc#1083548). - net: ena: reduce the severity of some printouts (bsc#1083548). - net: ena: remove legacy suspend suspend/resume support (bsc#1083548). - net: ena: Remove redundant unlikely() (bsc#1083548). - net: ena: unmask MSI-X only after device initialization is completed (bsc#1083548). - net: ethernet: cavium: Correct Cavium Thunderx NIC driver names accordingly to module name (bsc#1085011). - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (bnc#1012382). - net: ethtool: Add back transceiver type (bsc#1085050). - net: ethtool: remove error check for legacy setting transceiver type (bsc#1085050). - netfilter: drop outermost socket lock in getsockopt() (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107). - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107). - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() (bnc#1012382). - netfilter: ipvs: avoid unused variable warnings (bnc#1012382). - netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382). - netfilter: nf_tables: fix a wrong check to skip the inactive rules (bsc#1042286). - netfilter: nf_tables: fix inconsistent element expiration calculation (bsc#1042286). - netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286). - netfilter: nf_tables: fix race when create new element in dynset (bsc#1042286). - netfilter: on sockopt() acquire sock lock only in the required scope (bnc#1012382). - netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (bnc#1012382). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (bnc#1012382). - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert (bnc#1012382). - netfilter: xt_socket: fix transparent match for IPv6 request sockets (bsc#1042286). - net: gianfar_ptp: move set_fipers() to spinlock protecting area (bnc#1012382). - net: hns: add ACPI mode support for ethtool -p (bsc#1084041). - net: hp100: remove unnecessary #ifdefs (bnc#1012382). - net: igmp: add a missing rcu locking section (bnc#1012382). - net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags (bsc#1042286). - netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382). - net/mlx5e: Fix loopback self test when GRO is off (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Fix wrong delay calculation for overflow check scheduling (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Verify inline header size do not exceed SKB linear size (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Use 128B cacheline size for 128B or larger cachelines (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net: phy: Keep reporting transceiver type (bsc#1085050). - net: replace dst_cache ip6_tunnel implementation with the generic one (bnc#1012382). - net_sched: red: Avoid devision by zero (bnc#1012382). - net_sched: red: Avoid illegal values (bnc#1012382). - net/smc: fix NULL pointer dereference on sock_create_kern() error path (bsc#1082979). - netvsc: allow controlling send/recv buffer size (fate#315887, bsc#1082632). - netvsc: allow driver to be removed even if VF is present (fate#315887, bsc#1082632). - netvsc: check error return when restoring channels and mtu (fate#315887, bsc#1082632). - netvsc: cleanup datapath switch (fate#315887, bsc#1082632). - netvsc: do not signal host twice if empty (fate#315887, bsc#1082632). - netvsc: fix deadlock betwen link status and removal (fate#315887, bsc#1082632). - netvsc: increase default receive buffer size (fate#315887, bsc#1082632). - netvsc: keep track of some non-fatal overload conditions (fate#315887, bsc#1082632). - netvsc: no need to allocate send/receive on numa node (fate#315887, bsc#1082632). - netvsc: propagate MAC address change to VF slave (fate#315887, bsc#1082632). - netvsc: remove unnecessary cast of void pointer (fate#315887, bsc#1082632). - netvsc: remove unnecessary check for NULL hdr (fate#315887, bsc#1082632). - netvsc: whitespace cleanup (fate#315887, bsc#1082632). - net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286). - net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286). - NFS: commit direct writes even if they fail partially (bnc#1012382). - nfsd: check for use of the closed special stateid (bnc#1012382). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (bnc#1012382). - nfsd: Ensure we check stateid validity in the seqid operation checks (bnc#1012382). - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes). - nfs: fix a deadlock in nfs client initialization (bsc#1074198). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (bnc#1012382). - NFS: reject request for id_legacy key without auxdata (bnc#1012382). - NFS: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198). - nvme_fc: cleanup io completion (bsc#1079609). - nvme_fc: correct abort race condition on resets (bsc#1079609). - nvme_fc: fix abort race on teardown with lld reject (bsc#1083750). - nvme_fc: fix ctrl create failures racing with workq items (bsc#1076982). - nvme_fc: io timeout should defer abort to ctrl reset (bsc#1085054). - nvme-fc: kick admin requeue list on disconnect (bsc#1077241). - nvme_fc: minor fixes on sqsize (bsc#1076760). - nvme_fc: on remoteport reuse, set new nport_id and role (bsc#1076760). - nvme_fc: rework sqsize handling (bsc#1076760). - nvme: Fix managing degraded controllers (bnc#1012382). - nvme: Fix setting logical block format when revalidating (bsc#1079313). - nvme: only start KATO if the controller is live (bsc#1083387). - nvme-pci: clean up CMB initialization (bsc#1082979). - nvme-pci: clean up SMBSZ bit definitions (bsc#1082979). - nvme-pci: consistencly use ctrl->device for logging (bsc#1082979). - nvme-pci: fix typos in comments (bsc#1082979). - nvme-pci: Remap CMB SQ entries on every controller reset (bsc#1082979). - nvme-pci: Use PCI bus address for data/queues in CMB (bsc#1082979). - nvme: Quirks for PM1725 controllers (bsc#1082979). - nvme_rdma: clear NVME_RDMA_Q_LIVE bit if reconnect fails (bsc#1083770). - nvme-rdma: fix concurrent reset and reconnect (bsc#1082979). - nvme: remove nvme_revalidate_ns (bsc#1079313). - ocfs2: return error when we attempt to access a dirty bh in jbd2 (bsc#1070404). - openvswitch: fix the incorrect flow action alloc size (bnc#1012382). - ovl: fix failure to fsync lower dir (bnc#1012382). - ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286). - ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286). - ovs/gre,geneve: fix error path when creating an iface (bsc#1042286). - ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286). - PCI/ASPM: Do not retrain link if ASPM not possible (bnc#1071892). - PCI: hv: Do not sleep in compose_msi_msg() (fate#315887, bsc#1082632). - PCI: keystone: Fix interrupt-controller-node lookup (bnc#1012382). - PCI/MSI: Fix msi_desc->affinity memory leak when freeing MSI IRQs (bsc#1082979). - perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382). - perf top: Fix window dimensions change handling (bnc#1012382). - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning (bnc#1012382). - pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382). - pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382). - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning (bnc#1012382). - PM / devfreq: Propagate error from devfreq_add_device() (bnc#1012382). - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717). - posix-timer: Properly check sigevent->sigev_notify (bnc#1012382). - power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382). - powerpc/64: Fix flush_(d|i)cache_range() called from modules (FATE#315275 LTC#103998 bnc#1012382 bnc#863764). - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR (bnc#1012382). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075087). - powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223). - powerpc/numa: Ensure nodes initialized for hotplug (FATE#322022, bsc#1081514). - powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove (bsc#1081512). - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes (FATE#322022, bsc#1081514). - powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382). - powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers (bsc#1066223). - powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h (bsc#1066223). - powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032, bsc#1075087). - powerpc/pseries: Fix cpu hotplug crash with memoryless nodes (FATE#322022, bsc#1081514). - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1075087). - powerpc: Simplify module TOC handling (bnc#1012382). - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382). - Provide a function to create a NUL-terminated string from unterminated data (bnc#1012382). - pwc: hide unused label (bnc#1012382). - qla2xxx: Add changes for devloss timeout in driver (bsc#1084427). - qla2xxx: Add FC-NVMe abort processing (bsc#1084427). - qla2xxx: asynchronous pci probing (bsc#1034503). - qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427). - qla2xxx: Convert QLA_TGT_ABTS to TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1043726,FATE#324770). - qla2xxx: do not check login_state if no loop id is assigned (bsc#1081681). - qla2xxx: ensure async flags are reset correctly (bsc#1081681). - qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427). - qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427). - qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2) (bsc#1043726,FATE#324770). - qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427). - qla2xxx: Fix NVMe entry_type for iocb packet on BE system (bsc#1043726,FATE#324770). - qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427). - qla2xxx: Fixup locking for session deletion (bsc#1081681). - qla2xxx: Remove nvme_done_list (bsc#1084427). - qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe (bsc#1084427). - qla2xxx: remove use of FC-specific error codes (bsc#1043726,FATE#324770). - qla2xxx: Restore ZIO threshold setting (bsc#1084427). - qla2xxx: Return busy if rport going away (bsc#1084427). - qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote() (bsc#1084427). - qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427). - qlax2xxx: Drop SUSE-specific qla2xxx patches (bsc#1043726) - qlcnic: fix deadlock bug (bnc#1012382). - r8169: fix RTL8168EP take too long to complete driver initialization (bnc#1012382). - RDMA/cma: Make sure that PSN is not over max allowed (bnc#1012382). - RDMA/uverbs: Protect from command mask overflow (bsc#1082979). - reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382). - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" (bnc#1012382). - Revert "bpf: avoid false sharing of map refcount with max_entries" (kabi). - Revert "netfilter: nf_queue: Make the queue_handler pernet" (kabi). - Revert "net: replace dst_cache ip6_tunnel implementation with the generic one" (kabi bnc#1082897). - Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig" (bnc#1012382). - Revert "powerpc: Simplify module TOC handling" (kabi). - Revert SUSE-specific qla2xxx patch 'Add module parameter for interrupt mode' (bsc#1043726) - Revert "x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0" - Revert "x86/entry/64: Use a per-CPU trampoline stack for IDT entries" - rfi-flush: Move the logic to avoid a redo into the debugfs code (bsc#1068032, bsc#1075087). - rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1075087). - rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286). - rtc-opal: Fix handling of firmware error codes, prevent busy loops (bnc#1012382). - rtlwifi: fix gcc-6 indentation warning (bnc#1012382). - rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382). - s390: add no-execute support (FATE#324087, LTC#158827). - s390/dasd: fix handling of internal requests (bsc#1080321). - s390/dasd: fix wrongly assigned configuration data (bnc#1012382). - s390/dasd: prevent prefix I/O error (bnc#1012382). - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382). - s390: hypfs: Move diag implementation and data definitions (FATE#324070, LTC#158959). - s390: kvm: Cpu model support for msa6, msa7 and msa8 (FATE#324069, LTC#159031). - s390: Make cpc_name accessible (FATE#324070, LTC#158959). - s390: Make diag224 public (FATE#324070, LTC#158959). - s390/mem_detect: use unsigned longs (FATE#324071, LTC#158956). - s390/mm: align swapper_pg_dir to 16k (FATE#324087, LTC#158827). - s390/mm: always use PAGE_KERNEL when mapping pages (FATE#324087, LTC#158827). - s390/noexec: execute kexec datamover without DAT (FATE#324087, LTC#158827). - s390/oprofile: fix address range for asynchronous stack (bsc#1082979). - s390/pageattr: allow kernel page table splitting (FATE#324087, LTC#158827). - s390/pageattr: avoid unnecessary page table splitting (FATE#324087, LTC#158827). - s390/pageattr: handle numpages parameter correctly (FATE#324087, LTC#158827). - s390/pci_dma: improve lazy flush for unmap (bnc#1079886, LTC#163393). - s390/pci_dma: improve map_sg (bnc#1079886, LTC#163393). - s390/pci_dma: make lazy flush independent from the tlb_refresh bit (bnc#1079886, LTC#163393). - s390/pci_dma: remove dma address range check (bnc#1079886, LTC#163393). - s390/pci_dma: simplify dma address calculation (bnc#1079886, LTC#163393). - s390/pci_dma: split dma_update_trans (bnc#1079886, LTC#163393). - s390/pci: fix dma address calculation in map_sg (bnc#1079886, LTC#163393). - s390/pci: handle insufficient resources during dma tlb flush (bnc#1079886, LTC#163393). - s390/pgtable: introduce and use generic csp inline asm (FATE#324087, LTC#158827). - s390/pgtable: make pmd and pud helper functions available (FATE#324087, LTC#158827). - s390/qeth: fix underestimated count of buffer elements (bnc#1082089, LTC#164529). - s390: report new vector facilities (FATE#324088, LTC#158828). - s390/sclp: Add hmfai field (FATE#324071, LTC#158956). - s390/vmem: align segment and region tables to 16k (FATE#324087, LTC#158827). - s390/vmem: introduce and use SEGMENT_KERNEL and REGION3_KERNEL (FATE#324087, LTC#158827). - s390/vmem: simplify vmem code for read-only mappings (FATE#324087, LTC#158827). - sched/rt: Up the root domain ref count when passing it around via IPIs (bnc#1012382). - sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() (bnc#1012382). - scripts/kernel-doc: Do not fail with status != 0 if error encountered with -none (bnc#1012382). - scsi: aacraid: Fix hang in kdump (bsc#1022607, FATE#321673). - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path (bnc#1012382). - scsi: advansys: fix build warning for PCI=n (bnc#1012382). - scsi: advansys: fix uninitialized data access (bnc#1012382). - scsi: do not look for NULL devices handlers by name (bsc#1082373). - scsi: fas216: fix sense buffer initialization (bsc#1082979). - scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382). - scsi: hisi_sas: directly attached disk LED feature for v2 hw (bsc#1083409). - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info (bnc#1012382). - SCSI: initio: remove duplicate module device table (bnc#1012382 bsc#1082979). - SCSI: initio: remove duplicate module device table (bsc#1082979). - scsi: libsas: fix error when getting phy events (bsc#1082979). - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (bsc#1082979). - scsi: lpfc: Add WQ Full Logic for NVME Target (bsc#1080656). - scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a target (bsc#1080656). - scsi: lpfc: Beef up stat counters for debug (bsc#1076693). - scsi: lpfc: correct debug counters for abort (bsc#1080656). - scsi: lpfc: do not dereference localport before it has been null checked (bsc#1076693). - scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function (bsc#1082979). - scsi: lpfc: fix a couple of minor indentation issues (bsc#1076693). - scsi: lpfc: Fix -EOVERFLOW behavior for NVMET and defer_rcv (bsc#1076693). - scsi: lpfc: Fix header inclusion in lpfc_nvmet (bsc#1080656). - scsi: lpfc: Fix infinite wait when driver unregisters a remote NVME port (bsc#1076693). - scsi: lpfc: Fix IO failure during hba reset testing with nvme io (bsc#1080656). - scsi: lpfc: Fix issue_lip if link is disabled (bsc#1080656). - scsi: lpfc: Fix issues connecting with nvme initiator (bsc#1076693). - scsi: lpfc: Fix nonrecovery of NVME controller after cable swap (bsc#1080656). - scsi: lpfc: Fix PRLI handling when topology type changes (bsc#1080656). - scsi: lpfc: Fix receive PRLI handling (bsc#1076693). - scsi: lpfc: Fix RQ empty firmware trap (bsc#1080656). - scsi: lpfc: Fix SCSI io host reset causing kernel crash (bsc#1080656). - scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled (bsc#1076693). - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (bsc#1080656). - scsi: lpfc: Increase CQ and WQ sizes for SCSI (bsc#1080656). - scsi: lpfc: Increase SCSI CQ and WQ sizes (bsc#1076693). - scsi: lpfc: Indicate CONF support in NVMe PRLI (bsc#1080656). - scsi: lpfc: move placement of target destroy on driver detach (bsc#1080656). - scsi: lpfc: Treat SCSI Write operation Underruns as an error (bsc#1080656). - scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright (bsc#1080656). - scsi: lpfc: update driver version to 11.4.0.6 (bsc#1076693). - scsi: lpfc: update driver version to 11.4.0.7 (bsc#1080656). - scsi: lpfc: Validate adapter support for SRIU option (bsc#1080656). - scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382). - scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT passthrough commands (bsc#1043726,FATE#324770). - scsi: qla2xxx: Accelerate SCSI BUSY status generation in target mode (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add ability to autodetect SFP type (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add ability to send PRLO (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add ability to use GPNFT/GNNFT for RSCN handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add ATIO-Q processing for INTx mode (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add boundary checks for exchanges to be offloaded (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add command completion for error path (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add debug knob for user control workload (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add debug logging routine for qpair (bsc#1043725,FATE#324770). - scsi: qla2xxx: Added change to enable ZIO for FC-NVMe devices (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add FC-NVMe command handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add FC-NVMe F/W initialization and transport registration (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add FC-NVMe port discovery and PRLI handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add function call to qpair for door bell (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add fw_started flags to qpair (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add lock protection around host lookup (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add LR distance support from nvram bit (bsc#1043726,FATE#324770). - scsi: qla2xxx: add missing includes for qla_isr (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add option for use reserve exch for ELS (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add ql2xiniexchg parameter (bsc#1043725,FATE#324770). - scsi: qla2xxx: Add retry limit for fabric scan logic (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add support for minimum link speed (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add switch command to simplify fabric discovery (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add timeout ability to wait_for_sess_deletion() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Add XCB counters to debugfs (bsc#1043726,FATE#324770). - scsi: qla2xxx: Allow ABTS, PURX, RIDA on ATIOQ for ISP83XX/27XX (bsc#1043725,FATE#324770). - scsi: qla2xxx: Allow MBC_GET_PORT_DATABASE to query and save the port states (bsc#1043726,FATE#324770). - scsi: qla2xxx: Allow relogin and session creation after reset (bsc#1043726,FATE#324770). - scsi: qla2xxx: Allow SNS fabric login to be retried (bsc#1043726,FATE#324770). - scsi: qla2xxx: Allow target mode to accept PRLI in dual mode (bsc#1043726,FATE#324770). - scsi: qla2xxx: avoid unused-function warning (bsc#1043726,FATE#324770). - scsi: qla2xxx: Change ha->wq max_active value to default (bsc#1043726,FATE#324770). - scsi: qla2xxx: Changes to support N2N logins (bsc#1043726,FATE#324770). - scsi: qla2xxx: Chip reset uses wrong lock during IO flush (bsc#1043726,FATE#324770). - scsi: qla2xxx: Cleanup FC-NVMe code (bsc#1043726,FATE#324770). - scsi: qla2xxx: Cleanup NPIV host in target mode during config teardown (bsc#1043726,FATE#324770). - scsi: qla2xxx: Clear fc4f_nvme flag (bsc#1043726,FATE#324770). - scsi: qla2xxx: Clear loop id after delete (bsc#1043726,FATE#324770). - scsi: qla2xxx: Combine Active command arrays (bsc#1043725,FATE#324770). - scsi: qla2xxx: Convert 32-bit LUN usage to 64-bit (bsc#1043725,FATE#324770). - scsi: qla2xxx: Defer processing of GS IOCB calls (bsc#1043726,FATE#324770). - scsi: qla2xxx: Delay loop id allocation at login (bsc#1043726,FATE#324770). - scsi: qla2xxx: Do not call abort handler function during chip reset (bsc#1043726,FATE#324770). - scsi: qla2xxx: Do not call dma_free_coherent with IRQ disabled (bsc#1043726,FATE#324770). - scsi: qla2xxx: do not include <generated/utsrelease.h> (bsc#1043725,FATE#324770). - scsi: qla2xxx: Enable Async TMF processing (bsc#1043726,FATE#324770). - scsi: qla2xxx: Enable ATIO interrupt handshake for ISP27XX (bsc#1043726,FATE#324770). - scsi: qla2xxx: Enable Target Multi Queue (bsc#1043725,FATE#324770). - scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146, bsc#966328). - scsi: qla2xxx: fix a bunch of typos and spelling mistakes (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els() (bsc#1082979). - scsi: qla2xxx: Fix compile warning (bsc#1043725,FATE#324770). - scsi: qla2xxx: Fix FC-NVMe LUN discovery (bsc#1083223). - scsi: qla2xxx: Fix Firmware dump size for Extended login and Exchange Offload (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix GPNFT/GNNFT error handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix gpnid error processing (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix incorrect handle for abort IOCB (bsc#1082979). - scsi: qla2xxx: Fix login state machine freeze (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix login state machine stuck at GPDB (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix logo flag for qlt_free_session_done() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix mailbox failure while deleting Queue pairs (bsc#1043725,FATE#324770). - scsi: qla2xxx: Fix memory leak in dual/target mode (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix NPIV host cleanup in target mode (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix NPIV host enable after chip reset (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix NULL pointer access for fcport structure (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (bsc#1082979). - scsi: qla2xxx: Fix NULL pointer crash due to probe failure (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix oops in qla2x00_probe_one error path (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix PRLI state check (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix queue ID for async abort with Multiqueue (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix recursion while sending terminate exchange (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix Relogin being triggered too fast (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix re-login for Nport Handle in use (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix remoteport disconnect for FC-NVMe (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix scan state field for fcport (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix session cleanup for N2N (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix slow mem alloc behind lock (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que (bsc#1043726,FATE#324770). - scsi: qla2xxx: fix spelling mistake of variable sfp_additonal_info (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix system crash for Notify ack timeout handling (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix system crash while triggering FW dump (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix system panic due to pointer access problem (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix target multiqueue configuration (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix task mgmt handling for NPIV (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix warning during port_name debug print (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix warning for code intentation in __qla24xx_handle_gpdb_event() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Fix WWPN/WWNN in debug message (bsc#1043726,FATE#324770). - scsi: qla2xxx: Handle PCIe error for driver (bsc#1043726,FATE#324770). - scsi: qla2xxx: Include Exchange offload/Extended Login into FW dump (bsc#1043725,FATE#324770). - scsi: qla2xxx: Increase ql2xmaxqdepth to 64 (bsc#1043726,FATE#324770). - scsi: qla2xxx: Increase verbosity of debug messages logged (bsc#1043726,FATE#324770). - scsi: qla2xxx: Migrate switch registration commands away from mailbox interface (bsc#1043726,FATE#324770). - scsi: qla2xxx: move fields from qla_hw_data to qla_qpair (bsc#1043725,FATE#324770). - scsi: qla2xxx: Move function prototype to correct header (bsc#1043726,FATE#324770). - scsi: qla2xxx: Move logging default mask to execute once only (bsc#1043726,FATE#324770). - scsi: qla2xxx: Move session delete to driver work queue (bsc#1043726,FATE#324770). - scsi: qla2xxx: Move target stat counters from vha to qpair (bsc#1043725,FATE#324770). - scsi: qla2xxx: Move work element processing out of DPC thread (bsc#1043726,FATE#324770). - scsi: qla2xxx: Off by one in qlt_ctio_to_cmd() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Preparation for Target MQ (bsc#1043725,FATE#324770). - scsi: qla2xxx: Prevent multiple active discovery commands per session (bsc#1043726,FATE#324770). - scsi: qla2xxx: Prevent relogin trigger from sending too many commands (bsc#1043726,FATE#324770). - scsi: qla2xxx: Prevent sp->free null/uninitialized pointer dereference (bsc#1043726,FATE#324770). - scsi: qla2xxx: Print correct mailbox registers in failed summary (bsc#1043726,FATE#324770). - scsi: qla2xxx: Properly extract ADISC error codes (bsc#1043726,FATE#324770). - scsi: qla2xxx: Protect access to qpair members with qpair->qp_lock (bsc#1043726,FATE#324770). - scsi: qla2xxx: Query FC4 type during RSCN processing (bsc#1043726,FATE#324770). - scsi: qla2xxx: Recheck session state after RSCN (bsc#1043726,FATE#324770) - scsi: qla2xxx: Reduce the use of terminate exchange (bsc#1043726,FATE#324770). - scsi: qla2xxx: Reduce trace noise for Async Events (bsc#1043726,FATE#324770). - scsi: qla2xxx: Reinstate module parameter ql2xenablemsix (bsc#1043726,FATE#324770). - scsi: qla2xxx: Relogin to target port on a cable swap (bsc#1043726,FATE#324770). - scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout (FATE#320146, bsc#966328). - scsi: qla2xxx: Remove an unused structure member (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove datasegs_per_cmd and datasegs_per_cont field (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove extra register read (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove extra register read (bsc#1043726,FATE#324770). - scsi: qla2xxx: Remove FC_NO_LOOP_ID for FCP and FC-NVMe Discovery (bsc#1084397). - scsi: qla2xxx: Remove potential macro parameter side-effect in ql_dump_regs() (bsc#1043726,FATE#324770). - scsi: qla2xxx: remove redundant assignment of d (bsc#1043726,FATE#324770). - scsi: qla2xxx: remove redundant null check on tgt (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove redundant wait when target is stopped (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove session creation redundant code (bsc#1043726,FATE#324770). - scsi: qla2xxx: Remove unused argument from qlt_schedule_sess_for_deletion() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Remove unused irq_cmd_count field (bsc#1043725,FATE#324770). - scsi: qla2xxx: Remove unused tgt_enable_64bit_addr flag (bsc#1043725,FATE#324770). - scsi: qla2xxx: remove writeq/readq function definitions (bsc#1043725,FATE#324770). - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport (bsc#1043726,FATE#324770). - scsi: qla2xxx: Replace GPDB with async ADISC command (bsc#1043726,FATE#324770). - scsi: qla2xxx: Reset the logo flag, after target re-login (bsc#1043726,FATE#324770). - scsi: qla2xxx: Retry switch command on time out (bsc#1043726,FATE#324770). - scsi: qla2xxx: Send FC4 type NVMe to the management server (bsc#1043726,FATE#324770). - scsi: qla2xxx: Serialize GPNID for multiple RSCN (bsc#1043726,FATE#324770). - scsi: qla2xxx: Serialize session deletion by using work_lock (bsc#1043726,FATE#324770). - scsi: qla2xxx: Serialize session free in qlt_free_session_done (bsc#1043726,FATE#324770). - scsi: qla2xxx: Simpify unregistration of FC-NVMe local/remote ports (bsc#1043726,FATE#324770). - scsi: qla2xxx: Skip IRQ affinity for Target QPairs (bsc#1043726,FATE#324770). - scsi: qla2xxx: Skip zero queue count entry during FW dump capture (bsc#1043726,FATE#324770). - scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair() (bsc#1043726,FATE#324770). - scsi: qla2xxx: Tweak resource count dump (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update Driver version to 10.00.00.00-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.01-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.02-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.03-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.04-k (bsc#1043726,FATE#324770). - scsi: qla2xxx: Update driver version to 10.00.00.05-k (bsc#1081681). - scsi: qla2xxx: Update driver version to 9.01.00.00-k (bsc#1043725,FATE#324770). - scsi: qla2xxx: Update fw_started flags at qpair creation (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use BIT_6 to acquire FAWWPN from switch (bsc#1043726,FATE#324770) - scsi: qla2xxx: Use chip reset to bring down laser on unload (bsc#1043726,FATE#324770). - scsi: qla2xxx: use dma_mapping_error to check map errors (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use FC-NVMe FC4 type for FDMI registration (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use IOCB path to submit Control VP MBX command (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use known NPort ID for Management Server login (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use ql2xnvmeenable to enable Q-Pair for FC-NVMe (bsc#1043726,FATE#324770). - scsi: qla2xxx: use shadow register for ISP27XX (bsc#1043725,FATE#324770). - scsi: qla2xxx: Use shadow register for ISP27XX (bsc#1043726,FATE#324770). - scsi: qla2xxx: Use sp->free instead of hard coded call (bsc#1043726,FATE#324770). - scsi: ses: do not get power status of SES device slot on probe (bsc#1082979). - scsi: sim710: fix build warning (bnc#1012382). - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (bnc#1012382). - scsi: storvsc: remove unnecessary channel inbound lock (fate#315887, bsc#1082632). - scsi: sun_esp: fix device reference leaks (bsc#1082979). - scsi: tcm_qla2xxx: Do not allow aborted cmd to advance (bsc#1043725,FATE#324770). - scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg (bnc#1012382). - sctp: make use of pre-calculated len (bnc#1012382). - selinux: ensure the context is NUL terminated in security_context_to_sid_core() (bnc#1012382). - selinux: general protection fault in sock_has_perm (bnc#1012382). - selinux: skip bounded transition processing if the policy isn't loaded (bnc#1012382). - serial: 8250_mid: fix broken DMA dependency (bnc#1012382). - serial: 8250_uniphier: fix error return code in uniphier_uart_probe() (bsc#1031717). - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS (bnc#1012382). - series.conf: disable qla2xxx patches (bsc#1043725) - sget(): handle failures of register_shrinker() (bnc#1012382). - signal/openrisc: Fix do_unaligned_access to send the proper signal (bnc#1012382). - signal/sh: Ensure si_signo is initialized in do_divide_error (bnc#1012382). - SolutionEngine771x: fix Ether platform data (bnc#1012382). - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382). - spi: imx: do not access registers while clocks disabled (bnc#1012382). - spi: sun4i: disable clocks in the remove function (bnc#1012382). - ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382). - staging: android: ashmem: Fix a race condition in pin ioctls (bnc#1012382). - staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382). - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382). - staging: ste_rmi4: avoid unused function warnings (bnc#1012382). - staging: unisys: visorinput depends on INPUT (bnc#1012382). - staging: wilc1000: fix kbuild test robot error (bnc#1012382). - SUNRPC: Allow connect to return EHOSTUNREACH (bnc#1012382). - target: Add support for TMR percpu reference counting (bsc#1043726,FATE#324770). - target: Add TARGET_SCF_LOOKUP_LUN_FROM_TAG support for ABORT_TASK (bsc#1043726,FATE#324770). - tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382). - tc358743: fix register i2c_rd/wr function fix (git-fixes). - tc358743: fix register i2c_rd/wr functions (bnc#1012382). - tcp: do not set rtt_min to 1 (bsc#1042286). - tcp: release sk_frag.page in tcp_disconnect (bnc#1012382). - test_bpf: fix the dummy skb after dissector changes (bsc#1042286). - tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382). - tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382). - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382). - thermal: spear: use __maybe_unused for PM functions (bnc#1012382). - tlan: avoid unused label with PCI=n (bnc#1012382). - tools build: Add tools tree support for 'make -s' (bnc#1012382). - tpm-dev-common: Reject too short writes (bsc#1020645, git-fixes). - tpm: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tpm_tis: fix potential buffer overruns caused by bit glitches on the bus (bsc#1020645, git-fixes). - tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382). - tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382). - tty: mxser: Remove ASYNC_CLOSING (bnc#1072363). - ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382). - udp: restore UDPlite many-cast delivery (bsc#1042286). - usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382). - USB: cdc-acm: Do not log urb submission errors on disconnect (bnc#1012382). - USB: cdc_subset: only build when one driver is enabled (bnc#1012382). - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382). - usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382). - usb: gadget: do not dereference g until after it has been null checked (bnc#1012382). - usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382). - usb: gadget: uvc: Missing files for configfs interface (bnc#1012382). - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file (bnc#1012382). - usbip: keep usbip_device sockfd state in sync with tcp_socket (bnc#1012382). - usbip: list: do not list devices attached to vhci_hcd (bnc#1012382). - usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382). - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382). - usb: ldusb: add PIDs for new CASSY devices supported by this driver (bnc#1012382). - usb: musb/ux500: remove duplicate check for dma_is_compatible (bnc#1012382). - usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() (bnc#1012382). - usb: option: Add support for FS040U modem (bnc#1012382). - usb: phy: msm add regulator dependency (bnc#1012382). - usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path (bnc#1012382). - USB: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382). - USB: serial: pl2303: new device id for Chilitag (bnc#1012382). - USB: serial: simple: add Motorola Tetra driver (bnc#1012382). - usb: uas: unconditionally bring back host after reset (bnc#1012382). - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382). - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382). - vfs: do not do RCU lookup of empty pathnames (bnc#1012382). - vhost_net: stop device during reset owner (bnc#1012382). - video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382). - video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382). - video: fbdev: sis: remove unused variable (bnc#1012382). - video: fbdev: via: remove possibly unused variables (bnc#1012382). - video: Use bool instead int pointer for get_opt_bool() argument (bnc#1012382). - virtio_balloon: prevent uninitialized variable use (bnc#1012382). - vmbus: add per-channel sysfs info (fate#315887, bsc#1082632). - vmbus: add prefetch to ring buffer iterator (fate#315887, bsc#1082632). - vmbus: do not acquire the mutex in vmbus_hvsock_device_unregister() (fate#315887, bsc#1082632). - vmbus: drop unused ring_buffer_info elements (fate#315887, bsc#1082632). - vmbus: eliminate duplicate cached index (fate#315887, bsc#1082632). - vmbus: hvsock: add proper sync for vmbus_hvsock_device_unregister() (fate#315887, bsc#1082632). - vmbus: initialize reserved fields in messages (fate#315887, bsc#1082632). - vmbus: make channel_message table constant (fate#315887, bsc#1082632). - vmbus: more host signalling avoidance (fate#315887, bsc#1082632). - vmbus: refactor hv_signal_on_read (fate#315887, bsc#1082632). - vmbus: remove unused vmbus_sendpacket_ctl (fate#315887, bsc#1082632). - vmbus: remove unused vmbus_sendpacket_multipagebuffer (fate#315887, bsc#1082632). - vmbus: remove unused vmubs_sendpacket_pagebuffer_ctl (fate#315887, bsc#1082632). - vmbus: Reuse uuid_le_to_bin() helper (fate#315887, bsc#1082632). - vmbus: simplify hv_ringbuffer_read (fate#315887, bsc#1082632). - vmbus: unregister device_obj->channels_kset (fate#315887, bsc#1082632). - vmxnet3: prevent building with 64K pages (bnc#1012382). - vxlan: consolidate csum flag handling (bsc#1042286). - vxlan: consolidate output route calculation (bsc#1042286). - vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286). - vxlan: do not allow overwrite of config src addr (bsc#1042286). - watchdog: imx2_wdt: restore previous timeout after suspend+resume (bnc#1012382). - wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382). - x86: add MULTIUSER dependency for KVM (bnc#1012382). - x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382). - x86/boot: Avoid warning for zero-filling .bss (bnc#1012382). - x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382). - x86/bugs: Drop one "mitigation" from dmesg (bnc#1012382). - x86/build: Silence the build with "make -s" (bnc#1012382). - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382). - x86/cpu: Change type of x86_cache_size variable to unsigned int (bnc#1012382). - x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0 (bsc#1077560). - x86/entry/64: Use a per-CPU trampoline stack for IDT entries (bsc#1077560). - x86: fix build warnign with 32-bit PAE (bnc#1012382). - x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382). - x86/hyperv: Implement hv_get_tsc_page() (fate#315887, bsc#1082632). - x86/hyper-v: include hyperv/ only when CONFIG_HYPERV is set (fate#315887, bsc#1082632). - x86/hyper-v: Introduce fast hypercall implementation (fate#315887, bsc#1082632). - x86/hyper-v: Make hv_do_hypercall() inline (fate#315887, bsc#1082632). - x86/hyperv: Move TSC reading method to asm/mshyperv.h (fate#315887, bsc#1082632). - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER (bnc#1012382). - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested (bsc#1081431). - x86/mce: Pin the timer when modifying (bsc#1080851,1076282). - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug (bnc#1012382). - x86/microcode/AMD: Do not load when running on a hypervisor (bnc#1012382). - x86/microcode/AMD: Do not load when running on a hypervisor (bsc#1081436 bsc#1081437). - x86/microcode: Do the family check first (bnc#1012382). - x86/microcode: Do the family check first (bsc#1081436 bsc#1081437). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382). - x86/mm/pkeys: Fix fill_sig_info_pkey (fate#321300). - x86/nospec: Fix header guards names (bnc#1012382). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382). - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382). - x86/platform/olpc: Fix resume handler build warning (bnc#1012382). - x86/pti: Make unpoison of pgd for trusted boot work for real (bnc#1012382). - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382). - x86/retpoline: Avoid retpolines for built-in __init functions (bnc#1012382). - x86/retpoline/hyperv: Convert assembler indirect jumps (fate#315887, bsc#1082632). - x86/retpoline: Remove the esp/rsp thunk (bnc#1012382). - x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382). - x86/spectre: Fix an error message (git-fixes). - x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" (bnc#1012382). - x86/spectre: Remove the out-of-tree RSB stuffing - x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bnc#1012382). - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600). - xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382). - xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382). - xen-netfront: enable device after manual module load (bnc#1012382). - xen-netfront: remove warning when unloading module (bnc#1012382). - xen: XEN_ACPI_PROCESSOR is Dom0-only (bnc#1012382). - xfrm: check id proto in validate_tmpl() (bnc#1012382). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382). - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies (bnc#1012382). - xfrm_user: propagate sec ctx allocation errors (bsc#1042286). - xfs: do not chain ioends during writepage submission (bsc#1077285 bsc#1043441). - xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441). - xfs: Introduce writeback context for writepages (bsc#1077285 bsc#1043441). - xfs: ioends require logically contiguous file offsets (bsc#1077285 bsc#1043441). - xfs: quota: check result of register_shrinker() (bnc#1012382). - xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382). - xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285 bsc#1043441). - xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1072739). - xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401). - xfs: ubsan fixes (bnc#1012382). - xfs: write unmount record for ro mounts (bsc#1073401). - xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441). - xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382). - zram: fix operator precedence to get offset (bsc#1082979). Important SUSE bug 1006867 SUSE bug 1012382 SUSE bug 1015342 SUSE bug 1015343 SUSE bug 1020645 SUSE bug 1022607 SUSE bug 1027054 SUSE bug 1031717 SUSE bug 1033587 SUSE bug 1034503 SUSE bug 1042286 SUSE bug 1043441 SUSE bug 1043725 SUSE bug 1043726 SUSE bug 1062840 SUSE bug 1065600 SUSE bug 1065615 SUSE bug 1066223 SUSE bug 1067118 SUSE bug 1068032 SUSE bug 1068569 SUSE bug 1069135 SUSE bug 1070404 SUSE bug 1071306 SUSE bug 1071892 SUSE bug 1072363 SUSE bug 1072689 SUSE bug 1072739 SUSE bug 1072865 SUSE bug 1073401 SUSE bug 1073407 SUSE bug 1074198 SUSE bug 1074426 SUSE bug 1075087 SUSE bug 1076282 SUSE bug 1076693 SUSE bug 1076760 SUSE bug 1076982 SUSE bug 1077241 SUSE bug 1077285 SUSE bug 1077560 SUSE bug 1078583 SUSE bug 1078672 SUSE bug 1078673 SUSE bug 1079029 SUSE bug 1079038 SUSE bug 1079313 SUSE bug 1079384 SUSE bug 1079609 SUSE bug 1079886 SUSE bug 1079989 SUSE bug 1080014 SUSE bug 1080263 SUSE bug 1080321 SUSE bug 1080344 SUSE bug 1080364 SUSE bug 1080384 SUSE bug 1080464 SUSE bug 1080533 SUSE bug 1080656 SUSE bug 1080774 SUSE bug 1080813 SUSE bug 1080851 SUSE bug 1081134 SUSE bug 1081431 SUSE bug 1081436 SUSE bug 1081437 SUSE bug 1081491 SUSE bug 1081498 SUSE bug 1081500 SUSE bug 1081512 SUSE bug 1081514 SUSE bug 1081681 SUSE bug 1081735 SUSE bug 1082089 SUSE bug 1082223 SUSE bug 1082299 SUSE bug 1082373 SUSE bug 1082478 SUSE bug 1082632 SUSE bug 1082795 SUSE bug 1082864 SUSE bug 1082897 SUSE bug 1082979 SUSE bug 1082993 SUSE bug 1083048 SUSE bug 1083086 SUSE bug 1083223 SUSE bug 1083387 SUSE bug 1083409 SUSE bug 1083494 SUSE bug 1083548 SUSE bug 1083750 SUSE bug 1083770 SUSE bug 1084041 SUSE bug 1084397 SUSE bug 1084427 SUSE bug 1084610 SUSE bug 1084772 SUSE bug 1084888 SUSE bug 1084926 SUSE bug 1084928 SUSE bug 1084967 SUSE bug 1085011 SUSE bug 1085015 SUSE bug 1085045 SUSE bug 1085047 SUSE bug 1085050 SUSE bug 1085053 SUSE bug 1085054 SUSE bug 1085056 SUSE bug 1085107 SUSE bug 1085224 SUSE bug 1085239 SUSE bug 863764 SUSE bug 966170 SUSE bug 966172 SUSE bug 966328 SUSE bug 975772 SUSE bug 983145 CVE-2017-13166 CVE-2017-15951 CVE-2017-16644 CVE-2017-16912 CVE-2017-16913 CVE-2017-17975 CVE-2017-18174 CVE-2017-18208 CVE-2018-1000026 CVE-2018-1068 CVE-2018-8087 openSUSE Leap 42.3 This update for curl fixes the following issues: Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1084521 SUSE bug 1084524 SUSE bug 1084532 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 openSUSE Leap 42.3 This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1051042 SUSE bug 1053188 SUSE bug 1063675 SUSE bug 1064569 SUSE bug 1064580 SUSE bug 1064583 SUSE bug 1070905 SUSE bug 1071319 SUSE bug 1073231 SUSE bug 1074293 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2018-1000001 openSUSE Leap 42.3 Samba was updated to version 4.6.13 to fix several bugs. (bsc#1084191) Security issue fixed: - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741). The library talloc was updated to version 2.1.10: - build, documentation and python3 improvements The library tevent was updated to version 0.9.34 (bsc#1069666); - Remove unused select backend - Fix a race condition in tevent_threaded_schedule_immediate(); (bso#13130); - make tevent_req_print() more robust against crashes - Fix mutex locking in tevent_threaded_context_destructor(). - Re-init threading in tevent_re_initialise(). - Include the finish location in tevent_req_default_print(). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1069666 SUSE bug 1081741 SUSE bug 1084191 CVE-2018-1050 openSUSE Leap 42.3 This update for mailman fixes the following issues: Security issue fixed: - CVE-2018-5950: Fixed XSS vulnerability via crafted URL that could allow arbitrary javascript execution inside the user's browser (boo#1077358). Low SUSE bug 1077358 CVE-2018-5950 openSUSE Leap 42.3 This update for python-paramiko fixes the following issues: - CVE-2018-7750: Fixed transport.py in the SSH server implementation of Paramiko that does not properly check whether authentication is completed before processing other requests (bsc#1085276). Important SUSE bug 1085276 CVE-2018-7750 openSUSE Leap 42.3 This update for libmodplug fixes the following issues: Several security and non security issues where fixed: - Update to version 0.8.9.0+git20170610.f6dd59a boo#1022032: * PSM: add missing line to commit * ABC: prevent possible increment of p past end * ABC: ensure read pointer is valid before incrementing * ABC: terminate early when things don't work in substitute * OKT: add one more bound check * FAR: out by one on check * ABC: 10 digit ints require null termination * PSM: make sure reads occur of only valid ins * ABC: cleanup tracks correctly. * WAV: check that there is space for both headers * OKT: ensure file size is enough to contain data * ABC: initialize earlier * ABC: ensure array access is bounded correctly. * ABC: clean up loop exiting code * ABC: avoid possibility of incrementing *p * ABC: abort early if macro would be blank * ABC: Use blankline more often * ABC: Ensure for loop does not increment past end of loop * Initialize nPatterns to 0 earlier * Check memory position isn't over the memory length * ABC: transpose only needs to look at notes (<26) * Spelling fixes * Bump version number to 0.8.9.0 * MMCMP: Check that end pointer is within the file size * WAV: ensure integer doesn't overflow * XM: additional mempos check * sndmix: Don't process row if its empty. * snd_fx: dont include patterns of zero size in length calc * MT2,AMF: prevent OOB reads Moderate SUSE bug 1022032 openSUSE Leap 42.3 NonFree This update for Opera to version fixes the following issues: - boo#1086610: Version update to 52.0.2871.30, including all upstream fixes and improvements - The Chromium engine updates contain various security fixes The following packaging changes are included: - .desktop file was updated to comply with freedesktop.org Moderate SUSE bug 1086610 openSUSE Leap 42.3 This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data (bsc#1085687). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1085687 CVE-2018-5146 openSUSE Leap 42.3 This update for tiff to version 4.0.9 fixes the following issues: Security issues fixed: - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools (bsc#969783). - CVE-2015-7554: Fix invalid write in tiffsplit / _TIFFVGetField (bsc#960341). - CVE-2016-10095: Fix stack-based buffer overflow in _TIFFVGetField (tif_dir.c) (bsc#1017690). - CVE-2016-5318: Fix stackoverflow in thumbnail (bsc#983436). - CVE-2017-16232: Fix memory-based DoS in tiff2bw (bsc#1069213). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1017690 SUSE bug 1069213 SUSE bug 960341 SUSE bug 969783 SUSE bug 983436 CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-5318 CVE-2017-16232 openSUSE Leap 42.3 This update for Mozilla Thunderbird to version 52.7 fixes multiple issues. The following bugs were fixed: - Searching message bodies of messages in local folders, including filter and quick filter operations, did not find content in message attachments - Better error handling for Yahoo accounts The following security fixes are included as part of the mozilla platform. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671): - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5146: Out of bounds memory write in libvorbis - CVE-2018-5125: Memory safety bugs fixed in Thunderbird 52.7 - CVE-2018-5145: Memory safety bugs fixed in Thunderbird 52.7 Moderate SUSE bug 1085130 SUSE bug 1085671 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 openSUSE Leap 42.3 This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1045315 SUSE bug 1049423 SUSE bug 1052449 SUSE bug 1082858 SUSE bug 1083915 CVE-2012-6706 CVE-2017-11423 CVE-2017-6419 CVE-2018-0202 CVE-2018-1000085 openSUSE Leap 42.3 This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1083302 SUSE bug 1083303 CVE-2018-5732 CVE-2018-5733 openSUSE Leap 42.3 This update for nginx to version 1.13.9 fixes the following issues: - CVE-2017-7529: nginx: Integer overflow in nginx range filter module allowed memory disclosure (bsc#1048265) This update also contains all updates and improvements in 1.13.9 upstream release. Moderate SUSE bug 1048265 SUSE bug 1057831 SUSE bug 1059685 CVE-2017-7529 openSUSE Leap 42.3 This update for python-Django to version 1.18.18 fixes multiple issues. Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305) - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters (bsc#1083304). - CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374). - CVE-2016-2513: User enumeration through timing difference on password hasher work factor upgrade (bsc#968000). - CVE-2016-2512: Fixed malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth (bsc#967999). - CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050). - CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047). - CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451). - CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450). - CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284) Moderate SUSE bug 1001374 SUSE bug 1008047 SUSE bug 1008050 SUSE bug 1031450 SUSE bug 1031451 SUSE bug 1056284 SUSE bug 1083304 SUSE bug 1083305 SUSE bug 967999 SUSE bug 968000 CVE-2016-2048 CVE-2016-2512 CVE-2016-2513 CVE-2016-6186 CVE-2016-7401 CVE-2016-9013 CVE-2016-9014 CVE-2017-12794 CVE-2017-7233 CVE-2017-7234 CVE-2018-7536 CVE-2018-7537 openSUSE Leap 42.3 This update for python3-Django to version 1.18.18 fixes multiple issues. Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305) - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters (bsc#1083304). - CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374). - CVE-2016-2513: User enumeration through timing difference on password hasher work factor upgrade (bsc#968000). - CVE-2016-2512: Fixed malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth (bsc#967999). - CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050). - CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047). - CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451). - CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450). - CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284) Moderate SUSE bug 1001374 SUSE bug 1008047 SUSE bug 1008050 SUSE bug 1031450 SUSE bug 1031451 SUSE bug 1056284 SUSE bug 1083304 SUSE bug 1083305 SUSE bug 967999 SUSE bug 968000 CVE-2016-2048 CVE-2016-2512 CVE-2016-2513 CVE-2016-6186 CVE-2016-7401 CVE-2016-9013 CVE-2016-9014 CVE-2017-12794 CVE-2017-7233 CVE-2017-7234 CVE-2018-7536 CVE-2018-7537 openSUSE Leap 42.3 This update for librelp fixes the following issues: - CVE-2018-1000140: A stack-based buffer overflow in the code for checking of x509 certificates allowed a remote attacker with an access to the rsyslog logging facility to potentially execute arbitrary code by sending a specially crafted x509 certificate. (bsc#1086730) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1086730 CVE-2018-1000140 openSUSE Leap 42.3 This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (boo#1075737) - CVE-2018-5335: WCP dissector could crash (boo#1075738) - CVE-2018-5336: Multiple dissector crashes (boo#1075739) - CVE-2017-17997: MRDISC dissector could crash (boo#1074171) This release no longers enable the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (boo#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Moderate SUSE bug 1074171 SUSE bug 1075737 SUSE bug 1075738 SUSE bug 1075739 SUSE bug 1075748 CVE-2017-17997 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 openSUSE Leap 42.3 This update for Mozilla Firefox to version 52.7.3 fixes the following issue: - CVE-2018-5148: A use-after-free in compositor allowed for crashes to be triggered Or potentially have further code execution impact (bsc#1087059) Moderate SUSE bug 1087059 CVE-2018-5148 openSUSE Leap 42.3 This update for cacti, cacti-spine fixes the following issues Security issues fixed: - bsc#1086792: Path-Based Cross-Site Scripting (XSS) issues This update also contains a number of upstream bug fixes and improvements in the 1.1.37 version. The minimum required php version is 5.4, in openSUSE Leap 42.3 this is provided by php7. Moderate SUSE bug 1086792 openSUSE Leap 42.3 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481). - CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480). - CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1078677 SUSE bug 1082480 SUSE bug 1082481 CVE-2017-15706 CVE-2018-1304 CVE-2018-1305 openSUSE Leap 42.3 LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712). - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1017711 SUSE bug 1017712 SUSE bug 1081493 CVE-2016-9941 CVE-2016-9942 CVE-2018-7225 openSUSE Leap 42.3 This update for memcached fixes the following issues: - CVE-2017-9951: Fixed heap-based buffer over-read in try_read_command function which allowed remote attackers to cause a denial of service attack (bsc#1056865). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1056865 CVE-2017-9951 openSUSE Leap 42.3 This update for krb5 provides the following fixes: Security issues fixed: - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). Non-security issues fixed: - Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1057662 SUSE bug 1081725 SUSE bug 1083926 SUSE bug 1083927 CVE-2018-5729 CVE-2018-5730 openSUSE Leap 42.3 This update for aubio fixes the following issues: - CVE-2017-17054: Specially crafted wav files could have been used to cause an application crash (boo#1070399) Moderate SUSE bug 1070399 CVE-2017-17054 openSUSE Leap 42.3 This update for mariadb fixes several issues. These security issues were fixed: - CVE-2017-3636: Client programs had an unspecified vulnerability that could lead to unauthorized access and denial of service (bsc#1049399) - CVE-2017-3641: DDL unspecified vulnerability could lead to denial of service (bsc#1049404) - CVE-2017-3653: DML Unspecified vulnerability could lead to unauthorized database access (bsc#1049417) These non-security issues were fixed: - Add ODBC support for Connect engine (bsc#1039034) - Relax required version for mariadb-errormessages (bsc#1072665) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1039034 SUSE bug 1049399 SUSE bug 1049404 SUSE bug 1049417 SUSE bug 1054591 SUSE bug 1072665 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 openSUSE Leap 42.3 This update for links to version 2.15 fixes the following issues: - CVE-2017-11114: Buffer over-read vulnerability in case of corrupted UTF-8 data (boo#1051448) This update also contains a number of upstream improvements: - Rewrite google docs URLs to the download link, so that the file can be viewed in external viewer - Improved handling of compressed connections and content - various other bug fixes and improvements Moderate SUSE bug 1051448 CVE-2017-11114 openSUSE Leap 42.3 This update for docker-distribution fixes the following issues: Security issues fixed: - CVE-2017-11468: Fixed a denial of service (memory consumption) via the manifest endpoint (bsc#1049850). Bug fixes: - bsc#1083474: docker-distirbution-registry overwrites configuration file with update. - bsc#1033172: Garbage collector needed - or kindly release docker-distribution-registry in Version 2.4. - Add SuSEfirewall2 service file for TCP port 5000. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1033172 SUSE bug 1049850 SUSE bug 1083474 CVE-2017-11468 openSUSE Leap 42.3 This update for graphite2 fixes the following issues: - CVE-2018-7999: Fixed a NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of serivce (bsc#1084850). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1084850 CVE-2018-7999 openSUSE Leap 42.3 This update for rsync fixes the several issues. These security issues were fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions" (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). - CVE-2014-9512: Prevent attackers to write to arbitrary files via a symlink attack on a file in the synchronization path (bsc#915410). These non-security issues were fixed: - Stop file upload after errors like a full disk (boo#1062063) - Ensure -X flag works even when setting owner/group (boo#1028842) Moderate SUSE bug 1028842 SUSE bug 1062063 SUSE bug 1066644 SUSE bug 1071459 SUSE bug 1071460 SUSE bug 915410 SUSE bug 999847 CVE-2014-9512 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 openSUSE Leap 42.3 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://www.postgresql.org/docs/9.4/static/release-9-4-16.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1081925 CVE-2018-1058 openSUSE Leap 42.3 This update for libidn fixes the following issue: - CVE-2017-14062: Prevent integer overflow in the decode_digit function that allowed remote attackers to cause a denial of service or possibly have unspecified other impact (bsc#1056450). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056450 CVE-2017-14062 openSUSE Leap 42.3 This update for spice-gtk fixes the following issues: - CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. (bsc#1085415) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1085415 CVE-2017-12194 openSUSE Leap 42.3 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011). - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087). - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628). - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290). - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382). - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170). - CVE-2017-16352: Prevent a heap-based buffer overflow in the "Display visual image directory" feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168). - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630). - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434). - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735). - CVE-2018-7470: The IsWEBPImageLossless function allowed attackers to cause a denial of service (segmentation violation) via a crafted file (bsc#1082837). - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792). - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291). - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283). - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362). - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1043290 SUSE bug 1050087 SUSE bug 1056434 SUSE bug 1058630 SUSE bug 1059735 SUSE bug 1060382 SUSE bug 1066168 SUSE bug 1066170 SUSE bug 1082283 SUSE bug 1082291 SUSE bug 1082348 SUSE bug 1082362 SUSE bug 1082792 SUSE bug 1082837 SUSE bug 1083628 SUSE bug 1083634 SUSE bug 1086011 CVE-2017-11524 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14505 CVE-2017-14739 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18209 CVE-2017-18211 CVE-2017-9500 CVE-2018-7443 CVE-2018-7470 CVE-2018-8804 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issue: - CVE-2017-11524: An attacker could have used a crafted file to cause a denial of service (assertion failure and application exit) (bsc#1050087) Moderate SUSE bug 1050087 CVE-2017-11524 openSUSE Leap 42.3 This update for wireshark fixes the following issues: Minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (boo#1088200): - CVE-2018-9264: ADB dissector crash - CVE-2018-9260: IEEE 802.15.4 dissector crash - CVE-2018-9261: NBAP dissector crash - CVE-2018-9262: VLAN dissector crash - CVE-2018-9256: LWAPP dissector crash - CVE-2018-9263: Kerberos dissector crash - CVE-2018-9259: MP4 dissector crash - Memory leaks in multiple dissectors: CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274 This update also contains all upstream bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.14.html Moderate SUSE bug 1088200 CVE-2018-9256 CVE-2018-9259 CVE-2018-9260 CVE-2018-9261 CVE-2018-9262 CVE-2018-9263 CVE-2018-9264 CVE-2018-9265 CVE-2018-9266 CVE-2018-9267 CVE-2018-9268 CVE-2018-9269 CVE-2018-9270 CVE-2018-9271 CVE-2018-9272 CVE-2018-9273 CVE-2018-9274 openSUSE Leap 42.3 This update for mercurial fixes the following issue: - CVE-2018-1000132: Remote attackers may bypass HTTP server permissions via batch wire protocol commands (bsc#1085211) Moderate SUSE bug 1085211 CVE-2018-1000132 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2017-12672: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052720) - CVE-2017-13060: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055065) - CVE-2017-12670: Specially crafted MAT images may lead to an assertion failure and DoS (bsc#1052731) - CVE-2017-10800: Specially crafted MAT images may lead to memory denial of service (bsc#1047044) - CVE-2017-13648: Memory leak vulnerability allowed DoS via MAT image files (bsc#1055434) - CVE-2017-12564: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052468) - CVE-2017-12675: Memory leak vulnerability allowed DoS via MAT image files (bsc#1052710) - CVE-2017-14326: Memory leak vulnerability allowed DoS via MAT image files (bsc#1058640) - CVE-2017-17881: Memory leak vulnerability allowed DoS via MAT image files (bsc#1074123) - CVE-2017-11449: coders/mpc.c in ImageMagick before 7.0.6-1 remote denial of service (boo#1049373) - CVE-2017-11532: Memory Leak in WriteMPCImage() in coders/mpc.c (boo#1050129) - CVE-2017-16547: Incorrect memory management in DrawImage function in magick/render.c could lead to denial of service (boo#1067177) - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - Memory leak in pwp.c (boo#1051412) Moderate SUSE bug 1047044 SUSE bug 1049373 SUSE bug 1050129 SUSE bug 1051412 SUSE bug 1052468 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1055065 SUSE bug 1055434 SUSE bug 1058640 SUSE bug 1067177 SUSE bug 1074123 SUSE bug 1074975 CVE-2017-10800 CVE-2017-11449 CVE-2017-11532 CVE-2017-12564 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13648 CVE-2017-14326 CVE-2017-16547 CVE-2017-17881 CVE-2017-18022 openSUSE Leap 42.3 This update for git fixes the following issue: - CVE-2017-15298: Specially crafted repositories could have caused a denial of service (boo#1063412) Moderate SUSE bug 1063412 CVE-2017-15298 openSUSE Leap 42.3 This update for libvirt and virt-manager fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka "SpectreAttack" (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed in libvirt: - bsc#1070615: Fixed TPM device passthrough failure on kernels >= 4.0. - bsc#1082041: SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot. - bsc#1082161: Unable to change RTC basis or adjustment for Xen HVM guests using libvirt. Non-security issues fixed in virt-manager: - bsc#1086038: VM guests cannot be properly installed with virt-install - bsc#1067018: KVM Guest creation failed - Property .cmt not found - bsc#1054986: Fix openSUSE 15.0 detection. It has no content file or .treeinfo file - bsc#1085757: Fallback to latest version of openSUSE when opensuse-unknown is detected for the ISO This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1054986 SUSE bug 1067018 SUSE bug 1070615 SUSE bug 1079869 SUSE bug 1080042 SUSE bug 1082041 SUSE bug 1082161 SUSE bug 1083625 SUSE bug 1085757 SUSE bug 1086038 CVE-2017-5715 CVE-2018-1064 CVE-2018-6764 openSUSE Leap 42.3 This update for zziplib fixes the following issues: Security issues fixed: - CVE-2018-7726: There is a bus error caused by the__zzip_parse_root_directory function of zip.c. Attackers could leverage thisvulnerability to cause a denial of service (bsc#1084517). - CVE-2018-7725: An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service (bsc#1084519). This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1084517 SUSE bug 1084519 CVE-2018-7725 CVE-2018-7726 openSUSE Leap 42.3 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-1000476: A CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: The ReadMPCImage function in mpc.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1042948). - CVE-2017-1000445: A NULL pointer dereference in the MagickCore component might have lead to denial of service (bsc#1074425). - CVE-2017-17680: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17882) (bsc#1072902). - CVE-2017-17882: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17680) (bsc#1074122). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373). - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252). - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771). - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082). - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1042948 SUSE bug 1049373 SUSE bug 1051412 SUSE bug 1052252 SUSE bug 1052771 SUSE bug 1058082 SUSE bug 1072902 SUSE bug 1074122 SUSE bug 1074425 SUSE bug 1074610 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-11449 CVE-2017-11751 CVE-2017-12430 CVE-2017-12642 CVE-2017-14249 CVE-2017-17680 CVE-2017-17882 CVE-2017-9409 openSUSE Leap 42.3 This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. (bsc#1087102). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1087102 CVE-2018-0739 openSUSE Leap 42.3 This update for policycoreutils fixes the following issues: - CVE-2018-1063: Fixed problem to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1083624 CVE-2018-1063 openSUSE Leap 42.3 This update for evince fixes the following issues: - CVE-2017-1000159: Command injection in evince via filename when printing to PDF could lead to command execution (bsc#1070046) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1070046 CVE-2017-1000159 openSUSE Leap 42.3 This update for python-gunicorn, python3-gunicorn fixes the following issues: - CVE-2018-1000164: Improper neutralization of CRLF Sequences allow tricking the server to return arbitrary HTTP headers (boo#1088613) Moderate SUSE bug 1088613 CVE-2018-1000164 openSUSE Leap 42.3 This update for gwenhywfar fixes the following issues: Security issue fixed: - CVE-2015-7542: Make use of the system's default trusted CAs. Also remove the upstream provided ca-bundle.crt file and require ca-certificates so the /etc/ssl/certs directory is populated (bsc#958331). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 958331 CVE-2015-7542 openSUSE Leap 42.3 This update for python3 fixes the following issues: Security issue fixed: - CVE-2017-18207: Fixed possible denial of service vulnerability by adding a check to Lib/wave.py that verifies that at least one channel is provided (bsc#1083507). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1083507 CVE-2017-18207 openSUSE Leap 42.3 This update for memcached fixes the following issues: - CVE-2018-1000115: Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server could result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). (bsc#1083903) - Home directory shouldn't be world readable bsc#1077718 This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1077718 SUSE bug 1083903 CVE-2018-1000115 openSUSE Leap 42.3 This update for nodejs4 fixes the following issues: - Fix some node-gyp permissions - New upstream maintenance 4.9.1: * Security fixes: + CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459) + CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453) * Upgrade to OpenSSL 1.0.2o * deps: reject interior blanks in Content-Length * deps: upgrade http-parser to v2.8.0 - remove any old manpage files in %pre from before update-alternatives were used to manage symlinks to these manpages. - Add Recommends and BuildRequire on python2 for npm. node-gyp requires this old version of python for now. This is only needed for binary modules. - even on recent codestreams there is no binutils gold on s390 only on s390x - Enable CI tests in %check target This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1087453 SUSE bug 1087459 CVE-2018-7158 CVE-2018-7159 openSUSE Leap 42.3 This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1077445 SUSE bug 1082063 SUSE bug 1082210 SUSE bug 1083417 SUSE bug 1083420 SUSE bug 1083422 SUSE bug 1083424 SUSE bug 1083426 CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). The following non-security bugs were fixed: - acpica: Add header support for TPM2 table changes (bsc#1084452). - acpica: Add support for new SRAT subtable (bsc#1085981). - acpica: iasl: Update to IORT SMMUv3 disassembling (bsc#1085981). - acpi/IORT: numa: Add numa node mapping for smmuv3 devices (bsc#1085981). - acpi, numa: fix pxm to online numa node associations (bnc#1012382). - acpi / PMIC: xpower: Fix power_table addresses (bnc#1012382). - acpi/processor: Fix error handling in __acpi_processor_start() (bnc#1012382). - acpi/processor: Replace racy task affinity logic (bnc#1012382). - agp/intel: Flush all chipset writes after updating the GGTT (bnc#1012382). - ahci: Add pci-id for the Highpoint Rocketraid 644L card (bnc#1012382). - alsa: aloop: Fix access to not-yet-ready substream via cable (bnc#1012382). - alsa: aloop: Sync stale timer before release (bnc#1012382). - alsa: firewire-digi00x: handle all MIDI messages on streaming packets (bnc#1012382). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: hda: add dock and led support for HP EliteBook 820 G3 (bnc#1012382). - alsa: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012382). - alsa: hda/realtek - Always immediately update mute LED with pin VREF (bnc#1012382). - alsa: hda/realtek - Fix dock line-out volume on Dell Precision 7520 (bnc#1012382). - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda - Revert power_save option default value (git-fixes). - alsa: pcm: Fix UAF in snd_pcm_oss_get_formats() (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - alsa: usb-audio: Fix parsing descriptor of UAC2 processing unit (bnc#1012382). - apparmor: Make path_max parameter readonly (bnc#1012382). - arm64: Add missing Falkor part number for branch predictor hardening (bsc#1068032). - arm64 / cpuidle: Use new cpuidle macro for entering retention state (bsc#1084328). - arm64: mm: do not write garbage into TTBR1_EL1 register (bsc#1085487). - arm: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER (bnc#1012382). - arm: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP (bnc#1012382). - arm: dts: Adjust moxart IRQ controller and flags (bnc#1012382). - arm: dts: am335x-pepper: Fix the audio CODEC's reset pin (bnc#1012382). - arm: dts: exynos: Correct Trats2 panel reset line (bnc#1012382). - arm: dts: koelsch: Correct clock frequency of X2 DU clock input (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: dts: omap3-n900: Fix the audio CODEC's reset pin (bnc#1012382). - arm: dts: r8a7790: Correct parent of SSI[0-9] clocks (bnc#1012382). - arm: dts: r8a7791: Correct parent of SSI[0-9] clocks (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - asoc: rcar: ssi: do not set SSICR.CKDV = 000 with SSIWSR.CONT (bnc#1012382). - ath10k: disallow DFS simulation if DFS channel is not enabled (bnc#1012382). - ath10k: fix invalid STS_CAP_OFFSET_MASK (bnc#1012382). - ath10k: update tdls teardown state to target (bnc#1012382). - ath: Fix updating radar flags for coutry code India (bnc#1012382). - batman-adv: handle race condition for claims between gateways (bnc#1012382). - bcache: do not attach backing with duplicate UUID (bnc#1012382). - blkcg: fix double free of new_blkg in blkcg_init_queue (bnc#1012382). - blk-throttle: make sure expire time isn't too big (bnc#1012382). - block: do not assign cmd_flags in __blk_rq_prep_clone (bsc#1088087). - block-mq: stop workqueue items in blk_mq_stop_hw_queue() (bsc#1084967). - bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bnc#1012382). - bluetooth: hci_qca: Avoid setup failure on missing rampatch (bnc#1012382). - bnx2x: Align RX buffers (bnc#1012382). - bonding: refine bond_fold_stats() wrap detection (bnc#1012382). - bpf: fix incorrect sign extension in check_alu_op() (bnc#1012382). - bpf: skip unnecessary capability check (bnc#1012382). - bpf, x64: implement retpoline for tail call (bnc#1012382). - bpf, x64: increase number of passes (bnc#1012382). - braille-console: Fix value returned by _braille_console_setup (bnc#1012382). - brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: alloc_chunk: fix DUP stripe size handling (bnc#1012382). - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device (bnc#1012382). - btrfs: improve delayed refs iterations (bsc#1076033). - btrfs: incremental send, fix invalid memory access (git-fixes). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - btrfs: send, fix file hole not being preserved due to inline extent (bnc#1012382). - can: cc770: Fix queue stall & dropped RTR reply (bnc#1012382). - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bnc#1012382). - can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012382). - ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898). - clk: bcm2835: Protect sections updating shared registers (bnc#1012382). - clk: ns2: Correct SDIO bits (bnc#1012382). - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bnc#1012382). - clk: si5351: Rename internal plls to avoid name collisions (bnc#1012382). - coresight: Fix disabling of CoreSight TPIU (bnc#1012382). - coresight: Fixes coresight DT parse to get correct output port ID (bnc#1012382). - cpufreq: Fix governor module removal race (bnc#1012382). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - cpufreq/sh: Replace racy task affinity logic (bnc#1012382). - cpuidle: Add new macro to enter a retention idle state (bsc#1084328). - cros_ec: fix nul-termination for firmware build info (bnc#1012382). - crypto: cavium - fix memory leak on info (bsc#1086518). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dccp: check sk for closed state in dccp_sendmsg() (bnc#1012382). - dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped (bnc#1012382). - dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 (bnc#1012382). - dm: Always copy cmd_flags when cloning a request (bsc#1088087). - driver: (adm1275) set the m,b and R coefficients correctly for power (bnc#1012382). - drm: Allow determining if current task is output poll worker (bnc#1012382). - drm/amdgpu/dce: Do not turn off DP sink when disconnected (bnc#1012382). - drm/amdgpu: Fail fb creation from imported dma-bufs. (v2) (bnc#1012382). - drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012382). - drm/amdgpu: fix KV harvesting (bnc#1012382). - drm/amdgpu: Notify sbios device ready before send request (bnc#1012382). - drm/amdkfd: Fix memory leaks in kfd topology (bnc#1012382). - drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off) (bnc#1012382). - drm/edid: set ELD connector type in drm_edid_to_eld() (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - drm/msm: fix leak in failed get_pages (bnc#1012382). - drm/nouveau: Fix deadlock on runtime suspend (bnc#1012382). - drm/nouveau/kms: Increase max retries in scanout position queries (bnc#1012382). - drm/omap: DMM: Check for DMM readiness after successful transaction commit (bnc#1012382). - drm: qxl: Do not alloc fbdev if emulation is not supported (bnc#1012382). - drm/radeon: Do not turn off DP sink when disconnected (bnc#1012382). - drm/radeon: Fail fb creation from imported dma-bufs (bnc#1012382). - drm/radeon: Fix deadlock on runtime suspend (bnc#1012382). - drm/radeon: fix KV harvesting (bnc#1012382). - drm: udl: Properly check framebuffer mmap offsets (bnc#1012382). - drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012382). - drm/vmwgfx: Fixes to vmwgfx_fb (bnc#1012382). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: fix timing for 82579 Gigabit Ethernet controller (bnc#1012382). - e1000e: Remove Other from EIAC (bsc#1075428). - EDAC, sb_edac: Fix out of bound writes during DIMM configuration on KNL (git-fixes 3286d3eb906c). - ext4: inplace xattr block update fails to deduplicate blocks (bnc#1012382). - f2fs: relax node version check for victim data in gc (bnc#1012382). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fixup: sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - fs/aio: Add explicit RCU grace period when freeing kioctx (bnc#1012382). - fs/aio: Use RCU accessors for kioctx_table->table[] (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - fs: Teach path_connected to handle nfs filesystems with multiple roots (bnc#1012382). - genirq: Track whether the trigger type has been set (git-fixes). - genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs (bnc#1012382). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hid: clamp input to logical range if no null state (bnc#1012382). - hid: reject input outside logical range only if null state is set (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - hv_balloon: fix bugs in num_pages_onlined accounting (fate#323887). - hv_balloon: fix printk loglevel (fate#323887). - hv_balloon: simplify hv_online_page()/hv_page_online_one() (fate#323887). - i2c: i2c-scmi: add a MS HID (bnc#1012382). - i2c: xlp9xx: Check for Bus state before every transfer (bsc#1084310). - i2c: xlp9xx: Handle NACK on DATA properly (bsc#1084310). - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly (bsc#1060799). - i2c: xlp9xx: return ENXIO on slave address NACK (bsc#1060799). - i40e: Acquire NVM lock before reads on all devices (bnc#1012382). - ia64: fix module loading for gcc-5.4 (bnc#1012382). - IB/ipoib: Avoid memory leak if the SA returns a different DGID (bnc#1012382). - IB/ipoib: Update broadcast object if PKey value was changed in index 0 (bnc#1012382). - IB/mlx4: Change vma from shared to private (bnc#1012382). - IB/mlx4: Take write semaphore when changing the vma struct (bnc#1012382). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - IB/umem: Fix use of npages/nmap fields (bnc#1012382). - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (bnc#1012382). - iio: st_pressure: st_accel: Initialise sensor platform data properly (bnc#1012382). - iio: st_pressure: st_accel: pass correct platform data to init (git-fixes). - ima: relax requiring a file signature for new files with zero length (bnc#1012382). - infiniband/uverbs: Fix integer overflows (bnc#1012382). - input: matrix_keypad - fix race when disabling interrupts (bnc#1012382). - input: qt1070 - add OF device ID table (bnc#1012382). - input: tsc2007 - check for presence and power down tsc2007 during probe (bnc#1012382). - iommu/omap: Register driver before setting IOMMU ops (bnc#1012382). - iommu/vt-d: clean up pr_irq if request_threaded_irq fails (bnc#1012382). - ip6_vti: adjust vti mtu according to mtu of lower device (bnc#1012382). - ipmi: do not probe ACPI devices if si_tryacpi is unset (bsc#1060799). - ipmi: Fix the I2C address extraction from SPMI tables (bsc#1060799). - ipmi_ssif: Fix logic around alert handling (bsc#1060799). - ipmi_ssif: remove redundant null check on array client->adapter->name (bsc#1060799). - ipmi_ssif: unlock on allocation failure (bsc#1060799). - ipmi:ssif: Use i2c_adapter_id instead of adapter->nr (bsc#1060799). - ipmi: Use the proper default value for register size in ACPI (bsc#1060799). - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response (bnc#1012382). - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (bnc#1012382). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - ipvlan: add L2 check for packets arriving via virtual devices (bnc#1012382). - irqchip/gic-v3-its: Add ACPI NUMA node mapping (bsc#1085981). - irqchip/gic-v3-its: Allow GIC ITS number more than MAX_NUMNODES (bsc#1085981). - irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis (bnc#1012382). - irqchip/gic-v3-its: Remove ACPICA version check for ACPI NUMA (bsc#1085981). - kbuild: disable clang's default use of -fmerge-all-constants (bnc#1012382). - kbuild: Handle builtin dtb file names containing hyphens (bnc#1012382). - kprobes/x86: Fix kprobe-booster not to boost far call instructions (bnc#1012382). - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline (git-fixes). - kprobes/x86: Set kprobes pages read-only (bnc#1012382). - kvm: arm/arm64: Handle CPU_PM_ENTER_FAILED (bsc#1086499). - kvm: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending (bsc#1086499). - kvm: arm/arm64: vgic: Do not populate multiple LRs with the same vintid (bsc#1086499). - kvm: arm/arm64: vgic-its: Check result of allocation before use (bsc#). - kvm: arm/arm64: vgic-its: Preserve the revious read from the pending table (bsc#1086499). - kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3 (bsc#1086499). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - kvm: nVMX: fix nested tsc scaling (bsc1087999). - kvm: PPC: Book3S PR: Exit KVM on failed mapping (bnc#1012382). - kvm/x86: fix icebp instruction handling (bnc#1012382). - l2tp: do not accept arbitrary sockets (bnc#1012382). - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bnc#1012382). - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012382). - libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012382). - libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012382). - libata: fix length validation of ATAPI-relayed SCSI commands (bnc#1012382). - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bnc#1012382). - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bnc#1012382). - libata: remove WARN() for DMA or PIO command without data (bnc#1012382). - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it (bnc#1012382). - loop: Fix lost writes caused by missing flag (bnc#1012382). - lpfc: update version to 11.4.0.7-1 (bsc#1085383). - mac80211: do not parse encrypted management frames in ieee80211_frame_acked (bnc#1012382). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED (bnc#1012382). - mac80211: remove BUG() when interface type is invalid (bnc#1012382). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - md/raid10: skip spare disk as 'first' disk (bnc#1012382). - md/raid10: wait up frozen array in handle_write_completed (bnc#1012382). - md/raid6: Fix anomily when recovering a single device in RAID6 (bnc#1012382). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: bt8xx: Fix err 'bt878_probe()' (bnc#1012382). - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt (bnc#1012382). - media: cpia2: Fix a couple off by one bugs (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media/dvb-core: Race condition when writing to CAM (bnc#1012382). - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock (bnc#1012382). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mfd: palmas: Reset the POWERHOLD mux during power off (bnc#1012382). - mmc: avoid removing non-removable hosts during suspend (bnc#1012382). - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bnc#1012382). - mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a (bnc#1012382). - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() (bnc#1012382). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mm/vmalloc: add interfaces to free unmapped page table (bnc#1012382). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - mt7601u: check return value of alloc_skb (bnc#1012382). - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bnc#1012382). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012382). - mtip32xx: use runtime tag to initialize command header (bnc#1012382). - net/8021q: create device with all possible features in wanted_features (bnc#1012382). - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (bnc#1012382). - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (bnc#1012382). - net/faraday: Add missing include of of.h (bnc#1012382). - net: fec: Fix unbalanced PM runtime calls (bnc#1012382). - netfilter: add back stackpointer size checks (bnc#1012382). - netfilter: bridge: ebt_among: add missing match size checks (bnc#1012382). - netfilter: IDLETIMER: be syzkaller friendly (bnc#1012382). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (bnc#1012382). - netfilter: nat: cope with negative port range (bnc#1012382). - netfilter: use skb_to_full_sk in ip_route_me_harder (bnc#1012382). - netfilter: x_tables: fix missing timer initialization in xt_LED (bnc#1012382). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382). - net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: ipv6: send unsolicited NA after DAD (git-fixes). - net: ipv6: send unsolicited NA on admin up (bnc#1012382). - net/iucv: Free memory obtained by kzalloc (bnc#1012382). - netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012382). - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012382). - net: xfrm: allow clearing socket xfrm policies (bnc#1012382). - nfc: nfcmrvl: double free on error path (bnc#1012382). - nfc: nfcmrvl: Include unaligned.h instead of access_ok.h (bnc#1012382). - nfsd4: permit layoutget of executable-only files (bnc#1012382). - nfs: Fix an incorrect type in struct nfs_direct_req (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - nospec: Include <asm/barrier.h> dependency (bnc#1012382). - nvme: do not send keep-alive frames during reset (bsc#1084223). - nvme: do not send keep-alives to the discovery controller (bsc#1086607). - nvme: expand nvmf_check_if_ready checks (bsc#1085058). - nvme/rdma: do no start error recovery twice (bsc#1084967). - nvmet_fc: prevent new io rqsts in possible isr completions (bsc#1083574). - of: fix of_device_get_modalias returned length when truncating buffers (bnc#1012382). - openvswitch: Delete conntrack entry clashing with an expectation (bnc#1012382). - Partial revert "e1000e: Avoid receiver overrun interrupt bursts" (bsc#1075428). - pci: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bnc#1012382). - pci: Add pci_reset_function_locked() (bsc#1084889). - pci: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices (bsc#1084914). - pci: Avoid FLR for Intel 82579 NICs (bsc#1084889). - pci: Avoid slot reset if bridge itself is broken (bsc#1084918). - pci: Export pcie_flr() (bsc#1084889). - pci: hv: Fix 2 hang issues in hv_compose_msi_msg() (fate#323887, bsc#1087659, bsc#1087906). - pci: hv: Fix a comment typo in _hv_pcifront_read_config() (fate#323887, bsc#1087659). - pci: hv: Only queue new work items in hv_pci_devices_present() if necessary (fate#323887, bsc#1087659). - pci: hv: Remove the bogus test in hv_eject_device_work() (fate#323887, bsc#1087659). - pci: hv: Serialize the present and eject work items (fate#323887, bsc#1087659). - pci: Mark Haswell Power Control Unit as having non-compliant BARs (bsc#1086015). - pci/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown() (bnc#1012382). - pci: Probe for device reset support during enumeration (bsc#1084889). - pci: Protect pci_error_handlers->reset_notify() usage with device_lock() (bsc#1084889). - pci: Protect restore with device lock to be consistent (bsc#1084889). - pci: Remove __pci_dev_reset() and pci_dev_reset() (bsc#1084889). - pci: Remove redundant probes for device reset support (bsc#1084889). - pci: Wait for up to 1000ms after FLR reset (bsc#1084889). - perf inject: Copy events when reordering events in pipe mode (bnc#1012382). - perf probe: Return errno when not hitting any event (bnc#1012382). - perf session: Do not rely on evlist in pipe mode (bnc#1012382). - perf sort: Fix segfault with basic block 'cycles' sort dimension (bnc#1012382). - perf tests kmod-path: Do not fail if compressed modules are not supported (bnc#1012382). - perf tools: Make perf_event__synthesize_mmap_events() scale (bnc#1012382). - perf/x86/intel: Do not accidentally clear high bits in bdw_limit_period() (bnc#1012382). - perf/x86/intel/uncore: Fix multi-domain pci CHA enumeration bug on Skylake servers (bsc#1086357). - pinctrl: Really force states during suspend/resume (bnc#1012382). - platform/chrome: Use proper protocol transfer function (bnc#1012382). - platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA (bnc#1012382). - posix-timers: Protect posix clock array access against speculation (bnc#1081358). - power: supply: pda_power: move from timer to delayed_work (bnc#1012382). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - pty: cancel pty slave port buf's work in tty_release (bnc#1012382). - pwm: tegra: Increase precision in PWM rate calculation (bnc#1012382). - qed: Free RoCE ILT Memory on rmmod qedr (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Use after free in qed_rdma_free() (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qeth: repair SBAL elements calculation (bnc#1085507, LTC#165484). - qlcnic: fix unchecked return value (bnc#1012382). - rcutorture/configinit: Fix build directory error message (bnc#1012382). - rdma/cma: Use correct size when writing netlink stats (bnc#1012382). - rdma/core: do not use invalid destination in determining port reuse (fate#321231 fate#321473 fate#322153 fate#322149). - rdma/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() (bnc#1012382). - rdma/mlx5: Fix integer overflow while resizing CQ (bnc#1012382). - rdma/ocrdma: Fix permissions for OCRDMA_RESET_STATS (bnc#1012382). - rdma/ucma: Check that user does not overflow QP state (bnc#1012382). - rdma/ucma: Fix access to non-initialized CM_ID object (bnc#1012382). - rdma/ucma: Limit possible option size (bnc#1012382). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regulator: anatop: set default voltage selector for pcie (bnc#1012382). - reiserfs: Make cancel_old_flush() reliable (bnc#1012382). - Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux" (bnc#1012382). - Revert "e1000e: Separate signaling for link check/link up" (bsc#1075428). - Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" (bnc#1012382). - Revert "ipvlan: add L2 check for packets arriving via virtual devices" (reverted in upstream). - Revert "led: core: Fix brightness setting when setting delay_off=0" (bnc#1012382). - rndis_wlan: add return value validation (bnc#1012382). - rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs (bnc#1012382). - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012382). - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bnc#1012382). - s390/mm: fix local TLB flushing vs. detach of an mm address space (bnc#1088324, LTC#166470). - s390/mm: fix race on mm->context.flush_mm (bnc#1088324, LTC#166470). - s390/mm: no local TLB flush for clearing-by-ASCE IDTE (bnc#1088324, LTC#166470). - s390/qeth: apply takeover changes when mode is toggled (bnc#1085507, LTC#165490). - s390/qeth: do not apply takeover changes to RXIP (bnc#1085507, LTC#165490). - s390/qeth: fix double-free on IP add/remove race (bnc#1085507, LTC#165491). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix IP address lookup for L3 devices (bnc#1085507, LTC#165491). - s390/qeth: fix IP removal on offline cards (bnc#1085507, LTC#165491). - s390/qeth: fix SETIP command handling (bnc#1012382). - s390/qeth: free netdevice when removing a card (bnc#1012382). - s390/qeth: improve error reporting on IP add/removal (bnc#1085507, LTC#165491). - s390/qeth: lock IP table while applying takeover changes (bnc#1085507, LTC#165490). - s390/qeth: lock read device while queueing next buffer (bnc#1012382). - s390/qeth: on channel error, reject further cmd requests (bnc#1012382). - s390/qeth: update takeover IPs after configuration change (bnc#1085507, LTC#165490). - s390/qeth: when thread completes, wake up all waiters (bnc#1012382). - sched: act_csum: do not mangle TCP and UDP GSO packets (bnc#1012382). - sched: Stop resched_cpu() from sending IPIs to offline CPUs (bnc#1012382). - sched: Stop switched_to_rt() from sending IPIs to offline CPUs (bnc#1012382). - scsi: core: scsi_get_device_flags_keyed(): Always return device flags (bnc#1012382). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1012382). - scsi: dh: add new rdac devices (bnc#1012382). - scsi: lpfc: Add missing unlock in WQ full logic (bsc#1085383). - scsi: lpfc: Code cleanup for 128byte wqe data type (bsc#1085383). - scsi: lpfc: Fix mailbox wait for POST_SGL mbox command (bsc#1085383). - scsi: lpfc: Fix NVME Initiator FirstBurst (bsc#1085383). - scsi: lpfc: Fix SCSI lun discovery when port configured for both SCSI and NVME (bsc#1085383). - scsi: lpfc: Memory allocation error during driver start-up on power8 (bsc#1085383). - scsi: mac_esp: Replace bogus memory barrier with spinlock (bnc#1012382). - scsi: sg: check for valid direction before starting the request (bnc#1012382). - scsi: sg: fix SG_DXFER_FROM_DEV transfers (bnc#1012382). - scsi: sg: fix static checker warning in sg_is_valid_dxfer (bnc#1012382). - scsi: sg: only check for dxfer_len greater than 256M (bnc#1012382 bsc#1064206). - scsi: virtio_scsi: always read VPD pages for multiqueue too (git-fixes). - scsi: virtio_scsi: Always try to read VPD pages (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - selftests/x86: Add tests for the STR and SLDT instructions (bnc#1012382). - selftests/x86: Add tests for User-Mode Instruction Prevention (bnc#1012382). - selftests/x86/entry_from_vm86: Add test cases for POPF (bnc#1012382). - selftests/x86/entry_from_vm86: Exit with 1 if we fail (bnc#1012382). - selinux: check for address length in selinux_socket_bind() (bnc#1012382). - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device (bnc#1012382). - serial: sh-sci: prevent lockup on full TTY buffers (bnc#1012382). - skbuff: Fix not waking applications when errors are enqueued (bnc#1012382). - sm501fb: do not return zero on failure path in sm501fb_start() (bnc#1012382). - solo6x10: release vb2 buffers in solo_stop_streaming() (bnc#1012382). - spi: dw: Disable clock after unregistering the host (bnc#1012382). - spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer (bnc#1012382). - spi: sun6i: disable/unprepare clocks on remove (bnc#1012382). - staging: android: ashmem: Fix lockdep issue during llseek (bnc#1012382). - staging: android: ashmem: Fix possible deadlock in ashmem_ioctl (bnc#1012382). - staging: comedi: fix comedi_nsamples_left (bnc#1012382). - staging: lustre: ptlrpc: kfree used instead of kvfree (bnc#1012382). - staging: ncpfs: memory corruption in ncp_read_kernel() (bnc#1012382). - staging: speakup: Replace BUG_ON() with WARN_ON() (bnc#1012382). - staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y (bnc#1012382). - staging: wilc1000: add check for kmalloc allocation failure (bnc#1012382). - staging: wilc1000: fix unchecked return value (bnc#1012382). - Subject: af_iucv: enable control sends in case of SEND_SHUTDOWN (bnc#1085507, LTC#165135). - sysrq: Reset the watchdog timers while displaying high-resolution timers (bnc#1012382). - tcm_fileio: Prevent information leak for short reads (bnc#1012382). - tcp: remove poll() flakes with FastOpen (bnc#1012382). - tcp: sysctl: Fix a race to avoid unexpected 0 window from space (bnc#1012382). - team: Fix double free in error path (bnc#1012382). - test_firmware: fix setting old custom fw path back on exit (bnc#1012382). - time: Change posix clocks ops interfaces to use timespec64 (bnc#1012382). - timers, sched_clock: Update timeout for clock wrap (bnc#1012382). - tools/usbip: fixes build with musl libc toolchain (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm/tpm_crb: Use start method value from ACPI table directly (bsc#1084452). - tracing: probeevent: Fix to support minus offset from symbol (bnc#1012382). - tty/serial: atmel: add new version check for usart (bnc#1012382). - tty: vt: fix up tabstops properly (bnc#1012382). - uas: fix comparison for error code (bnc#1012382). - ubi: Fix race condition between ubi volume creation and udev (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - usb: Do not print a warning if interface driver rebind is deferred at resume (bsc#1087211). - usb: dwc2: Make sure we disconnect the gadget state (bnc#1012382). - usb: gadget: bdc: 64-bit pointer capability check (bnc#1012382). - usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control() (bnc#1012382). - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bnc#1012382). - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bnc#1012382). - usb: quirks: add control message delay for 1b1c:1b20 (bnc#1012382). - usb: storage: Add JMicron bridge 152d:2567 to unusual_devs.h (bnc#1012382). - usb: usbmon: Read text within supplied buffer size (bnc#1012382). - usb: usbmon: remove assignment from IS_ERR argument (bnc#1012382). - veth: set peer GSO values (bnc#1012382). - vgacon: Set VGA struct resource types (bnc#1012382). - video: ARM CLCD: fix dma allocation size (bnc#1012382). - video: fbdev: udlfb: Fix buffer on stack (bnc#1012382). - video/hdmi: Allow "empty" HDMI infoframes (bnc#1012382). - vxlan: vxlan dev should inherit lowerdev's gso_max_size (bnc#1012382). - wan: pc300too: abort path on failure (bnc#1012382). - watchdog: hpwdt: Check source of NMI (bnc#1012382). - watchdog: hpwdt: fix unused variable warning (bnc#1012382). - watchdog: hpwdt: SMBIOS check (bnc#1012382). - wil6210: fix memory access violation in wil_memcpy_from/toio_32 (bnc#1012382). - workqueue: Allow retrieval of current task's work struct (bnc#1012382). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/boot/64: Verify alignment of the LOAD segment (bnc#1012382). - x86/build/64: Force the linker to use 2MB page size (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86: i8259: export legacy_pic symbol (bnc#1012382). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/MCE: Serialize sysfs changes (bnc#1012382). - x86/mm: Fix vmalloc_fault to use pXd_large (bnc#1012382). - x86/mm: implement free pmd/pte page interfaces (bnc#1012382). - x86/module: Detect and skip invalid relocations (bnc#1012382). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - x86/vm86/32: Fix POPF emulation (bnc#1012382). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Important SUSE bug 1012382 SUSE bug 1019695 SUSE bug 1019699 SUSE bug 1022604 SUSE bug 1031717 SUSE bug 1046610 SUSE bug 1060799 SUSE bug 1064206 SUSE bug 1068032 SUSE bug 1073059 SUSE bug 1073069 SUSE bug 1075428 SUSE bug 1076033 SUSE bug 1077560 SUSE bug 1081358 SUSE bug 1083574 SUSE bug 1083745 SUSE bug 1083836 SUSE bug 1084223 SUSE bug 1084310 SUSE bug 1084328 SUSE bug 1084353 SUSE bug 1084452 SUSE bug 1084610 SUSE bug 1084829 SUSE bug 1084889 SUSE bug 1084898 SUSE bug 1084914 SUSE bug 1084918 SUSE bug 1084967 SUSE bug 1085042 SUSE bug 1085058 SUSE bug 1085224 SUSE bug 1085383 SUSE bug 1085402 SUSE bug 1085404 SUSE bug 1085487 SUSE bug 1085507 SUSE bug 1085981 SUSE bug 1086015 SUSE bug 1086194 SUSE bug 1086357 SUSE bug 1086499 SUSE bug 1086518 SUSE bug 1086607 SUSE bug 1087088 SUSE bug 1087211 SUSE bug 1087231 SUSE bug 1087260 SUSE bug 1087659 SUSE bug 1087845 SUSE bug 1087906 SUSE bug 1087999 SUSE bug 1088087 SUSE bug 1088324 CVE-2018-1091 CVE-2018-7740 CVE-2018-8043 openSUSE Leap 42.3 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1062538 SUSE bug 1067844 CVE-2017-12172 CVE-2017-15098 openSUSE Leap 42.3 This update for Chromium to version 66.0.3359.117 fixes the following issues: Security issues fixed (boo#1090000): - CVE-2018-6085: Use after free in Disk Cache - CVE-2018-6086: Use after free in Disk Cache - CVE-2018-6087: Use after free in WebAssembly - CVE-2018-6088: Use after free in PDFium - CVE-2018-6089: Same origin policy bypass in Service Worker - CVE-2018-6090: Heap buffer overflow in Skia - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker - CVE-2018-6092: Integer overflow in WebAssembly - CVE-2018-6093: Same origin bypass in Service Worker - CVE-2018-6094: Exploit hardening regression in Oilpan - CVE-2018-6095: Lack of meaningful user interaction requirement before file upload - CVE-2018-6096: Fullscreen UI spoof - CVE-2018-6097: Fullscreen UI spoof - CVE-2018-6098: URL spoof in Omnibox - CVE-2018-6099: CORS bypass in ServiceWorker - CVE-2018-6100: URL spoof in Omnibox - CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools - CVE-2018-6102: URL spoof in Omnibox - CVE-2018-6103: UI spoof in Permissions - CVE-2018-6104: URL spoof in Omnibox - CVE-2018-6105: URL spoof in Omnibox - CVE-2018-6106: Incorrect handling of promises in V8 - CVE-2018-6107: URL spoof in Omnibox - CVE-2018-6108: URL spoof in Omnibox - CVE-2018-6109: Incorrect handling of files by FileAPI - CVE-2018-6110: Incorrect handling of plaintext files via file:// - CVE-2018-6111: Heap-use-after-free in DevTools - CVE-2018-6112: Incorrect URL handling in DevTools - CVE-2018-6113: URL spoof in Navigation - CVE-2018-6114: CSP bypass - CVE-2018-6115: SmartScreen bypass in downloads - CVE-2018-6116: Incorrect low memory handling in WebAssembly - CVE-2018-6117: Confusing autofill settings - Various fixes from internal audits, fuzzing and other initiatives This update also supports mitigation against the Spectre vulnerabilities: "Strict site isolation" is disabled for most users and can be turned on via: chrome://flags/#enable-site-per-process This feature is undergoing a small percentage trial. Out out of the trial is possible via: chrome://flags/#site-isolation-trial-opt-out The following other changes are included: - distrust certificates issued by Symantec before 2016-06-01 - add option to export saved passwords - Reduce videos that auto-play with sound - boo#1086199: Fix UI freezing when loading/scaling down large images This update also contains a number of upstream bug fixes and improvements. Important SUSE bug 1086199 SUSE bug 1090000 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6115 CVE-2018-6116 CVE-2018-6117 openSUSE Leap 42.3 This update for mbedtls fixes the following issues: Security issues fixed: - CVE-2018-9988: Fixed buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input (boo#1089022). - CVE-2018-9989: Fixed buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input (boo#1089021). Moderate SUSE bug 1089021 SUSE bug 1089022 CVE-2018-9988 CVE-2018-9989 openSUSE Leap 42.3 This update for cfitsio fixes the following issues: Security issues fixed: - CVE-2018-1000166: Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code (boo#1088590) This update to version 3.430 also contains a number of upstream bug fixes. The following tracked packaging changes are included: - boo#1082318: package licence text as license, not as documentation Important SUSE bug 1082318 SUSE bug 1088590 CVE-2018-1000166 openSUSE Leap 42.3 This update for nextcloud fixes the following issues: Security issue fixed: - CVE-2017-0936: Nextcloud Server before 11.0.7 suffers from an Authorization Bypass Through User-Controlled Key vulnerability (boo#1087402). Bug fixes: - See online release notes for all relevant changes. https://nextcloud.com/changelog/ Moderate SUSE bug 1087402 CVE-2017-0936 openSUSE Leap 42.3 This update for PackageKit fixes the following security issue: - CVE-2018-1106: Drop the polkit rule which could allow users in wheel group to install packages without root password (bsc#1086936). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1086936 CVE-2018-1106 openSUSE Leap 42.3 This update for phpMyAdmin to version 4.8.0.1 fixes the following issues: - CVE-2018-10188: Possible execution of arbitrary SQL statements via manipulated URLs (boo#1090309) This version also contains a number of upstream changes, improvements, new functions and bug fixes. Moderate SUSE bug 1090309 CVE-2018-10188 openSUSE Leap 42.3 This update for salt fixes the following issues: - [Regression] Permission problem: salt-ssh minion boostrap doesn't work anymore. (bsc#1027722) - wrong use of os_family string for Suse in the locale module and others (bsc#1038855) - Cannot bootstrap a host using "Manage system completely via SSH (will not install an agent)" (bsc#1002529) - add user to or replace members of group not working with SLES11 SPx (bsc#978150) - SLES-12-GA client fail to start salt minion (SUSE MANAGER 3.0) (bsc#991048) - salt pkg.latest raises exception if package is not availible (bsc#1012999) - pkg.list_products on "registerrelease" and "productline" returns boolean.False if empty (bsc#989193) - SLES-12-SP1 salt-minion clients has no Base Channel added by default (bsc#986019) - "The system requires a reboot" does not disappear from web-UI despite the reboot (bsc#1017078) - Remove option -f from startproc (bsc#975733) - [PYTHON2] package salt-minion requires /usr/bin/python (bsc#1081592) - Upgrading packages on RHEL6/7 client fails (bsc#1068566) - /var/log/salt has insecure permissions (bsc#1071322) - [Minion-bootstrapping] Invalid char cause server (salt-master ERROR) (bsc#1011304) - CVE-2016-9639: Possible information leak due to revoked keys still being used (bsc#1012398) - Bootstrapping SLES12 minion invalid (bsc#1053376) - Minions not correctly onboarded if Proxy has multiple FQDNs (bsc#1063419) - salt --summary '*' <function> reporting "# of minions that did not return" wrongly (bsc#972311) - RH-L3 SALT - Stacktrace if nscd package is not present when using nscd state (bsc#1027044) - Inspector broken: no module "query" or "inspector" while querying or inspecting (bsc#989798) - [ Regression ]Centos7 Minion remote command execution from gui or cli , minion not responding (bsc#1027240) - SALT, minion_id generation doesn't match the newhostname (bsc#967803) - Salt API server shuts down when SSH call with no matches is issued (bsc#1004723) - /var/log/salt/minion fails logrotate (bsc#1030009) - Salt proxy test.ping crashes (bsc#975303) - salt master flood log with useless messages (bsc#985661) - After bootstrap salt client has deprecation warnings (bsc#1041993) - Head: salt 2017.7.2 starts salt-master as user root (bsc#1064520) - CVE-2017-12791: Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master (bsc#1053955) - salt-2017.7.2 - broken %post script for salt-master (bsc#1079048) - Tearing down deployment with SaltStack Kubernetes module always shows error (bsc#1059291) - lvm.vg_present does not recognize PV with certain LVM filter settings. (bsc#988506) - High state fails: No service execution module loaded: check support for service (bsc#1065792) - When multiple versions of a package are installed on a minion, patch status may vary (bsc#972490) - Salt cp.push does not work on SUMA 3.2 Builds because of python3.4 (bsc#1075950) - timezone modue does not update /etc/sysconfig/clock (bsc#1008933) - Add patches to salt to support SUSE Manager scalability features (bsc#1052264) - salt-minion failed to start on minimal RHEL6 because of DBus exception during load of snapper module (bsc#993039) - Permission denied: '/var/run/salt-master.pid' (bsc#1050003) - Jobs scheduled to run at a future time stay pending for Salt minions (bsc#1036125) - Backport kubernetes-modules to salt (bsc#1051948) - After highstate: The minion function caused an exception (bsc#1068446) - VUL-0: CVE-2017-14695: salt: directory traversal vulnerability in minion id validation (bsc#1062462) - unable to update salt-minion on RHEL (bsc#1022841) - Nodes run out of memory due to salt-minion process (bsc#983512) - [Proxy] "Broken pipe" during bootstrap of salt minion (bsc#1039370) - incorrect return code from /etc/rc.d/salt-minion (bsc#999852) - CVE-2017-5200: Salt-ssh via api let's run arbitrary commands as user salt (bsc#1011800) - beacons.conf on salt-minion not processed (bsc#1060230) - SLES11 SP3 salt-minion Client Cannot Select Base Channel (bsc#975093) - salt-ssh sys.doc gives authentication failure without arguments (bsc#1019386) - minion bootstrapping: error when bootstrap SLE11 clients (bsc#990439) - Certificate Deployment Fails for SLES11 SP3 Clients (bsc#975757) - state.module run() does not translate varargs (bsc#1025896) Moderate SUSE bug 1002529 SUSE bug 1004723 SUSE bug 1008933 SUSE bug 1011304 SUSE bug 1011800 SUSE bug 1012398 SUSE bug 1012999 SUSE bug 1017078 SUSE bug 1019386 SUSE bug 1022841 SUSE bug 1025896 SUSE bug 1027044 SUSE bug 1027240 SUSE bug 1027722 SUSE bug 1030009 SUSE bug 1036125 SUSE bug 1038855 SUSE bug 1039370 SUSE bug 1041993 SUSE bug 1050003 SUSE bug 1051948 SUSE bug 1052264 SUSE bug 1053376 SUSE bug 1053955 SUSE bug 1059291 SUSE bug 1060230 SUSE bug 1062462 SUSE bug 1063419 SUSE bug 1064520 SUSE bug 1065792 SUSE bug 1068446 SUSE bug 1068566 SUSE bug 1071322 SUSE bug 1075950 SUSE bug 1079048 SUSE bug 1081592 SUSE bug 967803 SUSE bug 972311 SUSE bug 972490 SUSE bug 975093 SUSE bug 975303 SUSE bug 975733 SUSE bug 975757 SUSE bug 978150 SUSE bug 983512 SUSE bug 985661 SUSE bug 986019 SUSE bug 988506 SUSE bug 989193 SUSE bug 989798 SUSE bug 990439 SUSE bug 991048 SUSE bug 993039 SUSE bug 999852 CVE-2016-9639 CVE-2017-12791 CVE-2017-14695 CVE-2017-14696 CVE-2017-5200 openSUSE Leap 42.3 This update for VirtualBox to version 5.1.36 fixes multiple issues: Security issues fixed: - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash (complete DOS) - CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system services after interaction with a third user - CVE-2018-2831: Attacker with host login may have compromised VirtualBox or further system services, allowing read access to some data - CVE-2018-2835: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2836: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2837: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2842: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2843: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2844: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user - CVE-2018-2845: Attacker with host login may have caused a hang or frequently repeatable crash (complete DOS), and perform unauthorized read and write operation to some VirtualBox accessible data - CVE-2018-2860: Privileged attacker may have gained control over VirtualBox and possibly further system services http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixOVIR This update also contains all upstream fixes and improvements in the stable 5.1.36 release. Important SUSE bug 1089997 CVE-2017-3737 CVE-2017-9798 CVE-2018-0739 CVE-2018-2830 CVE-2018-2831 CVE-2018-2835 CVE-2018-2836 CVE-2018-2837 CVE-2018-2842 CVE-2018-2843 CVE-2018-2844 CVE-2018-2845 CVE-2018-2860 openSUSE Leap 42.3 This update for ocaml fixes the following issues: - CVE-2018-9838: Integer overflows when unmarshaling a bigarray data could result in a bigarray with impossibly large dimensions leading to overflow when computing the in-memory size of the bigarray. [bsc#1088591] This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1088591 CVE-2018-9838 openSUSE Leap 42.3 This update for hdf5 fixes the following issues: - fix security issues (arbitary code execution): CVE-2016-4330: H5T_ARRAY Code Execution (boo#1011201) CVE-2016-4331: H5Z_NBIT Code Execution (boo#1011204) CVE-2016-4332: Shareable Message Type Code Execution (boo#1011205) CVE-2016-4333: Array index bounds issue (boo#1011198) Important SUSE bug 1011198 SUSE bug 1011201 SUSE bug 1011204 SUSE bug 1011205 CVE-2016-4330 CVE-2016-4331 CVE-2016-4332 CVE-2016-4333 openSUSE Leap 42.3 This update for zsh fixes the following issues: - CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885) - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977) - CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975) - CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250) - CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998) - CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656) - CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026) - CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991) - CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002) - Autocomplete and REPORTTIME broken (bsc#896914) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1082885 SUSE bug 1082975 SUSE bug 1082977 SUSE bug 1082991 SUSE bug 1082998 SUSE bug 1083002 SUSE bug 1083250 SUSE bug 1084656 SUSE bug 1087026 SUSE bug 896914 CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-1071 CVE-2018-1083 CVE-2018-7549 openSUSE Leap 42.3 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1082234 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 openSUSE Leap 42.3 This update for mysql-community-server to version 5.6.40 fixes the following issues: Security issues fixed: - CVE-2018-2755: Unspecified vulnerability in the Replication component - CVE-2018-2819: Unspecified vulnerability in the InnoDB component - CVE-2018-2817: Unspecified vulnerability in the Server DDL component - CVE-2018-2761: Unspecified vulnerability in the client programs - CVE-2018-2818: Unspecified vulnerability in the Server Security Privileges component - CVE-2018-2781: Unspecified vulnerability in the Server Optimizer component - CVE-2018-2771: Unspecified vulnerability in the Server locking component - CVE-2018-2813: Unspecified vulnerability in the Server DDL component - CVE-2018-2773: Unspecified vulnerability in the client programs - CVE-2018-2758: Unspecified vulnerability in the Server Security Privileges component - CVE-2018-2805: Unspecified vulnerability in the GIS Extension - CVE-2018-2782: Unspecified vulnerability in the InnoDB component - CVE-2018-2784: Unspecified vulnerability in the InnoDB component - CVE-2018-2787: Unspecified vulnerability in the InnoDB component - CVE-2018-2766: Unspecified vulnerability in the InnoDB component This update also contains all upstream fixes and improvement in the 5.6.40 release: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-40.html Moderate SUSE bug 1089987 CVE-2018-2755 CVE-2018-2758 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2773 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2805 CVE-2018-2813 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 openSUSE Leap 42.3 This update for Chromium to version 66.0.3359.139 addresses the following issues: - CVE-2018-6118: Use after free in Media Cache (boo#1091288) Moderate SUSE bug 1091288 CVE-2018-6118 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - security update (core) * CVE-2018-6799: The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. [boo#1080522] - security update (png.c) * CVE-2018-9018: In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [boo#1086773] - security update (gif.c) * CVE-2017-18254: An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. [boo#1087027] - security update (pcd.c) * CVE-2017-18251: An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. [boo#1087037] * CVE-2017-18229: An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. [boo#1085236] * CVE-2017-11641: GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.[boo#1050623] * CVE-2017-13066: GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. [boo#1055010] * CVE-2018-10177: Specially crafted PNG images may have triggered an infinite loop [bsc#1089781] Moderate SUSE bug 1050623 SUSE bug 1055010 SUSE bug 1080522 SUSE bug 1085236 SUSE bug 1086773 SUSE bug 1087027 SUSE bug 1087037 SUSE bug 1089781 CVE-2017-11641 CVE-2017-13066 CVE-2017-18229 CVE-2017-18251 CVE-2017-18254 CVE-2018-10177 CVE-2018-6799 CVE-2018-9018 openSUSE Leap 42.3 This update for flac fixes the following issues: - CVE-2017-6888: Fix memory leak in read_metadata_vorbiscomment_() function could lead to denial of service (boo#1091045). Moderate SUSE bug 1091045 CVE-2017-6888 openSUSE Leap 42.3 This update for quassel fixes the following issues: Security fixes (boo#1090495): - CVE-2018-1000178: A heap metadata corruption in qdatastream could have been exploited to launch an unauthenticated remote code execution - CVE-2018-1000179: A remote attacker could have caused a Denial of Service attack by initiating login attempts before the core got initialized The following tracked packaging change is included: - boo#1069468: no longer use /var/adm/fillup-templates This update also includes various small bug fixes in the upstream 0.12.4 release. Moderate SUSE bug 1069468 SUSE bug 1090495 CVE-2018-1000178 CVE-2018-1000179 openSUSE Leap 42.3 This update for libetpan fixes the following issues: - CVE-2017-8825: Segmentation faults in mime handling were fixed. Moderate SUSE bug 1038061 CVE-2017-8825 openSUSE Leap 42.3 This update fixes the following issues: - CVE-2018-1172: Squid Proxy Cache Denial of Service vulnerability (bsc#1090089). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1090089 CVE-2018-1172 openSUSE Leap 42.3 This update for libraw fixes the following issues: * CVE-2018-10528: A stack-based buffer overflow in the utf2char function in libraw_cxx.cpp was fixed. [boo#1091345] * CVE-2018-10529: A out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp was fixed. [boo#1091346] Moderate SUSE bug 1091345 SUSE bug 1091346 CVE-2018-10528 CVE-2018-10529 openSUSE Leap 42.3 This update for dovecot22 fixes the following issues: - CVE-2017-14461: dovecot22: rfc822_parse_domain Information Leak Vulnerability (bsc#1082826) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1082826 CVE-2017-14461 openSUSE Leap 42.3 This update for patch fixes the following issues: Security issues fixed: - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type function in pch.c (bsc#1080918). - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in pch.c (bsc#1080918). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1080918 SUSE bug 1080951 SUSE bug 1088420 CVE-2016-10713 CVE-2018-1000156 CVE-2018-6951 openSUSE Leap 42.3 This update for corosync fixes the following issues: - CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346) - Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585) - Fix a problem with configuration file incompatibilities that was causing corosync to not work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1066585 SUSE bug 1083561 SUSE bug 1089346 CVE-2018-1084 openSUSE Leap 42.3 This update for gifsicle to version 1.91 fixes several issues. These security issues were fixed: - Prevent double free by setting last_name to NULL - Prevent NULL pointer dereference for crafted images This non-security issue was fixed: - Add thread support for resizing For other changes please see the upstream changelog. Moderate openSUSE Leap 42.3 This update for pam_kwallet fixes the following issues: Security issue fixed: - CVE-2018-10380: Fix local root vulnerability (boo#1090863). Moderate SUSE bug 1090863 CVE-2018-10380 openSUSE Leap 42.3 This update for pngcrush fixes the following issues: - CVE-2015-7700: Fix for a double-free vulnerability in the sPLT chunk structure and png.c (boo#1056770) Moderate SUSE bug 1056770 CVE-2015-7700 openSUSE Leap 42.3 This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. [bsc#1086820] This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1086774 SUSE bug 1086775 SUSE bug 1086813 SUSE bug 1086814 SUSE bug 1086817 SUSE bug 1086820 CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 openSUSE Leap 42.3 This update for python-openpyxl fixes one issue. This security issue was fixed: - CVE-2017-5992: Prevent resolving external entities by default, which allowed remote attackers to conduct XXE attacks via a crafted .xlsx document (bsc#1025592). Moderate SUSE bug 1025592 CVE-2017-5992 openSUSE Leap 42.3 This update for php7 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes (bsc#1091367). - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages (bsc#1091362). - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363). - CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1091355 SUSE bug 1091362 SUSE bug 1091363 SUSE bug 1091367 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: - CVE-2017-14325: In ImageMagick, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allowed attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. [bsc#1058635] - CVE-2017-17887: In ImageMagick, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allowed attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. [bsc#1074117] - CVE-2017-18250: A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which could lead to a denial of service via a crafted file. [bsc#1087039] - CVE-2017-18251: A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which could lead to a denial of service via a crafted file. [bsc#1087037] - CVE-2017-18252: The MogrifyImageList function in MagickWand/mogrify.c could allow attackers to cause a denial of service via a crafted file. [bsc#1087033] - CVE-2017-18254: A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which could lead to denial of service via a crafted file. [bsc#1087027] - CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick did not properly restrict memory allocation, leading to a heap-based buffer over-read. [bsc#1086782] - CVE-2018-9018: divide-by-zero in the ReadMNGImage function of coders/png.c. Attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. [bsc#1086773] - CVE-2018-9135: heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c could lead to denial of service. [bsc#1087825] - CVE-2018-10177: In ImageMagick, there was an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. [bsc#1089781] - CVE-2017-10928: a heap-based buffer over-read in the GetNextToken function in token.c could allow attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. [bsc#1047356] This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047356 SUSE bug 1058635 SUSE bug 1074117 SUSE bug 1086773 SUSE bug 1086782 SUSE bug 1087027 SUSE bug 1087033 SUSE bug 1087037 SUSE bug 1087039 SUSE bug 1087825 SUSE bug 1089781 CVE-2017-1000476 CVE-2017-10928 CVE-2017-11450 CVE-2017-14325 CVE-2017-17887 CVE-2017-18250 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-10177 CVE-2018-8960 CVE-2018-9018 CVE-2018-9135 openSUSE Leap 42.3 This update for tiff fixes the following issues: - CVE-2017-9935: There was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077) - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2018-5784: There is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries (bsc#1081690) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1046077 SUSE bug 1074318 SUSE bug 1081690 CVE-2017-17973 CVE-2017-9935 CVE-2018-5784 openSUSE Leap 42.3 This update for nodejs6 fixes the following issues: - Fix some node-gyp permissions - New upstream LTS release 6.14.1: * Security fixes: + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability (bsc#1087463) + CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459) + CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453) - New upstream LTS release 6.13.1: * http,tls: better support for IPv6 addresses * console: added console.count() and console.clear() * crypto: + expose ECDH class + added cypto.randomFill() and crypto.randomFillSync() + warn on invalid authentication tag length * deps: upgrade libuv to 1.16.1 * dgram: added socket.setMulticastInterface() * http: add agent.keepSocketAlive and agent.reuseSocket as to allow overridable keep-alive behavior of Agent * lib: return this from net.Socket.end() * module: add builtinModules api that provides list of all builtin modules in Node * net: return this from getConnections() * promises: more robust stringification for unhandled rejections * repl: improve require() autocompletion * src: + add openssl-system-ca-path configure option + add --use-bundled-ca --use-openssl-ca check + add process.ppid * tls: accept lookup option for tls.connect() * tools,build: a new macOS installer! * url: WHATWG URL api support * util: add %i and %f formatting specifiers - remove any old manpage files in %pre from before update-alternatives were used to manage symlinks to these manpages. - Add Recommends and BuildRequire on python2 for npm. node-gyp requires this old version of python for now. This is only needed for binary modules. - even on recent codestreams there is no binutils gold on s390 only on s390x - New upstream LTS release 6.12.3: * v8: profiler-related fixes * mostly documentation and test related changes - Enable CI tests in %check target This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1087453 SUSE bug 1087459 SUSE bug 1087463 CVE-2018-7158 CVE-2018-7159 CVE-2018-7160 openSUSE Leap 42.3 This update for cairo fixes the following issues: - CVE-2017-9814: out-of-bounds read in cairo-truetype-subset.c could lead to denial of service (bsc#1049092). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1049092 CVE-2017-9814 openSUSE Leap 42.3 This update for syncthing brings a new version and fixes the following issues: - Update to version 0.14.42: * Discovering new files in a deleted directory does not resurrect the directory (gh#syncthing/syncthing#4475). * "Panic: interface conversion: *errors.errorString is not net.Error" after restart (gh#syncthing/syncthing#4561). * Auto-accept shared directories from trusted devices (gh#syncthing/syncthing#2299). * Empty directories in .stversions should be removed (gh#syncthing/syncthing#4406). * Human readable errors on attempted deletion of a non-empty directory (gh#syncthing/syncthing#4476). * Add confirmation on the Remove Folder / Device button (gh#syncthing/syncthing#4543). - Update to version 0.14.41: * Devices with ignored files stay "synchronising" forever (gh#syncthing/syncthing#623). * No Global Discovery without Synch Protocol Listen Address (gh#syncthing/syncthing#4418). * Local network classification doesn't always work (gh#syncthing/syncthing#4421). * Hashed GUI password should not be rehashed (gh#syncthing/syncthing#4458). * Pulls not triggered correctly on reconnection (gh#syncthing/syncthing#4504). * A symlink/file replacement doesn't work properly (gh#syncthing/syncthing#4505). * File/directory replacement doesn't work properly (gh#syncthing/syncthing#4506). * Logging at info level and above should always include context (gh#syncthing/syncthing#4510). * Panic in "pfilter" package on 32 bit architectures (gh#syncthing/syncthing#4537). * Allow synchronising read-only directories as "Master Directories" (gh#syncthing/syncthing#1126). * "Global Changes" button is confusing, retitle to "Recent Changes" (gh#syncthing/syncthing#4326). * Dial device addresses in parallel (gh#syncthing/syncthing#4456). * Avoid lots and lots of announced addresses in the presence of symmetric NAT (gh#syncthing/syncthing#4519). * Split transport usage reporting per stack (gh#syncthing/syncthing#4463). - Update to version 0.14.40: - Report more data part of the anonymous usage report (gh#syncthing/syncthing#3628) - Better report synchronisation errors (gh#syncthing/syncthing#4392). - Removing paused directories no longer causes a panic (gh#syncthing/syncthing#4405). - Make local IPv4 discovery more resilient against write failures (gh#syncthing/syncthing#4414). - Clearer logging around config failures at startup (gh#syncthing/syncthing#4431). - Do not complain about inability to fsync files (gh#syncthing/syncthing#4432). - Improve KCP connections (gh#syncthing/syncthing#4446). - Improve directory health checking (gh#syncthing/syncthing#4451). - Include built-in support for file system notifications, although it is disabled by default. - Enable by default the UDP based "KCP" protocol. - Update to version 0.14.39: * Removing paused directories no longer triggers a crash (gh#syncthing/syncthing#4357). * Add further security related HTTP headers (gh#syncthing/syncthing#4360). * Improve info level logging in some cases (gh#syncthing/syncthing#4375). * Improve GUI tooltips in chromium based browsers (gh#syncthing/syncthing#4377). * Add -device-id command line switch (gh#syncthing/syncthing#4387). * Failure to upgrade directory markers from file to directory type is no longer fatal. - Update to version 0.14.38: * KCP connections are now more stable (gh#syncthing/syncthing#4063, gh#syncthing/syncthing#4343) * Hashing benchmarks are skipped if a manual selection has been forced (gh#syncthing/syncthing#4348). * Relay server RAM usage has been reduced (gh#syncthing/syncthing#4245). - Update to version 0.14.37 (changes since 0.14.32): * Relative version paths are now correctly relative to the directory path (gh#syncthing/syncthing#4188). * Remote devices now show bytes remaining to synchronise (gh#syncthing/syncthing#4227). * Editing ignore patterns no longer incorrectly shows included patterns (gh#syncthing/syncthing#4249). * The new directory dialogue now suggests a default path. Adjustable via advanced config defaultFolderPath (gh#syncthing/syncthing#2157). * The build script no longer sets -installsuffix by default (gh#syncthing/syncthing#4272). * Prevent a vulnerability that allows file overwrite via versioned symlinks (CVE-2017-1000420, boo#1074428, gh#syncthing/syncthing#4286). * Symlinks are deleted from versioned directories on startup (gh#syncthing/syncthing#4288). * Directory paths are no longer reset when editing a directory without a label (gh#syncthing/syncthing#4297). * Better detect synchronisation conflicts that happen while synchronising (gh#syncthing/syncthing#3742, gh#syncthing/syncthing#4305). * Fix a crash related to a nil reference in ignore handling (gh#syncthing/syncthing#4300). - Stop requiring golang.org/x/net/context. - Update to version 0.14.32: * "Nearby devices" are now shown in the add device dialogue, avoiding the need to type their device ID (gh#syncthing/syncthing#4157). * Directories that were once ignored in a sharing request now actually work properly when later added manually (gh#syncthing/syncthing#4219). - Update to version 0.14.31 (changes since 0.14.29): * Correctly clear warning "path is a subdirectory of other folder" in directory dialogue (gh#syncthing/syncthing#3433). * Conflict copies filename now includes the ID of the last device to change the file (gh#syncthing/syncthing#3524). * Directories offered by other devices can now be ignored (gh#syncthing/syncthing#3993). * Changed device name takes effect with restart; device name is not sent to unknown devices (gh#syncthing/syncthing#4164). * Correctly show CPU usage when started with -no-restart option (gh#syncthing/syncthing#4183). * Icons and directory information in local device summary is consistent with that in directories (gh#syncthing/syncthing#4100). * Fix a data race in KCP & STUN (gh#syncthing/syncthing#4177). * Ignore patterns on newly accepted directories are no longer erroneously inherited from an earlier added directory (gh#syncthing/syncthing#4203). - Update to version 0.14.29: * The layout of the global changes dialogue is improved (gh#syncthing/syncthing#3895). * Running as root or SYSTEM now triggers a warning recommending against it (gh#syncthing/syncthing#4123). * Changing the theme no longer causes an HTTP error (gh#syncthing/syncthing#4127). - Update to version 0.14.28: * It is now possible to create custom event subscriptions via the REST API (gh#syncthing/syncthing#1879). * Removing large directories now uses less memory (gh#syncthing/syncthing#2250). * The minimum disc space (per directory and for the home drive) can now be set to an absolute value (gh#syncthing/syncthing#3307). * Pausing or reconfiguring a directory will no longer start extra scans. Pausing a directory stops scanning (gh#syncthing/syncthing#3965). * Ignore patterns can now be set at directory creation time, and for paused directories (gh#syncthing/syncthing#3996). * It is no longer possible to configure the GUI/API to listen on a privileged port using the standard settings dialogue (gh#syncthing/syncthing#4020). * The device allowed subnet list can now include negative ("!") entries to disallow subnets (gh#syncthing/syncthing#4096). * Doing "Override changes" now uses less memory (gh#syncthing/syncthing#4112). - Require golang.org/x/net/context on openSUSE older than openSUSE Leap 15.x. - Update to version 0.14.27: * Devices can now have a list of allowed subnets (advanced config) (gh#syncthing/syncthing#219). * The transfer rate units can now be changed by clicking on the value (gh#syncthing/syncthing#234). * UI text explaining "Introducer" is improved (gh#syncthing/syncthing#1819). * Advanced config editor can now edit lists of things (gh#syncthing/syncthing#2267). * Directories created for new directories now obey the user umask setting (gh#syncthing/syncthing#2519). * Incoming index updates are consistency checked better (gh#syncthing/syncthing#4053). - Update to version 0.14.26: * Discovery errors are more clearly displayed in the GUI (gh#syncthing/syncthing#2344). * The language dropdown menu in the GUI is now correctly sorted (gh#syncthing/syncthing#3913). * When there are items that could not be synced, their full path is displayed in the GUI. - Update to version 0.14.25: * Improve "Pause All"/"Resume All" icons (gh#syncthing/syncthing#4003). * There are now mips and mipsle builds by default (gh#syncthing/syncthing#3959). * The "overwriting protected files" warning now correctly handles relative paths to the config directory (gh#syncthing/syncthing#3183). * The experimental KCP protocol for transfers over UDP has been merged, although it's not currently enabled by default (gh#syncthing/syncthing#804). - Update to version 0.14.24: * lib/sync: Fix a race in unlocker logging (gh#syncthing/syncthing#3884). * Make links and log messages refer to https instead of http where possible (gh#syncthing/syncthing#3976). * The default number of parallel file processing routines per directory is now two (previously one), and the number of simultaneously outstanding network requests has been increased. * The UI now contains buttons to pause or resume all directories with a single action. - Update to version 0.14.23 (changes since 0.14.21): * Leading and trailing spaces are no longer stripped in the GUI password field (gh#syncthing/syncthing#3935) * The GUI shows remaining amount of data to sync per directory (gh#syncthing/syncthing#3908). * There should no longer be empty entries in the global log (gh#syncthing/syncthing#3933). * Weak hashing is now by default only enabled when it makes sense from a performance point of view (gh#syncthing/syncthing#3938). - Update to version 0.14.21 (changes since 0.14.19): * There is now a warning when adding a directory that is a parent of an existing directory (gh#syncthing/syncthing#3197). * Using -logfile flag together with -no-restart now causes an error instead of silently failing (gh#syncthing/syncthing#3912). * Weak hashing is now disabled completely when the threshold percentage is > 100 (gh#syncthing/syncthing#3891). * Rate limiting now actually works on ARM64 builds again (gh#syncthing/syncthing#3921). * Fix an issue where UPnP port allocations would be incorrect under some circumstances (gh#syncthing/syncthing#3924). * Weak hashing is a bit faster and allocates less memory. * The hashing performance reported at startup now includes weak hashing. * The GUI "network error" dialogue no longer shows up as easily in some scenarios when using Syncthing behind a reverse proxy. - Update to version 0.14.19: * Changing bandwidth rate limits now takes effect immediately without restart (gh#syncthing/syncthing#3846) * The event log (-audit) can now be directed to stderr for piping into an another application (gh#syncthing/syncthing#3859). * A panic on directory listing at startup has been fixed (gh#syncthing/syncthing#3584). * When a directory is deleted, the .stfolder marker is also removed. The ignore file and .stversions directory are retained, if present (gh#syncthing/syncthing#3857). * Several scenarios where a device would get stuck with 'not a directory' errors are now handled again (gh#syncthing/syncthing#3819). * Third party copyrights in the about box are now more up to date (gh#syncthing/syncthing#3839). * Hashing performance has been improved (gh#syncthing/syncthing#3861) - Update to version 0.14.18: * Fix connections to older Syncthing versions being no longer closed due to an unmarshalling message: 'proto: wrong wireType = 2 for field BlockIndexes' (gh#syncthing/syncthing#3855). - Update to version 0.14.17: * Panics caused by corrupt on disc database are now better explained in the panic message (gh#syncthing/syncthing#3689). * Statically configured device addresses without port number now correctly defaulted to port 22000 again (gh#syncthing/syncthing#3817). * Inotify clients no longer cause 'invalid subpath' errors to be displayed (gh#syncthing/syncthing#3829). * Directories can now be paused (gh#syncthing/syncthing#215). * "Master" directories are now called "send only" in order to standardise on a terminology of sending and receiving changes (gh#syncthing/syncthing#2679). * Pausing devices and directories now persists across restarts (gh#syncthing/syncthing#3407). * A rolling checksum is used to identify and reuse blocks that have moved within a file (gh#syncthing/syncthing#3527). * Syncthing allows setting the type-of-service field on outgoing packets, configured by the advanced setting "trafficClass" (gh#syncthing/syncthing#3790). * Which device introduced another device is now visible in the GUI (gh#syncthing/syncthing#3809). Moderate SUSE bug 1074428 CVE-2017-1000420 openSUSE Leap 42.3 This update fixes the following issues: - CVE-2017-12613: DoS or information disclosure in pr_exp_time*() or apr_os_exp_time*() functions (bsc#1064982). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1064982 CVE-2017-12613 openSUSE Leap 42.3 This update for Mozilla Firefox to 52.8.0 ESR fixes the following issues: Security issssue fixed: (bsc#1092548, MFSA 2018-12): - CVE-2018-5183: Backport critical security fixes in Skia - CVE-2018-5154: Use-after-free with SVG animations and clip paths - CVE-2018-5155: Use-after-free with SVG animations and text paths - CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - CVE-2018-5168: Lightweight themes can be installed without user interaction - CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension - CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 The following non-security changes are included: - Various stability and regression fixes - Performance improvements to the Safe Browsing service to avoid slowdowns while updating site classification data Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183 openSUSE Leap 42.3 This update for xen to version 4.9.2 fixes several issues. This feature was added: - Added script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU. They are triggered via 'xl vcpu-set domU N' These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). - CVE-2018-7540: x86 PV guest OS users were able to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing (bsc#1080635). - CVE-2018-7541: Guest OS users were able to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1 (bsc#1080662). - CVE-2018-7542: x86 PVH guest OS users were able to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC (bsc#1080634). These non-security issues were fixed: - bsc#1087252: Update built-in defaults for xenstored in stubdom, keep default to run xenstored as daemon in dom0 - bsc#1087251: Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) - bsc#1072834: Prevent unchecked MSR access error This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1072834 SUSE bug 1080634 SUSE bug 1080635 SUSE bug 1080662 SUSE bug 1087251 SUSE bug 1087252 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2018-10471 CVE-2018-10472 CVE-2018-7540 CVE-2018-7541 CVE-2018-7542 CVE-2018-8897 openSUSE Leap 42.3 This update for opencv fixes the following issues: - CVE-2016-1517: Fixed a denial of service (segfault) via vectors involving corrupt chunks (boo#1033150) - CVE-2016-1516: Fixed a double free issue that allows attackers to execute arbitrary code (boo#1033152). Important SUSE bug 1033150 SUSE bug 1033152 CVE-2016-1516 CVE-2016-1517 openSUSE Leap 42.3 This update for Chromium to version 66.0.3359.170 fixes the following issues: Security issues fixed (boo#1092923): - CVE-2018-6121: Privilege Escalation in extensions - CVE-2018-6122: Type confusion in V8 - CVE-2018-6120: Heap buffer overflow in PDFium - Various fixes from internal audits, fuzzing and other initiatives The following bugs are fixed: - boo#1092272: Improved support for subpixel rending Important SUSE bug 1092272 SUSE bug 1092923 CVE-2018-6120 CVE-2018-6121 CVE-2018-6122 openSUSE Leap 42.3 This update for php5 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes (bsc#1091367). - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages (bsc#1091362). - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c (bsc#1091363). - CVE-2018-10548: Fix remote denial of service in ext/ldap/ldap.c (bsc#1091355). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1091355 SUSE bug 1091362 SUSE bug 1091363 SUSE bug 1091367 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 openSUSE Leap 42.3 This update for librsvg fixes the following issues: - CVE-2018-1000041: Input validation issue could lead to credentials leak. (bsc#1083232) Update to version 2.40.20: + Except for emergencies, this will be the LAST RELEASE of the librsvg-2.40.x series. We are moving to 2.41, which is vastly improved over the 2.40 series. The API/ABI there remain unchaged, so we strongly encourage you to upgrade your sources and binaries to librsvg-2.41.x. + bgo#761175 - Allow masks and clips to reuse a node being drawn. + Don't access the file system when deciding whether to load a remote file with a UNC path for a paint server (i.e. don't try to load it at all). + Vistual Studio: fixed and integrated introspection builds, so introspection data is built directly from the Visual Studio project (Chun-wei Fan). + Visual Studio: We now use HIGHENTROPYVA linker option on x64 builds, to enhance the security of built binaries (Chun-wei Fan). + Fix generation of Vala bindings when compiling in read-only source directories (Emmanuele Bassi). Update to version 2.40.19: + bgo#621088: Using text objects as clipping paths is now supported. + bgo#587721: Fix rendering of text elements with transformations (Massimo). + bgo#777833 - Fix memory leaks when an RsvgHandle is disposed before being closed (Philip Withnall). + bgo#782098 - Don't pass deprecated options to gtk-doc (Ting-Wei Lan). + bgo#786372 - Fix the default for the "type" attribute of the <style> element. + bgo#785276 - Don't crash on single-byte files. + bgo#634514: Don't render unknown elements and their sub-elements. + bgo#777155 - Ignore patterns that have close-to-zero dimensions. + bgo#634324 - Fix Gaussian blurs with negative scaling. + Fix the <switch> element; it wasn't working at all. + Fix loading when rsvg_handle_write() is called one byte at a time. + bgo#787895 - Fix incorrect usage of libxml2. Thanks to Nick Wellnhofer for advice on this. + Backported the test suite machinery from the master branch (Chun-wei Fan, Federico Mena). + We now require Pango 1.38.0 or later (released in 2015). + We now require libxml2 2.9.0 or later (released in 2012). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1083232 CVE-2018-1000041 openSUSE Leap 42.3 This update for libreoffice to 6.0.4.2 fixes lots of bugs and also the following issues: Security issues fixed: - CVE-2018-10120: The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx did not validate a customizations index, which allowed remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. (bsc#1089706) - CVE-2018-10119: sot/source/sdstor/stgstrms.cxx used an incorrect integer data type in the StgSmallStrm class, which allowed remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. (bsc#1089705) Other issues fixed: - DOCX import: missing table background color - Bring back offline help per popular demand as lto saves space we could use with it bsc#915996 This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1089705 SUSE bug 1089706 SUSE bug 1090737 SUSE bug 1091772 SUSE bug 915996 CVE-2018-10119 CVE-2018-10120 openSUSE Leap 42.3 This update for enigmail to version 2.0.4 fixes multiple issues. Security issues fixed: - CVE-2017-17688: CFB gadget attacks allowed to exfiltrate plaintext out of encrypted emails. enigmail now fails on GnuPG integrity check warnings for old Algorithms (bsc#1093151) - CVE-2017-17689: CBC gadget attacks allows to exfiltrate plaintext out of encrypted emails (bsc#1093152) This update also includes new and updated functionality: - The Encryption and Signing buttons now work for both OpenPGP and S/MIME. Enigmail will chose between S/MIME or OpenPGP depending on whether the keys for all recipients are available for the respective standard - Support for the Autocrypt standard, which is now enabled by default - Support for Pretty Easy Privacy (p≡p) - Support for Web Key Directory (WKD) - The message subject can now be encrypted and replaced with a dummy subject, following the Memory Hole standard forprotected Email Headers - keys on keyring are automatically refreshed from keyservers at irregular intervals - Subsequent updates of Enigmail no longer require a restart of Thunderbird - Keys are internally addressed using the fingerprint instead of the key ID Moderate SUSE bug 1093151 SUSE bug 1093152 CVE-2017-17688 CVE-2017-17689 openSUSE Leap 42.3 This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098) Non security issues fixed: - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1086825 SUSE bug 1092098 CVE-2018-1000301 openSUSE Leap 42.3 This update for libvorbis fixes the following issues: Security issues fixed: - CVE-2018-10393: Fixed stack-based buffer over-read in bark_noise_hybridm (bsc#1091072). - CVE-2017-14160: Fixed out-of-bounds access inside bark_noise_hybridmp function (bsc#1059812). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1059812 SUSE bug 1091072 CVE-2017-14160 CVE-2018-10393 openSUSE Leap 42.3 This update for ghostscript fixes the following issues: - CVE-2018-10194: A stack-based buffer overflow was fixed in gdevpdts.c (bsc#1090099) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1090099 CVE-2018-10194 openSUSE Leap 42.3 This update for lilypond fixes the following issues: - CVE-2018-10992: lilypond: Does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks (bsc#1093056) - packages do not build reproducibly from unsorted input (bsc#1041090) Moderate SUSE bug 1041090 SUSE bug 1093056 CVE-2018-10992 openSUSE Leap 42.3 This update for wget fixes the following issues: - CVE-2018-0494: Fixed a cookie injection vulnerability by checking for and joining continuation lines. (bsc#1092061) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1092061 CVE-2018-0494 openSUSE Leap 42.3 This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named "ssbd" to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This non-security issue was fixed: - bsc#1070615: Add new look up path "sys/class/tpm" for tpm cancel path This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1070615 SUSE bug 1092885 CVE-2018-3639 openSUSE Leap 42.3 This update for openjpeg2 fixes the following security issues: - CVE-2015-1239: A double free vulnerability in the j2k_read_ppm_v3 function allowed remote attackers to cause a denial of service (crash) (bsc#1066713) - CVE-2017-17479: A stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c could crash the converter. (bsc#1072125) - CVE-2017-17480: A stack-based buffer overflow in the pgxtovolume function in jp3d/convert.c could crash the converter. (bsc#1072124) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1066713 SUSE bug 1072124 SUSE bug 1072125 CVE-2015-1239 CVE-2017-17479 CVE-2017-17480 openSUSE Leap 42.3 This update for pdns fixes the following issue: - CVE-2018-1046: An issue has been found in the dnsreplay tool provided with PowerDNS Authoritative, where replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used. (boo#1092540) Moderate SUSE bug 1092540 CVE-2018-1046 openSUSE Leap 42.3 This update for opencv fixes the following issues: Security issues fixed: - CVE-2016-1516: OpenCV had a double free issue that allowed attackers to execute arbitrary code. (boo#1033152) - CVE-2017-14136: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. (boo#1057146) - CVE-2017-12606: OpenCV had an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread. (boo#1052451) - CVE-2017-12604: OpenCV had an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread. (boo#1052454) - CVE-2017-12603: OpenCV had an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case. (boo#1052455) - CVE-2017-12602: OpenCV had a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case. (boo#1052456) - CVE-2017-12601: OpenCV had a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case. (boo#1052457) - CVE-2017-12600: OpenCV had a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case. (boo#1052459) - CVE-2017-12599: OpenCV had an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread. (boo#1052461) - CVE-2017-12598: OpenCV had an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case. (boo#1052462) - CVE-2017-12597: OpenCV had an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. (boo#1052465) - CVE-2017-12864: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054019) - CVE-2017-12863: In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054020) - CVE-2017-12862: In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. (boo#1054021) - CVE-2017-12605: OpenCV had an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. (boo#1054984) Important SUSE bug 1033152 SUSE bug 1052451 SUSE bug 1052454 SUSE bug 1052455 SUSE bug 1052456 SUSE bug 1052457 SUSE bug 1052459 SUSE bug 1052461 SUSE bug 1052462 SUSE bug 1052465 SUSE bug 1054019 SUSE bug 1054020 SUSE bug 1054021 SUSE bug 1054984 SUSE bug 1057146 CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12600 CVE-2017-12601 CVE-2017-12602 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136 openSUSE Leap 42.3 This update for knot fixes the following issues: - CVE-2017-11104: Knot DNS contained a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. (boo#1047841) Moderate SUSE bug 1047841 CVE-2017-11104 openSUSE Leap 42.3 This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes: - Update to release 4.8.7 (bsc#1072322): * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ * https://nodejs.org/en/blog/release/v4.8.7/ * https://nodejs.org/en/blog/release/v4.8.6/ * https://nodejs.org/en/blog/release/v4.8.5/ This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056058 SUSE bug 1066242 SUSE bug 1072322 CVE-2017-14919 CVE-2017-15896 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 openSUSE Leap 42.3 This update for lxterminal fixes the following security issue: - CVE-2016-10369: insecure /tmp usage for a socket file (boo#1038127) Moderate SUSE bug 1038127 CVE-2016-10369 openSUSE Leap 42.3 This update for python fixes the following issues: Security issues fixed: - CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664). - CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same I/O stream concurrently (bsc#1079300). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1068664 SUSE bug 1079300 CVE-2017-1000158 CVE-2018-1000030 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082). A new boot commandline option was introduced, "spec_store_bypass_disable", which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as "prctl" above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is "seccomp", meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - "Vulnerable" - "Mitigation: Speculative Store Bypass disabled" - "Mitigation: Speculative Store Bypass disabled via prctl" - "Mitigation: Speculative Store Bypass disabled via prctl and seccomp" - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-1130: Linux kernel was vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-5803: An error in the _sctp_make_chunk() function when handling SCTP, packet length could have been exploited by a malicious local user to cause a kernel crash and a DoS. (bnc#1083900). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c (bnc#1083650). - CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1089895). The following non-security bugs were fixed: - acpica: Disassembler: Abort on an invalid/unknown AML opcode (bnc#1012382). - acpica: Events: Add runtime stub support for event APIs (bnc#1012382). - acpi / hotplug / PCI: Check presence of slot itself in get_slot_status() (bnc#1012382). - acpi, PCI, irq: remove redundant check for null string pointer (bnc#1012382). - acpi / scan: Send change uevent with offine environmental data (bsc#1082485). - acpi / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bnc#1012382). - alsa: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382). - alsa: aloop: Mark paused device as inactive (bnc#1012382). - alsa: asihpi: Hardening for potential Spectre v1 (bnc#1012382). - alsa: control: Hardening for potential Spectre v1 (bnc#1012382). - alsa: core: Report audio_tstamp in snd_pcm_sync_ptr (bnc#1012382). - alsa: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975). - alsa: hda: Hardening for potential Spectre v1 (bnc#1012382). - alsa: hda - New VIA controller suppor no-snoop path (bnc#1012382). - alsa: hda/realtek - Add some fixes for ALC233 (bnc#1012382). - alsa: hdspm: Hardening for potential Spectre v1 (bnc#1012382). - alsa: line6: Use correct endpoint type for midi output (bnc#1012382). - alsa: opl3: Hardening for potential Spectre v1 (bnc#1012382). - alsa: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382). - alsa: pcm: Avoid potential races between OSS ioctls and read/write (bnc#1012382). - alsa: pcm: Check PCM state at xfern compat ioctl (bnc#1012382). - alsa: pcm: Fix endless loop for XRUN recovery in OSS emulation (bnc#1012382). - alsa: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382). - alsa: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382). - alsa: pcm: potential uninitialized return values (bnc#1012382). - alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams (bnc#1012382). - alsa: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bnc#1012382). - alsa: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation (bnc#1012382). - alsa: rawmidi: Fix missing input substream checks in compat ioctls (bnc#1012382). - alsa: rme9652: Hardening for potential Spectre v1 (bnc#1012382). - alsa: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bnc#1012382). - alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (bnc#1012382). - alsa: seq: oss: Hardening for potential Spectre v1 (bnc#1012382). - alsa: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658). - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: avoid overflow in VA_START and PAGE_OFFSET (bnc#1012382). - arm64: capabilities: Handle duplicate entries for a capability (bsc#1068032). - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early (bsc#1068032). - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1088313). - arm64: fix smccc compilation (bsc#1068032). - arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage (bnc#1012382). - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround (bsc#1068032). - arm64: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling (bsc#1068032). - arm64: kvm: Increment PC after handling an SMC trap (bsc#1068032). - arm64: kvm: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support (bsc#1068032). - arm64: mm: fix thinko in non-global page table attribute check (bsc#1088050). - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1068032). - arm: amba: Do not read past the end of sysfs "driver_override" buffer (bnc#1012382). - arm: amba: Fix race condition with driver_override (bnc#1012382). - arm: amba: Make driver_override output consistent with other buses (bnc#1012382). - arm/arm64: kvm: Add PSCI_VERSION helper (bsc#1068032). - arm/arm64: kvm: Add smccc accessors to PSCI code (bsc#1068032). - arm/arm64: kvm: Advertise SMCCC v1.1 (bsc#1068032). - arm/arm64: kvm: Consolidate the PSCI include files (bsc#1068032). - arm/arm64: kvm: Implement PSCI 1.0 support (bsc#1068032). - arm/arm64: kvm: Turn kvm_psci_version into a static inline (bsc#1068032). - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive (bsc#1068032). - arm/arm64: smccc: Make function identifiers an unsigned quantity (bsc#1068032). - arm: davinci: da8xx: Create DSP device only when assigned memory (bnc#1012382). - arm: dts: am57xx-beagle-x15-common: Add overide powerhold property (bnc#1012382). - arm: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382). - arm: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382). - arm: dts: dra7: Add power hold and power controller properties to palmas (bnc#1012382). - arm: dts: imx53-qsrb: Pulldown PMIC IRQ pin (bnc#1012382). - arm: dts: imx6qdl-wandboard: Fix audio channel swap (bnc#1012382). - arm: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node (bnc#1012382). - arm: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull (bnc#1012382). - arp: fix arp_filter on l3slave devices (bnc#1012382). - arp: honour gratuitous ARP _replies_ (bnc#1012382). - ASoC: fsl_esai: Fix divisor calculation failure at lower ratio (bnc#1012382). - ASoC: Intel: cht_bsw_rt5645: Analog Mic support (bnc#1012382). - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382). - ASoC: ssm2602: Replace reg_default_raw with reg_default (bnc#1012382). - async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() (bnc#1012382). - ata: libahci: properly propagate return value of platform_get_irq() (bnc#1012382). - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382). - ath10k: rebuild crypto header in rx data frames (bnc#1012382). - ath5k: fix memory leak on buf on failed eeprom read (bnc#1012382). - ath9k_hw: check if the chip failed to wake up (bnc#1012382). - atm: zatm: Fix potential Spectre v1 (bnc#1012382). - audit: add tty field to LOGIN event (bnc#1012382). - autofs: mount point create should honour passed in mode (bnc#1012382). - bcache: segregate flash only volume write streams (bnc#1012382). - bcache: stop writeback thread after detaching (bnc#1012382). - bdi: Fix oops in wb_workfn() (bnc#1012382). - blacklist.conf: Add an omapdrm entry (bsc#1090708, bsc#1090718) - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in blk_mq_ct_ctx_init() (bsc#1085058). - blk-mq: fix kernel oops in blk_mq_tag_idle() (bnc#1012382). - block: correctly mask out flags in blk_rq_append_bio() (bsc#1085058). - block/loop: fix deadlock after loop_set_status (bnc#1012382). - block: sanity check for integrity intervals (bsc#1091728). - bluetooth: Fix missing encryption refresh on Security Request (bnc#1012382). - bluetooth: Send HCI Set Event Mask Page 2 command only when needed (bnc#1012382). - bna: Avoid reading past end of buffer (bnc#1012382). - bnx2x: Allow vfs to disable txvlan offload (bnc#1012382). - bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave (bnc#1012382). - bonding: Do not update slave->link until ready to commit (bnc#1012382). - bonding: fix the err path for dev hwaddr sync in bond_enslave (bnc#1012382). - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave (bnc#1012382). - bonding: process the err returned by dev_set_allmulti properly in bond_enslave (bnc#1012382). - bpf: map_get_next_key to return first key on NULL (bnc#1012382). - btrfs: fix incorrect error return ret being passed to mapping_set_error (bnc#1012382). - btrfs: Fix wrong first_key parameter in replace_path (Followup fix for bsc#1084721). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - bus: brcmstb_gisb: correct support for 64-bit address output (bnc#1012382). - bus: brcmstb_gisb: Use register offsets with writes too (bnc#1012382). - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() (bnc#1012382). - cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN (bnc#1012382). - cdrom: information leak in cdrom_ioctl_media_changed() (bnc#1012382). - ceph: adding protection for showing cap reservation info (bsc#1089115). - ceph: always update atime/mtime/ctime for new inode (bsc#1089115). - ceph: check if mds create snaprealm when setting quota (fate#324665 bsc#1089115). - ceph: do not check quota for snap inode (fate#324665 bsc#1089115). - ceph: fix invalid point dereference for error case in mdsc destroy (bsc#1089115). - ceph: fix root quota realm check (fate#324665 bsc#1089115). - ceph: fix rsize/wsize capping in ceph_direct_read_write() (bsc#1089115). - ceph: quota: add counter for snaprealms with quota (fate#324665 bsc#1089115). - ceph: quota: add initial infrastructure to support cephfs quotas (fate#324665 bsc#1089115). - ceph: quota: cache inode pointer in ceph_snap_realm (fate#324665 bsc#1089115). - ceph: quota: do not allow cross-quota renames (fate#324665 bsc#1089115). - ceph: quota: report root dir quota usage in statfs (fate#324665 bsc#1089115). - ceph: quota: support for ceph.quota.max_bytes (fate#324665 bsc#1089115). - ceph: quota: support for ceph.quota.max_files (fate#324665 bsc#1089115). - ceph: quota: update MDS when max_bytes is approaching (fate#324665 bsc#1089115). - cfg80211: make RATE_INFO_BW_20 the default (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cifs: do not allow creating sockets except with SMB1 posix exensions (bnc#1012382). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bsc#1090734). - cifs: silence lockdep splat in cifs_relock_file() (bnc#1012382). - cifs: Use file_dentry() (bsc#1093008). - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bnc#1012382). - clk: Fix __set_clk_rates error print-string (bnc#1012382). - clk: mvebu: armada-38x: add support for 1866MHz variants (bnc#1012382). - clk: mvebu: armada-38x: add support for missing clocks (bnc#1012382). - clk: scpi: fix return type of __scpi_dvfs_round_rate (bnc#1012382). - clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled (bsc#1090225). - cpumask: Add helper cpumask_available() (bnc#1012382). - crypto: af_alg - fix possible uninit-value in alg_bind() (bnc#1012382). - crypto: ahash - Fix early termination in hash walk (bnc#1012382). - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one (bnc#1012382). - cx25840: fix unchecked return values (bnc#1012382). - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382). - cxgb4: Fix queue free path of ULD drivers (bsc#1022743 FATE#322540). - cxgb4: FW upgrade fixes (bnc#1012382). - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (bnc#1012382). - dccp: initialize ireq->ir_mark (bnc#1012382). - dmaengine: at_xdmac: fix rare residue corruption (bnc#1012382). - dmaengine: imx-sdma: Handle return value of clk_prepare_enable (bnc#1012382). - dm ioctl: remove double parentheses (bnc#1012382). - Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition (bnc#1012382). - Do not leak MNT_INTERNAL away from internal mounts (bnc#1012382). - drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4 (FATE#321732). - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4 (bnc#1024296,FATE#321265). - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests (bnc#1012382). - drm/omap: fix tiled buffer stride calculations (bnc#1012382). - drm/radeon: Fix PCIe lane width calculation (bnc#1012382). - drm/virtio: fix vq wait_event condition (bnc#1012382). - drm/vmwgfx: Fix a buffer object leak (bnc#1012382). - e1000e: fix race condition around skb_tstamp_tx() (bnc#1012382). - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (bnc#1012382). - EDAC, mv64x60: Fix an error handling path (bnc#1012382). - Enable uinput driver (bsc#1092566). - esp: Fix memleaks on error paths (git-fixes). - ext4: add validity checks for bitmap block numbers (bnc#1012382). - ext4: bugfix for mmaped pages in mpage_release_unused_pages() (bnc#1012382). - ext4: do not allow r/w mounts if metadata blocks overlap the superblock (bnc#1012382). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fail ext4_iget for root directory if unallocated (bnc#1012382). - ext4: fix bitmap position validation (bnc#1012382). - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() (bnc#1012382). - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (bnc#1012382). - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS (bnc#1012382). - ext4: set h_journal if there is a failure starting a reserved handle (bnc#1012382). - fanotify: fix logic of events on child (bnc#1012382). - firmware/psci: Expose PSCI conduit (bsc#1068032). - firmware/psci: Expose SMCCC version through psci_ops (bsc#1068032). - fix race in drivers/char/random.c:get_reg() (bnc#1012382). - frv: declare jiffies to be located in the .data section (bnc#1012382). - fs: compat: Remove warning from COMPATIBLE_IOCTL (bnc#1012382). - fs/proc: Stop trying to report thread stacks (bnc#1012382). - fs/reiserfs/journal.c: add missing resierfs_warning() arg (bnc#1012382). - genirq: Use cpumask_available() for check of cpumask variable (bnc#1012382). - getname_kernel() needs to make sure that ->name != ->iname in long case (bnc#1012382). - gpio: label descriptors using the device name (bnc#1012382). - gpmi-nand: Handle ECC Errors in erased pages (bnc#1012382). - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl (bnc#1012382). - HID: core: Fix size as type u32 (bnc#1012382). - HID: Fix hid_report_len usage (bnc#1012382). - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device (bnc#1012382). - HID: i2c-hid: fix size check and type usage (bnc#1012382). - hwmon: (ina2xx) Fix access to uninitialized mutex (git-fixes). - hwmon: (ina2xx) Make calibration register value fixed (bnc#1012382). - hypfs_kill_super(): deal with failed allocations (bnc#1012382). - i40iw: Free IEQ resources (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - IB/core: Fix possible crash to access NULL netdev (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/core: Generate GID change event regardless of RoCE GID table property (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - IB/mlx5: Avoid passing an invalid QP type to firmware (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - IB/mlx5: Fix incorrect size of klms in the memory region (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - IB/mlx5: revisit -Wmaybe-uninitialized warning (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - IB/mlx5: Set the default active rate and width to QDR and 4X (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - IB/mlx5: Use unlimited rate when static rate is not supported (bnc#1012382). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix non-fatal firmware error reset (bsc#1093990). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Fix statistics buffers memory leak (bsc#1093990). - ibmvnic: Free coherent DMA memory if FW map failed (bsc#1093990). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ib/srp: Fix completion vector assignment algorithm (bnc#1012382). - ib/srp: Fix srp_abort() (bnc#1012382). - ib/srpt: Fix abort handling (bnc#1012382). - ib/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write() (bnc#1024296,FATE#321265). - iio: hi8435: avoid garbage event at first enable (bnc#1012382). - iio: hi8435: cleanup reset gpio (bnc#1012382). - iio: magnetometer: st_magn_spi: fix spi_device_id table (bnc#1012382). - input: ALPS - fix multi-touch decoding on SS4 plus touchpads (git-fixes). - input: ALPS - fix trackstick button handling on V8 devices (git-fixes). - input: ALPS - fix TrackStick support for SS5 hardware (git-fixes). - input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad (git-fixes). - input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro (bnc#1012382). - input: drv260x - fix initializing overdrive voltage (bnc#1012382). - input: elan_i2c - check if device is there before really probing (bnc#1012382). - input: elan_i2c - clear INT before resetting controller (bnc#1012382). - input: elantech - force relative mode on a certain module (bnc#1012382). - input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list (bnc#1012382). - input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad (bnc#1012382). - input: leds - fix out of bound access (bnc#1012382). - input: mousedev - fix implicit conversion warning (bnc#1012382). - iommu/vt-d: Fix a potential memory leak (bnc#1012382). - ip6_gre: better validate user provided tunnel names (bnc#1012382). - ip6_tunnel: better validate user provided tunnel names (bnc#1012382). - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1012382). - ipmi: create hardware-independent softdep for ipmi_devintf (bsc#1009062, bsc#1060799). - ipmi_ssif: Fix kernel panic at msg_done_handler (bsc#1088871). - ipsec: check return value of skb_to_sgvec always (bnc#1012382). - ip_tunnel: better validate user provided tunnel names (bnc#1012382). - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy (bnc#1012382). - ipv6: avoid dad-failures for addresses with NODAD (bnc#1012382). - ipv6: sit: better validate user provided tunnel names (bnc#1012382). - ipv6: the entire IPv6 header chain must fit the first fragment (bnc#1012382). - ipvs: fix rtnl_lock lockups caused by start_sync_thread (bnc#1012382). - iw_cxgb4: print mapped ports correctly (bsc#321658 FATE#1005778 bsc#321660 FATE#1005780 bsc#321661 FATE#1005781). - jbd2: fix use after free in kjournald2() (bnc#1012382). - jbd2: if the journal is aborted then do not allow update of the log tail (bnc#1012382). - jffs2_kill_sb(): deal with failed allocations (bnc#1012382). - jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp (bnc#1012382). - kABI: add tty include to audit.c (kabi). - kABI: protect hid report functions (kabi). - kABI: protect jiffies types (kabi). - kABI: protect skb_to_sgvec* (kabi). - kABI: protect sound/timer.h include in sound pcm.c (kabi). - kABI: protect struct ath10k_hw_params (kabi). - kABI: protect struct cstate (kabi). - kABI: protect struct _lowcore (kabi). - kABI: protect tty include in audit.h (kabi). - kabi/severities: Ignore kgr_shadow_* kABI changes - kbuild: provide a __UNIQUE_ID for clang (bnc#1012382). - kexec_file: do not add extra alignment to efi memmap (bsc#1044596). - keys: DNS: limit the length of option strings (bnc#1012382). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033, fate#313296). - kGraft: fix small race in reversion code (bsc#1083125). - kobject: do not use WARN for registration failures (bnc#1012382). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: nVMX: Fix handling of lmsw instruction (bnc#1012382). - kvm: PPC: Book3S PR: Check copy_to/from_user return values (bnc#1012382). - kvm: s390: Enable all facility bits that are known good for passthrough (FATE#324071 LTC#158956 bnc#1012382 bsc#1073059 bsc#1076805). - kvm: SVM: do not zero out segment attributes if segment is unusable or not present (bnc#1012382). - l2tp: check sockaddr length in pppol2tp_connect() (bnc#1012382). - l2tp: fix missing print session offset info (bnc#1012382). - lan78xx: Correctly indicate invalid OTP (bnc#1012382). - leds: pca955x: Correct I2C Functionality (bnc#1012382). - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs (bnc#1012382). - libceph, ceph: change permission for readonly debugfs entries (bsc#1089115). - libceph: fix misjudgement of maximum monitor number (bsc#1089115). - libceph: reschedule a tick in finish_hunting() (bsc#1089115). - libceph: un-backoff on tick when we have a authenticated session (bsc#1089115). - libceph: validate con->state at the top of try_write() (bsc#1089115). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - llc: delete timers synchronously in llc_sk_free() (bnc#1012382). - llc: fix NULL pointer deref for SOCK_ZAPPED (bnc#1012382). - llc: hold llc_sap before release_sock() (bnc#1012382). - llist: clang: introduce member_address_is_nonnull() (bnc#1012382). - lockd: fix lockd shutdown race (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (git-fixes). - mac80211: Add RX flag to indicate ICV stripped (bnc#1012382). - mac80211: allow not sending MIC up from driver for HW crypto (bnc#1012382). - mac80211: allow same PN for AMSDU sub-frames (bnc#1012382). - mac80211: bail out from prep_connection() if a reconfig is ongoing (bnc#1012382). - mceusb: sporadic RX truncation corruption fix (bnc#1012382). - md: document lifetime of internal rdev pointer (bsc#1056415). - md: fix two problems with setting the "re-add" device state (bsc#1089023). - md: only allow remove_and_add_spares when no sync_thread running (bsc#1056415). - md raid10: fix NULL deference in handle_write_completed() (git-fixes). - md/raid10: reset the 'first' at the end of loop (bnc#1012382). - md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock (bnc#1012382). - media: v4l2-compat-ioctl32: do not oops on overlay (bnc#1012382). - media: videobuf2-core: do not go out of the buffer range (bnc#1012382). - mei: remove dev_err message on an unsupported ioctl (bnc#1012382). - mISDN: Fix a sleep-in-atomic bug (bnc#1012382). - mlx5: fix bug reading rss_hash_type from CQE (bnc#1012382). - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems (bsc#1088267). - mmc: jz4740: Fix race condition in IRQ mask update (bnc#1012382). - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (bnc#1012382). - mm, slab: reschedule cache_reap() on the same CPU (bnc#1012382). - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block (bnc#1012382). - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug (bnc#1012382). - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block (bnc#1012382). - mtd: jedec_probe: Fix crash in jedec_read_mfr() (bnc#1012382). - neighbour: update neigh timestamps iff update is effective (bnc#1012382). - net: af_packet: fix race in PACKET_{R|T}X_RING (bnc#1012382). - net: atm: Fix potential Spectre v1 (bnc#1012382). - net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata" (bnc#1012382). - net: cdc_ncm: Fix TX zero padding (bnc#1012382). - net: emac: fix reset timeout with AR8035 phy (bnc#1012382). - net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control (bnc#1012382). - netfilter: bridge: ebt_among: add more missing match size checks (bnc#1012382). - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize (bnc#1012382). - netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch (bnc#1012382). - netfilter: nf_nat_h323: fix logical-not-parentheses warning (bnc#1012382). - netfilter: x_tables: add and use xt_check_proc_name (bnc#1012382). - net: fix deadlock while clearing neighbor proxy table (bnc#1012382). - net: fix possible out-of-bound read in skb_network_protocol() (bnc#1012382). - net: fix rtnh_ok() (bnc#1012382). - net: fix uninit-value in __hw_addr_add_ex() (bnc#1012382). - net: fool proof dev_valid_name() (bnc#1012382). - net: freescale: fix potential null pointer dereference (bnc#1012382). - net: hns: Fix ethtool private flags (bnc#1012382 bsc#1085511). - net: hns: Fix ethtool private flags (bsc#1085511). - net: ieee802154: fix net_device reference release too early (bnc#1012382). - net: initialize skb->peeked when cloning (bnc#1012382). - net/ipv6: Fix route leaking between VRFs (bnc#1012382). - net/ipv6: Increment OUTxxx counters after netfilter hook (bnc#1012382). - netlink: fix uninit-value in netlink_sendmsg (bnc#1012382). - netlink: make sure nladdr has correct size in netlink_connect() (bnc#1012382). - net: llc: add lock_sock in llc_ui_bind to avoid a race condition (bnc#1012382). - net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport (bnc#1012382). - net/mlx4_core: Fix memory leak while delete slave's resources (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx4_en: Avoid adding steering rules with invalid ring (bnc#1012382). - net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1015336 FATE#321685 bsc#1015337 FATE#321686 bsc#1015340 FATE#321687). - net/mlx4: Fix the check in attaching steering rules (bnc#1012382). - net/mlx5: avoid build warning for uniprocessor (bnc#1012382). - net/mlx5e: Add error print in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Check support before TC swap in ETS init (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: E-Switch, Use the name of static array instead of its address (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5e: Remove unused define MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix error handling in load one (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Tolerate irq_set_affinity_hint() failures (bnc#1012382). - net: move somaxconn init from sysctl code (bnc#1012382). - net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support (bnc#1012382). - net: qca_spi: Fix alignment issues in rx path (bnc#1012382). - net sched actions: fix dumping which requires several messages to user space (bnc#1012382). - net/sched: fix NULL dereference in the error path of tcf_bpf_init() (bnc#1012382). - net: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012382). - net: validate attribute sizes in neigh_dump_table() (bnc#1012382). - net: x25: fix one potential use-after-free issue (bnc#1012382). - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() (bnc#1012382). - nfsv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382). - nfsv4.1: Work around a Linux server bug.. (bnc#1012382). - nospec: Kill array_index_nospec_mask_check() (bnc#1012382). - nospec: Move array_index_nospec() parameter checking into separate macro (bnc#1012382). - nvme: target: fix buffer overflow (FATE#321732 FATE#321590 bsc#993388). - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404). - ocfs2/dlm: wait for dlm recovery done when migrating all lock resources (bsc#1070404). - ovl: filter trusted xattr for non-admin (bnc#1012382). - packet: fix bitfield update race (bnc#1012382). - parisc: Fix out of array access in match_pci_device() (bnc#1012382). - parport_pc: Add support for WCH CH382L PCI-E single parallel port card (bnc#1012382). - partitions/msdos: Unable to mount UFS 44bsd partitions (bnc#1012382). - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() (bsc#1084699). - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices (bsc#981348). - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant (bnc#1012382). - percpu: include linux/sched.h for cond_resched() (bnc#1012382). - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1012382). - perf/core: Fix locking for children siblings group read (git-fixes). - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] (bnc#1012382). - perf/core: Fix the perf_cpu_time_max_percent check (bnc#1012382). - perf header: Set proper module name when build-id event found (bnc#1012382). - perf/hwbp: Simplify the perf-hwbp code, fix documentation (bnc#1012382). - perf intel-pt: Fix error recovery from missing TIP packet (bnc#1012382). - perf intel-pt: Fix overlap detection to identify consecutive buffers correctly (bnc#1012382). - perf intel-pt: Fix sync_switch (bnc#1012382). - perf intel-pt: Fix timestamp following overflow (bnc#1012382). - perf probe: Add warning message if there is unexpected event name (bnc#1012382). - perf: Remove superfluous allocation error check (bnc#1012382). - perf report: Ensure the perf DSO mapping matches what libdw sees (bnc#1012382). - perf: Return proper values for user stack errors (bnc#1012382). - perf tests: Decompress kernel module before objdump (bnc#1012382). - perf tools: Fix copyfile_offset update of output offset (bnc#1012382). - perf trace: Add mmap alias for s390 (bnc#1012382). - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr (bnc#1012382). - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (bnc#1012382). - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (bnc#1012382). - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver (bnc#1012382). - pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() (bnc#1012382). - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to no_hw_rfkill (bsc#1093035). - pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() (bnc#1012382). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting TCR[DIE] (bnc#1012382). - powerpc: conditionally compile platform-specific serial drivers (bsc#1066223). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382). - powerpc/fadump: Do not use hugepages when fadump is active (bsc#1092772). - powerpc/fadump: exclude memory holes while reserving memory in second kernel (bsc#1092772). - powerpc/lib: Fix off-by-one in alternate feature patching (bnc#1012382). - powerpc/mm: allow memory hotplug into a memoryless node (bsc#1090663). - powerpc/mm: Allow memory hotplug into an offline node (bsc#1090663). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382). - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382). - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() (bnc#1012382). - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: signals: Discard transaction state from signal frames (bsc#1094059). - powerpc/spufs: Fix coredump of SPU contexts (bnc#1012382). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - pppoe: check sockaddr length in pppoe_connect() (bnc#1012382). - pptp: remove a buggy dst release in pptp_connect() (bnc#1012382). - qlge: Avoid reading past end of buffer (bnc#1012382). - r8152: add Linksys USB3GIGV1 id (bnc#1012382). - r8169: fix setting driver_data after register_netdev (bnc#1012382). - radeon: hide pointless #warning when compile testing (bnc#1012382). - random: use a tighter cap in credit_entropy_bits_safe() (bnc#1012382). - random: use lockless method of accessing and updating f->reg_idx (bnc#1012382). - ray_cs: Avoid reading past end of buffer (bnc#1012382). - rdma/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access (FATE#321732). - rdma/mlx5: Protect from NULL pointer derefence (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - rdma/mlx5: Protect from shift operand overflow (bnc#1012382). - rdma/qedr: fix QP's ack timeout configuration (bsc#1022604 FATE#321747). - rdma/qedr: Fix QP state initialization race (bsc#1022604 FATE#321747). - rdma/qedr: Fix rc initialization on CNQ allocation failure (bsc#1022604 FATE#321747). - rdma/rxe: Fix an out-of-bounds read (FATE#322149). - rdma/ucma: Allow resolving address w/o specifying source address (bnc#1012382). - rdma/ucma: Check AF family prior resolving address (bnc#1012382). - rdma/ucma: Check that device exists prior to accessing it (bnc#1012382). - rdma/ucma: Check that device is connected prior to access it (bnc#1012382). - rdma/ucma: Do not allow join attempts for unsupported AF family (bnc#1012382). - rdma/ucma: Do not allow setting RDMA_OPTION_IB_PATH without an RDMA device (bnc#1012382). - rdma/ucma: Ensure that CM_ID exists prior to access it (bnc#1012382). - rdma/ucma: Fix use-after-free access in ucma_close (bnc#1012382). - rdma/ucma: Introduce safer rdma_addr_size() variants (bnc#1012382). - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (bnc#1012382). - regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' (bsc#1091960). - resource: fix integer overflow at reallocation (bnc#1012382). - Revert "alsa: pcm: Fix mutex unbalance in OSS emulation ioctls" (kabi). - Revert "alsa: pcm: Return -EBUSY for OSS ioctls changing busy streams" (kabi). - Revert "arm: dts: am335x-pepper: Fix the audio CODEC's reset pin" (bnc#1012382). - Revert "arm: dts: omap3-n900: Fix the audio CODEC's reset pin" (bnc#1012382). - Revert "ath10k: rebuild crypto header in rx data frames" (kabi). - Revert "ath10k: send (re)assoc peer command when NSS changed" (bnc#1012382). - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" (bnc#1012382). - Revert "cpufreq: Fix governor module removal race" (bnc#1012382). - Revert "ip6_vti: adjust vti mtu according to mtu of lower device" (bnc#1012382). - Revert "kvm: Fix stack-out-of-bounds read in write_mmio" (bnc#1083635). - Revert "mac80211: Add RX flag to indicate ICV stripped" (kabi). - Revert "mac80211: allow not sending MIC up from driver for HW crypto" (kabi). - Revert "mac80211: allow same PN for AMSDU sub-frames" (kabi). - Revert "mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block." (kabi). - Revert "mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug." (kabi). - Revert "mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block." (kabi). - Revert "mtip32xx: use runtime tag to initialize command header" (bnc#1012382). - Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()" (bnc#1012382). - Revert "perf tests: Decompress kernel module before objdump" (bnc#1012382). - Revert "xhci: plat: Register shutdown for xhci_plat" (bnc#1012382). - rfkill: gpio: fix memory leak in probe error path (bnc#1012382). - rpc_pipefs: fix double-dput() (bnc#1012382). - rpm/config.sh: build against SP3 in OBS as well. - rtc: interface: Validate alarm-time before handling rollover (bnc#1012382). - rtc: opal: Handle disabled TPO in opal_get_tpo_time() (bnc#1012382). - rtc: snvs: fix an incorrect check of return value (bnc#1012382). - rtl8187: Fix NULL pointer dereference in priv->conf_mutex (bnc#1012382). - rxrpc: check return value of skb_to_sgvec always (bnc#1012382). - s390: add automatic detection of the spectre defense (bnc#1012382). - s390: add optimized array_index_mask_nospec (bnc#1012382). - s390: add options to change branch prediction behaviour for the kernel (bnc#1012382 bsc#1068032). - s390: add sysfs attributes for spectre (bnc#1012382). - s390/alternative: use a copy of the facility bit mask (bnc#1012382). - s390/cio: update chpid descriptor after resource accessibility event (bnc#1012382). - s390: correct module section names for expoline code revert (bnc#1012382). - s390: correct nospec auto detection init order (bnc#1012382). - s390/dasd: fix hanging safe offline (bnc#1012382). - s390/dasd: fix IO error for newly defined devices (bnc#1093144, LTC#167398). - s390: do not bypass BPENTER for interrupt system calls (bnc#1012382). - s390: enable CPU alternatives unconditionally (bnc#1012382). - s390/entry.S: fix spurious zeroing of r0 (bnc#1012382). - s390: introduce execute-trampolines for branches (bnc#1012382). - s390/ipl: ensure loadparm valid flag is set (bnc#1012382). - s390: move nobp parameter functions to nospec-branch.c (bnc#1012382). - s390: move _text symbol to address higher than zero (bnc#1012382). - s390/qdio: do not merge ERROR output buffers (bnc#1012382). - s390/qdio: do not retry EQBS after CCQ 96 (bnc#1012382). - s390/qeth: consolidate errno translation (bnc#1093144, LTC#167507). - s390/qeth: fix MAC address update sequence (bnc#1093144, LTC#167609). - s390/qeth: translate SETVLAN/DELVLAN errors (bnc#1093144, LTC#167507). - s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (bnc#1012382). - s390: report spectre mitigation via syslog (bnc#1012382). - s390: run user space and KVM guests with modified branch prediction (bnc#1012382). - s390: scrub registers on kernel entry and KVM exit (bnc#1012382). - s390/uprobes: implement arch_uretprobe_is_alive() (bnc#1012382). - sched/numa: Use down_read_trylock() for the mmap_sem (bnc#1012382). - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() (bnc#1012382). - scsi: libiscsi: Allow sd_shutdown on bad transport (bnc#1012382). - scsi: libsas: initialize sas_phy status according to response of DISCOVER (bnc#1012382). - scsi: lpfc: Add per io channel NVME IO statistics (bsc#1088865). - scsi: lpfc: Correct missing remoteport registration during link bounces (bsc#1088865). - scsi: lpfc: Correct target queue depth application changes (bsc#1088865). - scsi: lpfc: Enlarge nvmet asynchronous receive buffer counts (bsc#1088865). - scsi: lpfc: Fix Abort request WQ selection (bsc#1088865). - scsi: lpfc: Fix driver not recovering NVME rports during target link faults (bsc#1088865). - scsi: lpfc: Fix lingering lpfc_wq resource after driver unload (bsc#1088865). - scsi: lpfc: Fix multiple PRLI completion error path (bsc#1088865). - scsi: lpfc: Fix NULL pointer access in lpfc_nvme_info_show (bsc#1088865). - scsi: lpfc: Fix NULL pointer reference when resetting adapter (bsc#1088865). - scsi: lpfc: Fix nvme remoteport registration race conditions (bsc#1088865). - scsi: lpfc: Fix WQ/CQ creation for older asic's (bsc#1088865). - scsi: lpfc: update driver version to 11.4.0.7-2 (bsc#1088865). - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag (bnc#1012382). - scsi: mptsas: Disable WRITE SAME (bnc#1012382). - scsi: sd: Defer spinning up drive while SANITIZE is in progress (bnc#1012382). - sctp: do not check port in sctp_inet6_cmp_addr (bnc#1012382). - sctp: do not leak kernel memory to user space (bnc#1012382). - sctp: fix recursive locking warning in sctp_do_peeloff (bnc#1012382). - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 (bnc#1012382). - selftests/powerpc: Fix TM resched DSCR test with some compilers (bnc#1012382). - selinux: do not check open permission on sockets (bnc#1012382). - selinux: Remove redundant check for unknown labeling behavior (bnc#1012382). - selinux: Remove unnecessary check of array base in selinux_set_mapping() (bnc#1012382). - serial: 8250: omap: Disable DMA for console UART (bnc#1012382). - serial: mctrl_gpio: Add missing module license (bnc#1012382). - serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init (bnc#1012382). - serial: sh-sci: Fix race condition causing garbage during shutdown (bnc#1012382). - sh_eth: Use platform device for printing before register_netdev() (bnc#1012382). - sit: reload iphdr in ipip6_rcv (bnc#1012382). - skbuff: only inherit relevant tx_flags (bnc#1012382). - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow (bnc#1012382). - sky2: Increase D3 delay to sky2 stops working after suspend (bnc#1012382). - slip: Check if rstate is initialized before uncompressing (bnc#1012382). - soreuseport: initialise timewait reuseport field (bnc#1012382). - sparc64: ldc abort during vds iso boot (bnc#1012382). - spi: davinci: fix up dma_mapping_error() incorrect patch (bnc#1012382). - staging: comedi: ni_mio_common: ack ai fifo error interrupts (bnc#1012382). - staging: ion : Donnot wakeup kswapd in ion system alloc (bnc#1012382). - staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning (bnc#1012382). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tags: honor COMPILED_SOURCE with apart output directory (bnc#1012382). - target: prefer dbroot of /etc/target over /var/target (bsc#1087274). - target: transport should handle st FM/EOM/ILI reads (bsc#1081599). - tcp: better validation of received ack sequences (bnc#1012382). - tcp: do not read out-of-bounds opsize (bnc#1012382). - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382). - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets (bnc#1012382). - team: avoid adding twice the same option to the event list (bnc#1012382). - team: fix netconsole setup over team (bnc#1012382). - test_firmware: fix setting old custom fw path back on exit, second try (bnc#1012382). - thermal: imx: Fix race condition in imx_thermal_probe() (bnc#1012382). - thermal: power_allocator: fix one race condition issue for thermal_instances list (bnc#1012382). - thunderbolt: Resume control channel after hibernation image is created (bnc#1012382). - tipc: add policy for TIPC_NLA_NET_ADDR (bnc#1012382). - tracepoint: Do not warn on ENOMEM (bnc#1012382). - tracing: Fix regex_match_front() to not over compare the test string (bnc#1012382). - tracing/uprobe_event: Fix strncpy corner case (bnc#1012382). - tty: Do not call panic() at tty_ldisc_init() (bnc#1012382). - tty: make n_tty_read() always abort if hangup is in progress (bnc#1012382). - tty: n_gsm: Allow ADM response in addition to UA for control dlci (bnc#1012382). - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set (bnc#1012382). - tty: n_gsm: Fix long delays with control frame timeouts in ADM mode (bnc#1012382). - tty: provide tty_name() even without CONFIG_TTY (bnc#1012382). - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bnc#1012382). - ubi: fastmap: Do not flush fastmap work on detach (bnc#1012382). - ubi: Fix error for write access (bnc#1012382). - ubifs: Check ubifs_wbuf_sync() return code (bnc#1012382). - ubi: Reject MLC NAND (bnc#1012382). - um: Use POSIX ucontext_t instead of struct ucontext (bnc#1012382). - Update config files, add expoline for s390x (bsc#1089393). - Update patches.fixes/0001-md-raid10-fix-NULL-deference-in-handle_write_complet.patch (bsc#1056415). - Update patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch (bsc#1043598, bsc#1036215). - Update patches.suse/powerpc-powernv-Support-firmware-disable-of-RFI-flus.patch (bsc#1068032, bsc#1075087, bsc#1091041). - Update patches.suse/powerpc-pseries-Support-firmware-disable-of-RFI-flus.patch (bsc#1068032, bsc#1075087, bsc#1091041). - Update patches.suse/powerpc-rfi-flush-Move-the-logic-to-avoid-a-redo-int.patch (bsc#1068032, bsc#1075087, bsc#1091041). - Update patches.suse/x86-nospectre_v2-means-nospec-too.patch (bsc#1075994 bsc#1075091 bnc#1085958). - usb: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012382 bsc#1092888). - usb: Accept bulk endpoints with 1024-byte maxpacket (bsc#1092888). - usb: chipidea: properly handle host or gadget initialization failure (bnc#1012382). - usb: core: Add quirk for HP v222w 16GB Mini (bnc#1012382). - usb: dwc2: Improve gadget state disconnection handling (bnc#1012382). - usb: dwc3: keystone: check return value (bnc#1012382). - usb: dwc3: pci: Properly cleanup resource (bnc#1012382). - usb: ene_usb6250: fix first command execution (bnc#1012382). - usb: ene_usb6250: fix SCSI residue overwriting (bnc#1012382). - usb:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw (bnc#1012382). - usb: gadget: align buffer size when allocating for OUT endpoint (bnc#1012382). - usb: gadget: change len to size_t on alloc_ep_req() (bnc#1012382). - usb: gadget: define free_ep_req as universal function (bnc#1012382). - usb: gadget: f_hid: fix: Prevent accessing released memory (bnc#1012382). - usb: gadget: fix request length error for isoc transfer (git-fixes). - usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align (bnc#1012382). - usb: Increment wakeup count on remote wakeup (bnc#1012382). - usbip: usbip_host: fix to hold parent lock for device_attach() calls (bnc#1012382). - usbip: vhci_hcd: Fix usb device and sockfd leaks (bnc#1012382). - usb: musb: gadget: misplaced out of bounds check (bnc#1012382). - usb: musb: host: fix potential NULL pointer dereference (bnc#1012382). - usb: serial: cp210x: add ELDAT Easywave RX09 id (bnc#1012382). - usb: serial: cp210x: add ID for NI USB serial console (bnc#1012382). - usb: serial: ftdi_sio: add RT Systems VX-8 cable (bnc#1012382). - usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bnc#1012382). - usb: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster (bnc#1012382). - usb: serial: option: adding support for ublox R410M (bnc#1012382). - usb: serial: option: Add support for Quectel EP06 (bnc#1012382). - usb: serial: option: reimplement interface masking (bnc#1012382). - usb: serial: simple: add libtransistor console (bnc#1012382). - usb: serial: visor: handle potential invalid device configuration (bnc#1012382). - vfb: fix video mode and line_length being set when loaded (bnc#1012382). - vfio/pci: Virtualize Maximum Payload Size (bnc#1012382). - vfio/pci: Virtualize Maximum Read Request Size (bnc#1012382). - vfio-pci: Virtualize PCIe & AF FLR (bnc#1012382). - vhost: correctly remove wait queue during poll failure (bnc#1012382). - virtio: add ability to iterate over vqs (bnc#1012382). - virtio_console: free buffers after reset (bnc#1012382). - virtio_net: check return value of skb_to_sgvec always (bnc#1012382). - virtio_net: check return value of skb_to_sgvec in one more location (bnc#1012382). - vlan: also check phy_driver ts_info for vlan's real device (bnc#1012382). - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi (bnc#1012382). - vmxnet3: ensure that adapter is in proper state during force_close (bnc#1012382). - vrf: Fix use after free and double free in vrf_finish_output (bnc#1012382). - vt: change SGR 21 to follow the standards (bnc#1012382). - vti6: better validate user provided tunnel names (bnc#1012382). - vxlan: dont migrate permanent fdb entries during learn (bnc#1012382). - watchdog: f71808e_wdt: Fix WD_EN register read (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679). - wl1251: check return from call to wl1251_acx_arp_ip_filter (bnc#1012382). - writeback: fix the wrong congested state variable definition (bnc#1012382). - writeback: safer lock nesting (bnc#1012382). - x86/asm: Do not use RBP as a temporary register in csum_partial_copy_generic() (bnc#1012382). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: Make sure that _TIF_SSBD does not end up in _TIF_ALLWORK_MASK (bsc#1093215). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/hweight: Do not clobber %rdi (bnc#1012382). - x86/hweight: Get rid of the special calling convention (bnc#1012382). - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds (bnc#1012382). - x86/platform/UV: Add references to access fixed UV4A HUB MMRs (bsc#1076263 #fate#322814). - x86/platform/uv/BAU: Replace hard-coded values with MMR definitions (bsc#1076263 #fate#322814). - x86/platform/UV: Fix critical UV MMR address error (bsc#1076263 - x86/platform/UV: Fix GAM MMR changes in UV4A (bsc#1076263 #fate#322814). - x86/platform/UV: Fix GAM MMR references in the UV x2apic code (bsc#1076263 #fate#322814). - x86/platform/UV: Fix GAM Range Table entries less than 1GB (bsc#1091325). - x86/platform/UV: Fix UV4A BAU MMRs (bsc#1076263 #fate#322814). - x86/platform/UV: Fix UV4A support on new Intel Processors (bsc#1076263 #fate#322814). - x86/platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case (bsc#1089925). - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (bsc#1076263 #fate#322814). - x86/smpboot: Do not use mwait_play_dead() on AMD systems (bnc#1012382). - x86/tsc: Prevent 32bit truncation in calc_hpet_ref() (bnc#1012382). - x86/tsc: Provide 'tsc=unstable' boot parameter (bnc#1012382). - xen: avoid type warning in xchg_xen_ulong (bnc#1012382). - xen-netfront: Fix hang on device removal (bnc#1012382). - xfrm: fix state migration copy replay sequence numbers (bnc#1012382). - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems (bnc#1012382). - xfrm_user: fix return value from xfrm_user_rcv_msg (bnc#1012382). - xfrm_user: uncoditionally validate esn replay attribute struct (bnc#1012382). - xfs: always verify the log tail during recovery (bsc#1036215). - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598). - xfs: detect and trim torn writes during log recovery (bsc#1036215). - xfs: fix log recovery corruption error due to tail overwrite (bsc#1036215). - xfs: fix recovery failure when log record header wraps log end (bsc#1036215). - xfs: handle -EFSCORRUPTED during head/tail verification (bsc#1036215). - xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012382). - xfs: refactor and open code log record crc check (bsc#1036215). - xfs: refactor log record start detection into a new helper (bsc#1036215). - xfs: return start block of first bad log record during recovery (bsc#1036215). - xfs: support a crc verification only log record pass (bsc#1036215). - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD (bsc#1094019). - watchdog: hpwdt: condition early return of NMI handler on iLO5 (bsc#1085185). - watchdog: hpwdt: Modify to use watchdog core (bsc#1085185). - watchdog: hpwdt: Update nmi_panic message (bsc#1085185). - watchdog: hpwdt: Update Module info and copyright (bsc#1085185). Important SUSE bug 1005778 SUSE bug 1005780 SUSE bug 1005781 SUSE bug 1009062 SUSE bug 1012382 SUSE bug 1015336 SUSE bug 1015337 SUSE bug 1015340 SUSE bug 1015342 SUSE bug 1015343 SUSE bug 1022604 SUSE bug 1022743 SUSE bug 1024296 SUSE bug 1031492 SUSE bug 1036215 SUSE bug 1043598 SUSE bug 1044596 SUSE bug 1056415 SUSE bug 1056427 SUSE bug 1060799 SUSE bug 1066223 SUSE bug 1068032 SUSE bug 1070404 SUSE bug 1073059 SUSE bug 1075087 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1076263 SUSE bug 1076805 SUSE bug 1080157 SUSE bug 1081599 SUSE bug 1082153 SUSE bug 1082299 SUSE bug 1082485 SUSE bug 1082962 SUSE bug 1083125 SUSE bug 1083635 SUSE bug 1083650 SUSE bug 1083900 SUSE bug 1084610 SUSE bug 1084699 SUSE bug 1084721 SUSE bug 1085058 SUSE bug 1085185 SUSE bug 1085511 SUSE bug 1085679 SUSE bug 1085958 SUSE bug 1086162 SUSE bug 1087082 SUSE bug 1087274 SUSE bug 1088050 SUSE bug 1088242 SUSE bug 1088267 SUSE bug 1088313 SUSE bug 1088600 SUSE bug 1088684 SUSE bug 1088810 SUSE bug 1088865 SUSE bug 1088871 SUSE bug 1089023 SUSE bug 1089115 SUSE bug 1089198 SUSE bug 1089393 SUSE bug 1089608 SUSE bug 1089644 SUSE bug 1089752 SUSE bug 1089895 SUSE bug 1089925 SUSE bug 1090225 SUSE bug 1090643 SUSE bug 1090658 SUSE bug 1090663 SUSE bug 1090708 SUSE bug 1090718 SUSE bug 1090734 SUSE bug 1090953 SUSE bug 1091041 SUSE bug 1091325 SUSE bug 1091728 SUSE bug 1091960 SUSE bug 1092289 SUSE bug 1092497 SUSE bug 1092566 SUSE bug 1092772 SUSE bug 1092888 SUSE bug 1092904 SUSE bug 1092975 SUSE bug 1093008 SUSE bug 1093035 SUSE bug 1093144 SUSE bug 1093215 SUSE bug 1093990 SUSE bug 1094019 SUSE bug 1094033 SUSE bug 1094059 SUSE bug 802154 SUSE bug 966170 SUSE bug 966172 SUSE bug 966186 SUSE bug 966191 SUSE bug 969476 SUSE bug 969477 SUSE bug 981348 SUSE bug 993388 CVE-2017-18257 CVE-2018-1000199 CVE-2018-10087 CVE-2018-10124 CVE-2018-1065 CVE-2018-1130 CVE-2018-3639 CVE-2018-5803 CVE-2018-7492 CVE-2018-8781 CVE-2018-8822 openSUSE Leap 42.3 This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299) - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) Non-security issues fixed: - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1000396 SUSE bug 1001299 SUSE bug 1086247 CVE-2016-0634 CVE-2016-7543 openSUSE Leap 42.3 icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 1087932 SUSE bug 929629 SUSE bug 990636 CVE-2014-8146 CVE-2014-8147 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 openSUSE Leap 42.3 This update for jasper fixes the following issues: - CVE-2018-9055: denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c could lead to denial of service. (bsc#1087020) This update was imported from the SUSE:SLE-12:Update update project. Low SUSE bug 1087020 CVE-2018-9055 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - CVE-2017-18271: An infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service was fixed. (boo#1094204) Moderate SUSE bug 1094204 CVE-2017-18271 openSUSE Leap 42.3 This update for opencv fixes the following issues: - CVE-2018-5268: Fixed a heap-based buffer overflow in incv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cppwhen parsing a crafted image file. (boo#1075017) - CVE-2017-17760: Fixed an buffer overflow in function cv::PxMDecoder::readData (boo#1074313) - CVE-2017-18009: Fixed a heap-based buffer over-read in function cv::HdrDecoder::checkSignature (boo#1074312) - CVE-2017-1000450: Functions FillUniColor and FillUniGray do not check the input length which could lead to out of bounds writes and crashes (boo#1074487) - CVE-2018-5269: Fixed an assertion failure happens in cv::RBaseStream::setPos inmodules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast (bsc#1075019). Important SUSE bug 1074312 SUSE bug 1074313 SUSE bug 1074487 SUSE bug 1075017 SUSE bug 1075019 CVE-2017-1000450 CVE-2017-17760 CVE-2017-18009 CVE-2018-5268 CVE-2018-5269 openSUSE Leap 42.3 This update for perl-DBD-mysql fixes the following issues: - CVE-2017-10789: The DBD::mysql module when with mysql_ssl=1 setting enabled, means that SSL is optional (even though this setting's documentation has a \"your communication with the server will be encrypted\" statement), which could lead man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. (bsc#1047059) - CVE-2017-10788: The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. (bsc#1047095) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047059 SUSE bug 1047095 CVE-2017-10788 CVE-2017-10789 openSUSE Leap 42.3 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-7262: rgw: malformed http headers can crash rgw (bsc#1081379). - CVE-2017-16818: User reachable asserts allow for DoS (bsc#1063014). Bug fixes: - bsc#1061461: OSDs keep generating coredumps after adding new OSD node to cluster. - bsc#1079076: RGW openssl fixes. - bsc#1067088: Upgrade to SES5 restarted all nodes, majority of OSDs aborts during start. - bsc#1056125: Some OSDs are down when doing performance testing on rbd image in EC Pool. - bsc#1087269: allow_ec_overwrites option not in command options list. - bsc#1051598: Fix mountpoint check for systemctl enable --runtime. - bsc#1070357: Zabbix mgr module doesn't recover from HEALTH_ERR. - bsc#1066502: After upgrading a single OSD from SES 4 to SES 5 the OSDs do not rejoin the cluster. - bsc#1067119: Crushtool decompile creates wrong device entries (device 20 device20) for not existing / deleted OSDs. - bsc#1060904: Loglevel misleading during keystone authentication. - bsc#1056967: Monitors goes down after pool creation on cluster with 120 OSDs. - bsc#1067705: Issues with RGW Multi-Site Federation between SES5 and RH Ceph Storage 2. - bsc#1059458: Stopping / restarting rados gateway as part of deepsea stage.4 executions causes core-dump of radosgw. - bsc#1087493: Commvault cannot reconnect to storage after restarting haproxy. - bsc#1066182: Container synchronization between two Ceph clusters failed. - bsc#1081600: Crash in civetweb/RGW. - bsc#1054061: NFS-GANESHA service failing while trying to list mountpoint on client. - bsc#1074301: OSDs keep aborting: SnapMapper failed asserts. - bsc#1086340: XFS metadata corruption on rbd-nbd mapped image with journaling feature enabled. - bsc#1080788: fsid mismatch when creating additional OSDs. - bsc#1071386: Metadata spill onto block.slow. This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1051598 SUSE bug 1054061 SUSE bug 1056125 SUSE bug 1056967 SUSE bug 1059458 SUSE bug 1060904 SUSE bug 1061461 SUSE bug 1063014 SUSE bug 1066182 SUSE bug 1066502 SUSE bug 1067088 SUSE bug 1067119 SUSE bug 1067705 SUSE bug 1070357 SUSE bug 1071386 SUSE bug 1074301 SUSE bug 1079076 SUSE bug 1080788 SUSE bug 1081379 SUSE bug 1081600 SUSE bug 1086340 SUSE bug 1087269 SUSE bug 1087493 CVE-2017-16818 CVE-2018-7262 openSUSE Leap 42.3 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3639: Spectre V4 – Speculative Store Bypass aka "Memory Disambiguation" (bsc#1092631) This feature can be controlled by the "ssbd=on/off" commandline flag for the XEN hypervisor. - CVE-2018-10982: x86 vHPET interrupt injection errors (XSA-261 bsc#1090822) - CVE-2018-10981: qemu may drive Xen into unbounded loop (XSA-262 bsc#1090823) Other bugfixes: - Upstream patches from Jan (bsc#1027519) - additional fixes related to Page Table Isolation (XPTI). (bsc#1074562 XSA-254) - qemu-system-i386 cannot handle more than 4 HW NICs (bsc#1090296) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1090296 SUSE bug 1090822 SUSE bug 1090823 SUSE bug 1092631 CVE-2018-10981 CVE-2018-10982 CVE-2018-3639 openSUSE Leap 42.3 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 openSUSE Leap 42.3 This update provides rebuilt kernel modules for openSUSE Leap 42.3 with retpoline enablement to address Spectre Variant 2 (CVE-2017-5715 bsc#1068032). Moderate SUSE bug 1068032 CVE-2017-5715 openSUSE Leap 42.3 This update fixes the following issues: - CVE-2018-1059: The DPDK vhost-user interface did not check to verify that all the requested guest physical range was mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may have lead to a malicious guest exposing vhost-user backend process memory (bsc#1089638). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1089638 CVE-2018-1059 openSUSE Leap 42.3 This update for ocaml fixes the following issues: - CVE-2018-9838: The caml_ba_deserialize function in byterun/bigarray.c in the standard library had an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. [bsc#1088591] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1088591 CVE-2018-9838 openSUSE Leap 42.3 This update for curl fixes the following issues: Security issues fixed: - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code (bsc#1069226). - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function (bsc#1069222). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1069222 SUSE bug 1069226 CVE-2017-8816 CVE-2017-8817 openSUSE Leap 42.3 This update for zziplib fixes the following issues: Security issue fixed: - CVE-2018-6542: Reject file if the size of the central directory is too big and display an error message (bsc#1079094). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1079094 CVE-2018-6542 openSUSE Leap 42.3 This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) Non security bugs fixed: - Fix crash in resolver on memory allocation failure (bsc#1086690) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1086690 SUSE bug 1094150 SUSE bug 1094154 SUSE bug 1094161 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 openSUSE Leap 42.3 This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1095735 CVE-2017-5715 openSUSE Leap 42.3 This update for libvorbis fixes the following issues: The following security issue was fixed: - Fixed the validation of channels in mapping0_forward(), which previously allowed remote attackers to cause a denial of service via specially crafted files (CVE-2018-10392, bsc#1091070) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1091070 CVE-2018-10392 openSUSE Leap 42.3 This update for prosody fixes the following issues: This security issue was fixed: - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session, potentially bypassing security policies and allowing impersonation (bsc#1094890). Moderate SUSE bug 1094890 CVE-2018-10847 openSUSE Leap 42.3 This update for perl-XML-LibXML fixes the following issues: Security issue fixed: - CVE-2017-10672: Fix use-after-free that allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1046848 CVE-2017-10672 openSUSE Leap 42.3 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973) - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720) - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065) - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446) - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731) - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732) - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323) - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434) - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898) - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120) - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468) - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550) - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710) - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640) - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606) - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855) - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751) - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047044 SUSE bug 1047898 SUSE bug 1050120 SUSE bug 1050606 SUSE bug 1051446 SUSE bug 1052468 SUSE bug 1052550 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1052732 SUSE bug 1055065 SUSE bug 1055323 SUSE bug 1055434 SUSE bug 1055855 SUSE bug 1058640 SUSE bug 1059751 SUSE bug 1074123 SUSE bug 1074969 SUSE bug 1074973 SUSE bug 1074975 CVE-2017-10800 CVE-2017-11141 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-12434 CVE-2017-12564 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14326 CVE-2017-14533 CVE-2017-17881 CVE-2017-18022 CVE-2018-5246 CVE-2018-5247 openSUSE Leap 42.3 This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-12904: Improper neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL (bsc#1054578). Important SUSE bug 1054578 CVE-2017-12904 openSUSE Leap 42.3 This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange was negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT" (bsc#1072697). - CVE-2016-1000338: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of 'invisible' data into a signed structure (bsc#1095722). - CVE-2016-1000339: Prevent AESEngine key information leak via lookup table accesses (boo#1095853). - CVE-2016-1000340: Preventcarry propagation bugs in the implementation of squaring for several raw math classes (boo#1095854). - CVE-2016-1000341: Fix DSA signature generation vulnerability to timing attack (boo#1095852). - CVE-2016-1000341: DSA signature generation was vulnerable to timing attack. Where timings can be closely observed for the generation of signatures may have allowed an attacker to gain information about the signature's k value and ultimately the private value as well (bsc#1095852). - CVE-2016-1000342: Ensure that ECDSA does fully validate ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of 'invisible' data into a signed structure (bsc#1095850). - CVE-2016-1000343: Prevent weak default settings for private DSA key pair generation (boo#1095849). - CVE-2016-1000344: Removed DHIES from the provider to disable the unsafe usage of ECB mode (boo#1096026). - CVE-2016-1000345: The DHIES/ECIES CBC mode was vulnerable to padding oracle attack. In an environment where timings can be easily observed, it was possible with enough observations to identify when the decryption is failing due to padding (bsc#1096025). - CVE-2016-1000346: The other party DH public key was not fully validated. This could have caused issues as invalid keys could be used to reveal details about the other party's private key where static Diffie-Hellman is in use (bsc#1096024). - CVE-2016-1000352: Remove ECIES from the provider to disable the unsafe usage of ECB mode (boo#1096022). Moderate SUSE bug 1072697 SUSE bug 1095722 SUSE bug 1095849 SUSE bug 1095850 SUSE bug 1095852 SUSE bug 1095853 SUSE bug 1095854 SUSE bug 1096022 SUSE bug 1096024 SUSE bug 1096025 SUSE bug 1096026 CVE-2016-1000338 CVE-2016-1000339 CVE-2016-1000340 CVE-2016-1000341 CVE-2016-1000342 CVE-2016-1000343 CVE-2016-1000344 CVE-2016-1000345 CVE-2016-1000346 CVE-2016-1000352 CVE-2017-13098 openSUSE Leap 42.3 This update for gd fixes one issues. This security issue was fixed: - CVE-2017-6362: Prevent double-free in gdImagePngPtr() that potentially allowed for DoS or remote code execution (bsc#1056993). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1056993 CVE-2017-6362 openSUSE Leap 42.3 This update for java-1_7_0-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent classloading + S8190478: Improved interface method selection + S8190877: Better handling of abstract classes + S8191696: Better mouse positioning + S8192030: Better MTSchema support + S8193409: Improve AES supporting classes + S8193414: Improvements in MethodType lookups + S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries + S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability + S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability + S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability + S8189989, CVE-2018-2798, bsc#1090028: Improve container portability + S8189993, CVE-2018-2799, bsc#1090029: Improve document portability + S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms + S8192025, CVE-2018-2814, bsc#1090032: Less referential references + S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation + S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For additional changes please consult the changelog. This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 openSUSE Leap 42.3 PostgreSQL was updated to 9.6.9 fixing bugs and security issues: Release notes: - https://www.postgresql.org/about/news/1851/ - https://www.postgresql.org/docs/current/static/release-9-6-9.html A dump/restore is not required for those running 9.6.X. However, if you use the adminpack extension, you should update it as per the first changelog entry below. Also, if the function marking mistakes mentioned in the second and third changelog entries below affect you, you will want to take steps to correct your database catalogs. Security issue fixed: - CVE-2018-1115: Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue. After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed. (bsc#1091610) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1091610 CVE-2018-1115 openSUSE Leap 42.3 This update for poppler fixes the following issues: These security issues were fixed: - CVE-2017-14517: Prevent NULL Pointer dereference in the XRef::parseEntry() function via a crafted PDF document (bsc#1059066). - CVE-2017-9865: Fixed a stack-based buffer overflow vulnerability in GfxState.cc that would have allowed attackers to facilitate a denial-of-service attack via specially crafted PDF documents. (bsc#1045939) - CVE-2017-14518: Remedy a floating point exception in isImageInterpolationRequired() that could have been exploited using a specially crafted PDF document. (bsc#1059101) - CVE-2017-14520: Remedy a floating point exception in Splash::scaleImageYuXd() that could have been exploited using a specially crafted PDF document. (bsc#1059155) - CVE-2017-14617: Fixed a floating point exception in Stream.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1060220) - CVE-2017-14928: Fixed a NULL Pointer dereference in AnnotRichMedia::Configuration::Configuration() in Annot.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1061092) - CVE-2017-14975: Fixed a NULL pointer dereference vulnerability, that existed because a data structure in FoFiType1C.cc was not initialized, which allowed an attacker to launch a denial of service attack. (bsc#1061263) - CVE-2017-14976: Fixed a heap-based buffer over-read vulnerability in FoFiType1C.cc that occurred when an out-of-bounds font dictionary index was encountered, which allowed an attacker to launch a denial of service attack. (bsc#1061264) - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593). - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1045939 SUSE bug 1059066 SUSE bug 1059101 SUSE bug 1059155 SUSE bug 1060220 SUSE bug 1061092 SUSE bug 1061263 SUSE bug 1061264 SUSE bug 1061265 SUSE bug 1064593 SUSE bug 1074453 CVE-2017-1000456 CVE-2017-14517 CVE-2017-14518 CVE-2017-14520 CVE-2017-14617 CVE-2017-14928 CVE-2017-14975 CVE-2017-14976 CVE-2017-14977 CVE-2017-15565 CVE-2017-9865 openSUSE Leap 42.3 Samba was updated to 4.6.14, fixing bugs and security issues: Version update to 4.6.14 (bsc#1093664): + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; (bso#13294). + s3:smb2_server: correctly maintain request counters for compound requests; (bso#13215). + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375). + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297). + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270). + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244). + s3:libsmb: allow -U"\\administrator" to work; (bso#13206). + CVE-2018-1057: s4:dsdb: fix unprivileged password changes; (bso#13272); (bsc#1081024). + s3:smbd: Do not crash if we fail to init the session table; (bso#13315). + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310). + smbXcli: Add "force_channel_sequence"; (bso#13215). + smbd: Fix channel sequence number checks for long-running requests; (bso#13215). + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197). + s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions; (bso#13197). + samba: Only use async signal-safe functions in signal handler; (bso#13240). + subnet: Avoid a segfault when renaming subnet objects; (bso#13031). - Fix vfs_ceph with "aio read size" or "aio write size" > 0; (bsc#1093664). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1081024 SUSE bug 1093664 CVE-2018-1057 openSUSE Leap 42.3 This update for xmltooling fixes the following issues: - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD (bsc#1075975) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1075975 CVE-2018-0486 openSUSE Leap 42.3 This update for aubio fixes the following security issue: - CVE-2017-17554: Prevent NULL pointer dereference in the function aubio_source_avcodec_readframe which may have lead to DoS when playing a crafted audio file (bsc#1072317). Low SUSE bug 1072317 CVE-2017-17554 openSUSE Leap 42.3 This update for cobbler fixes the following issues: The following security issue has been fixed: - CVE-2017-1000469: Escape shell parameters provided by the user for the reposync action. (bsc#1074594) Additionally, the following non-security issues have been fixed: - Fix signature for SLES15. (bsc#1075014) - Detect if there is already another instance of "cobbler sync" running and exit with failure if so. (bsc#1081714) - Add SLES 15 distro profile. (bsc#1090205) - Require tftp(server) instead of atftp. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1074594 SUSE bug 1075014 SUSE bug 1081714 SUSE bug 1090205 CVE-2017-1000469 openSUSE Leap 42.3 The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1085308 bsc#1087082) This update improves the previous Spectre Variant 4 fixes and also mitigates them on the ARM architecture. - CVE-2018-3665: The FPU state and registers of x86 CPUs were saved and restored in a lazy fashion, which opened its disclosure by speculative side channel attacks. This has been fixed by replacing the lazy save/restore by eager saving and restoring (bnc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow (bnc#1097356). - CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036). - CVE-2017-18241: fs/f2fs/segment.c kernel allowed local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400). - CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311 1091815). - CVE-2017-13305: A information disclosure vulnerability in the encrypted-keys. (bnc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function in fs/ext4/balloc.c allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bnc#1087095). - CVE-2018-1094: The ext4_fill_super function in fs/ext4/super.c did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bnc#1087007 1092903). - CVE-2018-1092: The ext4_iget function in fs/ext4/inode.c mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bnc#1087012). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c, a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. (bsc#1097234) The following non-security bugs were fixed: - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (bnc#1012382). - acpi: acpi_pad: Fix memory leak in power saving threads (bnc#1012382). - acpica: acpi: acpica: fix acpi operand cache leak in nseval.c (bnc#1012382). - acpica: Events: add a return on failure from acpi_hw_register_read (bnc#1012382). - acpi: processor_perflib: Do not send _PPC change notification if not ready (bnc#1012382). - affs_lookup(): close a race with affs_remove_link() (bnc#1012382). - aio: fix io_destroy(2) vs. lookup_ioctx() race (bnc#1012382). - alsa: control: fix a redundant-copy issue (bnc#1012382). - alsa: hda: Add Lenovo C50 All in one to the power_save blacklist (bnc#1012382). - alsa: hda - Use IS_REACHABLE() for dependency on input (bnc#1012382 bsc#1031717). - alsa: timer: Call notifier in the same spinlock (bnc#1012382 bsc#973378). - alsa: timer: Fix pause event notification (bnc#1012382 bsc#973378). - alsa: timer: Fix pause event notification (bsc#973378). - alsa: usb: mixer: volume quirk for CM102-A+/102S+ (bnc#1012382). - alsa: vmaster: Propagate slave error (bnc#1012382). - arc: Fix malformed ARC_EMUL_UNALIGNED default (bnc#1012382). - arm64: Add ARCH_WORKAROUND_2 probing (bsc#1085308). - arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2 (bsc#1085308). - arm64: Add 'ssbd' command-line option (bsc#1085308). - arm64: Add this_cpu_ptr() assembler macro for use in entry.S (bsc#1085308). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bnc#1012382). - arm64: alternatives: Add dynamic patching feature (bsc#1085308). - arm64: assembler: introduce ldr_this_cpu (bsc#1085308). - arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 (bsc#1085308). - arm64: do not call C code with el0's fp register (bsc#1085308). - arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn() (bsc#1085308). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bnc#1012382 bsc#1068032). - arm64: lse: Add early clobbers to some input/output asm operands (bnc#1012382). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bnc#1012382). - arm64: ssbd: Add global mitigation state accessor (bsc#1085308). - arm64: ssbd: Add prctl interface for per-thread mitigation (bsc#1085308). - arm64: ssbd: Introduce thread flag to control userspace mitigation (bsc#1085308). - arm64: ssbd: Restore mitigation status on CPU resume (bsc#1085308). - arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation (bsc#1085308). - arm: 8748/1: mm: Define vdso_start, vdso_end as array (bnc#1012382). - arm: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bnc#1012382). - arm: 8770/1: kprobes: Prohibit probing on optimized_callback (bnc#1012382). - arm: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bnc#1012382). - arm: 8772/1: kprobes: Prohibit kprobes on get_user functions (bnc#1012382). - arm/arm64: smccc: Add SMCCC-specific return codes (bsc#1085308). - arm: dts: socfpga: fix GIC PPI warning (bnc#1012382). - arm: OMAP1: clock: Fix debugfs_create_*() usage (bnc#1012382). - arm: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bnc#1012382). - arm: OMAP3: Fix prm wake interrupt for resume (bnc#1012382). - arm: OMAP: Fix dmtimer init for omap1 (bnc#1012382). - asm-generic: provide generic_pmdp_establish() (bnc#1012382). - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bnc#1012382 bsc#1031717). - ASoC: Intel: sst: remove redundant variable dma_dev_name (bnc#1012382). - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined (bnc#1012382). - ASoC: topology: create TLV data for dapm widgets (bnc#1012382). - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) (bnc#1012382). - audit: move calcs after alloc and check when logging set loginuid (bnc#1012382). - audit: return on memory error to avoid null pointer dereference (bnc#1012382). - autofs: change autofs4_expire_wait()/do_expire_wait() to take struct path (bsc#1086716). - autofs: change autofs4_wait() to take struct path (bsc#1086716). - autofs: use path_has_submounts() to fix unreliable have_submount() checks (bsc#1086716). - autofs: use path_is_mountpoint() to fix unreliable d_mountpoint() checks (bsc#1086716). - batman-adv: fix header size check in batadv_dbg_arp() (bnc#1012382). - batman-adv: fix multicast-via-unicast transmission with AP isolation (bnc#1012382). - batman-adv: fix packet checksum in receive path (bnc#1012382). - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bnc#1012382). - batman-adv: invalidate checksum on fragment reassembly (bnc#1012382). - bcache: fix for allocator and register thread race (bnc#1012382). - bcache: fix for data collapse after re-attaching an attached device (bnc#1012382). - bcache: fix kcrashes with fio in RAID5 backend dev (bnc#1012382). - bcache: properly set task state in bch_writeback_thread() (bnc#1012382). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bnc#1012382). - bcache: return attach error when no cache set exist (bnc#1012382). - blacklist.conf: blacklist fc218544fbc8 This commit requires major changes from 4.17, namely commit b9e281c2b388 ("libceph: introduce BVECS data type") - blacklist.conf: No need for 0aa48468d009 ("KVM/VMX: Expose SSBD properly to guests") since KF(SSBD) in our case does the expected. - block: cancel workqueue entries on blk_mq_freeze_queue() (bsc#1090435). - bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504, bsc#1095147). - bluetooth: btusb: Add device ID for RTL8822BE (bnc#1012382). - bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB (bnc#1012382). - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() (bnc#1012382). - bonding: do not allow rlb updates to invalid mac (bnc#1012382). - bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y (bnc#1012382). - bridge: check iface upper dev when setting master via ioctl (bnc#1012382). - btrfs: bail out on error during replay_dir_deletes (bnc#1012382). - btrfs: fix copy_items() return value when logging an inode (bnc#1012382). - btrfs: fix crash when trying to resume balance without the resume flag (bnc#1012382). - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers (bnc#1012382). - btrfs: fix NULL pointer dereference in log_dir_items (bnc#1012382). - btrfs: Fix out of bounds access in btrfs_search_slot (bnc#1012382). - btrfs: Fix possible softlock on single core machines (bnc#1012382). - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bnc#1012382). - btrfs: fix scrub to repair raid6 corruption (bnc#1012382). - btrfs: fix xattr loss after power failure (bnc#1012382). - btrfs: send, fix issuing write op when processing hole in no data mode (bnc#1012382). - btrfs: set plug for fsync (bnc#1012382). - btrfs: tests/qgroup: Fix wrong tree backref level (bnc#1012382). - cdrom: do not call check_disk_change() inside cdrom_open() (bnc#1012382). - ceph: delete unreachable code in ceph_check_caps() (bsc#1096214). - ceph: fix race of queuing delayed caps (bsc#1096214). - ceph: fix st_nlink stat for directories (bsc#1093904). - cfg80211: further limit wiphy names to 64 bytes (bnc#1012382 git-fixes). - cfg80211: further limit wiphy names to 64 bytes (git-fixes). - cfg80211: limit wiphy names to 128 bytes (bnc#1012382). - cifs: silence compiler warnings showing up with gcc-8.0.0 (bnc#1012382 bsc#1090734). - clk: Do not show the incorrect clock phase (bnc#1012382). - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bnc#1012382). - clk: samsung: exynos3250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5250: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5260: Fix PLL rates (bnc#1012382). - clk: samsung: exynos5433: Fix PLL rates (bnc#1012382). - clk: samsung: s3c2410: Fix PLL rates (bnc#1012382). - clocksource/drivers/fsl_ftm_timer: Fix error return checking (bnc#1012382). - config: arm64: enable Spectre-v4 per-thread mitigation - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bnc#1012382). - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bnc#1012382). - cpufreq: intel_pstate: Enable HWP by default (FATE#319178 bnc#1012382). - cpuidle: coupled: remove unused define cpuidle_coupled_lock (bnc#1012382). - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss (bnc#1012382). - cxgb4: Setup FW queues before registering netdev (bsc#1022743 FATE#322540). - dccp: fix tasklet usage (bnc#1012382). - dlm: fix a clerical error when set SCTP_NODELAY (bsc#1091594). - dlm: make sctp_connect_to_sock() return in specified time (bsc#1080542). - dlm: remove O_NONBLOCK flag in sctp_connect_to_sock (bsc#1080542). - dmaengine: ensure dmaengine helpers check valid callback (bnc#1012382). - dmaengine: pl330: fix a race condition in case of threaded irqs (bnc#1012382). - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bnc#1012382). - dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all() (bnc#1012382). - dm thin: fix documentation relative to low water mark threshold (bnc#1012382). - do d_instantiate/unlock_new_inode combinations safely (bnc#1012382). - dp83640: Ensure against premature access to PHY registers after reset (bnc#1012382). - drm/exynos: fix comparison to bitshift when dealing with a mask (bnc#1012382). - drm/i915: Disable LVDS on Radiant P845 (bnc#1012382). - drm/rockchip: Respect page offset for PRIME mmap calls (bnc#1012382). - e1000e: allocate ring descriptors with dma_zalloc_coherent (bnc#1012382). - e1000e: Fix check_for_link return value with autoneg off (bnc#1012382 bsc#1075428). - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode (bnc#1012382). - enic: enable rq before updating rq descriptors (bnc#1012382). - ext2: fix a block leak (bnc#1012382). - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper() (bnc#1012382). - firewire-ohci: work around oversized DMA reads on JMicron controllers (bnc#1012382). - firmware: dmi_scan: Fix handling of empty DMI strings (bnc#1012382). - Fix excessive newline in /proc/*/status (bsc#1094823). - fix io_destroy()/aio_complete() race (bnc#1012382). - Force log to disk before reading the AGF during a fstrim (bnc#1012382). - fscache: Fix hanging wait on page discarded by writeback (bnc#1012382). - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table (bnc#1012382). - futex: futex_wake_op, do not fail on invalid op (git-fixes). - futex: futex_wake_op, fix sign_extend32 sign bits (bnc#1012382). - futex: Remove duplicated code and fix undefined behaviour (bnc#1012382). - futex: Remove unnecessary warning from get_futex_key (bnc#1012382). - gfs2: Fix fallocate chunk size (bnc#1012382). - gianfar: Fix Rx byte accounting for ndev stats (bnc#1012382). - gpio: rcar: Add Runtime PM handling for interrupts (bnc#1012382). - hfsplus: stop workqueue when fill_super() failed (bnc#1012382). - hid: roccat: prevent an out of bounds read in kovaplus_profile_activated() (bnc#1012382). - hwmon: (nct6775) Fix writing pwmX_mode (bnc#1012382). - hwmon: (pmbus/adm1275) Accept negative page register values (bnc#1012382). - hwmon: (pmbus/max8688) Accept negative page register values (bnc#1012382). - hwrng: stm32 - add reset during probe (bnc#1012382). - hwtracing: stm: fix build error on some arches (bnc#1012382). - i2c: mv64xxx: Apply errata delay only in standard mode (bnc#1012382). - i2c: rcar: check master irqs before slave irqs (bnc#1012382). - i2c: rcar: do not issue stop when HW does it automatically (bnc#1012382). - i2c: rcar: init new messages in irq (bnc#1012382). - i2c: rcar: make sure clocks are on when doing clock calculation (bnc#1012382). - i2c: rcar: refactor setup of a msg (bnc#1012382). - i2c: rcar: remove spinlock (bnc#1012382). - i2c: rcar: remove unused IOERROR state (bnc#1012382). - i2c: rcar: revoke START request early (bnc#1012382). - i2c: rcar: rework hw init (bnc#1012382). - ib/ipoib: Fix for potential no-carrier state (bnc#1012382). - ibmvnic: Check CRQ command return codes (bsc#1094840). - ibmvnic: Create separate initialization routine for resets (bsc#1094840). - ibmvnic: Fix partial success login retries (bsc#1094840). - ibmvnic: Handle error case when setting link state (bsc#1094840). - ibmvnic: Introduce active CRQ state (bsc#1094840). - ibmvnic: Introduce hard reset recovery (bsc#1094840). - ibmvnic: Mark NAPI flag as disabled when released (bsc#1094840). - ibmvnic: Only do H_EOI for mobility events (bsc#1094356). - ibmvnic: Return error code if init interrupted by transport event (bsc#1094840). - ibmvnic: Set resetting state at earliest possible point (bsc#1094840). - iio:kfifo_buf: check for uint overflow (bnc#1012382). - ima: Fallback to the builtin hash algorithm (bnc#1012382). - ima: Fix Kconfig to select TPM 2.0 CRB interface (bnc#1012382). - init: fix false positives in W+X checking (bsc#1096982). - input: elan_i2c_smbus - fix corrupted stack (bnc#1012382). - ipc/shm: fix shmat() nil address after round-down when remapping (bnc#1012382). - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (bnc#1012382). - ipmi_ssif: Fix kernel panic at msg_done_handler (bnc#1012382 bsc#1088871). - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg (bnc#1012382). - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (bnc#1012382). - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - irda: fix overly long udelay() (bnc#1012382). - irqchip/gic-v3: Change pr_debug message to pr_devel (bnc#1012382). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (bnc#1012382 git-fixes). - kabi: vfs: Restore dentry_operations->d_manage (bsc#1086716). - kABI: work around BPF SSBD removal (bsc#1087082). - kasan: fix memory hotplug during boot (bnc#1012382). - kbuild: change CC_OPTIMIZE_FOR_SIZE definition (bnc#1012382). - kconfig: Do not leak main menus during parsing (bnc#1012382). - kconfig: Fix automatic menu creation mem leak (bnc#1012382). - kconfig: Fix expr_free() E_NOT leak (bnc#1012382). - kdb: make "mdr" command repeat (bnc#1012382). - kernel: Fix memory leak on EP11 target list processing (bnc#1096751, LTC#168596). - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE (bnc#1012382). - kernel/sys.c: fix potential Spectre v1 issue (bnc#1012382). - kvm: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" (bnc#1012382). - kvm: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use (bnc#1012382). - kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bnc#1012382). - kvm: VMX: raise internal error for exception during invalid protected mode state (bnc#1012382). - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl (bnc#1012382). - kvm: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - l2tp: revert "l2tp: fix missing print session offset info" (bnc#1012382). - libata: blacklist Micron 500IT SSD with MU01 firmware (bnc#1012382). - libata: Blacklist some Sandisk SSDs for NCQ (bnc#1012382). - libnvdimm, dax: fix 1GB-aligned namespaces vs physical misalignment (FATE#320457, FATE#320460). - libnvdimm, namespace: use a safe lookup for dimm device name (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - libnvdimm, pfn: fix start_pad handling for aligned namespaces (FATE#320460). - llc: better deal with too small mtu (bnc#1012382). - llc: properly handle dev_queue_xmit() return value (bnc#1012382). - lockd: lost rollback of set_grace_period() in lockd_down_net() (bnc#1012382 git-fixes). - locking/qspinlock: Ensure node->count is updated before initialising node (bnc#1012382). - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() (bnc#1012382). - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs (bnc#1012382). - loop: handle short DIO reads (bsc#1094177). - m68k: set dma and coherent masks for platform FEC ethernets (bnc#1012382). - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 (bnc#1012382). - md raid10: fix NULL deference in handle_write_completed() (bnc#1012382 bsc#1056415). - md/raid1: fix NULL pointer dereference (bnc#1012382). - md: raid5: avoid string overflow warning (bnc#1012382). - media: cx23885: Override 888 ImpactVCBe crystal frequency (bnc#1012382). - media: cx23885: Set subdev host data to clk_freq pointer (bnc#1012382). - media: cx25821: prevent out-of-bounds read on array card (bnc#1012382 bsc#1031717). - media: dmxdev: fix error code for invalid ioctls (bnc#1012382). - media: em28xx: USB bulk packet size fix (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bnc#1012382 bsc#1031717). - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register (bnc#1012382). - mm: do not allow deferred pages with NEED_PER_CPU_KM (bnc#1012382). - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read (-- VM bnc#1012382 bnc#971975 generic performance read). - mm: filemap: remove redundant code in do_read_cache_page (-- VM bnc#1012382 bnc#971975 generic performance read). - mm: fix races between address_space dereference and free in page_evicatable (bnc#1012382). - mm: fix the NULL mapping case in __isolate_lru_page() (bnc#1012382). - mm/kmemleak.c: wait for scan completion before disabling free (bnc#1012382). - mm/ksm: fix interaction with THP (bnc#1012382). - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages (bnc#1012382). - mm/mempolicy.c: avoid use uninitialized preferred_node (bnc#1012382). - mm/mempolicy: fix the check of nodemask from user (bnc#1012382). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1012382 bnc#1081500). - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bnc#1012382). - net: ethernet: sun: niu set correct packet size in skb (bnc#1012382). - netfilter: ebtables: convert BUG_ONs to WARN_ONs (bnc#1012382). - net: Fix untag for vlan packets without ethernet header (bnc#1012382). - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off (bnc#1012382). - netlabel: If PF_INET6, check sk_buff ip header version (bnc#1012382). - net/mlx4_en: Verify coalescing parameters are in range (bnc#1012382). - net/mlx5: Protect from command bit overflow (bnc#1012382). - net: mvneta: fix enable of all initialized RXQs (bnc#1012382). - net: qmi_wwan: add BroadMobi BM806U 2020:2033 (bnc#1012382). - net_sched: fq: take care of throttled flows before reuse (bnc#1012382). - net: support compat 64-bit time in {s,g}etsockopt (bnc#1012382). - net/tcp/illinois: replace broken algorithm reference link (bnc#1012382). - net: test tailroom before appending to linear skb (bnc#1012382). - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 (bnc#1012382). - net/usb/qmi_wwan.c: Add USB id for lt4120 modem (bnc#1012382). - nfc: llcp: Limit size of SDP URI (bnc#1012382). - nfit, address-range-scrub: fix scrub in-progress reporting (FATE#321135, FATE#321217, FATE#321256, FATE#321391, FATE#321393). - nfit: fix region registration vs block-data-window ranges (FATE#319858). - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (bnc#1012382 git-fixes). - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bnc#1012382 bsc#1068951). - ntb_transport: Fix bug with max_mw_size parameter (bnc#1012382). - nvme-pci: Fix EEH failure on ppc (bsc#1093533). - nvme-pci: Fix nvme queue cleanup if IRQ setup fails (bnc#1012382). - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute (bnc#1012382). - ocfs2/dlm: do not handle migrate lockres if already in shutdown (bnc#1012382). - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid (bnc#1012382). - ocfs2: return error when we attempt to access a dirty bh in jbd2 (bnc#1012382 bsc#1070404). - openvswitch: Do not swap table in nlattr_set() after OVS_ATTR_NESTED is found (bnc#1012382). - packet: fix reserve calculation (git-fixes). - packet: in packet_snd start writing at link layer allocation (bnc#1012382). - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 88SE9220 (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 9128 (bnc#1012382). - pci: hv: Fix a __local_bh_enable_ip warning in hv_compose_msi_msg() (bnc#1094268). - pci: Restore config space on runtime resume despite being unbound (bnc#1012382). - perf callchain: Fix attr.sample_max_stack setting (bnc#1012382). - perf/cgroup: Fix child event counting bug (bnc#1012382). - perf/core: Fix perf_output_read_group() (bnc#1012382). - perf report: Fix memory corruption in --branch-history mode --branch-history (bnc#1012382). - perf tests: Use arch__compare_symbol_names to compare symbols (bnc#1012382). - pipe: cap initial pipe capacity according to pipe-max-size limit (bnc#1012382 bsc#1045330). - powerpc/64s: Clear PCR on boot (bnc#1012382). - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382). - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access (bnc#1012382). - powerpc: Do not preempt_disable() in show_cpuinfo() (bnc#1012382 bsc#1066223). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382). - powerpc/numa: Ensure nodes initialized for hotplug (FATE#322022 bnc#1012382 bsc#1081514). - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes (FATE#322022 bnc#1012382 bsc#1081514). - powerpc/perf: Fix kernel address leak via sampling registers (bnc#1012382). - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer (bnc#1012382). - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382). - powerpc/powernv: panic() on OPAL < V3 (bnc#1012382). - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL (bnc#1012382). - powerpc/powernv: Remove OPALv2 firmware define and references (bnc#1012382). - proc: fix /proc/*/map_files lookup (bnc#1012382). - procfs: fix pthread cross-thread naming if !PR_DUMPABLE (bnc#1012382). - proc: meminfo: estimate available memory more conservatively (-- VM bnc#1012382 functionality monitoring space user). - proc read mm's {arg,env}_{start,end} with mmap semaphore taken (bnc#1012382). - qede: Fix ref-cnt usage count (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Fix LL2 race during connection terminate (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: Fix possibility of list corruption during rmmod flows (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qed: LL2 flush isles when connection is closed (bsc#1019695 FATE#321703 bsc#1019699 FATE#321702 bsc#1022604 FATE#321747). - qla2xxx: Mask off Scope bits in retry delay (bsc#1068054). - qmi_wwan: do not steal interfaces from class drivers (bnc#1012382). - r8152: fix tx packets accounting (bnc#1012382). - r8169: fix powering up RTL8168h (bnc#1012382). - rdma/mlx5: Avoid memory leak in case of XRCD dealloc failure (bnc#1012382). - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1022604 FATE#321747). - rdma/ucma: Correct option size check using optlen (bnc#1012382). - rds: IB: Fix null pointer issue (bnc#1012382). - Refresh patches.arch/arm64-bsc1031492-0165-arm64-Add-MIDR-values-for-Cavium-cn83XX-SoCs.patch. - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' (bnc#1012382). - regulatory: add NUL to request alpha2 (bnc#1012382). - Revert "arm: dts: imx6qdl-wandboard: Fix audio channel swap" (bnc#1012382). - Revert "bs-upload-kernel: do not set %opensuse_bs" This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - Revert "ima: limit file hash setting by user to fix and log modes" (bnc#1012382). - Revert "ipc/shm: Fix shmat mmap nil-page protection" (bnc#1012382). - Revert "regulatory: add NUL to request alpha2" (kabi). - Revert "vti4: Do not override MTU passed on link creation via IFLA_MTU" (bnc#1012382). - rtc: hctosys: Ensure system time does not overflow time_t (bnc#1012382). - rtc: snvs: Fix usage of snvs_rtc_enable (bnc#1012382). - rtc: tx4939: avoid unintended sign extension on a 24 bit shift (bnc#1012382). - rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c (bnc#1012382). - s390: add assembler macros for CPU alternatives (bnc#1012382). - s390/cio: clear timer when terminating driver I/O (bnc#1012382). - s390/cio: fix return code after missing interrupt (bnc#1012382). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (bnc#1094532, LTC#168035). - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero (LTC#168035 bnc#1012382 bnc#1094532). - s390: extend expoline to BC instructions (bnc#1012382). - s390/ftrace: use expoline for indirect branches (bnc#1012382). - s390/kernel: use expoline for indirect branches (bnc#1012382). - s390/lib: use expoline for indirect branches (bnc#1012382). - s390: move expoline assembler macros to a header (bnc#1012382). - s390: move spectre sysfs attribute code (bnc#1012382). - s390/qdio: do not release memory in qdio_setup_irq() (bnc#1012382). - s390/qdio: fix access to uninitialized qdio_q fields (bnc#1094532, LTC#168037). - s390/qdio: fix access to uninitialized qdio_q fields (LTC#168037 bnc#1012382 bnc#1094532). - s390: remove indirect branch from do_softirq_own_stack (bnc#1012382). - s390: use expoline thunks in the BPF JIT (bnc#1012382). - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning (bnc#1012382). - scripts/git-pre-commit: - scsi: aacraid: Correct hba_send to include iu_type (bsc#1022607, FATE#321673). - scsi: aacraid: fix shutdown crash when init fails (bnc#1012382). - scsi: aacraid: Insure command thread is not recursively stopped (bnc#1012382). - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request (bnc#1012382). - scsi: fas216: fix sense buffer initialization (bnc#1012382 bsc#1082979). - scsi: libsas: defer ata device eh commands to libata (bnc#1012382). - scsi: lpfc: Fix frequency of Release WQE CQEs (bnc#1012382). - scsi: lpfc: Fix issue_lip if link is disabled (bnc#1012382 bsc#1080656). - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (bnc#1012382 bsc#1080656). - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bnc#1012382 bsc#1078583). - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (bnc#1012382). - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() (bnc#1012382). - scsi: qla4xxx: skip error recovery in case of register disconnect (bnc#1012382). - scsi: scsi_transport_srp: Fix shost to rport translation (bnc#1012382). - scsi: sd: Keep disk read-only when re-reading partition (bnc#1012382). - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (bnc#1012382). - scsi: storvsc: Increase cmd_per_lun for higher speed devices (bnc#1012382). - scsi: sym53c8xx_2: iterator underflow in sym_getsync() (bnc#1012382). - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command (bnc#1012382). - scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1094532, LTC#168038). - scsi: zfcp: fix infinite iteration on ERP ready list (LTC#168038 bnc#1012382 bnc#1094532). - sctp: delay the authentication for the duplicated cookie-echo chunk (bnc#1012382). - sctp: fix the issue that the cookie-ack with auth can't get processed (bnc#1012382). - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr (bnc#1012382). - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d (bnc#1012382). - selftests: ftrace: Add a testcase for probepoint (bnc#1012382). - selftests: ftrace: Add a testcase for string type with kprobe_event (bnc#1012382). - selftests: ftrace: Add probe event argument syntax testcase (bnc#1012382). - selftests: memfd: add config fragment for fuse (bnc#1012382). - selftests/net: fixes psock_fanout eBPF test case (bnc#1012382). - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable (bnc#1012382). - selftests: Print the test we're running to /dev/kmsg (bnc#1012382). - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (bnc#1012382). - serial: arc_uart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: fsl_lpuart: Fix out-of-bounds access through DT alias (bnc#1012382). - serial: imx: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: mxs-auart: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: samsung: Fix out-of-bounds access through serial port index (bnc#1012382). - serial: xuartps: Fix out-of-bounds access through DT alias (bnc#1012382). - sh: fix debug trap failure to process signals before return to user (bnc#1012382). - sh: New gcc support (bnc#1012382). - signals: avoid unnecessary taking of sighand->siglock (-- Scheduler bnc#1012382 bnc#978907 performance signals). - sit: fix IFLA_MTU ignored on NEWLINK (bnc#1012382). - smsc75xx: fix smsc75xx_set_features() (bnc#1012382). - sock_diag: fix use-after-free read in __sk_free (bnc#1012382). - sparc64: Fix build warnings with gcc 7 (bnc#1012382). - sparc64: Make atomic_xchg() an inline function rather than a macro (bnc#1012382). - spi: pxa2xx: Allow 64-bit DMA (bnc#1012382). - sr: get/drop reference to device in revalidate and check_events (bnc#1012382). - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr (bnc#1012382). - stm class: Use vmalloc for the master map (bnc#1012382). - sunvnet: does not support GSO for sctp (bnc#1012382). - swap: divide-by-zero when zero length swap file on ssd (bnc#1012382 bsc#1082153). - tcp: avoid integer overflows in tcp_rcv_space_adjust() (bnc#1012382). - tcp: ignore Fast Open on repair mode (bnc#1012382). - tcp: purge write queue in tcp_connect_init() (bnc#1012382). - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches (git-fixes). - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent() (bnc#1012382). - tick/broadcast: Use for_each_cpu() specially on UP kernels (bnc#1012382). - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting (bnc#1012382). - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bnc#1012382). - tools lib traceevent: Fix get_field_str() for dynamic strings (bnc#1012382). - tools lib traceevent: Simplify pointer print logic and fix %pF (bnc#1012382). - tools/thermal: tmon: fix for segfault (bnc#1012382). - tracing: Fix crash when freeing instances with event triggers (bnc#1012382). - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account (bnc#1012382). - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} (bnc#1012382). - udf: Provide saner default for invalid uid / gid (bnc#1012382). - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bnc#1012382). - usb: dwc2: Fix interval type issue (bnc#1012382). - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bnc#1012382). - usb: gadget: composite: fix incorrect handling of OS desc requests (bnc#1012382). - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bnc#1012382). - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS (bnc#1012382). - usb: gadget: fsl_udc_core: fix ep valid checks (bnc#1012382). - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bnc#1012382). - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bnc#1012382). - usbip: usbip_host: delete device from busid_table after rebind (bnc#1012382). - usbip: usbip_host: fix bad unlock balance during stub_probe() (bnc#1012382). - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bnc#1012382). - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bnc#1012382). - usbip: usbip_host: run rebind from exit when module is removed (bnc#1012382). - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bnc#1012382). - usb: musb: fix enumeration after resume (bnc#1012382). - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bnc#1012382). - USB: serial: cp210x: use tcflag_t to fix incompatible pointer type (bnc#1012382). - vfs: add path_has_submounts() (bsc#1086716). - vfs: add path_is_mountpoint() helper (bsc#1086716). - vfs: change d_manage() to take a struct path (bsc#1086716). - virtio-gpu: fix ioctl and expose the fixed status to userspace (bnc#1012382). - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bnc#1012382). - vmscan: do not force-scan file lru if its absolute size is small (-- VM bnc#1012382 page performance reclaim). - vti4: Do not count header length twice on tunnel setup (bnc#1012382). - vti4: Do not override MTU passed on link creation via IFLA_MTU (bnc#1012382). - watchdog: f71808e_wdt: Fix magic close handling (bnc#1012382). - watchdog: sp5100_tco: Fix watchdog disable bit (bnc#1012382). - workqueue: use put_device() instead of kfree() (bnc#1012382). - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified (bnc#1012382). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1068032). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/cpufeature: Remove unused and seldomly used cpu_has_xx macros (bnc#1012382). - x86/devicetree: Fix device IRQ settings in DT (bnc#1012382). - x86/devicetree: Initialize device tree before using it (bnc#1012382). - x86: ENABLE_IBRS clobbers %rax which it shouldn't do there is probably a place where forcing _IBRS_OFF is missed (or is too late) and therefore ENABLE_IBRS is sometimes called early during boot while it should not. Let's drop the uoptimization for now. (bsc#1098009 and bsc#1098012) - x86/fpu: Default eagerfpu=on on all CPUs (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/fpu: Disable AVX when eagerfpu is off (bnc#1012382). - x86/fpu: Disable MPX when eagerfpu is off (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/fpu: Fix early FPU command-line parsing (CVE-2018-3665 bnc#1012382 bnc#1087086). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bnc#1012382). - x86-mce-Make-timer-handling-more-robust.patch: Fix metadata - x86/pgtable: Do not set huge PUD/PMD on non-leaf entries (bnc#1012382). - x86/pkeys: Do not special case protection key 0 (1041740). - x86/pkeys: Override pkey when moving away from PROT_EXEC (1041740). - x86/power: Fix swsusp_arch_resume prototype (bnc#1012382). - x86: Remove unused function cpu_has_ht_siblings() (bnc#1012382). - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (bnc#1012382). - xen/acpi: off by one in read_acpi_id() (bnc#1012382). - xen/grant-table: Use put_page instead of free_page (bnc#1012382). - xen-netfront: Fix race between device setup and open (bnc#1012382). - xen/netfront: raise max number of slots in xennet_get_responses() (bnc#1076049). - xen/pirq: fix error path cleanup when binding MSIs (bnc#1012382). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1012382). - xen: xenbus: use put_device() instead of kfree() (bnc#1012382). - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) (bnc#1012382). - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bnc#1012382 bsc#1090534 bsc#1090955). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). - xfs: fix endianness error when checking log block crc on big endian platforms (bsc#1094405, bsc#1036215). - xfs: remove racy hasattr check from attr ops (bnc#1012382 bsc#1035432). - xhci: Fix USB3 NULL pointer dereference at logical disconnect (git-fixes). - xhci: Fix use-after-free in xhci_free_virt_device (git-fixes). - xhci: zero usb device slot_id member when disabling and freeing a xhci slot (bnc#1012382). - zorro: Set up z->dev.dma_mask for the DMA API (bnc#1012382). - jfs: Fix buffer overrun in ea_get (bsc#1097234, CVE-2018-12233). Important SUSE bug 1012382 SUSE bug 1019695 SUSE bug 1019699 SUSE bug 1022604 SUSE bug 1022607 SUSE bug 1022743 SUSE bug 1024718 SUSE bug 1031492 SUSE bug 1031717 SUSE bug 1035432 SUSE bug 1036215 SUSE bug 1041740 SUSE bug 1045330 SUSE bug 1056415 SUSE bug 1066223 SUSE bug 1068032 SUSE bug 1068054 SUSE bug 1068951 SUSE bug 1070404 SUSE bug 1073311 SUSE bug 1075428 SUSE bug 1076049 SUSE bug 1078583 SUSE bug 1079152 SUSE bug 1080542 SUSE bug 1080656 SUSE bug 1081500 SUSE bug 1081514 SUSE bug 1082153 SUSE bug 1082504 SUSE bug 1082979 SUSE bug 1085308 SUSE bug 1086400 SUSE bug 1086716 SUSE bug 1087007 SUSE bug 1087012 SUSE bug 1087036 SUSE bug 1087082 SUSE bug 1087086 SUSE bug 1087095 SUSE bug 1088871 SUSE bug 1090435 SUSE bug 1090534 SUSE bug 1090734 SUSE bug 1090955 SUSE bug 1091594 SUSE bug 1091815 SUSE bug 1092552 SUSE bug 1092813 SUSE bug 1092903 SUSE bug 1093533 SUSE bug 1093904 SUSE bug 1094177 SUSE bug 1094268 SUSE bug 1094353 SUSE bug 1094356 SUSE bug 1094405 SUSE bug 1094466 SUSE bug 1094532 SUSE bug 1094823 SUSE bug 1094840 SUSE bug 1095042 SUSE bug 1095147 SUSE bug 1096037 SUSE bug 1096140 SUSE bug 1096214 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1096751 SUSE bug 1096982 SUSE bug 1097234 SUSE bug 1097356 SUSE bug 1098009 SUSE bug 1098012 SUSE bug 971975 SUSE bug 973378 SUSE bug 978907 CVE-2017-13305 CVE-2017-17741 CVE-2017-18241 CVE-2017-18249 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-12233 CVE-2018-3639 CVE-2018-3665 CVE-2018-5848 openSUSE Leap 42.3 This update for MariaDB to version 10.0.35 fixes multiple issues: Security issues fixed: * CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes (bsc#1090518) * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518) * CVE-2018-2755: Unspecified vulnerability in Replication allowing server compromise (bsc#1090518) * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518) * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518) * CVE-2018-2761: Unspecified DoS vulnerability in Client programs (bsc#1090518) * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer (bsc#1090518) * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking component (bsc#1090518) * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing unauthorized reads (bsc#1090518) * CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681) The following changes are included: * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * Fix for Crash in MVCC read after IMPORT TABLESPACE * Fix for innodb_read_only trying to modify files if transactions were recovered in COMMITTED state * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing corrupted record This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1088681 SUSE bug 1090518 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 openSUSE Leap 42.3 This update for tiff fixes the following issues: These security issues were fixed: - CVE-2017-18013: There was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2018-10963: The TIFFWriteDirectorySec() function in tif_dirwrite.c allowed remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. (bsc#1092949) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276) - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1007276 SUSE bug 1074317 SUSE bug 1082332 SUSE bug 1082825 SUSE bug 1086408 SUSE bug 1092949 SUSE bug 974621 CVE-2016-3632 CVE-2016-8331 CVE-2017-11613 CVE-2017-13726 CVE-2017-18013 CVE-2018-10963 CVE-2018-7456 CVE-2018-8905 openSUSE Leap 42.3 This update for unixODBC to version 2.3.6 fixes the following issues: - CVE-2018-7409: Buffer overflow in unicode_to_ansi_copy() was fixed in 2.3.5 (bsc#1082290) - CVE-2018-7485: Swapped arguments in SQLWriteFileDSN() in odbcinst/SQLWriteFileDSN.c (bsc#1082484) Other fixes: - Enabled --enable-fastvalidate option in configure (bsc#1044970) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1044970 SUSE bug 1082060 SUSE bug 1082290 SUSE bug 1082484 CVE-2018-7409 CVE-2018-7485 openSUSE Leap 42.3 This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1092100 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 openSUSE Leap 42.3 This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a directory traversal issue in sprockets/server.rb:forbidden_request?(), which allowed remote attackers to read arbitrary files via specially crafted requests. (boo#1098369) Important SUSE bug 1098369 CVE-2018-3760 openSUSE Leap 42.3 NonFree This update for Opera 54.0.2952.41 fixes multiple issues. - CVE-2018-6148: Incorrect handling of CSP header (boo#1096508) This update to version 54.0.2952.41 also contains all security and bug fixes in this upstream version, including all fixes in the chromium engine. Moderate SUSE bug 1096508 SUSE bug 1099568 CVE-2018-6148 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: These security issues were fixed: - CVE-2017-13758: Prevent heap-based buffer overflow in the TracePoint() function (bsc#1056277). - CVE-2017-10928: Prevent heap-based buffer over-read in the GetNextToken function that allowed remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document (bsc#1047356). - CVE-2018-9133: Long compute times in the tiff decoder have been fixed (bsc#1087820). - CVE-2018-11251: Heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service (bsc#1094237). - CVE-2017-18271: Infinite loop in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (bsc#1094204). - CVE-2018-11655: Memory leak in the GetImagePixelCache in MagickCore/cache.c was fixed (bsc#1095730) - CVE-2018-10804: Memory leak in WriteTIFFImage in coders/tiff.c was fixed (bsc#1095813) - CVE-2018-10805: Fixed memory leaks in bgr.c, rgb.c, cmyk.c, gray.c, ycbcr.c (bsc#1095812) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1047356 SUSE bug 1056277 SUSE bug 1087820 SUSE bug 1094204 SUSE bug 1094237 SUSE bug 1095730 SUSE bug 1095812 SUSE bug 1095813 CVE-2017-10928 CVE-2017-13758 CVE-2017-18271 CVE-2018-10804 CVE-2018-10805 CVE-2018-11251 CVE-2018-11655 CVE-2018-9133 openSUSE Leap 42.3 This update for postgresql95 fixes the following issues: - Update to PostgreSQL 9.5.13: * https://www.postgresql.org/docs/9.5/static/release-9-5-13.html A dump/restore is not required for those running 9.5.X. However, if the function marking mistakes mentioned belowpg_logfile_rotate affect you, you will want to take steps to correct your database catalogs. The functions query_to_xml, cursor_to_xml, cursor_to_xmlschema, query_to_xmlschema, and query_to_xml_and_xmlschema should be marked volatile because they execute user-supplied queries that might contain volatile operations. They were not, leading to a risk of incorrect query optimization. This has been repaired for new installations by correcting the initial catalog data, but existing installations will continue to contain the incorrect markings. Practical use of these functions seems to pose little hazard, but in case of trouble, it can be fixed by manually updating these functions' pg_proc entries, for example: ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, boolean, text) VOLATILE. (Note that that will need to be done in each database of the installation.) Another option is to pg_upgrade the database to a version containing the corrected initial data. Security issue fixed: - CVE-2018-1115: Remove public execute privilege from contrib/adminpack's pg_logfile_rotate() function pg_logfile_rotate() is a deprecated wrapper for the core function pg_rotate_logfile(). When that function was changed to rely on SQL privileges for access control rather than a hard-coded superuser check, pg_logfile_rotate() should have been updated as well, but the need for this was missed. Hence, if adminpack is installed, any user could request a logfile rotation, creating a minor security issue. After installing this update, administrators should update adminpack by performing ALTER EXTENSION adminpack UPDATE in each database in which adminpack is installed. (bsc#1091610) Moderate SUSE bug 1091610 CVE-2018-1115 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: - security update (xcf.c): * CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file. CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. [bsc#1058422] - security update (pnm.c): * CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c and could lead to remote denial of service [bsc#1056550] - security update (psd.c): * CVE-2017-15281: ReadPSDImage allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file [bsc#1063049] * CVE-2017-13061: A length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. [bsc#1055063] * CVE-2017-12563: A Memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. [bsc#1052460] * CVE-2017-14174: Due to a lack of an EOF check (End of File) in ReadPSDLayersInternal could cause huge CPU consumption, when a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over \"length\" would consume huge CPU resources, since there is no EOF check inside the loop.[bsc#1057723] - security update (meta.c): * CVE-2017-13062: Amemory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file [bsc#1055053] - security update (gif.c): * CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.[bsc#1063050] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1052460 SUSE bug 1055053 SUSE bug 1055063 SUSE bug 1056550 SUSE bug 1057723 SUSE bug 1058422 SUSE bug 1063049 SUSE bug 1063050 CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 openSUSE Leap 42.3 This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 openSUSE Leap 42.3 This update for rubygem-yard fixes the following issues: - CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files (bsc#1070263). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1070263 CVE-2017-17042 openSUSE Leap 42.3 This update for php7 fixes the following issues: - CVE-2018-12882: exif_read_from_impl allowed attackers to trigger a use-after-free (in exif_read_from_file) because it closed a stream that it is not responsible for closing (bsc#1099098) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1099098 CVE-2018-12882 openSUSE Leap 42.3 This update for nodejs6 to version 6.14.3 fixes the following issues: The following security vulnerability was addressed: - Fixed a denial of service (DoS) vulnerability in Buffer.fill(), which could hang when being called (CVE-2018-7167, bsc#1097375). The following other changes were made: - Use absolute paths in executable shebang lines - Fixed building with ICU61.1 (bsc#1091764) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1091764 SUSE bug 1097375 CVE-2018-7167 openSUSE Leap 42.3 This update for libqt4 fixes the following issues: LibQt4 was updated to 4.8.7 (bsc#1039291, CVE-2016-10040): See http://download.qt.io/official_releases/qt/4.8/4.8.7/changes-4.8.7 for more details. Also libQtWebkit4 was updated to 2.3.4 to match libqt4. Also following bugs were fixed: - Enable libqt4-devel-32bit (bsc#982826) - Fixed bolder font in Qt4 apps (boo#956357) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1039291 SUSE bug 1042657 SUSE bug 956357 SUSE bug 964458 SUSE bug 982826 CVE-2016-10040 openSUSE Leap 42.3 This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (boo#1100353). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (boo#1100355). - CVE-2018-13346: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (boo#1100354). Moderate SUSE bug 1100353 SUSE bug 1100354 SUSE bug 1100355 CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 openSUSE Leap 42.3 This update for polkit fixes the following issues: - CVE-2018-1116: Fixed trusting the client-supplied UID which could lead to a denial of service (too many dialogs) caused by local attackers (boo#1099031) Moderate SUSE bug 1099031 CVE-2018-1116 openSUSE Leap 42.3 This update for gdk-pixbuf fixes the following security issue: - CVE-2017-1000422: Prevent several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution (bsc#1074462). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1074462 CVE-2017-1000422 openSUSE Leap 42.3 This update for virtualbox to version 5.1.32 fixes the following issues: The following vulnerabilities were fixed (boo#1076372): - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, also known as "Spectre", bsc#1068032. - CVE-2018-2676: Local authenticated attacker may gain elevated privileges - CVE-2018-2685: Local authenticated attacker may gain elevated privileges - CVE-2018-2686: Local authenticated attacker may gain elevated privileges - CVE-2018-2687: Local authenticated attacker may gain elevated privileges - CVE-2018-2688: Local authenticated attacker may gain elevated privileges - CVE-2018-2689: Local authenticated attacker may gain elevated privileges - CVE-2018-2690: Local authenticated attacker may gain elevated privileges - CVE-2018-2693: Local authenticated attacker may gain elevated privileges via guest additions - CVE-2018-2694: Local authenticated attacker may gain elevated privileges - CVE-2018-2698: Local authenticated attacker may gain elevated privileges The following bug fixes are included: - fix occasional screen corruption when host screen resolution is changed - increase proposed disk size when creating new VMs for Windows 7 and newer - fix broken communication with certain devices on Linux hosts - Fix problems using 256MB VRAM in raw-mode VMs - add HDA support for more exotic guests (e.g. Haiku) - fix playback with ALSA backend (5.1.28 regression) - fix a problem where OHCI emulation might sporadically drop data transfers Important SUSE bug 1068032 SUSE bug 1076372 CVE-2017-5715 CVE-2018-2676 CVE-2018-2685 CVE-2018-2686 CVE-2018-2687 CVE-2018-2688 CVE-2018-2689 CVE-2018-2690 CVE-2018-2693 CVE-2018-2694 CVE-2018-2698 openSUSE Leap 42.3 This update for perl fixes the following issues: This security issue was fixed: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1068565 SUSE bug 1096718 CVE-2018-12015 openSUSE Leap 42.3 The openSUSE 42.3 was updated to 4.4.140 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924). - CVE-2018-9385: Prevent overread of the "driver_override" buffer (bsc#1100491). - CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418). The following non-security bugs were fixed: - 1wire: family module autoload fails because of upper/lower case mismatch (bnc#1012382). - ALSA: hda - Clean up ALC299 init code (bsc#1099810). - ALSA: hda - Enable power_save_node for CX20722 (bsc#1099810). - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines (bsc#1099810). - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1099810). - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810). - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() (bnc#1012382). - ALSA: hda - Use acpi_dev_present() (bsc#1099810). - ALSA: hda - add a new condition to check if it is thinkpad (bsc#1099810). - ALSA: hda - silence uninitialized variable warning in activate_amp_in() (bsc#1099810). - ALSA: hda/patch_sigmatel: Add AmigaOne X1000 pinconfigs (bsc#1099810). - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1099810). - ALSA: hda/realtek - Add headset mode support for Dell laptop (bsc#1099810). - ALSA: hda/realtek - Add support headset mode for DELL WYSE (bsc#1099810). - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1099810). - ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform (bsc#1099810). - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (bsc#1099810). - ALSA: hda/realtek - Fix Dell headset Mic can't record (bsc#1099810). - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1099810). - ALSA: hda/realtek - Fix the problem of two front mics on more machines (bsc#1099810). - ALSA: hda/realtek - Fixup for HP x360 laptops with BO speakers (bsc#1099810). - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1099810). - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 (bsc#1099810). - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*() (bsc#1099810). - ALSA: hda/realtek - Reorder ALC269 ASUS quirk entries (bsc#1099810). - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (bsc#1099810). - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1099810). - ALSA: hda/realtek - adjust the location of one mic (bsc#1099810). - ALSA: hda/realtek - change the location for one of two front mics (bsc#1099810). - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810). - ALSA: hda/realtek - update ALC215 depop optimize (bsc#1099810). - ALSA: hda/realtek - update ALC225 depop optimize (bsc#1099810). - ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD (bsc#1099810). - ALSA: hda/realtek: Limit mic boost on T480 (bsc#1099810). - ALSA: hda: Fix forget to free resource in error handling code path in hda_codec_driver_probe (bsc#1099810). - ALSA: hda: add dock and led support for HP EliteBook 830 G5 (bsc#1099810). - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1099810). - ALSA: hda: fix some klockwork scan warnings (bsc#1099810). - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bnc#1012382). - ARM: dts: imx6q: Use correct SDMA script for SPI5 core (bnc#1012382). - ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382). - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382). - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it (bnc#1012382). - Bluetooth: Fix connection if directed advertising and privacy is used (bnc#1012382). - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bnc#1012382). - Btrfs: fix clone vs chattr NODATASUM race (bnc#1012382). - Btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382). - Btrfs: make raid6 rebuild retry more (bnc#1012382). - Btrfs: scrub: Do not use inode pages for device replace (bnc#1012382). - Correct the arguments to verbose() (bsc#1098425) - Fix kABI breakage of iio_buffer in 4.4.139 (stable-4.4.139). - HID: debug: check length before copy_to_user() (bnc#1012382). - HID: hiddev: fix potential Spectre v1 (bnc#1012382). - HID: i2c-hid: Fix "incomplete report" noise (bnc#1012382). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc@1097140). - IB/qib: Fix DMA api warning with debug kernel (bnc#1012382). - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382). - Input: elan_i2c_smbus - fix more potential stack buffer overflows (bnc#1012382). - Input: elantech - enable middle button of touchpads on ThinkPad P52 (bnc#1012382). - Input: elantech - fix V4 report decoding for module with middle key (bnc#1012382). - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum (bnc#1012382). - MIPS: io: Add barrier after register read in inX() (bnc#1012382). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (bnc#1012382). - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bnc#1012382). - RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382). - Refresh with upstream commit:62290a5c194b since the typo fix has been merged in upstream. (bsc#1085185) - Remove broken patches for dac9063 watchdog (bsc#1100843) - Revert "Btrfs: fix scrub to repair raid6 corruption" (bnc#1012382). - Revert "kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183)." This turned out to be superfluous for 4.4.x kernels. - Revert "scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525)." This reverts commit b054499f7615e2ffa7571ac0d05c7d5c9a8c0327. - UBIFS: Fix potential integer overflow in allocation (bnc#1012382). - USB: serial: cp210x: add CESINEL device ids (bnc#1012382). - USB: serial: cp210x: add Silicon Labs IDs for Windows Update (bnc#1012382). - Update patches.fixes/nvme-expand-nvmf_check_if_ready-checks.patch (bsc#1098527). - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode (bnc#1012382). - atm: zatm: fix memcmp casting (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - block: Fix transfer when chunk sectors exceeds max (bnc#1012382). - bonding: re-evaluate force_primary when the primary slave name changes (bnc#1012382). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - branch-check: fix long->int truncation when profiling branches (bnc#1012382). - cdc_ncm: avoid padding beyond end of skb (bnc#1012382). - ceph: fix dentry leak in splice_dentry() (bsc#1098236). - ceph: fix use-after-free in ceph_statfs() (bsc#1098236). - ceph: fix wrong check for the case of updating link count (bsc#1098236). - ceph: prevent i_version from going back (bsc#1098236). - ceph: support file lock on directory (bsc#1098236). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: Fix infinite loop when using hard mount option (bnc#1012382). - cpufreq: Fix new policy initialization during limits updates via sysfs (bnc#1012382). - cpuidle: powernv: Fix promotion from snooze if next state disabled (bnc#1012382). - dm thin: handle running out of data space vs concurrent discard (bnc#1012382). - dm: convert DM printk macros to pr_ level macros (bsc#1099918). - dm: fix printk() rate limiting code (bsc#1099918). - drbd: fix access after free (bnc#1012382). - driver core: Do not ignore class_dir_create_and_add() failure (bnc#1012382). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876). - ext4: add more inode number paranoia checks (bnc#1012382). - ext4: add more mount time checks of the superblock (bnc#1012382). - ext4: always check block group bounds in ext4_init_block_bitmap() (bnc#1012382). - ext4: check superblock mapped prior to committing (bnc#1012382). - ext4: clear i_data in ext4_inode_info when removing inline data (bnc#1012382). - ext4: fix fencepost error in check for inode count overflow during resize (bnc#1012382). - ext4: fix unsupported feature message formatting (bsc#1098435). - ext4: include the illegal physical block in the bad map ext4_error msg (bnc#1012382). - ext4: make sure bitmaps and the inode table do not overlap with bg descriptors (bnc#1012382). - ext4: only look at the bg_flags field if it is valid (bnc#1012382). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bnc#1012382). - ext4: verify the depth of extent tree in ext4_find_extent() (bnc#1012382). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279). - fuse: atomic_o_trunc should truncate pagecache (bnc#1012382). - fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382). - fuse: fix control dir setup and teardown (bnc#1012382). - hv_netvsc: avoid repeated updates of packet filter (bsc#1097492). - hv_netvsc: defer queue selection to VF (bsc#1097492). - hv_netvsc: enable multicast if necessary (bsc#1097492). - hv_netvsc: filter multicast/broadcast (bsc#1097492). - hv_netvsc: fix filter flags (bsc#1097492). - hv_netvsc: fix locking during VF setup (bsc#1097492). - hv_netvsc: fix locking for rx_mode (bsc#1097492). - hv_netvsc: propagate rx filters to VF (bsc#1097492). - i2c: rcar: fix resume by always initializing registers before transfer (bnc#1012382). - iio:buffer: make length types match kfifo types (bnc#1012382). - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034). - ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382). - ipv4: Fix error return value in fib_convert_metrics() (bnc#1012382). - ipvs: fix buffer overflow with sync daemon and service (bnc#1012382). - iwlmvm: tdls: Check TDLS channel switch support (bsc#1099810). - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1099810). - jbd2: do not mark block as modified if the handle is out of credits (bnc#1012382). - kabi/severities: add 'drivers/md/bcache/* PASS' since no one uses symboles expoted by bcache. - kmod: fix wait on recursive loop (bsc#1099792). - kmod: reduce atomic operations on kmod_concurrent and simplify (bsc#1099792). - kmod: throttle kmod thread limit (bsc#1099792). - kprobes/x86: Do not modify singlestep buffer while resuming (bnc#1012382). - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382). - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382). - libata: zpodd: make arrays cdb static, reduces object code size (bnc#1012382). - libata: zpodd: small read overflow in eject_tray() (bnc#1012382). - linvdimm, pmem: Preserve read-only setting for pmem devices (bnc#1012382). - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() (bnc#1012382). - mac80211: Fix condition validating WMM IE (bsc#1099810,bsc#1099732). - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382). - media: cx25840: Use subdev host data for PLL override (bnc#1012382). - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bnc#1012382). - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918). - media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382). - mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382). - mips: ftrace: fix static function graph tracing (bnc#1012382). - mm: hugetlb: yield when prepping struct pages (bnc#1012382). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bnc#1012382). - mtd: cfi_cmdset_0002: Change definition naming to retry write operation (bnc#1012382). - mtd: cfi_cmdset_0002: Change erase functions to check chip good only (bnc#1012382). - mtd: cfi_cmdset_0002: Change erase functions to retry for error (bnc#1012382). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bnc#1012382). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bnc#1012382). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382). - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918). - mtd: partitions: add helper for deleting partition (bsc#1099918). - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918). - mtd: rawnand: mxc: set spare area size register explicitly (bnc#1012382). - n_tty: Access echo_* variables carefully (bnc#1012382). - n_tty: Fix stall at n_tty_receive_char_special() (bnc#1012382). - net/sonic: Use dma_mapping_error() (bnc#1012382). - net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382). - netfilter: ebtables: handle string from userspace with care (bnc#1012382). - netfilter: nf_log: do not hold nf_log_mutex during user access (bnc#1012382). - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() (bnc#1012382). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (bnc#1012382). - nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098527). - nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098527). - nvme-fabrics: centralize discovery controller defaults (bsc#1098527). - nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098527). - nvme-fabrics: refactor queue ready check (bsc#1098527). - nvme-fc: change controllers first connect to use reconnect path (bsc#1098527). - nvme-fc: fix nulling of queue data on reconnect (bsc#1098527). - nvme-fc: remove reinit_request routine (bsc#1098527). - nvme-fc: remove setting DNR on exception conditions (bsc#1098527). - nvme-pci: initialize queue memory before interrupts (bnc#1012382). - nvme: allow duplicate controller if prior controller being deleted (bsc#1098527). - nvme: move init of keep_alive work item to controller initialization (bsc#1098527). - nvme: reimplement nvmf_check_if_ready() to avoid kabi breakage (bsc#1098527). - nvmet-fc: increase LS buffer count per fc port (bsc#1098527). - nvmet: switch loopback target state to connecting when resetting (bsc#1098527). - of: unittest: for strings, account for trailing \0 in property length field (bnc#1012382). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - perf intel-pt: Fix "Unexpected indirect branch" error (bnc#1012382). - perf intel-pt: Fix MTC timing after overflow (bnc#1012382). - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP (bnc#1012382). - perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382). - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382). - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 (bnc#1012382). - platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad (bsc#1099810). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: Fix mce accounting for powernv (bsc#1094244). - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382). - powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382). - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542). - qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657). - qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657). - qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657). - regulator: Do not return or expect -errno from of_map_mode() (bsc#1099042). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599). - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340). - s390/dasd: configurable IFCC handling (bsc#1097808). - s390: Correct register corruption in critical section cleanup (bnc#1012382). - sbitmap: check for valid bitmap in sbitmap_for_each (bsc#1090435). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961). - scsi: ipr: new IOASC update (bsc#1097961). - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1092207). - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1092207). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453). - scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1095453). - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1095453). - scsi: lpfc: Fix port initialization failure (bsc#1095453). - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1092207). - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1092207). - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1095453). - scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207). - scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453). - scsi: qedi: Fix truncation of CHAP name and secret (bsc#1097931) - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bnc#1012382). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501) - scsi: sg: mitigate read/write abuse (bsc#1101296). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1099713, LTC#168765). - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bnc#1012382). - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382). - spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382). - staging: android: ion: Return an ERR_PTR in ion_map_kernel (bnc#1012382). - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bnc#1012382). - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() (bnc#1012382). - tcp: verify the checksum of the first data segment in a new connection (bnc#1012382). - thinkpad_acpi: Add support for HKEY version 0x200 (bsc#1099810). - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bnc#1012382). - tracing: Fix missing return symbol in function_graph output (bnc#1012382). - ubi: fastmap: Cancel work upon detach (bnc#1012382). - ubi: fastmap: Correctly handle interrupted erasures in EBA (bnc#1012382). - udf: Detect incorrect directory size (bnc#1012382). - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bnc#1012382). - usb: do not reset if a low-speed or full-speed device timed out (bnc#1012382). - usb: musb: fix remote wakeup racing with suspend (bnc#1012382). - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966). - video: uvesafb: Fix integer overflow in allocation (bnc#1012382). - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bnc#1012382). - wait: add wait_event_killable_timeout() (bsc#1099792). - watchdog: da9063: Fix setting/changing timeout (bsc#1100843). - watchdog: da9063: Fix timeout handling during probe (bsc#1100843). - watchdog: da9063: Fix updating timeout value (bsc#1100843). - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (bsc#1094643). - x86/mce: Fix incorrect "Machine check from unknown source" message (bnc#1012382). - x86/mce: Improve error message when kernel cannot recover (git-fixes b2f9d678e28c). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382). - xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382). - xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382). - xfrm: skip policies marked as dead while rehashing (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1064232 SUSE bug 1075876 SUSE bug 1076110 SUSE bug 1085185 SUSE bug 1085657 SUSE bug 1089525 SUSE bug 1090435 SUSE bug 1090888 SUSE bug 1091171 SUSE bug 1092207 SUSE bug 1094244 SUSE bug 1094248 SUSE bug 1094643 SUSE bug 1095453 SUSE bug 1096790 SUSE bug 1097034 SUSE bug 1097140 SUSE bug 1097492 SUSE bug 1097501 SUSE bug 1097551 SUSE bug 1097808 SUSE bug 1097931 SUSE bug 1097961 SUSE bug 1098016 SUSE bug 1098236 SUSE bug 1098425 SUSE bug 1098435 SUSE bug 1098527 SUSE bug 1098599 SUSE bug 1099042 SUSE bug 1099183 SUSE bug 1099279 SUSE bug 1099713 SUSE bug 1099732 SUSE bug 1099792 SUSE bug 1099810 SUSE bug 1099918 SUSE bug 1099924 SUSE bug 1099966 SUSE bug 1099993 SUSE bug 1100089 SUSE bug 1100340 SUSE bug 1100416 SUSE bug 1100418 SUSE bug 1100491 SUSE bug 1100843 SUSE bug 1101296 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-9385 openSUSE Leap 42.3 This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1076957 CVE-2016-10708 openSUSE Leap 42.3 This update for cinnamon fixes the following issues: Security issue fixed: - CVE-2018-13054: Fix symlink attack vulnerability (boo#1083067). Bug fixes: - Update to version 3.4.6 (changes since 3.4.4): * osdWindow.js: Always check the theme node on first showing - an actor's width isn't necessarily filled if it hasn't been explicitly set, causing the first few activations of the OSD to not show an accurate level bar. * cs_default: Fix an incorrect button label (but preserve translations). * main.js: Remove an obsolete Meta enum member reference. * workspace.js: Use our normal prototype init method. * workspace.js: Initalise WindowClone._zoomStep to 0. * slideshow-applet: Fix a translation. * cs_themes.py: Create the file "~/.icons/default/index.theme" and set the selected cursor theme inside of it. This ensures other (non-gtk) applications end up using the same theme (though they are required to be restarted for these changes to take effect). * keyboard-applet: Applet icon vanishes when moved in edit mode. * cinnamon-json-makepot: Add keyword option, change language used by xgettext to JavaScript. * expoThumbnail: Correct a couple of calls with mismatched argument counts. * window-list: Set AppMenuButtons unreactive during panel edit mode. * panel-launchers: Set PanelAppLaunchers unreactive during panel edit mode. * windows-quick-list: Fix argument warning. * Fix a reference to undefined actor._delegate warning. * ui/environment: Handle undefined actors in containerClass.prototype.add. * ui/cinnamonDBus: Handle null xlet objects in CinnamonDBus.highlightXlet. * deskletManager: Initialise some variables and remove the variables that were initialised, probable typo Moderate SUSE bug 1083067 CVE-2018-13054 openSUSE Leap 42.3 This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1099310 CVE-2016-6252 openSUSE Leap 42.3 This update for qutebrowser fixes the following issues: Security issue fixed: - CVE-2018-1000559: Fix an XSS issue on qute://history (boo#1101507). Moderate SUSE bug 1101507 CVE-2018-1000559 openSUSE Leap 42.3 This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1083507 CVE-2017-18207 openSUSE Leap 42.3 This update for rsyslog fixes the following issues: The following security vulnerability was addressed: CVE-2015-3243: Make sure that log files are not created world-readable (bsc#935393) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 935393 CVE-2015-3243 openSUSE Leap 42.3 This update for wireshark fixes the following issues: Security issues fixed: - CVE-2018-7325: RPKI-Router infinite loop (boo#1082692) - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, boo#1101777) - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, boo#1101788) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, boo#1101804) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, boo#1101786) - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, boo#1101810) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, boo#1101776) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, boo#1101794) - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, boo#1101800) Bug fixes: - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.16.html Moderate SUSE bug 1082692 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101804 SUSE bug 1101810 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14368 CVE-2018-14369 CVE-2018-7325 openSUSE Leap 42.3 This update for bouncycastle fixes the following issues: Security issue fixed: - CVE-2018-1000613: Fix use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') (boo#1100694). Moderate SUSE bug 1100694 CVE-2018-1000613 openSUSE Leap 42.3 This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1064455 SUSE bug 1090766 SUSE bug 1097410 CVE-2018-0495 openSUSE Leap 42.3 This update for qemu fixes the following issues: A new feature was added: - Support EPYC vCPU type (bsc#1052825 fate#324038) Also a mitigation for a security problem has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1052825 SUSE bug 1068032 CVE-2017-5715 openSUSE Leap 42.3 This update for python-dulwich to version 0.18.5 fixes this security issue: - CVE-2017-16228: Dulwich, when an SSH subprocess is used, allowed remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname (bsc#1066430). For detailed changes please see https://www.dulwich.io/code/dulwich/ This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1066430 CVE-2017-16228 openSUSE Leap 42.3 This update for nautilus fixes the following issues: Security issue fixed: - CVE-2017-14604: Add a metadata::trusted metadata to the file once the user acknowledges the file as trusted, and also remove the "trusted" content in the desktop file (bsc#1060031). This update was imported from the SUSE:SLE-12-SP2:Update update project. Low SUSE bug 1060031 CVE-2017-14604 openSUSE Leap 42.3 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue (XSA-267) (bsc#1095242). - CVE-2018-12891: Fix possible Denial of Service (DoS) via certain PV MMU operations that affect the entire host (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl to honour the readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix crash/Denial of Service (DoS) via safety check (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). Bug fixes: - bsc#1027519: Add upstream patches from January. - bsc#1087289: Fix xen scheduler crash. This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1027519 SUSE bug 1087289 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1097523 CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 openSUSE Leap 42.3 This update for libsndfile fixes the following issues: Security issues fixed: - CVE-2018-13139: Fix a stack-based buffer overflow in psf_memset in common.c that allows remote attackers to cause a denial of service (bsc#1100167). - CVE-2017-17456: Prevent segmentation fault in the function d2alaw_array() that may have lead to a remote DoS (bsc#1071777) - CVE-2017-17457: Prevent segmentation fault in the function d2ulaw_array() that may have lead to a remote DoS, a different vulnerability than CVE-2017-14246 (bsc#1071767) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1071767 SUSE bug 1071777 SUSE bug 1100167 CVE-2017-17456 CVE-2017-17457 CVE-2018-13139 openSUSE Leap 42.3 This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user (bsc#1084300). These non-security issues were fixed: - Fixed crash loop in lscpu (bsc#1072947). - Fixed possible segfault of umount -a - Fixed mount -a on NFS bind mounts (bsc#1080740). - Fixed lsblk on NVMe (bsc#1078662). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1072947 SUSE bug 1078662 SUSE bug 1080740 SUSE bug 1084300 CVE-2018-7738 openSUSE Leap 42.3 This update for libofx fixes the following issues: The following security vulnerabilities have been addressed: - CVE-2017-2920: Fixed an exploitable buffer overflow in the tag parsing functionality, which could result in an out of bounds write and could be triggered via a specially crafted OFX file (boo#1061964) - CVE-2017-2816: Fixed another buffer overflow in the tag parsing functionality, which could result in an stack overflow and could be triggered via a specially crafted OFX file (boo#1058673) Important SUSE bug 1058673 SUSE bug 1061964 CVE-2017-2816 CVE-2017-2920 openSUSE Leap 42.3 This update for libcgroup fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14348: Fixed a permission issue with /var/log/cgred. The permissions were not restrictive enough beforehand and ignored any umask setting. (boo#1100365) Moderate SUSE bug 1100365 CVE-2018-14348 openSUSE Leap 42.3 This update for cups fixes the following issues: The following security vulnerabilities were fixed: - CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that was causing the DBUS library to abort the calling process. (bsc#1061066 bsc#1087018) - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) The following other issue was fixed: - Fixed authorization check for clients (like samba) connected through the local socket when Kerberos authentication is enabled (bsc#1050082) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1050082 SUSE bug 1061066 SUSE bug 1087018 SUSE bug 1096405 SUSE bug 1096406 SUSE bug 1096407 SUSE bug 1096408 CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 openSUSE Leap 42.3 This update for ovmf provide the following fix: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094290, bsc#1094291). Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330) This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1077330 SUSE bug 1094290 SUSE bug 1094291 CVE-2018-0739 openSUSE Leap 42.3 This update for mysql-community-server to version 5.6.41 fixes the following issues: Security vulnerabilities fixed: - CVE-2018-3064: Fixed an easily exploitable vulnerability that allowed a low privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (bsc#1103342) - CVE-2018-3070: Fixed an easily exploitable vulnerability that allowed a low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1101679) - CVE-2018-0739: Fixed a stack exhaustion in case of recursively constructed ASN.1 types. (boo#1087102) - CVE-2018-3062: Fixed a difficult to exploit vulnerability that allowed low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (bsc#1103344) - CVE-2018-3081: Fixed a difficult to exploit vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. (bsc#1101680) - CVE-2018-3058: Fixed an easily exploitable vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (bsc#1101676) - CVE-2018-3066: Fixed a difficult to exploit vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. (bsc#1101678) - CVE-2018-2767: Fixed a difficult to exploit vulnerability that allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (boo#1088681) You can find more detailed information about this update in the [release notes](http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-41.html) Moderate SUSE bug 1087102 SUSE bug 1088681 SUSE bug 1101676 SUSE bug 1101678 SUSE bug 1101679 SUSE bug 1101680 SUSE bug 1103342 SUSE bug 1103344 CVE-2018-0739 CVE-2018-2767 CVE-2018-3058 CVE-2018-3062 CVE-2018-3064 CVE-2018-3066 CVE-2018-3070 CVE-2018-3081 openSUSE Leap 42.3 This update for gdk-pixbuf fixes the following issues: Security issue fixed: - CVE-2015-4491: Fix integer multiplication overflow that allows for DoS or potentially RCE (bsc#1053417). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1053417 CVE-2015-4491 openSUSE Leap 42.3 This update for libraw fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-5813: Fixed an error within the "parse_minolta()" function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200). - CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206) - CVE-2018-5810: Fixed an error within the rollei_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause a heap-based buffer overflow and subsequently cause a crash. (boo#1103353) - CVE-2018-5811: Fixed an error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (boo#1103359) - CVE-2018-5812: Fixed another error within the nikon_coolscan_load_raw() function (internal/dcraw_common.cpp) that could be exploited to trigger a NULL pointer dereference. (boo#1103360) - CVE-2018-5807: Fixed an error within the samsung_load_raw() function (internal/dcraw_common.cpp) that could be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. (boo#1103361) Moderate SUSE bug 1103200 SUSE bug 1103206 SUSE bug 1103353 SUSE bug 1103359 SUSE bug 1103360 SUSE bug 1103361 CVE-2018-5807 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 openSUSE Leap 42.3 This update for MozillaFirefox fixes the following issues: - update to Firefox 52.6esr (boo#1077291) MFSA 2018-01 * Speculative execution side-channel attack ("Spectre") MFSA 2018-03 * CVE-2018-5091 (bmo#1423086) Use-after-free with DTMF timers * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling * CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 - Added additional patches and configurations to fix builds on s390 and PowerPC. * Added firefox-glibc-getrandom.patch effecting builds on s390 and PowerPC * Added mozilla-s390-bigendian.patch along with icudt58b.dat bigendian ICU data file for running Firefox on bigendian architectures (bmo#1322212 and bmo#1264836) * Added mozilla-s390-nojit.patch to enable atomic operations used by the JS engine when JIT is disabled on s390 * Build configuration options specific to s390 * Requires NSS >= 3.29.5 Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 openSUSE Leap 42.3 This update for libtirpc fixes the following issues: Security issue fixed: - bsc#968175: Fix remote crash of RPC services. Bug fixes: - bsc#1072183: Send RPC getport call as specified via parameter. This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1072183 SUSE bug 968175 openSUSE Leap 42.3 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-10861: Ensure that ceph-mon does perform authorization on all OSD pool ops (bsc#1099162) - CVE-2018-1129: cephx signature check bypass (bsc#1096748) - CVE-2018-1128: cephx protocol was vulnerable to replay attack (bsc#1096748) Bugs fixed in 12.2.7-420-gc0ef85b854: - luminous: osd: eternal stuck PG in 'unfound_recovery' (bsc#1094932) - bluestore: db.slow used when db is not full (bsc#1092874) - Upstream fixes and improvements, see https://ceph.com/releases/12-2-7-luminous-released/ This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1092874 SUSE bug 1094932 SUSE bug 1096748 SUSE bug 1099162 CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 openSUSE Leap 42.3 This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes: - bsc#1086036: translation-update-upstream commented out for Leap This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1052916 SUSE bug 1086036 SUSE bug 1100097 CVE-2017-2885 CVE-2018-12910 openSUSE Leap 42.3 This update for NetworkManager-vpnc fixes the following issues: Security issue fixed: - CVE-2018-10900: Check configurations that contain newline characters and invalidate them to avoid security attacks (bsc#1101147). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1101147 CVE-2018-10900 openSUSE Leap 42.3 This update for libexif fixes several issues. These security issues were fixed: - CVE-2016-6328: Fixed integer overflow in parsing MNOTE entry data of the input file (bsc#1055857) - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1055857 SUSE bug 1059893 CVE-2016-6328 CVE-2017-7544 openSUSE Leap 42.3 This update for libvirt fixes the following issues: Security issue fixed: - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka "Memory Disambiguation" (bsc#1092885). Bug fixes: - bsc#1094325: Enable virsh blockresize for XEN guests (FATE#325467). - bsc#1095556: Fix qemu VM creating with --boot uefi due to missing AppArmor profile. - bsc#1094725: Fix `virsh blockresize` to work with Xen qdisks. - bsc#1094480: Fix `virsh list` to list domains with `xl list`. - bsc#1087416: Fix missing video device within guest with default installation by virt-mamanger. - bsc#1079150: Fix libvirt-guests start dependency. - bsc#1076861: Fix locking of lockspace resource '/devcfs/disks/uatidmsvn1-xvda'. - bsc#1074014: Fix KVM live migration when shutting down cluster node. - bsc#959329: Fix wrong state of VMs in virtual manager. This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1074014 SUSE bug 1076861 SUSE bug 1079150 SUSE bug 1087416 SUSE bug 1092885 SUSE bug 1094325 SUSE bug 1094480 SUSE bug 1094725 SUSE bug 1095556 SUSE bug 959329 CVE-2018-3639 openSUSE Leap 42.3 This update for cgit to version 1.2.1 fixes the following issues: The following security vulnerability was addressed: - CVE-2018-14912: Fixed a directory traversal vulnerability, when enable-http-clone=1 is not turned off (boo#1103799) The following other changes were made: - Update to upstream release 1.2.1: - syntax-highlighting: replace invalid unicode with '?' - ui-repolist: properly sort by age - ui-patch: fix crash when using path limit - Update bundled git to 2.11.1 - Update to upstream release 1.0: * Add repo.homepage/gitweb.homepage setting and homepage tab. * Show reverse paths in title bar so that browser tab shows filename. * Allow redirects even when caching is turned on. * More gracefully deal with unparsable commits. Moderate SUSE bug 1103799 CVE-2018-14912 openSUSE Leap 42.3 This update for libvpx fixes one issues. This security issue was fixed: - CVE-2017-13194: Fixed incorrect memory allocation related to odd frame width (bsc#1075992). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1075992 CVE-2017-13194 openSUSE Leap 42.3 This update for libheimdal to version 7.5.0 fixes the following issues: The following security vulnerability was fixed: - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm (boo#1071675) The following other bugs were fixed: - Override the build date (boo#1047218) - Use constant hostname (boo#1084909) - Handle long input lines when reloading database dumps - In pre-forked mode, correctly clear the process ids of exited children, allowing new child processes to replace the old. - Fixed incorrect KDC response when no-cross realm TGT exists, allowing client requests to fail quickly rather than time out after trying to get a correct answer from each KDC. Important SUSE bug 1047218 SUSE bug 1071675 SUSE bug 1084909 CVE-2017-17439 openSUSE Leap 42.3 This update for GraphicsMagick fixes several issues. These security issues were fixed: - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353) - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354) - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442) - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708) - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717) - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777) - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600) - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374) - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455) - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000) - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752) Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1051442 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052777 SUSE bug 1054600 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1057000 SUSE bug 1062752 CVE-2017-11750 CVE-2017-12641 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-15218 CVE-2017-9261 CVE-2017-9262 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081 1089343 ). - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 1104365). - CVE-2018-5390 aka "SegmentSmack": The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka "FragmentSmack": A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bnc#1012382). - arm64: do not open code page table entry creation (bsc#1102197). - arm64: kpti: Use early_param for kpti= command-line option (bsc#1102188). - arm64: Make sure permission updates happen for pmd/pud (bsc#1102197). - atm: zatm: Fix potential Spectre v1 (bnc#1012382). - bcm63xx_enet: correct clock usage (bnc#1012382). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (bnc#1012382). - blkcg: simplify statistic accumulation code (bsc#1082979). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block/swim: Fix array bounds check (bsc#1082979). - bpf: fix loading of BPF_MAXINSNS sized programs (bsc#1012382). - bpf, x64: fix memleak when not converging after image (bsc#1012382). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" (bsc#1099858). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled (bnc#1012382). - compiler, clang: properly override 'inline' for clang (bnc#1012382). - compiler, clang: suppress warning for unused static inline functions (bnc#1012382). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (bnc#1012382). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bnc#1012382). - crypto: crypto4xx - remove bad list_del (bnc#1012382). - dm thin metadata: remove needless work from __commit_transaction (bsc#1082979). - drm/msm: Fix possible null dereference on failure of get_pages() (bsc#1102394). - drm: re-enable error handling (bsc#1103884). - esp6: fix memleak on error path in esp6_input (git-fixes). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - genirq: Make force irq threading setup more robust (bsc#1082979). - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter (bnc#1012382). - ib/isert: fix T10-pi check mask setting (bsc#1082979). - ibmasm: do not write out of bounds in read handler (bnc#1012382). - ibmvnic: Fix error recovery on login failure (bsc#1101789). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - iw_cxgb4: correctly enforce the max reg_mr depth (bnc#1012382). - kabi protect includes in include/linux/inet.h (bsc#1095643). - kabi protect net/core/utils.c includes (bsc#1095643). - kABI: protect struct loop_device (kabi). - kABI: reintroduce __static_cpu_has_safe (kabi). - Kbuild: fix # escaping in .cmd files for future Make (bnc#1012382). - keys: DNS: fix parsing multiple options (bnc#1012382). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1102215). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1102214). - libata: do not try to pass through NCQ commands to non-NCQ devices (bsc#1082979). - loop: add recursion validation to LOOP_CHANGE_FD (bnc#1012382). - loop: remember whether sysfs_create_group() was done (bnc#1012382). - mmc: dw_mmc: fix card threshold control configuration (bsc#1102203). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1097771). - net: cxgb3_main: fix potential Spectre v1 (bnc#1012382). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (bnc#1012382). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (bnc#1012382). - netfilter: ebtables: reject non-bridge targets (bnc#1012382). - netfilter: nf_queue: augment nfqa_cfg_policy (bnc#1012382). - netfilter: x_tables: initialise match/target check parameter struct (bnc#1012382). - net/mlx5: Fix command interface race in polling mode (bnc#1012382). - net/mlx5: Fix incorrect raw command length parsing (bnc#1012382). - net: mvneta: fix the Rx desc DMA address in the Rx path (bsc#1102207). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bnc#1012382). - net: off by one in inet6_pton() (bsc#1095643). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1102205). - net_sched: blackhole: tell upper qdisc about dropped packets (bnc#1012382). - net: sungem: fix rx checksum support (bnc#1012382). - net/utils: generic inet_pton_with_scope helper (bsc#1095643). - null_blk: use sector_div instead of do_div (bsc#1082979). - nvme-rdma: Check remotely invalidated rkey matches our expected rkey (bsc#1092001). - nvme-rdma: default MR page size to 4k (bsc#1092001). - nvme-rdma: do not complete requests before a send work request has completed (bsc#1092001). - nvme-rdma: do not suppress send completions (bsc#1092001). - nvme-rdma: Fix command completion race at error recovery (bsc#1090435). - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib symmetrical (bsc#1092001). - nvme-rdma: use inet_pton_with_scope helper (bsc#1095643). - nvme-rdma: Use mr pool (bsc#1092001). - nvme-rdma: wait for local invalidation before completing a request (bsc#1092001). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bnc#1012382). - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1100132). - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ (bnc#1012382). - pm / hibernate: Fix oops at snapshot_write() (bnc#1012382). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244, bsc#1100930, bsc#1102683). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - qed: Limit msix vectors in kdump kernel to the minimum required count (bnc#1012382). - r8152: napi hangup fix after disconnect (bnc#1012382). - rdma/ocrdma: Fix an error code in ocrdma_alloc_pd() (bsc#1082979). - rdma/ocrdma: Fix error codes in ocrdma_create_srq() (bsc#1082979). - rdma/ucm: Mark UCM interface as BROKEN (bnc#1012382). - rds: avoid unenecessary cong_update in loop transport (bnc#1012382). - Revert 'block-cancel-workqueue-entries-on-blk_mq_freeze_queue' (bsc#1103717) - Revert "sit: reload iphdr in ipip6_rcv" (bnc#1012382). - Revert "x86/cpufeature: Move some of the scattered feature bits to x86_capability" (kabi). - Revert "x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6" (kabi). - rtlwifi: rtl8821ae: fix firmware is not ready to run (bnc#1012382). - s390/qeth: fix error handling in adapter command callbacks (bnc#1103745, LTC#169699). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1082979). - scsi: sg: fix minor memory leak in error path (bsc#1082979). - scsi: target: fix crash with iscsi target and dvd (bsc#1082979). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1085536). - supported.conf: Do not build KMP for openSUSE kernels The merge of kselftest-kmp was overseen, and bad for openSUSE-42.3 - tcp: fix Fast Open key endianness (bnc#1012382). - tcp: prevent bogus FRTO undos with non-SACK flows (bnc#1012382). - tools build: fix # escaping in .cmd files for future Make (bnc#1012382). - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bnc#1012382). - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1100132). - usb: quirks: add delay quirks for Corsair Strafe (bnc#1012382). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bnc#1012382). - usb: serial: cp210x: add another USB ID for Qivicon ZigBee stick (bnc#1012382). - usb: serial: keyspan_pda: fix modem-status error handling (bnc#1012382). - usb: serial: mos7840: fix status-register error handling (bnc#1012382). - usb: yurex: fix out-of-bounds uaccess in read handler (bnc#1012382). - vfio: platform: Fix reset module leak in error path (bsc#1102211). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - vhost_net: validate sock before trying to put its fd (bnc#1012382). - vmw_balloon: fix inflation with batching (bnc#1012382). - x86/alternatives: Add an auxilary section (bnc#1012382). - x86/alternatives: Discard dynamic check after init (bnc#1012382). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h> (bnc#1012382). - x86/boot: Simplify kernel load address alignment check (bnc#1012382). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpufeature: Add helper macro for mask check macros (bnc#1012382). - x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382). - x86/cpufeature: Get rid of the non-asm goto variant (bnc#1012382). - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated (bnc#1012382). - x86/cpufeature: Move some of the scattered feature bits to x86_capability (bnc#1012382). - x86/cpufeature: Replace the old static_cpu_has() with safe variant (bnc#1012382). - x86/cpufeature: Speed up cpu_feature_enabled() (bnc#1012382). - x86/cpufeature: Update cpufeaure macros (bnc#1012382). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (bnc#1012382). - x86/cpu: Provide a config option to disable static_cpu_has (bnc#1012382). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/fpu: Add an XSTATE_OP() macro (bnc#1012382). - x86/fpu: Get rid of xstate_fault() (bnc#1012382). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bnc#1012382). - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits (bnc#1012382). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86/vdso: Use static_cpu_has() (bnc#1012382). - xen/grant-table: log the lack of grants (bnc#1085042). - xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658). - xen-netfront: Update features after registering netdev (bnc#1101658). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1082653 SUSE bug 1082979 SUSE bug 1085042 SUSE bug 1085536 SUSE bug 1086457 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1090123 SUSE bug 1090435 SUSE bug 1092001 SUSE bug 1094244 SUSE bug 1095643 SUSE bug 1096978 SUSE bug 1097771 SUSE bug 1099811 SUSE bug 1099813 SUSE bug 1099844 SUSE bug 1099845 SUSE bug 1099846 SUSE bug 1099849 SUSE bug 1099858 SUSE bug 1099863 SUSE bug 1099864 SUSE bug 1100132 SUSE bug 1100930 SUSE bug 1101331 SUSE bug 1101658 SUSE bug 1101789 SUSE bug 1101841 SUSE bug 1102188 SUSE bug 1102197 SUSE bug 1102203 SUSE bug 1102205 SUSE bug 1102207 SUSE bug 1102211 SUSE bug 1102214 SUSE bug 1102215 SUSE bug 1102340 SUSE bug 1102394 SUSE bug 1102683 SUSE bug 1102851 SUSE bug 1103097 SUSE bug 1103119 SUSE bug 1103269 SUSE bug 1103445 SUSE bug 1103580 SUSE bug 1103717 SUSE bug 1103745 SUSE bug 1103884 SUSE bug 1104174 SUSE bug 1104319 SUSE bug 1104365 SUSE bug 1104494 SUSE bug 1104495 CVE-2017-18344 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 openSUSE Leap 42.3 This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1082858 SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 openSUSE Leap 42.3 This update for mupdf to version 1.12.0 fixes several issues. These security issues were fixed: - CVE-2018-5686: Prevent infinite loop in pdf_parse_array function because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file (bsc#1075936). - CVE-2017-15369: The build_filter_chain function in pdf/pdf-stream.c mishandled a case where a variable may reside in a register, which allowed remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1063413). - CVE-2017-15587: Prevent integer overflow in pdf_read_new_xref_section that allowed for DoS (bsc#1064027). - CVE-2017-17866: Fixed mishandling of length changes when a repair operation occured during a clean operation, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document (bsc#1074116). - CVE-2017-17858: Fixed a heap-based buffer overflow in the ensure_solid_xref function which allowed a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers were unrestricted (bsc#1077161). For non-security changes please refer to the changelog. Moderate SUSE bug 1063413 SUSE bug 1064027 SUSE bug 1074116 SUSE bug 1075936 SUSE bug 1077161 CVE-2017-15369 CVE-2017-15587 CVE-2017-17858 CVE-2017-17866 CVE-2018-5686 openSUSE Leap 42.3 This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: Fixed insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); The following other change was made: - s3: winbind: Fix 'winbind normalize names' in wb_getpwsid(); - winbind: honor "winbind use default domain" with empty domain (bsc#1087303) - winbind: do not modify credentials in NTLM passthru (bsc#1068059) - net: fix net ads keytab handling (bsc#1067700) - fix vfs_ceph flock stub This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1067700 SUSE bug 1068059 SUSE bug 1087303 SUSE bug 1103411 CVE-2018-10858 openSUSE Leap 42.3 This update for apache2 fixes the following issues: The following security vulnerability were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests (bsc#1101689). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1101689 CVE-2018-1333 openSUSE Leap 42.3 This update for mysql-community-server to version 5.6.39 fixes several issues. These security issues were fixed: - CVE-2018-2622: Vulnerability in the subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2562: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369). - CVE-2018-2640: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2665: Vulnerability in the subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2668: Vulnerability in the subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2696: Vulnerability in the subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2583: Vulnerability in the subcomponent: Stored Procedure. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2612: Vulnerability in the subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2703: Vulnerability in the subcomponent: Server : Security : Privileges. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2573: Vulnerability in the subcomponent: Server: GIS. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2017-3737: OpenSSL introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it did not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error - CVE-2018-2647: Vulnerability in the subcomponent: Server: Replication. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data (bsc#1076369). - CVE-2018-2591: Vulnerability in the subcomponent: Server : Partition. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2590: Vulnerability in the subcomponent: Server: Performance Schema. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1076369). - CVE-2018-2645: Vulnerability in the subcomponent: Server: Performance Schema. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1076369). For additional details please see http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-39.html Important SUSE bug 1076369 CVE-2017-3737 CVE-2018-2562 CVE-2018-2573 CVE-2018-2583 CVE-2018-2590 CVE-2018-2591 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2645 CVE-2018-2647 CVE-2018-2665 CVE-2018-2668 CVE-2018-2696 CVE-2018-2703 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: The following security issue was fixed: - CVE-2018-14435: Fixed a memory leak in DecodeImage in coders/pcd.c (boo#1102007) Low SUSE bug 1102007 CVE-2018-14435 openSUSE Leap 42.3 This update for tre fixes one issue. This security issue was fixed: - CVE-2016-8859: Fixed multiple integer overflows which allowed attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggered an out-of-bounds write (boo#1005483) Moderate SUSE bug 1005483 CVE-2016-8859 openSUSE Leap 42.3 This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1091107 SUSE bug 1103276 CVE-2018-3646 openSUSE Leap 42.3 This update for libXcursor fixes the following issues: - CVE-2015-9262: _XcursorThemeInherits allowed remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow (bsc#1103511) Low SUSE bug 1103511 CVE-2015-9262 openSUSE Leap 42.3 This update for newsbeuter fixes one issues. This security issue was fixed: - CVE-2017-14500: Improper Neutralization of special elements allowed remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure that includes shell metacharacters in its filename (bsc#1059057). Important SUSE bug 1059057 CVE-2017-14500 openSUSE Leap 42.3 This update for redis to version 4.0.6 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-15047: Buffer overflows occurring reading redis.conf (bsc#1061967) The following bugs are fixed: - Several PSYNC2 bugs could cause data corruption Moderate SUSE bug 1061967 CVE-2017-15047 openSUSE Leap 42.3 This update for kbuild, virtualbox fixes the following issues: kbuild changes: - Update to version 0.1.9998svn3110 - Do not assume glibc glob internals - Support GLIBC glob interface version 2 - Fix build failure (boo#1079838) - Fix build with GCC7 (boo#1039375) - Fix build by disabling vboxvideo_drv.so virtualbox security fixes (boo#1101667, boo#1076372): - CVE-2018-3005 - CVE-2018-3055 - CVE-2018-3085 - CVE-2018-3086 - CVE-2018-3087 - CVE-2018-3088 - CVE-2018-3089 - CVE-2018-3090 - CVE-2018-3091 - CVE-2018-2694 - CVE-2018-2698 - CVE-2018-2685 - CVE-2018-2686 - CVE-2018-2687 - CVE-2018-2688 - CVE-2018-2689 - CVE-2018-2690 - CVE-2018-2676 - CVE-2018-2693 - CVE-2017-5715 virtualbox other changes: - Version bump to 5.2.16 - Use %{?linux_make_arch} when building kernel modules (boo#1098050) - Fixed vboxguestconfig.sh script - Update warning regarding the security hole in USB passthrough. (boo#1097248) - Fixed include for build with Qt 5.11 (boo#1093731) - You can find a detailed list of changes [here](https://www.virtualbox.org/wiki/Changelog#v16) Important SUSE bug 1039375 SUSE bug 1076372 SUSE bug 1079838 SUSE bug 1093731 SUSE bug 1097248 SUSE bug 1098050 SUSE bug 1101667 CVE-2017-5715 CVE-2018-0739 CVE-2018-2676 CVE-2018-2685 CVE-2018-2686 CVE-2018-2687 CVE-2018-2688 CVE-2018-2689 CVE-2018-2690 CVE-2018-2693 CVE-2018-2694 CVE-2018-2698 CVE-2018-2830 CVE-2018-2831 CVE-2018-2835 CVE-2018-2836 CVE-2018-2837 CVE-2018-2842 CVE-2018-2843 CVE-2018-2844 CVE-2018-2845 CVE-2018-2860 CVE-2018-3005 CVE-2018-3055 CVE-2018-3085 CVE-2018-3086 CVE-2018-3087 CVE-2018-3088 CVE-2018-3089 CVE-2018-3090 CVE-2018-3091 openSUSE Leap 42.3 This update for libreoffice to 6.0.5.2 fixes the following issues: Security issues fixed: - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. (bsc#1091606) Non security issues fixed: - Bugfix: Table borders appear black in LibreOffice (while white in PowerPoint) (bsc#1088262) - Bugfix: LibreOffice extension 'Language Tool' fails after Tumbleweed update (bsc#1050305) - Bugfix: libreoffice-gnome can no longer be installed in parallel to libreoffice-gtk3 as there is a potential file conflict (bsc#1096673) - Bugfix: LibreOffice Writer: Text in boxes were not visible (bsc#1094359) - Use libreoffice-gtk3 if xfce is present (bsc#1092699) - Various other bug fixes - Exporting to PPTX results in vertical labels being shown horizontally (bsc#1095639) - Table in PPTX misplaced and partly blue (bsc#1098891) - Labels in chart change (from white and other colors) to black when saving as PPTX (bsc#1088263) - Exporting to PPTX shifts arrow shapes quite a bit bsc#1095601 This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1050305 SUSE bug 1088262 SUSE bug 1088263 SUSE bug 1091606 SUSE bug 1091772 SUSE bug 1092699 SUSE bug 1094359 SUSE bug 1095601 SUSE bug 1095639 SUSE bug 1096673 SUSE bug 1098891 CVE-2018-10583 openSUSE Leap 42.3 This update for libX11 fixes the following issues: Security issues fixed: - CVE-2018-14598: Fixed a crash on invalid reply in XListExtensions (boo#1102073) - CVE-2018-14599: Fixed an off-by-one write in XListExtensions (boo#1102062) - CVE-2018-14600: Fixed an out of boundary write in XListExtensions (boo#1102068) Important SUSE bug 1102062 SUSE bug 1102068 SUSE bug 1102073 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 openSUSE Leap 42.3 This update for wireshark to version 2.2.17 fixes the following issues: Security issues fixed (boo#1106514): - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.17.html Moderate SUSE bug 1106514 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 openSUSE Leap 42.3 This update for libevent fixes the following security issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1022917 SUSE bug 1022918 SUSE bug 1022919 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 openSUSE Leap 42.3 This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API (CVE-2018-10931, CVE-2018-1000225, bsc#1104287, bsc#1104189, bsc#1105442) - Check access token when calling 'modify_setting' API endpoint (bsc#1104190, bsc#1105440, CVE-2018-1000226) Other bugs fixed: - Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case. (bsc#1097733) - fix kernel options when generating bootiso (bsc#1101670) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1097733 SUSE bug 1101670 SUSE bug 1104189 SUSE bug 1104190 SUSE bug 1104287 SUSE bug 1105440 SUSE bug 1105442 CVE-2018-1000225 CVE-2018-1000226 CVE-2018-10931 openSUSE Leap 42.3 This update for libressl to version 2.8.0 fixes the following issues: Security issues fixed: - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. (boo#1097779) - Reject excessively large primes in DH key generation. - CVE-2018-8970: Fixed a bug in int_x509_param_set_hosts, calling strlen() if name length provided is 0 to match the OpenSSL behaviour. (boo#1086778) - Fixed an out-of-bounds read and crash in DES-fcrypt (boo#1065363) You can find a detailed list of changes [here](https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.8.0-relnotes.txt). Moderate SUSE bug 1065363 SUSE bug 1086778 SUSE bug 1097779 CVE-2018-12434 CVE-2018-8970 openSUSE Leap 42.3 This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 openSUSE Leap 42.3 This update for spice-gtk fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 openSUSE Leap 42.3 This update for yubico-piv-tool fixes the following issues: Security issues fixed: - CVE-2018-14779: Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data(), which could be triggered by a malicious token. (boo#1104809, YSA-2018-03) - CVE-2018-14780: Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object(), which could be triggered by a malicious token. (boo#1104811, YSA-2018-03) Low SUSE bug 1104809 SUSE bug 1104811 CVE-2018-14779 CVE-2018-14780 openSUSE Leap 42.3 This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1082828 CVE-2017-15130 openSUSE Leap 42.3 This update for php7 fixes the following issues: - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1105466 CVE-2017-9118 openSUSE Leap 42.3 This update for curl fixes one issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1077001 CVE-2018-1000007 openSUSE Leap 42.3 This update for php5 fixes several issues. These security issues were fixed: - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file that allowed for information disclosure (bsc#1076220) - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1076220 SUSE bug 1076391 CVE-2018-5711 CVE-2018-5712 openSUSE Leap 42.3 This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer (bsc#1105019) - Upgrade to OpenSSL 1.0.2p, which fixed: - CVE-2018-0732: Client denial-of-service due to large DH parameter (bsc#1097158) - ECDSA key extraction via local side-channel Other changes made: - Recommend same major version npm package (bsc#1097748) - Use absolute paths in executable shebang lines - Fix building with ICU61.1 (bsc#1091764) - Install license with %license, not %doc (bsc#1082318) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1082318 SUSE bug 1091764 SUSE bug 1097158 SUSE bug 1097748 SUSE bug 1105019 CVE-2018-0732 CVE-2018-12115 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following security issue: - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM file that has a negative pixel value. If the affected code was used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data (bsc#1106855). Low SUSE bug 1106855 CVE-2018-16323 openSUSE Leap 42.3 This update for compat-openssl098 fixes the following security issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could have resulted in DoS (bsc#1087102). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1087102 SUSE bug 1089039 SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 openSUSE Leap 42.3 This update for php5 fixes the following issues: The following security issues were fixed: - CVE-2018-10360: Fixed an out-of-bounds read in the do_core_note function in readelf.c in libmagic.a, which allowed remote attackers to cause a denial of service via a crafted ELF file (bsc#1096984) - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-12882: Fixed an use-after-free in exif_read_from_impl in ext/exif/exif.c (bsc#1099098) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1096984 SUSE bug 1099098 SUSE bug 1103659 SUSE bug 1105466 CVE-2017-9118 CVE-2018-10360 CVE-2018-12882 CVE-2018-14851 openSUSE Leap 42.3 This update to Mozilla Firefox 60.4.0 ESR fixes security issues and bugs. Security issues fixed as part of the MFSA 2018-30 advisory (boo#1119105): - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Integer overflow when calculating buffer sizes for images - CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 The following changes are included: - now requires NSS >= 3.36.6 - Updated list of currency codes to include Unidad Previsional (UYW) Important SUSE bug 1119105 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 openSUSE Leap 42.3 This update for keepalived to version 2.0.10 fixes the following issues: Security issues fixed (bsc#1015141): - CVE-2018-19044: Fixed a check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats - CVE-2018-19045: Fixed mode when creating new temporary files upon a call to PrintData or PrintStats - CVE-2018-19046: Fixed a check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats Non-security issues fixed: - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - Use getaddrinfo instead of gethostbyname to workaround glibc gethostbyname function buffer overflow (bsc#949238) For the full list of changes refer to: http://www.keepalived.org/changelog.html Moderate SUSE bug 1015141 SUSE bug 1069468 SUSE bug 949238 CVE-2018-19044 CVE-2018-19045 CVE-2018-19046 openSUSE Leap 42.3 This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release (bsc#1119245): - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update also contains the following upstream bug fixes and improvements: - Ensure that database names with a dot ('.') are handled properly when DisableIS is true - Fix for message "Error while copying database (pma__column_info)" - Move operation causes "SELECT * FROM `undefined`" error - When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged when $cfg['AuthLogSuccess'] was true - Multiple errors and regressions with Designer Moderate SUSE bug 1119245 CVE-2018-19968 CVE-2018-19969 CVE-2018-19970 openSUSE Leap 42.3 This new package for go1.11 fixes the following issues: Security issues fixed: - CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag (bsc#1118897) - CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution (bsc#1118898) - CVE-2018-16875: Fixed a Denial of Service in the crypto/x509 package during certificate chain validation(bsc#1118899) Non-security issues fixed: - Fixed build error with PIE linker flags on ppc64le (bsc#1113978 bsc#1098017) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (bsc#1119634) The following tracked regression fix is included: - Fix a regression that broke go get for import path patterns containing "..." (bsc#1119706) Important SUSE bug 1098017 SUSE bug 1113978 SUSE bug 1118897 SUSE bug 1118898 SUSE bug 1118899 SUSE bug 1119634 SUSE bug 1119706 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 openSUSE Leap 42.3 This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1122319 CVE-2019-6116 openSUSE Leap 42.3 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 60.6.1esr (MFSA 2019-10 boo#1130262) * CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information * CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations Mozilla Firefox was updated to 60.6.0esr (MFSA 2019-08 boo#1129821) * CVE-2019-9790: Use-after-free when removing in-use DOM elements * CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey * CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script * CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled * CVE-2019-9794: Command line arguments not discarded during execution * CVE-2019-9795: Type-confusion in IonMonkey JIT compiler * CVE-2019-9796: Use-after-free with SMIL animation controller * CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied * CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 Mozilla Firefox was updated to 60.5.2esr: * Fix a frequent crash when reading various Reuters news articles Important SUSE bug 1129821 SUSE bug 1130262 CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issue: Security issues fixed: - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). Low SUSE bug 1128649 CVE-2019-7175 openSUSE Leap 42.3 This update for lftp fixes the following issues: Security issue fixed: - CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367). Other issue addressed: - The SSH login handling code detects password prompts more reliably (bsc#1120946). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1103367 SUSE bug 1120946 CVE-2018-10916 openSUSE Leap 42.3 This update for qemu fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156) - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493) - CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275) - CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs interface is deliberately abused (bsc#1116717) - CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory operations (bsc#1114957) - CVE-2017-13673: Fixed a reachable assert failure during during display update (bsc#1056386) - CVE-2017-13672: Fixed an out-of-bounds read access during display update (bsc#1056334) - CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga display allowing for Denial-of-Service (bsc#1084604) Other bug fixes and changes: - Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600) - Fix bad guest time after migration (bsc#1113231) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1056334 SUSE bug 1056386 SUSE bug 1084604 SUSE bug 1113231 SUSE bug 1114957 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1119493 SUSE bug 1121600 SUSE bug 1123156 CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2018-7858 CVE-2019-6778 openSUSE Leap 42.3 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 openSUSE Leap 42.3 This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1127080 SUSE bug 1127532 SUSE bug 1127533 CVE-2019-1559 CVE-2019-5737 CVE-2019-5739 openSUSE Leap 42.3 This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues: Security issues fixed: - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and bug fixes: - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Disable leap based builds for kubic flavor (bsc#1121412). - Allow users to explicitly specify the NIS domain name of a container (bsc#1001161). - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980). - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1001161 SUSE bug 1048046 SUSE bug 1051429 SUSE bug 1112980 SUSE bug 1114832 SUSE bug 1118897 SUSE bug 1118898 SUSE bug 1118899 SUSE bug 1121412 SUSE bug 1121967 SUSE bug 1124308 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-5736 openSUSE Leap 42.3 This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - ax25: fix possible use-after-free (bnc#1012382). - block_dev: fix crash on chained bios with O_DIRECT (bsc#1090435). - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128893). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452). - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126773). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770). - Drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389). - drm: Fix error handling in drm_legacy_addctx (bsc#1106929) - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929) - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929) - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429) - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - enic: do not overwrite error code (bnc#1012382). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929) - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - Input: mms114 - fix license module information (bsc#1087092). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129239). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129240). - ixgbe: fix crash in build_skb Rx code path (git-fixes). - kABI: protect struct inet_peer (kabi). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - KVM: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS (bsc#1109248). - KVM: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables (bsc#1109248). - KVM: arm/arm64: vgic-its: Fix return value for device table restore (bsc#1109248). - KVM: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value (bsc#1109248). - kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1129413). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129414). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129415). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129416). - kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1129417). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419). - libceph: handle an empty authorize reply (bsc#1126772). - mdio_bus: Fix use-after-free on device_register fails (git-fixes). - mfd: as3722: Handle interrupts on suspend (bnc#1012382). - mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382). - mISDN: fix a race in dev_expire_timer() (bnc#1012382). - mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes). - mlxsw: reg: Use correct offset in field definiton (git-fixes). - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#1012382). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - net: Add header for usage of fls64() (bnc#1012382). - net: Do not allocate page fragments that are not skb aligned (bnc#1012382). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: mv88e6xxx: fix port VLAN maps (git-fixes). - net: Fix for_each_netdev_feature on Big endian (bnc#1012382). - net: fix IPv6 prefix route residue (bnc#1012382). - net/hamradio/6pack: Convert timers to use timer_setup() (git-fixes). - net/hamradio/6pack: use mod_timer() to rearm timers (git-fixes). - net: ipv4: use a dedicated counter for icmp_v4 redirect packets (bnc#1012382). - net: lan78xx: Fix race in tx pending skb size calculation (git-fixes). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4: Fix endianness issue in qp context params (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: Fix TCP checksum in LRO buffers (git-fixes). - net/mlx5: Fix driver load bad flow when having fw initializing timeout (git-fixes). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Fix use-after-free in self-healing flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets (git-fixes). - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS (git-fixes). - net: phy: bcm7xxx: Fix shadow mode 2 disabling (git-fixes). - net: qca_spi: Fix race condition in spi transfers (git-fixes). - net: stmmac: Fix a race in EEE enable callback (bnc#1012382). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (git-fixes). - net/x25: do not hold the cpu too long in x25_new_lci() (bnc#1012382). - pci/pme: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1129241). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phy: micrel: Ensure interrupts are reenabled on resume (git-fixes). - powerpc/pseries: Add CPU dlpar remove functionality (bsc#1128756). - powerpc/pseries: Consolidate CPU hotplug code to hotplug-cpu.c (bsc#1128756). - powerpc/pseries: Factor out common cpu hotplug code (bsc#1128756). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1128756). - pppoe: fix reception of frames with no mac header (git-fixes). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for-TEST-UNIT.patch (bsc#1119843) - Revert "mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL" (bnc#1012382). - Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls" (bsc#1128565). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - scsi: aacraid: Fix missing break in switch statement (bsc#1128696). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1127725). - scsi: qla2xxx: Fix early srb free on abort (bsc#1121713). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1121713). - scsi: qla2xxx: Increase abort timeout value (bsc#1121713). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1121713). - scsi: qla2xxx: Return switch command on a timeout (bsc#1121713). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1121713). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1121713). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - sky2: Increase D3 delay again (bnc#1012382). - tcp: clear icsk_backoff in tcp_write_queue_purge() (bnc#1012382). - tcp: tcp_v4_err() should be more careful (bnc#1012382). - team: avoid complex list operations in team_nl_cmd_options_set() (bnc#1012382). - team: Free BPF filter when unregistering netdev (git-fixes). - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581). - vsock: cope with memory allocation failure at socket creation time (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling netif_rx() (bnc#1012382). - wireless: airo: potential buffer overflow in sprintf() (bsc#1120902). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Important SUSE bug 1012382 SUSE bug 1020413 SUSE bug 1065600 SUSE bug 1070767 SUSE bug 1075697 SUSE bug 1082943 SUSE bug 1087092 SUSE bug 1090435 SUSE bug 1102959 SUSE bug 1103429 SUSE bug 1106929 SUSE bug 1109137 SUSE bug 1109248 SUSE bug 1119019 SUSE bug 1119843 SUSE bug 1120691 SUSE bug 1120902 SUSE bug 1121713 SUSE bug 1121805 SUSE bug 1124235 SUSE bug 1125315 SUSE bug 1125446 SUSE bug 1126389 SUSE bug 1126772 SUSE bug 1126773 SUSE bug 1126805 SUSE bug 1127082 SUSE bug 1127155 SUSE bug 1127561 SUSE bug 1127725 SUSE bug 1127731 SUSE bug 1127961 SUSE bug 1128166 SUSE bug 1128452 SUSE bug 1128565 SUSE bug 1128696 SUSE bug 1128756 SUSE bug 1128893 SUSE bug 1129080 SUSE bug 1129179 SUSE bug 1129237 SUSE bug 1129238 SUSE bug 1129239 SUSE bug 1129240 SUSE bug 1129241 SUSE bug 1129413 SUSE bug 1129414 SUSE bug 1129415 SUSE bug 1129416 SUSE bug 1129417 SUSE bug 1129418 SUSE bug 1129419 SUSE bug 1129581 SUSE bug 1129770 SUSE bug 1129923 CVE-2019-2024 CVE-2019-9213 openSUSE Leap 42.3 This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) This update also contains the following tracked bug fixes: - avoid bad interaction with python-cryptography package. (bsc#1021578) - Avoid regression accessesing non-existing attribute _from_raw_x509_ptr in object X509 (bsc#1119077) - Add python-setuptools as a requirement. (bsc#1052927) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1021578 SUSE bug 1052927 SUSE bug 1111634 SUSE bug 1111635 SUSE bug 1119077 CVE-2018-1000807 CVE-2018-1000808 openSUSE Leap 42.3 This update for tor to version 0.3.4.11 fixes the following issues: Security issue fixed: - CVE-2019-8955: Fixed a vulnerability in the KIST cell scheduler which could lead to memory exhaustion and finally Denial-of-Service (bsc#1126340). Moderate SUSE bug 1126340 CVE-2019-8955 openSUSE Leap 42.3 This update for perl-Email-Address to version 1.912 fixes the following issue: Security issue fixed: - CVE-2018-12558: Fixed a vulnerability which could allow Denial of Service in perl module Email::Address (bsc#1098368). Important SUSE bug 1098368 CVE-2018-12558 openSUSE Leap 42.3 This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1129186 CVE-2019-3838 openSUSE Leap 42.3 This update for ansible to version 2.7.8 fixes the following issues: Security issues fixed: - CVE-2018-16837: Fixed an information leak in user module (bsc#1112959). - CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587). - CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503). - CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808). - CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896). Other issues addressed: - prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957) Release notes: https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1 Moderate SUSE bug 1099808 SUSE bug 1102126 SUSE bug 1109957 SUSE bug 1112959 SUSE bug 1116587 SUSE bug 1118896 SUSE bug 1126503 CVE-2018-10875 CVE-2018-16837 CVE-2018-16859 CVE-2018-16876 CVE-2019-3828 openSUSE Leap 42.3 This update for pdns fixes the following issue: Security issue fixed: - CVE-2019-3871: Fixed an insufficient validation in the HTTP remote backend which could allow a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one (bsc#1129734). Important SUSE bug 1129734 CVE-2019-3871 openSUSE Leap 42.3 This update for ovmf fixes the following issue: Security issue fixed: - CVE-2018-12181: Fixed a stack buffer overflow in the HII database when a corrupted Bitmap was used (bsc#1128503). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1128503 CVE-2018-12181 openSUSE Leap 42.3 This update for gd fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123361). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1123361 SUSE bug 1123522 CVE-2019-6977 CVE-2019-6978 openSUSE Leap 42.3 This update for w3m fixes the following issues: Security issues fixed: - CVE-2018-6196: Prevent infinite recursion in HTMLlineproc0 caused by the feed_table_block_tag function which did not prevent a negative indent value (bsc#1077559) - CVE-2018-6197: Prevent NULL pointer dereference in formUpdateBuffer (bsc#1077568) - CVE-2018-6198: w3m did not properly handle temporary files when the ~/.w3m directory is unwritable, which allowed a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1077559 SUSE bug 1077568 SUSE bug 1077572 CVE-2018-6196 CVE-2018-6197 CVE-2018-6198 openSUSE Leap 42.3 This update for MozillaThunderbird fixes the following issues: Security issues fixed: - update to Mozilla Thunderbird 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12 Important SUSE bug 1129821 SUSE bug 1130262 CVE-2019-9810 CVE-2019-9813 openSUSE Leap 42.3 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1125401 SUSE bug 1128525 CVE-2019-8936 openSUSE Leap 42.3 This update for znc to version 1.7.2 fixes the following issue: Security issue fixed: - CVE-2019-9917: Fixed an issue where due to invalid encoding znc was crashing (bsc#1130360). Low SUSE bug 1130360 CVE-2019-9917 openSUSE Leap 42.3 This update for nodejs6 to version 6.17.0 fixes the following issues: Security issues fixed: - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Release Notes: https://nodejs.org/en/blog/release/v6.17.0/ This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1127080 SUSE bug 1127532 SUSE bug 1127533 CVE-2019-1559 CVE-2019-5737 CVE-2019-5739 openSUSE Leap 42.3 This update for adcli and sssd provides the following improvement: Security vulnerability fixed: - CVE-2019-3811: Fix fallback_homedir returning '/' for empty home directories (bsc#1121759) Other fixes: - Add an option to disable checking for trusted domains in the subdomains provider (bsc#1125617) - Clear pid file in corner cases (bsc#1127670) - Fix child unable to write to log file after SIGHUP (bsc#1127670) - Include adcli in SUSE Linux Enterprise 12 SP3 for sssd-ad. (fate#326619, bsc#1109849) The adcli enables sssd to do password renewal when using Active Directory. This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1109849 SUSE bug 1110121 SUSE bug 1121759 SUSE bug 1125617 SUSE bug 1127670 CVE-2019-3811 openSUSE Leap 42.3 This update for openssl fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Other issues addressed: - Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1100078 SUSE bug 1113975 SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 openSUSE Leap 42.3 This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1130324 CVE-2019-9924 openSUSE Leap 42.3 This update for pspp fixes the following issues: - CVE-2019-9211: Handle a reachable assertion in write_long_string_missing_values() in libdata.a that could have lead to denial of service. (boo#1127343). - Remove excessive -n argument to %build, and excessive %defattr lines. Moderate SUSE bug 1127343 CVE-2019-9211 openSUSE Leap 42.3 This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1131233 SUSE bug 1131237 SUSE bug 1131239 SUSE bug 1131241 SUSE bug 1131245 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 openSUSE Leap 42.3 This update for file fixes the following issues: The following security vulnerabilities were addressed: - Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974 CVE-2018-10360). - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1096974 SUSE bug 1096984 SUSE bug 1126117 SUSE bug 1126118 SUSE bug 1126119 CVE-2018-10360 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 openSUSE Leap 42.3 This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 openSUSE Leap 42.3 This update for nodejs10 to version 10.1.2 fixes the following issue: Security issue fixed: - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1127532 CVE-2019-5737 openSUSE Leap 42.3 This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1124799 SUSE bug 1124800 SUSE bug 1124802 SUSE bug 1124803 SUSE bug 1124805 SUSE bug 1124806 SUSE bug 1124824 SUSE bug 1124825 SUSE bug 1124826 SUSE bug 1124827 SUSE bug 1125099 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 openSUSE Leap 42.3 This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed: - Directory listing without authentication fixed (bsc#1092206). This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1092206 SUSE bug 1122623 CVE-2019-3816 CVE-2019-3833 openSUSE Leap 42.3 This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation (bsc#1111789). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1111789 SUSE bug 1123022 SUSE bug 1130116 CVE-2019-3814 CVE-2019-7524 openSUSE Leap 42.3 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1119687 SUSE bug 1131576 CVE-2018-20346 CVE-2018-20506 openSUSE Leap 42.3 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19961 CVE-2018-19962: Fixed insufficient TLB flushing / improper large page mappings with AMD IOMMUs (XSA-275)(bsc#1115040). - CVE-2018-19965: Fixed denial of service issue from attempting to use INVPCID with a non-canonical addresses (XSA-279)(bsc#1115045). - CVE-2018-19966: Fixed issue introduced by XSA-240 that could have caused conflicts with shadow paging (XSA-280)(bsc#1115047). - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy x86 PV guest kernels to mount a Denial of Service attack affecting the whole system (bsc#1126197). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). Other issues addressed: - Upstream bug fixes (bsc#1027519) - Fixed an issue where live migrations were failing when spectre was enabled on xen boot cmdline (bsc#1116380). - Fixed an issue where setup of grant_tables and other variables may fail (bsc#1126325). - Fixed a building issue (bsc#1119161). - Fixed an issue where xpti=no-dom0 was not working as expected (bsc#1105528). - Packages should no longer use /var/adm/fillup-templates (bsc#1069468). - Added Xen cmdline option "suse_vtsc_tolerance" to avoid TSC emulation for HVM domUs (bsc#1026236). This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1069468 SUSE bug 1105528 SUSE bug 1114988 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1116380 SUSE bug 1117756 SUSE bug 1119161 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126197 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1126325 SUSE bug 1127400 SUSE bug 1129623 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 openSUSE Leap 42.3 This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1127122 SUSE bug 1128722 CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9641 openSUSE Leap 42.3 This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's "mod_auth_digest" when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1131233 SUSE bug 1131237 SUSE bug 1131239 SUSE bug 1131241 SUSE bug 1131245 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - CVE-2019-11005: Fixed a stack-based buffer overflow in SVGStartElement of coders/svg.c that allowed attackers to cause DOS or an unspecified impact (boo#1132058) - CVE-2019-11006: Fixed a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c that allowed attackers to cause DOS or information disclosure (boo#1132061) - CVE-2019-11010: Fixed a memory leak in ReadMPCImage of coders/mpc.c that which allowed attackers to cause DOS via a crafted image file (boo#1132055) - CVE-2019-11007: Fixed a heap-based buffer over-read in the ReadMNGImage function of coders/png.c that which allowed attackers to cause a denial of service or information disclosure (boo#1132060) - CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c that which allowed remote attackers to cause DOS or other unspecified impact (boo#1132054) - CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c that which allowed attackers to cause DOS or information disclosure (boo#1132053) Moderate SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132055 SUSE bug 1132058 SUSE bug 1132060 SUSE bug 1132061 CVE-2019-11005 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010 openSUSE Leap 42.3 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-9824: Fixed information leak in slirp (bsc#1129622). - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 hostinformation (bsc#1126455). - CVE-2019-3812: Fixed Out-of-bounds memory access and information leak in virtual monitor interface (bsc#1125721). - CVE-2018-20815: Fixed a denial of service possibility in device tree processing (bsc#1130675). Non-security issue fixed: - Backported Skylake-Server vcpu model support from qemu v2.11 (FATE#327261 bsc#1131955). - Added ability to set virtqueue size using virtqueue_size parameter (FATE#327255 bsc#1118900). This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1118900 SUSE bug 1125721 SUSE bug 1126455 SUSE bug 1129622 SUSE bug 1130675 SUSE bug 1131955 CVE-2018-20815 CVE-2019-3812 CVE-2019-8934 CVE-2019-9824 openSUSE Leap 42.3 This update for xmltooling fixes the following issue: Security issue fixed: - CVE-2019-9628: Fixed an improper handling of exception in XMLTooling library which could result in denial of service against the application using XMLTooling (bsc#1129537). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1129537 CVE-2019-9628 openSUSE Leap 42.3 This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses (DOS) (bsc#1120281) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1120281 CVE-2018-1000845 openSUSE Leap 42.3 This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1131493 CVE-2019-5953 openSUSE Leap 42.3 This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 openSUSE Leap 42.3 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fix vfs_ceph ftruncate and fallocate handling (bsc#1127153). - Abide by load_printers smb.conf parameter (bsc#1124223). - s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit() (bsc#1123755). - s3:passdb: Do not return OK if we don't have pinfo set up (bsc#1099590). - s3:winbind: Fix regression (bsc#1123755). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1099590 SUSE bug 1123755 SUSE bug 1124223 SUSE bug 1127153 SUSE bug 1131060 CVE-2019-3880 openSUSE Leap 42.3 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128892). - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128886). - CVE-2019-9638: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension ((bsc#1128889). - CVE-2019-9639: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128887). - CVE-2019-9640: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension (bsc#1128883). - CVE-2019-9024: Fixed a vulnerability in xmlrpc_decode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas (bsc#1126821). - CVE-2019-9020: Fixed a heap out of bounds in xmlrpc_decode function (bsc#1126711). - CVE-2018-20783: Fixed a buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1127122). - CVE-2019-9021: Fixed a heap buffer-based buffer over-read in PHAR reading functions which could allow an attacker to read allocated and unallocated memory when parsing a phar file (bsc#1126713). - CVE-2019-9023: Fixed multiple heap-based buffer over-read instances in mbstring regular expression functions (bsc#1126823). - CVE-2019-9641: Fixed multiple invalid memory access in EXIF extension and improved insecure implementation of rename function (bsc#1128722). Other issue addressed: - Deleted README.default_socket_timeout which is not needed anymore (bsc#1129032). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1126711 SUSE bug 1126713 SUSE bug 1126821 SUSE bug 1126823 SUSE bug 1127122 SUSE bug 1128722 SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 SUSE bug 1129032 CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641 CVE-2019-9675 openSUSE Leap 42.3 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). Other issue addressed: - cpu: add Skylake-Server and Skylake-Server-IBRS CPU models (FATE#327261, bsc#1131955) - libxl: save current memory value after successful balloon (bsc#1120813). - libxl: support Xen's max_grant_frames setting with maxGrantFrames attribute on the xenbus controller (bsc#1126325). - conf: add new 'xenbus' controller type This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1120813 SUSE bug 1126325 SUSE bug 1127458 SUSE bug 1131595 SUSE bug 1131955 CVE-2019-3840 CVE-2019-3886 openSUSE Leap 42.3 This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1112758 SUSE bug 1131886 CVE-2018-16839 openSUSE Leap 42.3 This update for ntfs-3g_ntfsprogs fixes the following issues: Security issues fixed: - CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation (bsc#1130165). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1130165 CVE-2019-9755 openSUSE Leap 42.3 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2019-8375: Fixed an issue in UIProcess subsystem which could allow the script dialog size to exceed the web view size leading to Buffer Overflow or other unspecified impact (bsc#1126768). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1126768 CVE-2019-8375 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 openSUSE Leap 42.3 This update for chromium fixes the following issues: Security update to version 74.0.3729.108 (boo#1133313). Security issues fixed: - CVE-2019-5805: Use after free in PDFium - CVE-2019-5806: Integer overflow in Angle - CVE-2019-5807: Memory corruption in V8 - CVE-2019-5808: Use after free in Blink - CVE-2019-5809: Use after free in Blink - CVE-2019-5810: User information disclosure in Autofill - CVE-2019-5811: CORS bypass in Blink - CVE-2019-5813: Out of bounds read in V8 - CVE-2019-5814: CORS bypass in Blink - CVE-2019-5815: Heap buffer overflow in Blink - CVE-2019-5818: Uninitialized value in media reader - CVE-2019-5819: Incorrect escaping in developer tools - CVE-2019-5820: Integer overflow in PDFium - CVE-2019-5821: Integer overflow in PDFium - CVE-2019-5822: CORS bypass in download manager - CVE-2019-5823: Forced navigation from service worker Bug fixes: - Update to 73.0.3686.103: * Various feature fixes - Update to 73.0.3683.86: * Various feature fixes - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Important SUSE bug 1133313 CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 openSUSE Leap 42.3 This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). Non-security issue fixed: - Update mozilla-nss to version 3.36.7 as build dependency. Important SUSE bug 1121255 SUSE bug 1122983 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 openSUSE Leap 42.3 This update for pacemaker fixes the following issues: Security issues fixed: - CVE-2018-16877: Fixed a local privilege escalation through insufficient IPC client-server authentication. (bsc#1131356) - CVE-2018-16878: Fixed a denial of service through insufficient verification inflicted preference of uncontrolled processes. (bsc#1131353) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1131353 SUSE bug 1131356 CVE-2018-16877 CVE-2018-16878 openSUSE Leap 42.3 This update for libjpeg-turbo fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-14498: Fixed a heap-based buffer over read in get_8bit_row function which could allow to an attacker to cause denial of service (bsc#1128712). - CVE-2018-11813: Fixed the end-of-file mishandling in read_pixel in rdtarga.c, which allowed remote attackers to cause a denial-of-service via crafted JPG files due to a large loop (bsc#1096209) - CVE-2018-1152: Fixed a denial of service in start_input_bmp() rdbmp.c caused by a divide by zero when processing a crafted BMP image (bsc#1098155) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1096209 SUSE bug 1098155 SUSE bug 1128712 CVE-2018-1152 CVE-2018-11813 CVE-2018-14498 openSUSE Leap 42.3 This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1104205 SUSE bug 1109209 CVE-2018-14526 openSUSE Leap 42.3 This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1054979 SUSE bug 1099498 SUSE bug 1115245 SUSE bug 1117751 SUSE bug 1117776 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 SUSE bug 1125623 SUSE bug 1125666 CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2019-11506: Fixed a heap-based buffer overflow in the function WriteMATLABImage (boo#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the function WritePDBImage (boo#1133501). The following fixes where modified and refreshed: - CVE-2019-11008: Fixed a heap-based buffer overflow in the function WriteXWDImage (boo#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in the function ReadXWDImage (boo#1132053). - CVE-2019-11473: Fixed an out-of-bounds read leading to a possible denial of service in coders/xwd.c (boo#1133203). - CVE-2019-11474: Fixed a floating-point exception leading to a possible denial of service in coders/xwd.c (boo#1133202). Moderate SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1133202 SUSE bug 1133203 SUSE bug 1133498 SUSE bug 1133501 CVE-2019-11008 CVE-2019-11009 CVE-2019-11473 CVE-2019-11474 CVE-2019-11505 CVE-2019-11506 openSUSE Leap 42.3 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1129346 CVE-2019-9636 openSUSE Leap 42.3 This update for openssl fixes the following issues: - Reject invalid EC point coordinates (bsc#1131291) This helps openssl using services that do not do this verification on their own. This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1131291 openSUSE Leap 42.3 This update for mysql-community-server to version 5.6.43 fixes the following issues: Security issues fixed: - CVE-2019-2534, CVE-2019-2529, CVE-2019-2482, CVE-2019-2455, CVE-2019-2503, CVE-2019-2537, CVE-2019-2481, CVE-2019-2507, CVE-2019-2531, CVE-2018-0734 (boo#1113652, boo#1122198) Important SUSE bug 1113652 SUSE bug 1122198 CVE-2018-0734 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2503 CVE-2019-2507 CVE-2019-2529 CVE-2019-2531 CVE-2019-2534 CVE-2019-2537 openSUSE Leap 42.3 This update for signing-party fixes the following issues: - CVE-2019-11627: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID. Moderate SUSE bug 1134040 CVE-2019-11627 openSUSE Leap 42.3 This update for wireshark to version 2.4.14 fixes the following issues: Security issues fixed: - CVE-2019-10895: NetScaler file parser crash. - CVE-2019-10899: SRVLOC dissector crash. - CVE-2019-10894: GSS-API dissector crash. - CVE-2019-10896: DOF dissector crash. - CVE-2019-10901: LDSS dissector crash. - CVE-2019-10903: DCERPC SPOOLSS dissector crash. - CVE-2019-9214: Avoided a dereference of a null coversation which could make RPCAP dissector crash (bsc#1127367). - CVE-2019-9209: Fixed a buffer overflow in time values which could make ASN.1 BER and related dissectors crash (bsc#1127369). - CVE-2019-9208: Fixed a null pointer dereference which could make TCAP dissector crash (bsc#1127370). Non-security issue fixed: - Update to version 2.4.14 (bsc#1131945). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1127367 SUSE bug 1127369 SUSE bug 1127370 SUSE bug 1131945 CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-9208 CVE-2019-9209 CVE-2019-9214 openSUSE Leap 42.3 This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 openSUSE Leap 42.3 This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed remote denial of service via a crafted TCP-based service (boo#1104139). Low SUSE bug 1104139 CVE-2018-15173 openSUSE Leap 42.3 This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1132549 SUSE bug 1132664 CVE-2019-11234 CVE-2019-11235 openSUSE Leap 42.3 The openSUSE Leap 42.3 Linux kernel was updated to 4.4.172 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities in the Bluetooth stack were fixed that could potentially leak kernel information (bsc#1120758) - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso _get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1087082). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). The following non-security bugs were fixed: - 9p/net: put a lower bound on msize (bnc#1012382). - ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1121239). - acpi/nfit: Block function zero DSMs (bsc#1123321). - acpi/nfit: Fix command-supported detection (bsc#1123323). - acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114648). - acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114648). - acpi/power: Skip duplicate power resource references in _PRx (bnc#1012382). - acpi/processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)). - aio: fix spectre gadget in lookup_ioctx (bnc#1012382). - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bnc#1012382). - alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382). - alsa: control: Fix race between adding and removing a user element (bnc#1012382). - alsa: cs46xx: Potential NULL dereference in probe (bnc#1012382). - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - alsa: emux: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - alsa: hda: add mute LED support for HP EliteBook 840 G4 (bnc#1012382). - alsa: hda: Add support for AMD Stoney Ridge (bnc#1012382). - alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382). - alsa: hda/tegra: clear pending irq handlers (bnc#1012382). - alsa: isa/wavefront: prevent some out of bound writes (bnc#1012382). - alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bnc#1012382). - alsa: pcm: Fix interval evaluation with openmin/max (bnc#1012382). - alsa: pcm: Fix potential Spectre v1 vulnerability (bnc#1012382). - alsa: pcm: Fix starvation on down_write_nonblock() (bnc#1012382). - alsa: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command (bnc#1012382). - alsa: rme9652: Fix potential Spectre v1 vulnerability (bnc#1012382). - alsa: sparc: Fix invalid snd_free_pages() at error path (bnc#1012382). - alsa: trident: Suppress gcc string warning (bnc#1012382). - alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bnc#1012382). - alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bnc#1012382). - alsa: wss: Fix invalid snd_free_pages() at error path (bnc#1012382). - arc: change defconfig defaults to ARCv2 (bnc#1012382). - arc: [devboards] Add support of NFSv3 ACL (bnc#1012382). - arc: io.h: Implement reads{x}()/writes{x}() (bnc#1012382). - arm64: Do not trap host pointer auth use to EL2 (bnc#1012382). - arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382). - arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382). - arm64: remove no-op -p linker flag (bnc#1012382). - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling (bnc#1012382). - arm: imx: update the cpu power up timing setting on i.mx6sx (bnc#1012382). - arm: kvm: fix building with gcc-8 (bsc#1121241). - arm: OMAP1: ams-delta: Fix possible use of uninitialized field (bnc#1012382). - arm: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup (bnc#1012382). - ASoC: dapm: Recalculate audio map forcely when card instantiated (bnc#1012382). - ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bnc#1012382). - ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bnc#1012382). - ata: Fix racy link clearance (bsc#1107866). - ath10k: fix kernel panic due to race in accessing arvif list (bnc#1012382). - ax25: fix a use-after-free in ax25_fillin_cb() (bnc#1012382). - b43: Fix error in cordic routine (bnc#1012382). - batman-adv: Expand merged fragment buffer for full packet (bnc#1012382). - bfs: add sanity check at bfs_fill_super() (bnc#1012382). - block/loop: Use global lock for ioctl() operation (bnc#1012382). - block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes). - bnx2x: Assign unique DMAE channel number for FW DMAE transactions (bnc#1012382). - bonding: fix 802.3ad state sent to partner when unbinding slave (bnc#1012382). - bpf: fix check of allowed specifiers in bpf_trace_printk (bnc#1012382). - bpf: support 8-byte metafield access (bnc#1012382). - bpf, trace: check event type in bpf_perf_event_read (bsc#1119970). - bpf, trace: use READ_ONCE for retrieving file ptr (bsc#1119967). - bpf/verifier: Add spi variable to check_stack_write() (bnc#1012382). - bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() (bnc#1012382). - btrfs: Always try all copies when reading extent buffers (bnc#1012382). - btrfs: ensure path name is null terminated at btrfs_control_ioctl (bnc#1012382). - btrfs: Fix memory barriers usage with device stats counters (git-fixes). - btrfs: fix use-after-free when dumping free space (bnc#1012382). - btrfs: Handle error from btrfs_uuid_tree_rem call in _btrfs_ioctl_set_received_subvol (git-fixes). - btrfs: release metadata before running delayed refs (bnc#1012382). - btrfs: send, fix infinite loop due to directory rename dependencies (bnc#1012382). - btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382). - btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896). - btrfs: tree-checker: Fix misleading group system information (bnc#1012382). - btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382). - btrfs: validate type when reading a chunk (bnc#1012382). - btrfs: wait on ordered extents on abort cleanup (bnc#1012382). - can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bnc#1012382). - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bnc#1012382). - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bnc#1012382). - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bnc#1012382). - can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382). - can: rcar_can: Fix erroneous registration (bnc#1012382). - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader (bnc#1012382). - ceph: do not update importing cap's mseq when handing cap export (bsc#1121275). - checkstack.pl: fix for aarch64 (bnc#1012382). - cifs: Do not hide EINTR after sending network packets (bnc#1012382). - cifs: Fix error mapping for SMB2_LOCK command which caused OFD lock problem (bnc#1012382). - cifs: Fix potential OOB access of lock element array (bnc#1012382). - cifs: Fix separator when building path from dentry (bnc#1012382). - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) (bnc#1012382). - clk: imx6q: reset exclusive gates on init (bnc#1012382). - clk: mmp: Off by one in mmp_clk_add() (bnc#1012382). - cpufeature: avoid warning when compiling with clang (Git-fixes). - cpufreq: imx6q: add return value check for voltage scale (bnc#1012382). - crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382). - crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382). - crypto: cts - fix crash on short inputs (bnc#1012382). - crypto: user - support incremental algorithm dumps (bsc#1120902). - crypto: x86/chacha20 - avoid sleeping with preemption disabled (bnc#1012382). - cw1200: Do not leak memory if krealloc failes (bnc#1012382). - debugobjects: avoid recursive calls with kmemleak (bnc#1012382). - Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382). - disable stringop truncation warnings for now (bnc#1012382). - dlm: fixed memory leaks after failed ls_remove_names allocation (bnc#1012382). - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() (bnc#1012382). - dlm: memory leaks on error path in dlm_user_request() (bnc#1012382). - dlm: possible memory leak on error path in create_lkb() (bnc#1012382). - dmaengine: at_hdmac: fix memory leak in at_dma_xlate() (bnc#1012382). - dmaengine: at_hdmac: fix module unloading (bnc#1012382). - dm cache metadata: ignore hints array being too small during resize (Git-fixes). - dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes). - dm crypt: factor IV constructor out to separate function (Git-fixes). - dm crypt: fix crash by adding missing check for auth key size (git-fixes). - dm crypt: fix error return code in crypt_ctr() (git-fixes). - dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes). - dm crypt: introduce new format of cipher with "capi:" prefix (Git-fixes). - dm crypt: wipe kernel key copy after IV initialization (Git-fixes). - dm: do not allow readahead to limit IO size (git fixes (readahead)). - dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382). - dm-multipath: do not assign cmd_flags in setup_clone() (bsc#1103156). - dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382). - dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes). - drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() (bsc#1104098). - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bnc#1012382). - drivers/sbus/char: add of_node_put() (bnc#1012382). - drivers/tty: add missing of_node_put() (bnc#1012382). - drm/ast: change resolution may cause screen blurred (bnc#1012382). - drm/ast: fixed cursor may disappear sometimes (bnc#1012382). - drm/ast: fixed reading monitor EDID not stable issue (bnc#1012382). - drm/ast: Fix incorrect free on ioregs (bsc#1106929) - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106929) - drm/ioctl: Fix Spectre v1 vulnerabilities (bnc#1012382). - drm/msm: Grab a vblank reference when waiting for commit_done (bnc#1012382). - drm: rcar-du: Fix external clock error checks (bsc#1106929) - drm: rcar-du: Fix vblank initialization (bsc#1106929) - e1000e: allow non-monotonic SYSTIM readings (bnc#1012382). - EDAC: Raise the maximum number of memory controllers (bsc#1120722). - efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650). - exec: avoid gcc-8 warning for get_task_comm (bnc#1012382). - exportfs: do not read dentry after free (bnc#1012382). - ext2: fix potential use after free (bnc#1012382). - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382). - ext4: Fix crash during online resizing (bsc#1122779). - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bnc#1012382). - ext4: fix possible use after free in ext4_quota_enable (bnc#1012382). - ext4: force inode writes when nfsd calls commit_metadata() (bnc#1012382). - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bnc#1012382). - f2fs: Add sanity_check_inode() function (bnc#1012382). - f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382). - f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382). - f2fs: clean up argument of recover_data (bnc#1012382). - f2fs: clean up with is_valid_blkaddr() (bnc#1012382). - f2fs: detect wrong layout (bnc#1012382). - f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382). - f2fs: factor out fsync inode entry operations (bnc#1012382). - f2fs: fix inode cache leak (bnc#1012382). - f2fs: fix invalid memory access (bnc#1012382). - f2fs: fix missing up_read (bnc#1012382). - f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382). - f2fs: fix to convert inline directory correctly (bnc#1012382). - f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382). - f2fs: fix to do sanity check with block address in main area (bnc#1012382). - f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382). - f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382). - f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382). - f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382). - f2fs: fix to do sanity check with secs_per_zone (bnc#1012382). - f2fs: fix to do sanity check with user_block_count (bnc#1012382). - f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382). - f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382). - f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382). - f2fs: introduce and spread verify_blkaddr (bnc#1012382). - f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382). - f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382). - f2fs: not allow to write illegal blkaddr (bnc#1012382). - f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382). - f2fs: remove an obsolete variable (bnc#1012382). - f2fs: return error during fill_super (bnc#1012382). - f2fs: sanity check on sit entry (bnc#1012382). - f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382). - fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1106929) - fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1106929) - fix fragmentation series - Fix problem with sharetransport= and NFSv4 (bsc#1114893). - floppy: fix race condition in __floppy_read_block_0() (Git-fixes). - fork: record start_time late (bnc#1012382). - fscache, cachefiles: remove redundant variable 'cache' (bnc#1012382). - fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes). - fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes). - genwqe: Fix size check (bnc#1012382). - gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bnc#1012382). - gfs2: Fix loop in gfs2_rbm_find (bnc#1012382). - git_sort.py: Remove non-existent remote tj/libata - gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes). - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bnc#1012382). - gro_cell: add napi_disable in gro_cells_destroy (bnc#1012382). - hfs: do not free node before using (bnc#1012382). - hfsplus: do not free node before using (bnc#1012382). - hpwdt add dynamic debugging (bsc#1114417). - hpwdt calculate reload value on each use (bsc#1114417). - hugetlbfs: fix bug in pgoff overflow checking (bnc#1012382). - hwmon: (ina2xx) Fix current value calculation (bnc#1012382). - hwmon: (w83795) temp4_type has writable permission (bnc#1012382). - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - i2c: axxia: properly handle master timeout (bnc#1012382). - i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382). - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bnc#1012382). - ib/hfi1: Fix an out-of-bounds access in get_hw_stats (). - ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357). - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path (bnc#1012382). - ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726). - ibmvnic: Convert reset work item mutex to spin lock (). - ibmvnic: Fix non-atomic memory allocation in IRQ context (). - ibmvnic: Increase maximum queue size limit (bsc#1121726). - ibmvnic: Introduce driver limits for ring sizes (bsc#1121726). - ide: pmac: add of_node_put() (bnc#1012382). - ieee802154: lowpan_header_create check must check daddr (bnc#1012382). - input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bnc#1012382). - input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G (bnc#1012382). - input: elan_i2c - add ELAN0620 to the ACPI table (bnc#1012382). - input: elan_i2c - add support for ELAN0621 touchpad (bnc#1012382). - input: matrix_keypad - check for errors from of_get_named_gpio() (bnc#1012382). - input: omap-keypad - fix idle configuration to not block SoC idle states (bnc#1012382). - input: omap-keypad - fix keyboard debounce configuration (bnc#1012382). - input: restore EV_ABS ABS_RESERVED (bnc#1012382). - input: xpad - add GPD Win 2 Controller USB IDs (bnc#1012382). - input: xpad - add Mad Catz FightStick TE 2 VID/PID (bnc#1012382). - input: xpad - add more third-party controllers (bnc#1012382). - input: xpad - add PDP device id 0x02a4 (bnc#1012382). - input: xpad - add product ID for Xbox One S pad (bnc#1012382). - input: xpad - add support for PDP Xbox One controllers (bnc#1012382). - input: xpad - add support for Xbox1 PDP Camo series gamepad (bnc#1012382). - input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth (bnc#1012382). - input: xpad - avoid using __set_bit() for capabilities (bnc#1012382). - input: xpad - constify usb_device_id (bnc#1012382). - input: xpad - correctly sort vendor id's (bnc#1012382). - input: xpad - correct xbox one pad device name (bnc#1012382). - input: xpad - do not depend on endpoint order (bnc#1012382). - input: xpad - fix GPD Win 2 controller name (bnc#1012382). - input: xpad - fix PowerA init quirk for some gamepad models (bnc#1012382). - input: xpad - fix rumble on Xbox One controllers with 2015 firmware (bnc#1012382). - input: xpad - fix some coding style issues (bnc#1012382). - input: xpad - fix stuck mode button on Xbox One S pad (bnc#1012382). - input: xpad - fix Xbox One rumble stopping after 2.5 secs (bnc#1012382). - input: xpad - handle "present" and "gone" correctly (bnc#1012382). - input: xpad - move reporting xbox one home button to common function (bnc#1012382). - input: xpad - power off wireless 360 controllers on suspend (bnc#1012382). - input: xpad - prevent spurious input from wired Xbox 360 controllers (bnc#1012382). - input: xpad - quirk all PDP Xbox One gamepads (bnc#1012382). - input: xpad - remove spurious events of wireless xpad 360 controller (bnc#1012382). - input: xpad - remove unused function (bnc#1012382). - input: xpad - restore LED state after device resume (bnc#1012382). - input: xpad - simplify error condition in init_output (bnc#1012382). - input: xpad - sort supported devices by USB ID (bnc#1012382). - input: xpad - support some quirky Xbox One pads (bnc#1012382). - input: xpad - sync supported devices with 360Controller (bnc#1012382). - input: xpad - sync supported devices with XBCD (bnc#1012382). - input: xpad - sync supported devices with xboxdrv (bnc#1012382). - input: xpad - update Xbox One Force Feedback Support (bnc#1012382). - input: xpad - use LED API when identifying wireless controllers (bnc#1012382). - input: xpad - validate USB endpoint type during probe (bnc#1012382). - input: xpad - workaround dead irq_out after suspend/ resume (bnc#1012382). - input: xpad - xbox one elite controller support (bnc#1012382). - intel_th: msu: Fix an off-by-one in attribute store (bnc#1012382). - iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105). - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105). - iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105). - iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105). - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105). - iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105). - ip6mr: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382). - ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382). - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() (bnc#1012382). - ipv4: Fix potential Spectre v1 vulnerability (bnc#1012382). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: Check available headroom in ip6_xmit() even without options (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382). - ipv6: explicitly initialize udp6_addr in udp_sock_create6() (bnc#1012382). - ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382). - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382). - isdn: fix kernel-infoleak in capi_unlocked_ioctl (bnc#1012382). - iser: set sector for ambiguous mr status errors (bnc#1012382). - iwlwifi: mvm: fix regulatory domain update when the firmware starts (bnc#1012382). - iwlwifi: mvm: support sta_statistics() even on older firmware (bnc#1012382). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bnc#1012382). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382). - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336). - kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653). - kbuild: suppress packed-not-aligned warning for default setting only (bnc#1012382). - kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382). - kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382). - kdb: use memmove instead of overlapping memcpy (bnc#1012382). - kdb: Use strscpy with destination buffer size (bnc#1012382). - kernfs: Replace strncpy with memcpy (bnc#1012382). - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bnc#1012382). - kgdboc: Fix restrict error (bnc#1012382). - kgdboc: Fix warning with module build (bnc#1012382). - kobject: Replace strncpy with memcpy (bnc#1012382). - kvm/arm64: Fix caching of host MDCR_EL2 value (bsc#1121242). - kvm/arm: Restore banked registers and physical timer access on hyp_panic() (bsc#1121240). - kvm/mmu: Fix race in emulated page table writes (bnc#1012382). - kvm/nVMX: Eliminate vmcs02 pool (bnc#1012382). - kvm/nVMX: mark vmcs12 pages dirty on L2 exit (bnc#1012382). - kvm/PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bnc#1012382). - kvm/svm: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032). - kvm/svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114648). - kvm/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (bnc#1012382 bsc#1068032 bsc#1096242 bsc#1096281). - kvm/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (bnc#1012382). - kvm/VMX: introduce alloc_loaded_vmcs (bnc#1012382). - kvm/VMX: make MSR bitmaps per-VCPU (bnc#1012382). - kvm/x86: Add IBPB support (bnc#1012382 bsc#1068032 bsc#1068032). - kvm/x86: fix empty-body warnings (bnc#1012382). - kvm/x86: Remove indirect MSR op calls from SPEC_CTRL (bnc#1012382). - kvm/x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bnc#1012382). - leds: call led_pwm_set() in leds-pwm to enforce default LED_OFF (bnc#1012382). - leds: leds-gpio: Fix return value check in create_gpio_led() (bnc#1012382). - leds: turn off the LED and wait for completion on unregistering LED class device (bnc#1012382). - libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bnc#1012382). - libceph: fall back to sendmsg for slab pages (bsc#1118316). - libfc: sync strings with upstream versions (bsc#1114763). - lib/interval_tree_test.c: allow full tree search (bnc#1012382). - lib/interval_tree_test.c: allow users to limit scope of endpoint (bnc#1012382). - lib/interval_tree_test.c: make test options module parameters (bnc#1012382). - libnvdimm, {btt, blk}: do integrity setup before add_disk() (bsc#1118926). - libnvdimm, dimm: fix dpa reservation vs uninitialized label area (bsc#1118936). - libnvdimm: fix integer overflow static analysis warning (bsc#1118922). - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering (bsc#1118915). - lib/rbtree_test.c: make input module parameters (bnc#1012382). - lib/rbtree-test: lower default params (bnc#1012382). - llc: do not use sk_eat_skb() (bnc#1012382). - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382). - loop: Fold __loop_release into loop_release (bnc#1012382). - loop: Get rid of loop_index_mutex (bnc#1012382). - LSM: Check for NULL cred-security on free (bnc#1012382). - mac80211: Clear beacon_int in ieee80211_do_stop (bnc#1012382). - mac80211: fix reordering of buffered broadcast packets (bnc#1012382). - mac80211_hwsim: fix module init error paths for netlink (bnc#1012382). - mac80211_hwsim: Timer should be initialized before device registered (bnc#1012382). - mac80211: ignore NullFunc frames in the duplicate detection (bnc#1012382). - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bnc#1012382). - matroxfb: fix size of memcpy (bnc#1012382). - md: batch flush requests (bsc#1119680). - md: do not check MD_SB_CHANGE_CLEAN in md_allow_write (Git-fixes). - media: dvb-frontends: fix i2c access helpers for KASAN (bnc#1012382). - media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382). - media: em28xx: Fix use-after-free when disconnecting (bnc#1012382). - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382). - media: vb2: be sure to unlock mutex on errors (bnc#1012382). - media: vb2: vb2_mmap: move lock up (bnc#1012382). - media: vivid: fix error handling of kthread_run (bnc#1012382). - media: vivid: free bitmap_cap when updating std/timings/etc (bnc#1012382). - media: vivid: set min width/height to a value > 0 (bnc#1012382). - mfd: tps6586x: Handle interrupts on suspend (bnc#1012382). - mips: Align kernel load address to 64KB (bnc#1012382). - mips: Ensure pmd_present() returns false after pmd_mknotpresent() (bnc#1012382). - mips: fix mips_get_syscall_arg o32 check (bnc#1012382). - mips: fix n32 compat_ipc_parse_version (bnc#1012382). - mips: ralink: Fix mt7620 nd_sd pinmux (bnc#1012382). - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382). - misc: mic/scif: fix copy-paste error in scif_create_remote_lookup (bnc#1012382). - mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382). - mmc: core: Reset HPI enabled state during re-init and in case of errors (bnc#1012382). - mm: cleancache: fix corruption on missed inode invalidation (bnc#1012382). - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bnc#1012382). - mmc: omap_hsmmc: fix DMA API warning (bnc#1012382). - mm, devm_memremap_pages: kill mapping "System RAM" support (bnc#1012382). - mm: do not miss the last page because of round-off error (bnc#1118798). - mm, hugetlb: fix huge_pte_alloc BUG_ON (bsc#1119204). - mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page (bnc#1116336). - mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability). - mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability). - mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability). - mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability). - mm: mlock: avoid increase mm->locked_vm on mlock() when already mlock2(,MLOCK_ONFAULT) (bnc#1012382). - mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages() (bnc#1012382). - mm: only report isolation failures when offlining memory (generic hotplug debugability). - mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382). - mm: Preserve _PAGE_DEVMAP across mprotect() calls (bsc#1118790). - mm: print more information about mapping in __dump_page (generic hotplug debugability). - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382). - mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272). - mm: remove write/force parameters from __get_user_pages_locked() (bnc#1012382 bsc#1027260). - mm: remove write/force parameters from __get_user_pages_unlocked() (bnc#1012382 bsc#1027260). - mm: replace __access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace access_remote_vm() write parameter with gup_flags (bnc#1012382). - mm: replace get_user_pages_locked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages_unlocked() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_user_pages() write/force parameters with gup_flags (bnc#1012382 bsc#1027260). - mm: replace get_vaddr_frames() write/force parameters with gup_flags (bnc#1012382). - mm, slab: faster active and free stats (bsc#116653, VM Performance). - mm/slab: improve performance of gathering slabinfo stats (bsc#116653, VM Performance). - mm, slab: maintain total slab count instead of active count (bsc#116653, VM Performance). - Move patches to sorted range, p1 - mv88e6060: disable hardware level MAC learning (bnc#1012382). - mwifiex: Fix NULL pointer dereference in skb_dequeue() (bnc#1012382). - mwifiex: fix p2p device does not find in scan problem (bnc#1012382). - namei: allow restricted O_CREAT of FIFOs and regular files (bnc#1012382). - neighbour: Avoid writing before skb->head in neigh_hh_output() (bnc#1012382). - net: 8139cp: fix a BUG triggered by changing mtu with network traffic (bnc#1012382). - net: amd: add missing of_node_put() (bnc#1012382). - net: bcmgenet: fix OF child-node lookup (bnc#1012382). - net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382). - net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382). - net: ena: fix crash during ena_remove() (bsc#1108240). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1108240). - net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts (bnc#1012382). - netfilter: nf_tables: fix oops when inserting an element into a verdict map (bnc#1012382). - net: hisilicon: remove unexpected free_netdev (bnc#1012382). - net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1015336 bsc#1015337 bsc#1015340). - net/mlx4_core: Fix uninitialized variable compilation warning (bnc#1012382). - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command (bnc#1012382). - net/mlx4: Fix UBSAN warning of signed integer overflow (bnc#1012382). - net: phy: do not allow __set_phy_supported to add unsupported modes (bnc#1012382). - net: Prevent invalid access to skb->prev in __qdisc_drop_all (bnc#1012382). - netrom: fix locking in nr_find_socket() (bnc#1012382). - net: speed up skb_rbtree_purge() (bnc#1012382). - net: thunderx: fix NULL pointer dereference in nic_remove (bnc#1012382). - nfc: nfcmrvl_uart: fix OF child-node lookup (bnc#1012382). - nfit: skip region registration for incomplete control regions (bsc#1118930). - nfsv4: Do not exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING (git-fixes). - nvme: validate controller state before rescheduling keep alive (bsc#1103257). - ocfs2: fix deadlock caused by ocfs2_defrag_extent() (bnc#1012382). - ocfs2: fix panic due to unrecovered local alloc (bnc#1012382). - ocfs2: fix potential use after free (bnc#1012382). - of: add helper to lookup compatible child node (bnc#1012382). - omap2fb: Fix stack memory disclosure (bsc#1106929) - packet: Do not leak dev refcounts on error exit (bnc#1012382). - packet: validate address length (bnc#1012382). - packet: validate address length if non-zero (bnc#1012382). - pci: altera: Check link status before retrain link (bnc#1012382). - pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382). - pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382). - pci: altera: Poll for link training status after retraining the link (bnc#1012382). - pci: altera: Poll for link up status after retraining the link (bnc#1012382). - pci: altera: Reorder read/write functions (bnc#1012382). - pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382). - perf/bpf: Convert perf_event_array to use struct file (bsc#1119967). - perf intel-pt: Fix error with config term "pt=0" (bnc#1012382). - perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382). - perf pmu: Suppress potential format-truncation warning (bnc#1012382). - perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382). - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bnc#1012382). - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382). - powerpc/64s: consolidate MCE counter increment (bsc#1094244). - powerpc/boot: Fix random libfdt related build errors (bnc#1012382). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695). - powerpc: Detect the presence of big-cores via "ibm, thread-groups" (bsc#1109695). - powerpc: Fix COFF zImage booting on old powermacs (bnc#1012382). - powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695). - powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695). - powerpc/msi: Fix NULL pointer access in teardown code (bnc#1012382). - powerpc/numa: Suppress "VPHN is not supported" messages (bnc#1012382). - powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382). - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695). - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695). - powerpc/smp: Add Power9 scheduler topology (bsc#1109695). - powerpc/smp: Rework CPU topology construction (bsc#1109695). - powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695). - powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244). - powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695). - powerpc/xmon: Fix invocation inside lock region (bsc#1122885). - power: supply: olpc_battery: correct the temperature units (bnc#1012382). - proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823). - pstore: Convert console write to use ->write_buf (bnc#1012382). - pstore/ram: Do not treat empty buffers as valid (bnc#1012382). - qed: Fix bitmap_weight() check (bsc#1019695). - qed: Fix PTT leak in qed_drain() (bnc#1012382). - qed: Fix QM getters to always return a valid pq (bsc#1019695 ). - qed: Fix reading wrong value in loop condition (bnc#1012382). - r8169: Add support for new Realtek Ethernet (bnc#1012382). - rapidio/rionet: do not free skb before reading its length (bnc#1012382). - Refresh patches.kabi/x86-cpufeature-preserve-numbers.patch. (bsc#1122651) - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" (bsc#1106929) - Revert "exec: avoid gcc-8 warning for get_task_comm" (kabi). - Revert "iommu/io-pgtable-arm: Check for v7s-incapable systems" (bsc#1106105). - Revert "PCI/ASPM: Do not initialize link state when aspm_disabled is set" (bsc#1106105). - Revert "usb: musb: musb_host: Enable HCD_BH flag to handle urb return in bottom half" (bsc#1047487). - Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" (bnc#1012382). - rocker: fix rocker_tlv_put_* functions for KASAN (bnc#1012382). - rtc: snvs: add a missing write sync (bnc#1012382). - rtc: snvs: Add timeouts to avoid kernel lockups (bnc#1012382). - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (bnc#1012382). - s390/cpum_cf: Reject request for sampling in event initialization (bnc#1012382). - s390/mm: Check for valid vma before zapping in gmap_discard (bnc#1012382). - s390/qeth: fix length check in SNMP processing (bnc#1012382). - sbus: char: add of_node_put() (bnc#1012382). - scsi: bfa: convert to strlcpy/strlcat (bnc#1012382 bsc#1019683, ). - scsi: bnx2fc: Fix NULL dereference in error handling (bnc#1012382). - scsi: Create two versions of scsi_internal_device_unblock() (bsc#1119877). - scsi: csiostor: Avoid content leaks and casts (bnc#1012382). - scsi: Introduce scsi_start_queue() (bsc#1119877). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (bnc#1012382). - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (bsc#1102660). - scsi: lpfc: devloss timeout race condition caused null pointer reference (bsc#1102660). - scsi: lpfc: Fix abort error path for NVMET (bsc#1102660). - scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935). - scsi: lpfc: Fix driver crash when re-registering NVME rports (bsc#1102660). - scsi: lpfc: Fix ELS abort on SLI-3 adapters (bsc#1102660). - scsi: lpfc: Fix list corruption on the completion queue (bsc#1102660). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bsc#1102660). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bsc#1102660). - scsi: lpfc: update driver version to 11.4.0.7-5 (bsc#1102660). - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (bsc#1119877). - scsi: megaraid: fix out-of-bound array accesses (bnc#1012382). - scsi: Protect SCSI device state changes with a mutex (bsc#1119877). - scsi: qedi: Add ISCSI_BOOT_SYSFS to Kconfig (bsc#1043083). - scsi: Re-export scsi_internal_device_{,un}_block() (bsc#1119877). - scsi: sd: Fix cache_type_store() (bnc#1012382). - scsi: Split scsi_internal_device_block() (bsc#1119877). - scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405). - scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405). - scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382). - scsi: ufs: fix bugs related to null pointer access and array size (bnc#1012382). - scsi: ufs: fix race between clock gating and devfreq scaling work (bnc#1012382). - scsi: ufshcd: Fix race between clk scaling and ungate work (bnc#1012382). - scsi: ufshcd: release resources if probe fails (bnc#1012382). - scsi: use 'inquiry_mutex' instead of 'state_mutex' (bsc#1119877). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (bnc#1012382). - scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bnc#1012382). - sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382). - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer (bnc#1012382). - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event (bnc#1012382). - selftests: Move networking/timestamping from Documentation (bnc#1012382). - selinux: fix GPF on invalid policy (bnc#1012382). - seq_file: fix incomplete reset on read from zero offset (Git-fixes). - series.conf: Move 'patches.fixes/aio-hold-an-extra-file-reference-over-AIO-read-write.patch' into sorted section. - slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382). - sock: Make sock->sk_stamp thread-safe (bnc#1012382). - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bnc#1012382). - spi: bcm2835: Fix book-keeping of DMA termination (bnc#1012382). - spi: bcm2835: Fix race on DMA termination (bnc#1012382). - spi: bcm2835: Unbreak the build of esoteric configs (bnc#1012382). - sr: pass down correctly sized SCSI sense buffer (bnc#1012382). - Staging: lustre: remove two build warnings (bnc#1012382). - staging: rts5208: fix gcc-8 logic error warning (bnc#1012382). - staging: speakup: Replace strncpy with memcpy (bnc#1012382). - sunrpc: Fix a bogus get/put in generic_key_to_expire() (bnc#1012382). - sunrpc: Fix a potential race in xprt_connect() (git-fixes). - sunrpc: fix cache_head leak due to queued request (bnc#1012382). - sunrpc: Fix leak of krb5p encode pages (bnc#1012382). - sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382). - swiotlb: clean up reporting (bnc#1012382). - sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382). - sysv: return 'err' instead of 0 in __sysv_write_inode (bnc#1012382). - target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165). - target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405). - tcp: fix NULL ref in tail loss probe (bnc#1012382). - timer/debug: Change /proc/timer_list from 0444 to 0400 (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382). - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382). - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bnc#1012382). - tpm: fix response size validation in tpm_get_random() (bsc#1020645, git-fixes). - tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046). - tracing: Fix memory leak in set_trigger_filter() (bnc#1012382). - tracing: Fix memory leak of instance function hash filters (bnc#1012382). - tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382). - tty: serial: 8250_mtk: always resume the device in probe (bnc#1012382). - tty: wipe buffer (bnc#1012382). - tty: wipe buffer if not echoing data (bnc#1012382). - tun: forbid iface creation with rtnl ops (bnc#1012382). - unifdef: use memcpy instead of strncpy (bnc#1012382). - Update config files: disable f2fs in the rest configs (boo#1109665) - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bnc#1012382). - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382). - usb: appledisplay: Add 27" Apple Cinema Display (bnc#1012382). - usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382). - usb: check usb_get_extra_descriptor for proper size (bnc#1012382). - usb: core: Fix hub port connection events lost (bnc#1012382). - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bnc#1012382). - usb: gadget: dummy: fix nonsensical comparisons (bnc#1012382). - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 (bnc#1012382). - usb: omap_udc: fix crashes on probe error and module removal (bnc#1012382). - usb: omap_udc: fix omap_udc_start() on 15xx machines (bnc#1012382). - usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bnc#1012382). - usb: omap_udc: use devm_request_irq() (bnc#1012382). - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bnc#1012382). - usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() (bnc#1012382). - usb: serial: option: add Fibocom NL668 series (bnc#1012382). - usb: serial: option: add Fibocom NL678 series (bnc#1012382). - usb: serial: option: add GosunCn ZTE WeLink ME3630 (bnc#1012382). - usb: serial: option: add HP lt4132 (bnc#1012382). - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bnc#1012382). - usb: serial: option: add Telit LN940 series (bnc#1012382). - usb: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays (bnc#1012382). - usb: storage: add quirk for SMI SM3350 (bnc#1012382). - usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382). - usb: usb-storage: Add new IDs to ums-realtek (bnc#1012382). - usb: xhci: fix timeout for transition from RExit to U0 (bnc#1012382). - usb: xhci: fix uninitialized completion when USB3 port got wrong status (bnc#1012382). - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bnc#1012382). - v9fs_dir_readdir: fix double-free on p9stat_read error (bnc#1012382). - vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505). - vhost: make sure used idx is seen before log in vhost_add_used_n() (bnc#1012382). - virtio/s390: avoid race on vcdev->config (bnc#1012382). - virtio/s390: fix race in ccw_io_helper() (bnc#1012382). - VSOCK: Send reset control packet when socket is partially bound (bnc#1012382). - writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)). - x86/earlyprintk/efi: Fix infinite loop on some screen widths (bnc#1012382). - x86/entry: spell EBX register correctly in documentation (bnc#1012382). - x86/MCE: Export memory_error() (bsc#1114648). - x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114648). - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bnc#1012382). - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871). - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP (bnc#1012382). - xen/balloon: Support xend-based toolstack (bnc#1065600). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: tolerate frags with no data (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xen: xlate_mmu: add missing header to fix 'W=1' warning (bnc#1012382). - xfrm: Fix bucket count reported to userspace (bnc#1012382). - xfs: Align compat attrlist_by_handle with native implementation (git-fixes). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). - xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162). - xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bnc#1012382). - xhci: Prevent U1/U2 link pm states if exit latency is too long (bnc#1012382). - xprtrdma: Reset credit grant properly after a disconnect (git-fixes). - xtensa: enable coprocessors that are being flushed (bnc#1012382). - xtensa: fix coprocessor context offset definitions (bnc#1012382). - Yama: Check for pid death before checking ancestry (bnc#1012382). - x86/pkeys: Properly copy pkey state at fork() (bsc#1106105). Important SUSE bug 1012382 SUSE bug 1015336 SUSE bug 1015337 SUSE bug 1015340 SUSE bug 1019683 SUSE bug 1019695 SUSE bug 1020645 SUSE bug 1023175 SUSE bug 1027260 SUSE bug 1031492 SUSE bug 1043083 SUSE bug 1047487 SUSE bug 1065600 SUSE bug 1068032 SUSE bug 1070805 SUSE bug 1079935 SUSE bug 1086423 SUSE bug 1087082 SUSE bug 1091405 SUSE bug 1094244 SUSE bug 1094823 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1099523 SUSE bug 1100105 SUSE bug 1101557 SUSE bug 1102660 SUSE bug 1102875 SUSE bug 1102877 SUSE bug 1102879 SUSE bug 1102882 SUSE bug 1102896 SUSE bug 1103156 SUSE bug 1103257 SUSE bug 1104098 SUSE bug 1106105 SUSE bug 1106929 SUSE bug 1107866 SUSE bug 1108240 SUSE bug 1109272 SUSE bug 1109665 SUSE bug 1109695 SUSE bug 1110286 SUSE bug 1114417 SUSE bug 1114648 SUSE bug 1114763 SUSE bug 1114871 SUSE bug 1114893 SUSE bug 1115431 SUSE bug 1116027 SUSE bug 1116183 SUSE bug 1116336 SUSE bug 1116345 SUSE bug 1116653 SUSE bug 1116841 SUSE bug 1116962 SUSE bug 1117162 SUSE bug 1117165 SUSE bug 1117186 SUSE bug 1118152 SUSE bug 1118316 SUSE bug 1118319 SUSE bug 1118505 SUSE bug 1118790 SUSE bug 1118798 SUSE bug 1118915 SUSE bug 1118922 SUSE bug 1118926 SUSE bug 1118930 SUSE bug 1118936 SUSE bug 1119204 SUSE bug 1119680 SUSE bug 1119714 SUSE bug 1119877 SUSE bug 1119946 SUSE bug 1119967 SUSE bug 1119970 SUSE bug 1120046 SUSE bug 1120722 SUSE bug 1120743 SUSE bug 1120758 SUSE bug 1120902 SUSE bug 1120950 SUSE bug 1121239 SUSE bug 1121240 SUSE bug 1121241 SUSE bug 1121242 SUSE bug 1121275 SUSE bug 1121621 SUSE bug 1121726 SUSE bug 1122650 SUSE bug 1122651 SUSE bug 1122885 SUSE bug 1123321 SUSE bug 1123323 SUSE bug 1123357 CVE-2018-1120 CVE-2018-16862 CVE-2018-16884 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.179 to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-10853: A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-15594: arch/x86/kernel/paravirt.c in the Linux kernel mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348 1119974). - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c that did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents (bnc#1110785). - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has been disabled. - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c, a race condition leading to a use-after-free was fixed, related to net namespace cleanup (bnc#1134537). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character (bnc#1134848). - CVE-2019-3882: A flaw was found vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828). The following non-security bugs were fixed: - 9p: do not trust pdu content for stat item size (bnc#1012382). - 9p locks: add mount option for lock retry interval (bnc#1012382). - 9p/net: fix memory leak in p9_client_create (bnc#1012382). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bnc#1012382). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi / bus: Only call dmi_check_system() on X86 (git-fixes). - acpi / button: make module loadable when booted in non-ACPI mode (bsc#1051510). - acpi / device_sysfs: Avoid OF modalias creation for removed device (bnc#1012382). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bnc#1012382). - Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) (bnc#1012382). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bnc#1012382). - alsa: compress: add support for 32bit calls in a 64bit kernel (bnc#1012382). - alsa: compress: prevent potential divide by zero bugs (bnc#1012382). - alsa: core: Fix card races between register and disconnect (bnc#1012382). - alsa: echoaudio: add a check for ioremap_nocache (bnc#1012382). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bnc#1012382). - alsa: hda - Record the current power state before suspend/resume calls (bnc#1012382). - alsa: info: Fix racy addition/deletion of nodes (bnc#1012382). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bnc#1012382). - alsa: PCM: check if ops are defined before suspending PCM (bnc#1012382). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bnc#1012382). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bnc#1012382). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bnc#1012382). - alsa: sb8: add a check for request_region (bnc#1012382). - alsa: seq: Fix OOB-reads from strlcpy (bnc#1012382). - alsa: seq: oss: Fix Spectre v1 vulnerability (bnc#1012382). - appletalk: Fix compile regression (bnc#1012382). - appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012382). - applicom: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - arc: fix __ffs return value to avoid build warnings (bnc#1012382). - arc: uacces: remove lp_start, lp_end from clobber list (bnc#1012382). - arcv2: Enable unaligned access in early ASM code (bnc#1012382). - arm64: Add helper to decode register from instruction (bsc#1126040). - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug signals (bnc#1012382). - arm64: debug: Ensure debug handlers check triggering exception level (bnc#1012382). - arm64: fix COMPAT_SHMLBA definition for large pages (bnc#1012382). - arm64: Fix NUMA build error when !CONFIG_ACPI (fate#319981, git-fixes). - arm64: Fix NUMA build error when !CONFIG_ACPI (git-fixes). - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (bnc#1012382). - arm64: futex: Restore oldval initialization to work around buggy compilers (bnc#1012382). - arm64: hide __efistub_ aliases from kallsyms (bnc#1012382). - arm64: kconfig: drop CONFIG_RTC_LIB dependency (bnc#1012382). - arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419 (bsc#1126040). - arm64/kernel: fix incorrect EL0 check in inv_entry macro (bnc#1012382). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1126040). - arm64: mm: Add trace_irqflags annotations to do_debug_exception() (bnc#1012382). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1126040). - arm64: module-plts: factor out PLT generation code for ftrace (bsc#1126040). - arm64: module: split core and init PLT sections (bsc#1126040). - arm64: Relax GIC version check during early boot (bnc#1012382). - arm64: support keyctl() system call in 32-bit mode (bnc#1012382). - arm64: traps: disable irq in die() (bnc#1012382). - arm: 8458/1: bL_switcher: add GIC dependency (bnc#1012382). - arm: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor (bnc#1012382). - arm: 8510/1: rework ARM_CPU_SUSPEND dependencies (bnc#1012382). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bnc#1012382). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bnc#1012382). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bnc#1012382). - arm: 8840/1: use a raw_spinlock_t in unwind (bnc#1012382). - arm: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382). - arm: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382). - arm: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU (bnc#1012382). - arm: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 (bnc#1012382). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bnc#1012382). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bnc#1012382). - arm: pxa: ssp: unneeded to free devm_ allocated data (bnc#1012382). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bnc#1012382). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bnc#1012382). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bnc#1012382). - ASoC: fsl_esai: fix channel swap issue when stream starts (bnc#1012382). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bnc#1012382). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bnc#1012382). - ASoC: topology: free created components in tplg load error (bnc#1012382). - assoc_array: Fix shortcut creation (bnc#1012382). - ath10k: avoid possible string overflow (bnc#1012382). - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1087092). - atm: he: fix sign-extension overflow on large shift (bnc#1012382). - autofs: drop dentry reference only when it is never used (bnc#1012382). - autofs: fix error return in autofs_fill_super() (bnc#1012382). - batman-adv: Avoid endless loop in bat-on-bat netdevice check (git-fixes). - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove (git-fixes). - batman-adv: fix uninit-value in batadv_interface_tx() (bnc#1012382). - batman-adv: Only put gw_node list reference when removed (git-fixes). - batman-adv: Only put orig_node_vlan list reference when removed (git-fixes). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: comment on direct access to bvec table (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_device_init() (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bnc#1012382). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bnc#1012382). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bnc#1012382). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: trace missed reading by cache_missed (bsc#1130972). - bcache: treat stale && dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - bcache: writeback: properly order backing device IO (bsc#1130972). - binfmt_elf: switch to new creds when switching to new mm (bnc#1012382). - block: check_events: do not bother with events if unsupported (bsc#1110946). - block: disk_events: introduce event flags (bsc#1110946). - block: do not leak memory in bio_copy_user_iov() (bnc#1012382). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bnc#1012382). - bluetooth: Fix decrementing reference count twice in releasing socket (bnc#1012382). - bnxt_en: Drop oversize TX packets to prevent errors (bnc#1012382). - bonding: fix event handling for stacked bonds (bnc#1012382). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (pending fix for bsc#1063638). - btrfs: fix corruption reading shared and compressed extents after hole punching (bnc#1012382). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: raid56: properly unmap parity page in finish_parity_scrub() (bnc#1012382). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1134651). - btrfs: remove WARN_ON in log_dir_items (bnc#1012382). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1129770). - cdrom: Fix race condition in cdrom_sysctl_register (bnc#1012382). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134564). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134565). - ceph: only use d_name directly when parent is locked (bsc#1134566). - cfg80211: extend range deviation for DMG (bnc#1012382). - cfg80211: size various nl80211 messages correctly (bnc#1012382). - cifs: fallback to older infolevels on findfirst queryinfo retry (bnc#1012382). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bnc#1012382). - cifs: Fix NULL pointer dereference of devname (bnc#1012382). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix read after write for files with read caching (bnc#1012382). - cifs: use correct format characters (bnc#1012382). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bnc#1012382). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bnc#1012382). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bnc#1012382). - cls_bpf: reset class and reuse major in da (git-fixes). - coresight: coresight_unregister() function cleanup (bnc#1012382). - coresight: "DEVICE_ATTR_RO" should defined as static (bnc#1012382). - coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012382). - coresight: etm4x: Check every parameter used by dma_xx_coherent (bnc#1012382). - coresight: fixing lockdep error (bnc#1012382). - coresight: release reference taken by 'bus_find_device()' (bnc#1012382). - coresight: remove csdev's link from topology (bnc#1012382). - coresight: removing bind/unbind options from sysfs (bnc#1012382). - cpufreq: pxa2xx: remove incorrect __init annotation (bnc#1012382). - cpufreq: tegra124: add missing of_node_put() (bnc#1012382). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bnc#1012382). - cpu/hotplug: Handle unbalanced hotplug enable/disable (bnc#1012382). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: ahash - fix another early termination in hash walk (bnc#1012382). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bnc#1012382). - crypto: caam - fixed handling of sg list (bnc#1012382). - crypto: crypto4xx - properly set IV after de- and encrypt (bnc#1012382). - crypto: pcbc - remove bogus memcpy()s with src == dest (bnc#1012382). - crypto: qat - remove unused and redundant pointer vf_info (bsc#1085539). - crypto: sha256/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: sha512/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: tgr192 - fix unaligned memory access (bsc#1129770). - crypto: x86/poly1305 - fix overflow during partial reduction (bnc#1012382). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1129770). - dccp: do not use ipv6 header for ipv4 flow (bnc#1012382). - device_cgroup: fix RCU imbalance in error case (bnc#1012382). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bnc#1012382). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bnc#1012382). - dmaengine: dmatest: Abort test in case of mapping error (bnc#1012382). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bnc#1012382). - dmaengine: tegra: avoid overflow of byte tracking (bnc#1012382). - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit (bnc#1012382). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - dm: fix to_sector() for 32bit (bnc#1012382). - dm thin: add sanity checks to thin-pool and external snapshot creation (bnc#1012382). - Drivers: hv: vmbus: Fix bugs in rescind handling (bsc#1130567). - Drivers: hv: vmbus: Fix ring buffer signaling (bsc#1118506). - Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1130567). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bnc#1012382). - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bnc#1106929) - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1106929) - drm/msm: Unblock writer if reader closes file (bnc#1012382). - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vc4: Account for interrupts in flight (bsc#1106929) - drm/vc4: Allocate the right amount of space for boot-time CRTC state. (bsc#1106929) - drm/vc4: fix a bounds check (bsc#1106929) - drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos() (bsc#1106929) - drm/vc4: Fix compilation error reported by kbuild test bot (bsc#1106929) - drm/vc4: Fix memory leak during gpu reset. (bsc#1106929) - drm/vc4: Fix memory leak of the CRTC state. (bsc#1106929) - drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state() (bsc#1106929) - drm/vc4: Fix OOPSes from trying to cache a partially constructed BO. (bsc#1106929) - drm/vc4: Fix oops when userspace hands in a bad BO. (bsc#1106929) - drm/vc4: Fix overflow mem unreferencing when the binner runs dry. (bsc#1106929) - drm/vc4: Fix races when the CS reads from render targets. (bsc#1106929) - drm/vc4: Fix scaling of uni-planar formats (bsc#1106929) - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bsc#1106929) - drm/vc4: Flush the caches before the bin jobs, as well. (bsc#1106929) - drm/vc4: Free hang state before destroying BO cache. (bsc#1106929) - drm/vc4: Move IRQ enable to PM path (bsc#1106929) - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar (bsc#1106929) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1106929) - drm/vc4: Use drm_free_large() on handles to match its allocation. (bsc#1106929) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1106929) - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 ). - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 fate#326719). - e1000e: Add Support for CannonLake (bsc#1108293). - e1000e: Add Support for CannonLake (bsc#1108293 fate#326719). - e1000e: Fix -Wformat-truncation warnings (bnc#1012382). - e1000e: Initial Support for CannonLake (bsc#1108293 ). - e1000e: Initial Support for CannonLake (bsc#1108293 fate#326719). - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures (bnc#1012382). - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bnc#1012382). - ext2: Fix underflow in ext2_max_size() (bnc#1012382). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bnc#1012382). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bnc#1012382). - ext4: cleanup bh release code in ext4_ind_remove_space() (bnc#1012382). - ext4: fix data corruption caused by unaligned direct AIO (bnc#1012382). - ext4: fix NULL pointer dereference while journal is aborted (bnc#1012382). - ext4: prohibit fstrim in norecovery mode (bnc#1012382). - ext4: report real fs size after failed resize (bnc#1012382). - extcon: usb-gpio: Do not miss event during suspend/resume (bnc#1012382). - f2fs: do not use mutex lock in atomic context (bnc#1012382). - f2fs: fix to do sanity check with current segment number (bnc#1012382). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bnc#1012382). - firmware: dmi: Optimize dmi_matches (git-fixes). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bnc#1012382). - floppy: check_events callback should not return a negative number (git-fixes). - flow_dissector: Check for IP fragmentation even if not using IPv4 address (git-fixes). - fs/9p: use fscache mutex rather than spinlock (bnc#1012382). - fs/file.c: initialize init_files.resize_wait (bnc#1012382). - fs: fix guard_bio_eod to check for real EOD errors (bnc#1012382). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bnc#1012382). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - futex: Ensure that futex address is aligned in handle_futex_death() (bnc#1012382). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (git-fixes). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bnc#1012382). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bnc#1012382). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bnc#1012382). - gpio: gpio-omap: fix level interrupt idling (bnc#1012382). - gpio: vf610: Mask all GPIO interrupts (bnc#1012382). - gro_cells: make sure device is up in gro_cells_receive() (bnc#1012382). - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- (bnc#1012382). - hid-sensor-hub.c: fix wrong do_div() usage (bnc#1012382). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (bsc#1129770). - hugetlbfs: fix races and page leaks during migration (bnc#1012382). - hv_netvsc: Fix napi reschedule while receive completion is busy (bsc#1118506). - hv_netvsc: fix race in napi poll when rescheduling (bsc#1118506). - hv_netvsc: Fix the return status in RX path (bsc#1118506). - hv_netvsc: use napi_schedule_irqoff (bsc#1118506). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hv: v4.12 API for hyperv-iommu (fate#327171, bsc#1122822). - hwrng: virtio - Avoid repeated init of completion (bnc#1012382). - i2c: cadence: Fix the hold bit setting (bnc#1012382). - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (bnc#1012382). - i2c: tegra: fix maximum transfer size (bnc#1012382). - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bnc#1012382). - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bnc#1012382). - IB/mlx4: Increase the timeout for CM cache (bnc#1012382). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bnc#1012382). - iio: ad_sigma_delta: select channel when reading register (bnc#1012382). - iio/gyro/bmg160: Use millidegrees for temperature scale (bnc#1012382). - Include ACPI button driver in base kernel (bsc#1062056). - include/linux/bitrev.h: fix constant bitrev (bnc#1012382). - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro (bnc#1012382). - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bnc#1012382). - Input: matrix_keypad - use flush_delayed_work() (bnc#1012382). - Input: st-keyscan - fix potential zalloc NULL dereference (bnc#1012382). - Input: wacom_serial4 - add support for Wacom ArtPad II tablet (bnc#1012382). - intel_th: Do not reference unassigned outputs (bnc#1012382). - intel_th: gth: Fix an off-by-one in output unassigning (git-fixes). - io: accel: kxcjk1013: restore the range after resume (bnc#1012382). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130345). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130346). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (fate#327171, bsc#1122822). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130347). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135013). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135014). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135015). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (bnc#1012382). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (bnc#1012382). - ip_tunnel: fix ip tunnel lookup in collect_md mode (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (bnc#1012382). - ipv4: recompile ip options in ipv4_link_failure (bnc#1012382). - ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012382). - ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012382). - ipvlan: disallow userns cap_net_admin to change global mode/flags (bnc#1012382). - ipvs: Fix signed integer overflow when setsockopt timeout (bnc#1012382). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bnc#1012382). - iscsi_ibft: Fix missing break in switch statement (bnc#1012382). - isdn: avm: Fix string plus integer warning from Clang (bnc#1012382). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bnc#1012382). - isdn: isdn_tty: fix build warning of strncpy (bnc#1012382). - It's wrong to add len to sector_nr in raid10 reshape twice (bnc#1012382). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1119086). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bnc#1012382). - jbd2: fix compile warning when using JBUFFER_TRACE (bnc#1012382). - kabi: arm64: fix kabi breakage on arch specific module (bsc#1126040) - kabi fixup gendisk disk_devt revert (bsc#1020989). - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD (bnc#1012382). - kbuild: setlocalversion: print error to STDERR (bnc#1012382). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bnc#1012382). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bnc#1012382). - keys: allow reaching the keys quotas exactly (bnc#1012382). - keys: always initialize keyring_index_key::desc_len (bnc#1012382). - keys: restrict /proc/keys by credentials at open time (bnc#1012382). - keys: user: Align the payload buffer (bnc#1012382). - kprobes: Fix error check when reusing optimized probes (bnc#1012382). - kprobes: Mark ftrace mcount handler functions nokprobe (bnc#1012382). - kprobes: Prohibit probing on bsearch() (bnc#1012382). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132634). - kvm: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (bnc#1012382). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132635). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bnc#1012382). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bnc#1012382). - kvm: Reject device ioctls from processes other than the VM's creator (bnc#1012382). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132636). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1132637). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bnc#1012382). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1132534). - kvm: X86: Fix residual mmio emulation request to userspace (bnc#1012382). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132638). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - leds: lp5523: fix a missing check of return value of lp55xx_read (bnc#1012382). - leds: lp55xx: fix null deref on firmware load failure (bnc#1012382). - lib: add crc64 calculation routines (bsc#1130972). - lib/div64.c: off by one in shift (bnc#1012382). - lib: do not depend on linux headers being installed (bsc#1130972). - libertas: call into generic suspend code before turning off power (bsc#1106110). - libertas: fix suspend and resume for SDIO connected cards (bsc#1106110). - lib/int_sqrt: optimize initial value compute (bnc#1012382). - lib/int_sqrt: optimize small argument (bnc#1012382). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1131857). - lib/string.c: implement a basic bcmp (bnc#1012382). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bnc#1012382). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - m68k: Add -ffreestanding to CFLAGS (bnc#1012382). - mac80211: do not call driver wake_tx_queue op during reconfig (bnc#1012382). - mac80211: do not initiate TDLS connection if station is not associated to AP (bnc#1012382). - mac80211: fix miscounting of ttl-dropped frames (bnc#1012382). - mac80211: fix "warning: target metric may be used uninitialized" (bnc#1012382). - mac80211_hwsim: propagate genlmsg_reply return code (bnc#1012382). - mac8390: Fix mmio access size probe (bnc#1012382). - md: Fix failed allocation of md_register_thread (bnc#1012382). - mdio_bus: Fix use-after-free on device_register fails (bnc#1012382 git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1132212). - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1100132). - media: mt9m111: set initial frame size other than 0x0 (bnc#1012382). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bnc#1012382). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: sh_veu: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bnc#1012382). - media: uvcvideo: Fix 'type' check leading to overflow (bnc#1012382). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1119086). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bnc#1012382). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1120902). - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() (bnc#1012382). - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#11001132). - mfd: ab8500-core: Return zero in get_register_interruptible() (bnc#1012382). - mfd: db8500-prcmu: Fix some section annotations (bnc#1012382). - mfd: mc13xxx: Fix a missing check of a register-read failure (bnc#1012382). - mfd: qcom_rpm: write fw_version to CTRL_REG (bnc#1012382). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bnc#1012382). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bnc#1012382). - mfd: wm5110: Add missing ASRC rate register (bnc#1012382). - mips: ath79: Enable OF serial ports in the default config (bnc#1012382). - mips: Fix kernel crash for R6 in jump label branch function (bnc#1012382). - mips: irq: Allocate accurate order pages for irq stack (bnc#1012382). - mips: jazz: fix 64bit build (bnc#1012382). - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction (bnc#1012382). - mips: Remove function size check in get_frame_info() (bnc#1012382). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bnc#1012382). - missing barriers in some of unix_sock ->addr and ->path accesses (bnc#1012382). - mmc: bcm2835: reset host on timeout (bsc#1070872). - mmc: block: Allow more than 8 partitions per card (bnc#1012382). - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails (bnc#1012382). - mmc: core: shut up "voltage-ranges unspecified" pr_info() (bnc#1012382). - mmc: davinci: remove extraneous __init annotation (bnc#1012382). - mmc: debugfs: Add a restriction to mmc debugfs clock setting (bnc#1012382). - mm/cma.c: cma_declare_contiguous: correct err handling (bnc#1012382). - mmc: make MAN_BKOPS_EN message a debug (bnc#1012382). - mmc: mmc: fix switch timeout issue caused by jiffies precision (bnc#1012382). - mmc: omap: fix the maximum timeout setting (bnc#1012382). - mmc: pwrseq_simple: Make reset-gpios optional to match doc (bnc#1012382). - mmc: pxamci: fix enum type confusion (bnc#1012382). - mmc: sanitize 'bus width' in debug output (bnc#1012382). - mmc: spi: Fix card detection during probe (bnc#1012382). - mmc: tmio_mmc_core: do not claim spurious interrupts (bnc#1012382). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm, memory_hotplug: fix off-by-one in is_pageblock_removable (git-fixes). - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone (bnc#1012382). - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone (bnc#1012382). - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (bnc#1012382). - mm: move is_pageblock_removable_nolock() to mm/memory_hotplug.c (git-fixes prerequisity). - mm/page_ext.c: fix an imbalance with kmemleak (bnc#1012382). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935) - mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON (bnc#1012382). - mm/slab.c: kmemleak no scan alien caches (bnc#1012382). - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! (bnc#1012382). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bnc#1012382). - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n (bnc#1012382). - modpost: file2alias: check prototype of handler (bnc#1012382). - modpost: file2alias: go back to simple devtable lookup (bnc#1012382). - move power_up_on_resume flag to end of structure for kABI (bsc#1106110). - mt7601u: bump supported EEPROM version (bnc#1012382). - mtd: Fix comparison in map_word_andequal() (git-fixes). - mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready() (bsc#1100132). - ncpfs: fix build warning of strncpy (bnc#1012382). - net: add description for len argument of dev_get_phys_port_name (git-fixes). - net: Add __icmp_send helper (bnc#1012382). - net: altera_tse: fix connect_local_phy error path (bnc#1012382). - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (bnc#1012382). - net: atm: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - net: avoid use IPCB in cipso_v4_error (bnc#1012382). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (bnc#1012382). - net: diag: support v4mapped sockets in inet_diag_find_one_icsk() (bnc#1012382). - net: do not decrement kobj reference count on init failure (git-fixes). - net: dsa: mv88e6xxx: Fix u64 statistics (bnc#1012382). - net: ena: fix race between link up and device initalization (bsc#1129278). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129278). - net: ethtool: not call vzalloc for zero sized memory request (bnc#1012382). - netfilter: ipt_CLUSTERIP: fix use-after-free of proc entry (git-fixes). - netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options (bnc#1012382). - netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters (bnc#1012382). - netfilter: nfnetlink_log: just returns error for unknown command (bnc#1012382). - netfilter: nfnetlink: use original skbuff when acking batches (git-fixes). - netfilter: physdev: relax br_netfilter dependency (bnc#1012382). - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (bnc#1012382). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (bnc#1012382). - net: hns: Fix use after free identified by SLUB debug (bnc#1012382). - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (bnc#1012382). - net: hsr: fix memory leak in hsr_dev_finalize() (bnc#1012382). - net/hsr: fix possible crash in add_timer() (bnc#1012382). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - netlabel: fix out-of-bounds memory accesses (bnc#1012382). - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (bnc#1012382). - net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (bnc#1012382). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (bnc#1012382). - netns: provide pure entropy for net_hash_mix() (bnc#1012382). - net/packet: fix 4gb buffer limit due to overflow check (bnc#1012382). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (bnc#1012382). - net: phy: Micrel KSZ8061: link failure after cable connect (bnc#1012382). - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock() (bnc#1012382). - net: rose: fix a possible stack overflow (bnc#1012382). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (bnc#1012382). - net: set static variable an initial value in atl2_probe() (bnc#1012382). - net: sit: fix UBSAN Undefined behaviour in check_6rd (bnc#1012382). - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (bnc#1012382). - net-sysfs: call dev_hold if kobject_init_and_add success (git-fixes). - net-sysfs: Fix mem leak in netdev_register_kobject (bnc#1012382). - net: systemport: Fix reception of BPDUs (bnc#1012382). - net: tcp_memcontrol: properly detect ancestor socket pressure (git-fixes). - net/x25: fix a race in x25_bind() (bnc#1012382). - net/x25: fix use-after-free in x25_device_event() (bnc#1012382). - net/x25: reset state in x25_connect() (bnc#1012382). - NFC: nci: memory leak in nci_core_conn_create() (git-fixes). - nfs41: pop some layoutget errors to application (bnc#1012382). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: clean up rest of reqs when failing to add one (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix wrong check in write_v4_end_grace() (git-fixes). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs: Fix NULL pointer dereference of dev_name (bnc#1012382). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.x: always serialize open/close operations (bsc#1114893). - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES (bnc#1012382). - nvme-fc: resolve io failures during connect (bsc#1116803). - ocfs2: fix a panic problem caused by o2cb_ctl (bnc#1012382). - openvswitch: fix flow actions reallocation (bnc#1012382). - packets: Always register packet sk in the same order (bnc#1012382). - parport_pc: fix find_superio io compare code, should use equal test (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bnc#1012382). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (fate#327171, bsc#1122822). - pci: xilinx-nwl: Add missing of_node_put() (bsc#1100132). - perf auxtrace: Define auxtrace record alignment (bnc#1012382). - perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks (bnc#1012382). - perf/core: Restore mmap record type correctly (bnc#1012382). - perf evsel: Free evsel->counts in perf_evsel__exit() (bnc#1012382). - perf intel-pt: Fix CYC timestamp calculation after OVF (bnc#1012382). - perf intel-pt: Fix overlap calculation for padding (bnc#1012382). - perf intel-pt: Fix TSC slip (bnc#1012382). - perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops (bnc#1012382). - perf symbols: Filter out hidden symbols from labels (bnc#1012382). - perf: Synchronously free aux pages in case of allocation failure (bnc#1012382). - perf test: Fix failure of 'evsel-tp-sched' test on s390 (bnc#1012382). - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() (bnc#1012382). - perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test (bnc#1012382). - perf tools: Handle TOPOLOGY headers with no CPU (bnc#1012382). - perf top: Fix error handling in cmd_top() (bnc#1012382). - perf/x86/amd: Add event map for AMD Family 17h (bsc#1114648). - phonet: fix building with clang (bnc#1012382). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bnc#1012382). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bnc#1012382). - PM / Hibernate: Call flush_icache_range() on pages restored in-place (bnc#1012382). - PM / wakeup: Rework wakeup source timer cancellation (bnc#1012382). - pNFS: Skip invalid stateids when doing a bulk destroy (git-fixes). - powerpc/32: Clear on-stack exception marker upon exception return (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/83xx: Also save/restore SPRG4-7 during suspend (bnc#1012382). - powerpc: Always initialize input array when calling epapr_hypercall() (bnc#1012382). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1053043, git-fixes). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1066223). - powerpc/powernv: Make opal log only readable by root (bnc#1012382). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - powerpc/wii: properly disable use of BATs when requested (bnc#1012382). - qmi_wwan: add Olicard 600 (bnc#1012382). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (bnc#1012382). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (bnc#1012382). - RDMA/core: Do not expose unsupported counters (bsc#994770). - RDMA/srp: Rework SCSI device reset handling (bnc#1012382). - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bnc#1012382). - regulator: s2mpa01: Fix step values for some LDOs (bnc#1012382). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bnc#1012382). - Revert "block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers" (bsc#1110946). - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" (bnc#1012382). - Revert "ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd" (bsc#1110946). - Revert "ipv4: keep skb->dst around in presence of IP options" (git-fixes). - Revert "kbuild: use -Oz instead of -Os when using clang" (bnc#1012382). - Revert "KEYS: restrict /proc/keys by credentials at open time" (kabi). - Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" (bnc#1012382). - Revert "mmc: block: do not use parameter prefix if built as module" (bnc#1012382). - Revert "netns: provide pure entropy for net_hash_mix()" (kabi). - Revert "scsi, block: fix duplicate bdi name registration crashes" (bsc#1020989). - Revert "USB: core: only clean up what we allocated" (bnc#1012382). - Revert "x86/kprobes: Verify stack frame on kretprobe" (kabi). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (bnc#1012382). - rsi: fix a dereference on adapter before it has been null checked (bsc#1085539). - rsi: improve kernel thread handling to fix kernel panic (bnc#1012382). - rtc: Fix overflow when converting time64_t to rtc_time (bnc#1012382). - rtl8xxxu: Fix missing break in switch (bsc#1120902). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/dasd: fix using offset into zero size array error (bnc#1012382). - s390: Prevent hotplug rwsem recursion (bsc#1131980). - s390/qeth: fix use-after-free in error path (bnc#1012382). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - s390/virtio: handle find on invalid queue gracefully (bnc#1012382). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (bnc#1012382). - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup (bnc#1012382). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (bnc#1012382). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (bnc#1012382). - scsi: isci: initialize shost fully before calling scsi_add_host() (bnc#1012382). - scsi: libfc: free skb when receiving invalid flogi resp (bnc#1012382). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bnc#1012382). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (bnc#1012382). - scsi: megaraid_sas: return error when create DMA pool failed (bnc#1012382). - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param (bnc#1012382). - scsi: sd: Fix a race between closing an sd device and sd I/O (bnc#1012382). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (fate#323887). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (fate#323887). - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock (bnc#1012382). - scsi: virtio_scsi: do not send sc payload with tmfs (bnc#1012382). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bnc#1012382). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bnc#1012382). - sctp: fix the transports round robin issue when init is retransmitted (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (bnc#1012382). - sctp: initialize _pad of sockaddr_in before copying to user memory (bnc#1012382). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bnc#1012382). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bnc#1012382). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bnc#1012382). - serial: max310x: Fix to avoid potential NULL pointer dereference (bnc#1012382). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bnc#1012382). - serial: sprd: adjust TIMEOUT to a big value (bnc#1012382). - serial: sprd: clear timeout interrupt only rather than all interrupts (bnc#1012382). - serial: uartps: console_setup() can't be placed to init section (bnc#1012382). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (bnc#1012382). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bnc#1012382). - SoC: imx-sgtl5000: add missing put_device() (bnc#1012382). - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names (bnc#1012382). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bnc#1012382). - soc/tegra: fuse: Fix illegal free of IO base address (bnc#1012382). - staging: ashmem: Add missing include (bnc#1012382). - staging: ashmem: Avoid deadlock with mmap/shrink (bnc#1012382). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bnc#1012382). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bnc#1012382). - staging: goldfish: audio: fix compiliation on arm (bnc#1012382). - staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT (bnc#1012382). - staging: lustre: fix buffer overflow of string buffer (bnc#1012382). - staging: rtl8188eu: avoid a null dereference on pmlmepriv (bsc#1085539). - staging: vt6655: Fix interrupt race condition on device start up (bnc#1012382). - staging: vt6655: Remove vif check from vnt_interrupt (bnc#1012382). - stm class: Do not leak the chrdev in error path (bnc#1012382). - stm class: Fix an endless loop in channel allocation (bnc#1012382). - stm class: Fix a race in unlinking (bnc#1012382). - stm class: Fix link list locking (bnc#1012382). - stm class: Fix locking in unbinding policy path (bnc#1012382). - stm class: Fix stm device initialization order (bnc#1012382). - stm class: Fix unbalanced module/device refcounting (bnc#1012382). - stm class: Fix unlocking braino in the error path (bnc#1012382). - stm class: Guard output assignment against concurrency (bnc#1012382). - stm class: Hide STM-specific options if STM is disabled (bnc#1012382). - stm class: Prevent division by zero (bnc#1012382). - stm class: Prevent user-controllable allocations (bnc#1012382). - stm class: Support devices with multiple instances (bnc#1012382). - stmmac: copy unicast mac address to MAC registers (bnc#1012382). - stop_machine: Provide stop_machine_cpuslocked() (bsc#1131980). - sunrpc: do not mark uninitialised items as VALID (bsc#1130737). - sunrpc: init xdr_stream for zero iov_len, page_len (bsc#11303356). - supported.conf: add lib/crc64 because bcache uses it - svm/avic: Fix invalidate logical APIC id entry (bsc#1132727). - svm: Fix AVIC DFR and LDR handling (bsc#1130343). - svm: Fix improper check when deactivate AVIC (bsc#1130344). - sysctl: handle overflow for file-max (bnc#1012382). - tcp/dccp: drop SYN packets if accept queue is full (bnc#1012382). - tcp/dccp: remove reqsk_put() from inet_child_forget() (git-fixes). - tcp: do not use ipv6 header for ipv4 flow (bnc#1012382). - tcp: Ensure DCTCP reacts to losses (bnc#1012382). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: tcp_grow_window() needs to respect tcp_space() (bnc#1012382). - thermal/int340x_thermal: Add additional UUIDs (bnc#1012382). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bnc#1012382). - thermal/int340x_thermal: fix mode setting (bnc#1012382). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - tmpfs: fix link accounting when a tmpfile is linked in (bnc#1012382). - tmpfs: fix uninitialized return value in shmem_link (bnc#1012382). - tools lib traceevent: Fix buffer overflow in arg_eval (bnc#1012382). - tools/power turbostat: return the exit status of a command (bnc#1012382). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1020645). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1020645, git-fixes). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bnc#1012382). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bnc#1012382). - tpm: tpm-interface.c drop unused macros (bsc#1020645). - tracing: kdb: Fix ftdump to not sleep (bnc#1012382). - tty: atmel_serial: fix a potential NULL pointer dereference (bnc#1012382). - tty: increase the default flip buffer limit to 2*640K (bnc#1012382). - tty: ldisc: add sysctl to prevent autoloading of ldiscs (bnc#1012382). - tty/serial: atmel: Add is_half_duplex helper (bnc#1012382). - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped (bnc#1012382). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udf: Fix crash on IO error during truncate (bnc#1012382). - Update config files: add CONFIG_CRC64=m - usb: Add new USB LPM helpers (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bnc#1012382). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - usb: core: only clean up what we allocated (bnc#1012382). - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1100132). - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1100132). - usb: dwc3: gadget: Fix suspend/resume during device mode (bnc#1012382). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bnc#1012382). - usb: gadget: Add the gserial port checking in gs_start_tx() (bnc#1012382). - usb: gadget: composite: fix dereference after null check coverify warning (bnc#1012382). - usb: gadget: configfs: add mutex lock before unregister gadget (bnc#1012382). - usb: gadget: Potential NULL dereference on allocation error (bnc#1012382). - usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG (bnc#1012382). - usb: renesas_usbhs: gadget: fix unused-but-set-variable warning (bnc#1012382). - usb: serial: cp210x: add ID for Ingenico 3070 (bnc#1012382). - usb: serial: cp210x: add new device id (bnc#1012382). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1119086). - usb: serial: ftdi_sio: add additional NovaTech products (bnc#1012382). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bnc#1012382). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bnc#1012382). - usb: serial: option: add Telit ME910 ECM composition (bnc#1012382). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - video: fbdev: Set pixclock = 0 in goldfishfb (bnc#1012382). - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel (bnc#1012382). - vxlan: Do not call gro_cells_destroy() before device is unregistered (bnc#1012382). - vxlan: Fix GRO cells race condition between receive and link delete (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (bnc#1012382). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bnc#1012382). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1120902). - x.509: unpack RSA signatureValue field from BIT STRING (git-fixes). - x86_64: increase stack size for KASAN_EXTRA (bnc#1012382). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/apic: Provide apic_ack_irq() (fate#327171, bsc#1122822). - x86/build: Mark per-CPU symbols as absolute explicitly for LLD (bnc#1012382). - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects (bnc#1012382). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bnc#1012382). - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors (bnc#1012382). - x86/hpet: Prevent potential NULL pointer dereference (bnc#1012382). - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error (bnc#1012382). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (fate#327171, bsc#1122822). - x86/kexec: Do not setup EFI info if EFI runtime is not enabled (bnc#1012382). - x86/kprobes: Verify stack frame on kretprobe (bnc#1012382). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114648). - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y (bnc#1012382). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114648). - x86/vdso: Add VCLOCK_HVCLOCK vDSO clock read method (bsc#1133308). - x86/vdso: Drop implicit common-page-size linker flag (bnc#1012382). - x86/vdso: Pass --eh-frame-hdr to the linker (git-fixes). - x86: vdso: Use $LD instead of $CC to link (bnc#1012382). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (bnc#1012382). - xen: Prevent buffer overflow in privcmd ioctl (bnc#1012382). - xfrm_user: fix info leak in build_aevent() (git-fixes). - xfrm_user: fix info leak in xfrm_notify_sa() (git-fixes). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1047487). - xhci: Fix port resume done detection for SS ports with LPM enabled (bnc#1012382). - xtensa: fix return_address (bnc#1012382). - xtensa: SMP: fix ccount_timer_shutdown (bnc#1012382). - xtensa: SMP: fix secondary CPU initialization (bnc#1012382). - xtensa: SMP: limit number of possible CPUs by NR_CPUS (bnc#1012382). - xtensa: SMP: mark each possible CPU as present (bnc#1012382). - xtensa: smp_lx200_defconfig: fix vectors clash (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1020645 SUSE bug 1020989 SUSE bug 1031492 SUSE bug 1047487 SUSE bug 1051510 SUSE bug 1053043 SUSE bug 1062056 SUSE bug 1063638 SUSE bug 1064388 SUSE bug 1066223 SUSE bug 1070872 SUSE bug 1085539 SUSE bug 1087092 SUSE bug 1094244 SUSE bug 1096480 SUSE bug 1096728 SUSE bug 1097104 SUSE bug 1100132 SUSE bug 1103186 SUSE bug 1105348 SUSE bug 1106110 SUSE bug 1106913 SUSE bug 1106929 SUSE bug 1108293 SUSE bug 1110785 SUSE bug 1110946 SUSE bug 1111331 SUSE bug 1112063 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1114542 SUSE bug 1114638 SUSE bug 1114648 SUSE bug 1114893 SUSE bug 1116803 SUSE bug 1118338 SUSE bug 1118506 SUSE bug 1119086 SUSE bug 1119974 SUSE bug 1120902 SUSE bug 1122776 SUSE bug 1122822 SUSE bug 1125580 SUSE bug 1126040 SUSE bug 1126356 SUSE bug 1127445 SUSE bug 1129138 SUSE bug 1129278 SUSE bug 1129326 SUSE bug 1129770 SUSE bug 1130130 SUSE bug 1130343 SUSE bug 1130344 SUSE bug 1130345 SUSE bug 1130346 SUSE bug 1130347 SUSE bug 1130356 SUSE bug 1130425 SUSE bug 1130567 SUSE bug 1130737 SUSE bug 1130972 SUSE bug 1131107 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131488 SUSE bug 1131587 SUSE bug 1131659 SUSE bug 1131857 SUSE bug 1131900 SUSE bug 1131934 SUSE bug 1131935 SUSE bug 1131980 SUSE bug 1132212 SUSE bug 1132227 SUSE bug 1132534 SUSE bug 1132589 SUSE bug 1132618 SUSE bug 1132619 SUSE bug 1132634 SUSE bug 1132635 SUSE bug 1132636 SUSE bug 1132637 SUSE bug 1132638 SUSE bug 1132727 SUSE bug 1132828 SUSE bug 1133188 SUSE bug 1133308 SUSE bug 1133584 SUSE bug 1134160 SUSE bug 1134162 SUSE bug 1134537 SUSE bug 1134564 SUSE bug 1134565 SUSE bug 1134566 SUSE bug 1134651 SUSE bug 1134760 SUSE bug 1134848 SUSE bug 1135013 SUSE bug 1135014 SUSE bug 1135015 SUSE bug 1135100 SUSE bug 843419 SUSE bug 994770 CVE-2018-1000204 CVE-2018-10853 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-15594 CVE-2018-17972 CVE-2018-5814 CVE-2019-11091 CVE-2019-11486 CVE-2019-11815 CVE-2019-11884 CVE-2019-3882 CVE-2019-9503 openSUSE Leap 42.3 This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (boo#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 - CFL-H R0 6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile It also contains the update to 20190312 release (boo#1129231): - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile - ---- updated platforms ------------------------------------ - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 And it also contains the update to 20180807a, no change except licensing. (boo#1104479). Important SUSE bug 1104479 SUSE bug 1111331 SUSE bug 1129231 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 openSUSE Leap 42.3 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionaly also use CPU Microcode updates. The mitigation can be controlled via the "mds" commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Security issue fixed: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680) Other fixes: - Added code to change LIBXL_HOTPLUG_TIMEOUT at runtime. The included README has details about the impact of this change (bsc#1120095) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1120095 SUSE bug 1130680 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 openSUSE Leap 42.3 This update for qemu fixes the following issues: - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature "md-clear" (bsc#1111331) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 openSUSE Leap 42.3 This update for ovmf fixes the following issues: Security issue fixed: - CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could potentially be triggered by a local unauthenticated user (bsc#1131361). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1131361 CVE-2019-0161 openSUSE Leap 42.3 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas (bsc#1085790). - CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize() (bsc#1132045). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1085790 SUSE bug 1132045 CVE-2017-10989 CVE-2018-8740 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - CVE-2019-10131: Fixed a denial of service vulnerability caused by an off-by-one read in formatIPTCfromBuffer() (boo#1134075) Moderate SUSE bug 1134075 CVE-2019-10131 openSUSE Leap 42.3 This update for libxslt fixes the following issues: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1132160 CVE-2019-11068 openSUSE Leap 42.3 This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1133135 CVE-2018-11212 CVE-2018-3639 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 openSUSE Leap 42.3 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on "add" events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1080919 SUSE bug 1121563 SUSE bug 1125352 SUSE bug 1126056 SUSE bug 1127557 SUSE bug 1128657 SUSE bug 1130230 SUSE bug 1132348 SUSE bug 1132400 SUSE bug 1132721 SUSE bug 955942 CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 openSUSE Leap 42.3 This update for chromium fixes the following issues: Chromium was updated to 74.0.3729.157: - Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218): - CVE-2019-5827: Out-of-bounds access in SQLite - CVE-2019-5824: Parameter passing error in media player Important SUSE bug 1134218 CVE-2019-5824 CVE-2019-5827 openSUSE Leap 42.3 This update for lxc, lxcfs to version 3.1.0 fixes the following issues: Security issues fixed: - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed: - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762) Important SUSE bug 1036360 SUSE bug 1099239 SUSE bug 1122185 SUSE bug 1131762 SUSE bug 988348 SUSE bug 998326 CVE-2015-1331 CVE-2015-1334 CVE-2015-1335 CVE-2017-5985 CVE-2018-6556 CVE-2019-5736 openSUSE Leap 42.3 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 60.7.0 * Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut Security issues fixed (MFSA 2019-15 boo#1135824): * CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext * CVE-2019-11691: Use-after-free in XMLHttpRequest * CVE-2019-11692: Use-after-free removing listeners in the event listener manager * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox * CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks * CVE-2019-5798: Out-of-bounds read in Skia * CVE-2019-7317: Use-after-free in png_image_free of libpng library * CVE-2019-9797: Cross-origin theft of images with createImageBitmap * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816: Type confusion with object groups and UnboxedObjects * CVE-2019-9817: Stealing of cross-domain images using canvas * CVE-2019-9818: Use-after-free in crash generation server * CVE-2019-9819: Compartment mismatch with fetch API * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell - Disable LTO (boo#1133267). - Add patch to fix build using rust-1.33: (boo#1130694) Important SUSE bug 1130694 SUSE bug 1133267 SUSE bug 1135824 CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 openSUSE Leap 42.3 This update for screen fixes the following issues: Security issue fixed: - CVE-2015-6806: Fixed a stack overflow due to deep recursion (bsc#944458). Non-security issue fixed: - Fixed segmentation faults related to altscreen and resizing screen (bsc#1130831). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1130831 SUSE bug 944458 CVE-2015-6806 openSUSE Leap 42.3 This update for doxygen fixes the following issues: - CVE-2016-10245: Fixed XSS via insufficient sanitization of the query parameter in templates/html/search_opensearch.php [boo#1136364] Moderate SUSE bug 1136364 CVE-2016-10245 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Changes in GraphicsMagick: - disable also PCL decoding by default, as it is also passed through ghostscript (boo#1136183) Moderate SUSE bug 1136183 openSUSE Leap 42.3 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1135170 CVE-2019-5436 openSUSE Leap 42.3 This update for java-1_7_0-openjdk fixes the following issues: Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed: - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: - Please check the package Changelog for detailed information. This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1134297 CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 openSUSE Leap 42.3 This update for php7 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1132837 SUSE bug 1132838 SUSE bug 1134322 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 openSUSE Leap 42.3 This update for php5 fixes the following issues: Security issues fixed: - CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838). - CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837). - CVE-2019-9637: Fixed a potential information disclosure in rename() (bsc#1128892). - CVE-2019-9675: Fixed a potential buffer overflow in phar_tar_writeheaders_int() (bsc#1128886). - CVE-2019-9638: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to value_len (bsc#1128889). - CVE-2019-9639: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to data_len (bsc#1128887). - CVE-2019-9640: Fixed an invalid Read in exif_process_SOFn() (bsc#1128883). - CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1128883 SUSE bug 1128886 SUSE bug 1128887 SUSE bug 1128889 SUSE bug 1128892 SUSE bug 1132837 SUSE bug 1132838 SUSE bug 1134322 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9675 openSUSE Leap 42.3 This update for libtasn1 fixes the following issues: Security issues fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1040621 SUSE bug 1105435 CVE-2017-6891 CVE-2018-1000654 openSUSE Leap 42.3 This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1134598 CVE-2012-5784 CVE-2014-3596 openSUSE Leap 42.3 This update for evolution fixes the following issue: Security issue fixed: - CVE-2018-15587: Fixed OpenPGP signatures spoofing via specially crafted email that contains a valid signature (bsc#1125230). This update was imported from the SUSE:SLE-12-SP3:Update update project. Moderate SUSE bug 1125230 CVE-2018-15587 openSUSE Leap 42.3 This update for gnome-shell fixes the following issues: Security issue fixed: - CVE-2019-3820: Fixed a partial lock screen bypass (bsc#1124493). Fixed bugs: - Remove sessionList of endSessionDialog for security reasons (jsc#SLE-6660). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1124493 CVE-2019-3820 openSUSE Leap 42.3 This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the "deny-answer-aliases" feature (bsc#1104129). - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 openSUSE Leap 42.3 This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 60.7.0esr (boo#1135824 MFSA 2019-14): * CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext * CVE-2019-11691: Use-after-free in XMLHttpRequest * CVE-2019-11692: Use-after-free removing listeners in the event listener manager * CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux * CVE-2019-11694: (Windows only) Uninitialized memory memory leakage in Windows sandbox * CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks * CVE-2019-5798: Out-of-bounds read in Skia * CVE-2019-7317: Use-after-free in png_image_free of libpng library * CVE-2019-9797: Cross-origin theft of images with createImageBitmap * CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816: Type confusion with object groups and UnboxedObjects * CVE-2019-9817: Stealing of cross-domain images using canvas * CVE-2019-9818: (Windows only) Use-after-free in crash generation server * CVE-2019-9819: Compartment mismatch with fetch API * CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell * CVE-2019-9821: Use-after-free in AssertWorkerThread Important SUSE bug 1135824 CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 CVE-2019-9821 openSUSE Leap 42.3 This update for rsyslog fixes the following issues: Security issue fixed: - CVE-2018-16881: Fixed a denial of service when both the imtcp module and Octet-Counted TCP Framing is enabled (bsc#1123164). This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1123164 CVE-2018-16881 openSUSE Leap 42.3 This update for neovim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 openSUSE Leap 42.3 This update for rubygem-rack fixes the following issues: Security issued fixed: - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method (bsc#1116600). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1114828 SUSE bug 1116600 CVE-2018-16471 openSUSE Leap 42.3 This update for chromium to version 75.0.3770.80 fixes the following issues: Security issues fixed: - CVE-2019-5828: Fixed a Use after free in ServiceWorker - CVE-2019-5829: Fixed Use after free in Download Manager - CVE-2019-5830: Fixed an incorrectly credentialed requests in CORS - CVE-2019-5831: Fixed an incorrect map processing in V8 - CVE-2019-5832: Fixed an incorrect CORS handling in XHR - CVE-2019-5833: Fixed an inconsistent security UI placemen - CVE-2019-5835: Fixed an out of bounds read in Swiftshader - CVE-2019-5836: Fixed a heap buffer overflow in Angle - CVE-2019-5837: Fixed a cross-origin resources size disclosure in Appcache - CVE-2019-5838: Fixed an overly permissive tab access in Extensions - CVE-2019-5839: Fixed an incorrect handling of certain code points in Blink - CVE-2019-5840: Fixed a popup blocker bypass Important SUSE bug 1137332 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 openSUSE Leap 42.3 This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1137443 CVE-2019-12735 openSUSE Leap 42.3 Example: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability (bnc#1136922). - CVE-2019-12380: phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598). - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bnc#1133190). - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424). - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c. There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1136586). - CVE-2019-5489: The mincore() implementation in mm/mincore.c allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server (bnc#1120843). - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281). - CVE-2018-7191: In the tun subsystem dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603). - CVE-2019-11190, CVE-2019-11191: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat (bnc#1131543 bnc#1132374 bnc#1132472). The following non-security bugs were fixed: - ALSA: line6: use dynamic buffers (bnc#1012382). - ARM: dts: pfla02: increase phy reset duration (bnc#1012382). - ARM: iop: do not use using 64-bit DMA masks (bnc#1012382). - ARM: orion: do not use using 64-bit DMA masks (bnc#1012382). - ASoC: cs4270: Set auto-increment bit for register writes (bnc#1012382). - ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012382). - ASoC:soc-pcm:fix a codec fixup issue in TDM case (bnc#1012382). - ASoC: tlv320aic32x4: Fix Common Pins (bnc#1012382). - ath6kl: Only use match sets when firmware supports it (bsc#1120902). - backlight: lm3630a: Return 0 on success in update_status functions (bsc#1106929) - bitops: avoid integer overflow in GENMASK(_ULL) (bnc#1012382). - block: fix use-after-free on gendisk (bsc#1136448). - bluetooth: Align minimum encryption key size for LE and BR/EDR connections (bnc#1012382). - bnxt_en: Improve multicast address setup logic (bnc#1012382). - bonding: fix arp_validate toggling in active-backup mode (bnc#1012382). - bonding: show full hw address in sysfs for slave entries (bnc#1012382). - bpf: reject wrong sized filters earlier (bnc#1012382). - bridge: Fix error path for kobject_init_and_add() (bnc#1012382). - btrfs: add a helper to return a head ref (bsc#1134813). - btrfs: breakout empty head cleanup to a helper (bsc#1134813). - btrfs: delayed-ref: Introduce better documented delayed ref structures (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: delayed-ref: Use btrfs_ref to refactor btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Fix a bug that btrfs is unable to add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Open-code process_func in __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor add_pinned_bytes() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_free_extent() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: extent-tree: Use btrfs_ref to refactor btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: Factor out common delayed refs init code (bsc#1134813). - btrfs: Introduce init_delayed_ref_head (bsc#1134813). - btrfs: move all ref head cleanup to the helper function (bsc#1134813). - btrfs: move extent_op cleanup to a helper (bsc#1134813). - btrfs: move ref_mod modification into the if (ref) logic (bsc#1134813). - btrfs: Open-code add_delayed_data_ref (bsc#1134813). - btrfs: Open-code add_delayed_tree_ref (bsc#1134813). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1134806). - btrfs: qgroup: Do not scan leaf if we're modifying reloc tree (bsc#1063638 bsc#1128052 bsc#1108838). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1134338). - btrfs: remove delayed_ref_node from ref_head (bsc#1134813). - btrfs: split delayed ref head initialization and addition (bsc#1134813). - btrfs: track refs in a rb_tree instead of a list (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_data_ref (bsc#1134813). - btrfs: Use init_delayed_ref_common in add_delayed_tree_ref (bsc#1134813). - btrfs: Use init_delayed_ref_head in add_delayed_ref_head (bsc#1134813). - cdc-acm: cleaning up debug in data submission path (bsc#1136539). - cdc-acm: fix race between reset and control messaging (bsc#1106110). - cdc-acm: handle read pipe errors (bsc#1135878). - cdc-acm: reassemble fragmented notifications (bsc#1136590). - cdc-acm: store in and out pipes in acm structure (bsc#1136575). - cifs: do not attempt cifs operation on smb2+ rename error (bnc#1012382). - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - clk: fix mux clock documentation (bsc#1090888). - cpu/hotplug: Provide cpus_read|write_[un]lock() (bsc#1138374, LTC#178199). - cpu/hotplug: Provide lockdep_assert_cpus_held() (bsc#1138374, LTC#178199). - cpupower: remove stringop-truncation waring (bsc#1119086). - cpu/speculation: Add 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - crypto: vmx - CTR: always increment IV as quadword (bsc#1135661, bsc#1137162). - crypto: vmx - fix copy-paste error in CTR mode (bsc#1135661, bsc#1137162). - crypto: vmx - ghash: do nosimd fallback manually (bsc#1135661, bsc#1137162). - crypto: vmx: Only call enable_kernel_vsx() (bsc#1135661, bsc#1137162). - crypto: vmx - return correct error code on failed setkey (bsc#1135661, bsc#1137162). - debugfs: fix use-after-free on symlink traversal (bnc#1012382). - Documentation: Add MDS vulnerability documentation (bnc#1012382). - Documentation: Add nospectre_v1 parameter (bnc#1012382). - Documentation: Correct the possible MDS sysfs values (bnc#1012382). - Documentation: Move L1TF to separate directory (bnc#1012382). - Do not jump to compute_result state from check_result state (bnc#1012382). - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl (bnc#1012382). - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl (bnc#1012382). - drm/bridge: adv7511: Fix low refresh rate selection (bsc#1106929) - drm/rockchip: shutdown drm subsystem on shutdown (bsc#1106929) - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to (bsc#1106929) - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() (bsc#1106929) - Drop multiversion(kernel) from the KMP template (bsc#1127155). - dt-bindings: rcar-dmac: Document missing error interrupt (bsc#1085535). - exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1136458). - ext4: actually request zeroing of inode table after grow (bsc#1136451). - ext4: avoid panic during forced reboot due to aborted journal (bsc#1126356). - ext4: fix ext4_show_options for file systems w/o journal (bsc#1136452). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1136623). - ext4: Return EAGAIN in case of DIO is beyond end of file (bsc#1136810). - ext4: wait for outstanding dio during truncate in nojournal mode (bsc#1136438). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bnc#1012382). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - genirq: Prevent use-after-free and work list corruption (bnc#1012382). - gpu: ipu-v3: dp: fix CSC handling (bnc#1012382). - HID: debug: fix race condition with between rdesc_show() and device removal (bnc#1012382). - HID: input: add mapping for Expose/Overview key (bnc#1012382). - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys (bnc#1012382). - hugetlbfs: fix memory leak for resv_map (bnc#1012382). - IB/hfi1: Eliminate opcode tests on mr deref (). - IB/hfi1: Unreserve a reserved request when it is completed (). - ibmvnic: Add device identification to requested IRQs (bsc#1137739). - ibmvnic: Do not close unopened driver during reset (bsc#1137752). - ibmvnic: Fix unchecked return codes of memory allocations (bsc#1137752). - ibmvnic: Refresh device multicast list after reset (bsc#1137752). - ibmvnic: remove set but not used variable 'netdev' (bsc#1137739). - IB/rdmavt: Add wc_flags and wc_immdata to cq entry trace (). - IB/rdmavt: Fix frwr memory registration (). - igb: Fix WARN_ONCE on runtime suspend (bnc#1012382). - iio: adc: xilinx: fix potential use-after-free on remove (bnc#1012382). - init: initialize jump labels before command line option parsing (bnc#1012382). - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ (bnc#1012382). - ipmi:ssif: compare block number correctly for multi-part return messages (bsc#1135120). - ipv4: Fix raw socket lookup for local traffic (bnc#1012382). - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation (bnc#1012382). - ipv4: set the tcp_min_rtt_wlen range from 0 to one day (bnc#1012382). - ipv6: fix a potential deadlock in do_ipv6_setsockopt() (bnc#1012382). - ipv6/flowlabel: wait rcu grace period before put_pid() (bnc#1012382). - ipv6: invert flowlabel sharing check in process and user mode (bnc#1012382). - ipvs: do not schedule icmp errors from tunnels (bnc#1012382). - iwiwifi: fix bad monitor buffer register addresses (bsc#1129770). - jffs2: fix use-after-free on symlink traversal (bnc#1012382). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - kbuild: simplify ld-option implementation (bnc#1012382). - kconfig: display recursive dependency resolution hint just once (bsc#1100132). - kconfig/[mn]conf: handle backspace (^H) key (bnc#1012382). - keys: Timestamp new keys (bsc#1120902). - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number (bnc#1012382). - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (bnc#1012382). - libata: fix using DMA buffers on stack (bnc#1012382). - libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086). - libnvdimm/btt: Fix a kmemdup failure check (bnc#1012382). - mac80211_hwsim: validate number of different channels (bsc#1085539). - media: pvrusb2: Prevent a buffer overflow (bsc#1135642). - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bnc#1012382). - MIPS: scall64-o32: Fix indirect syscall number load (bnc#1012382). - mount: copy the port field into the cloned nfs_server structure (bsc#1136990). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - net: ena: fix return value of ena_com_config_llq_info() (bsc#1117562). - net: ethernet: ti: fix possible object reference leak (bnc#1012382). - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING (bnc#1012382). - netfilter: compat: initialize all fields in xt_init (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON (bnc#1012382). - net: hns: Fix WARNING when remove HNS driver with SMMU enabled (bnc#1012382). - net: hns: Use NAPI_POLL_WEIGHT for hns driver (bnc#1012382). - net: ibm: fix possible object reference leak (bnc#1012382). - net/ibmvnic: Remove tests of member address (bsc#1137739). - net: ks8851: Delay requesting IRQ until opened (bnc#1012382). - net: ks8851: Dequeue RX packets explicitly (bnc#1012382). - net: ks8851: Reassert reset pin if chip ID check fails (bnc#1012382). - net: ks8851: Set initial carrier state to down (bnc#1012382). - net: Remove NO_IRQ from powerpc-only network drivers (bsc#1137739). - net: stmmac: move stmmac_check_ether_addr() to driver probe (bnc#1012382). - net: ucc_geth - fix Oops when changing number of buffers in the ring (bnc#1012382). - net: xilinx: fix possible object reference leak (bnc#1012382). - nfsd: Do not release the callback slot unless it was actually held (bnc#1012382). - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family (bnc#1012382). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: Do not allow to reset a reconnecting controller (bsc#1133874). - packet: Fix error path in packet_init (bnc#1012382). - packet: validate msg_namelen in send directly (bnc#1012382). - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bsc#1137142). - PCI: Mark Atheros AR9462 to avoid bus reset (bsc#1135642). - perf/x86/intel: Allow PEBS multi-entry in watermark mode (git-fixes). - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS (bnc#1012382). - platform/x86: sony-laptop: Fix unintentional fall-through (bnc#1012382). - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bnc#1012382 bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bnc#1012382). - powerpc/64s: Include cpu header (bnc#1012382). - powerpc/booke64: set RI in default MSR (bnc#1012382). - powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374, LTC#178199). - powerpc/eeh: Fix race with driver un/bind (bsc#1066223). - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E (bnc#1012382). - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (bnc#1012382). - powerpc/fsl: Add infrastructure to fixup branch predictor flush (bnc#1012382). - powerpc/fsl: Add macro to flush the branch predictor (bnc#1012382). - powerpc/fsl: Add nospectre_v2 command line argument (bnc#1012382). - powerpc/fsl: Emulate SPRN_BUCSR register (bnc#1012382). - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used (bnc#1012382). - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' (bnc#1012382). - powerpc/fsl: Fix the flush of branch predictor (bnc#1012382). - powerpc/fsl: Flush branch predictor when entering KVM (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) (bnc#1012382). - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) (bnc#1012382). - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms (bnc#1012382). - powerpc/fsl: Update Spectre v2 reporting (bnc#1012382). - powerpc/lib: fix book3s/32 boot failure due to code patching (bnc#1012382). - powerpc/perf: Add blacklisted events for Power9 DD2.1 (bsc#1053043). - powerpc/perf: Add blacklisted events for Power9 DD2.2 (bsc#1053043). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bsc#1053043). - powerpc/perf: Infrastructure to support addition of blacklisted events (bsc#1053043). - powerpc/process: Fix sparse address space warnings (bsc#1066223). - powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#1138374, LTC#178199). - powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#1138374, LTC#178199). - powerpc/xmon: Add RFI flush related fields to paca dump (bnc#1012382). - qede: fix write to free'd pointer error and double free of ptp (bsc#1019695 bsc#1019696). - qlcnic: Avoid potential NULL pointer dereference (bnc#1012382). - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1005778 bsc#1005780 bsc#1005781). - RDMA/qedr: Fix out of bounds index check in query pkey (bsc#1022604). - Revert "block/loop: Use global lock for ioctl() operation." (bnc#1012382). - Revert "cpu/speculation: Add 'mitigations=' cmdline option" (stable backports). - Revert "Do not jump to compute_result state from check_result state" (git-fixes). - Revert "KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137)." This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - Revert "sched: Add sched_smt_active()" (stable backports). - Revert "x86/MCE: Save microcode revision in machine check records" (kabi). - Revert "x86/speculation/mds: Add 'mitigations=' support for MDS" (stable backports). - Revert "x86/speculation: Support 'mitigations=' cmdline option" (stable backports). - rtc: da9063: set uie_unsupported when relevant (bnc#1012382). - rtc: sh: Fix invalid alarm warning for non-enabled alarm (bnc#1012382). - rtlwifi: fix false rates in _rtl8821ae_mrate_idx_to_arfr_id() (bsc#1120902). - s390/3270: fix lockdep false positive on view->lock (bnc#1012382). - s390: ctcm: fix ctcm_new_device error return code (bnc#1012382). - s390/dasd: Fix capacity calculation for large volumes (bnc#1012382). - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() (bnc#1012382). - sc16is7xx: move label 'err_spi' to correct section (git-fixes). - sched: Add sched_smt_active() (bnc#1012382). - sched/numa: Fix a possible divide-by-zero (bnc#1012382). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (bnc#1012382). - scsi: libsas: fix a race condition when smp task timeout (bnc#1012382). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bnc#1012382). - scsi: qla4xxx: fix a potential NULL pointer dereference (bnc#1012382). - scsi: storvsc: Fix calculation of sub-channel count (bnc#1012382). - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN (bnc#1012382). - selftests/net: correct the return value for run_netsocktests (bnc#1012382). - selinux: never allow relabeling on context mounts (bnc#1012382). - signals: avoid random wakeups in sigsuspend() (bsc#1137915) - slip: make slhc_free() silently accept an error pointer (bnc#1012382). - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bnc#1012382). - staging: iio: adt7316: fix the dac read calculation (bnc#1012382). - staging: iio: adt7316: fix the dac write calculation (bnc#1012382). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - team: fix possible recursive locking when add slaves (bnc#1012382). - timer/debug: Change /proc/timer_stats from 0644 to 0600 (bnc#1012382). - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable (bnc#1012382). - tipc: check link name with right length in tipc_nl_compat_link_set (bnc#1012382). - tipc: handle the err returned from cmd header function (bnc#1012382). - tools lib traceevent: Fix missing equality check for strcmp (bsc#1129770). - trace: Fix preempt_enable_no_resched() abuse (bnc#1012382). - tracing: Fix partial reading of trace event's id file (bsc#1136573). - treewide: Use DEVICE_ATTR_WO (bsc#1137739). - UAS: fix alignment of scatter/gather segments (bnc#1012382 bsc#1129770). - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour (bsc#1136455). - Update config files: disable IDE on ppc64le - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770). - usb: cdc-acm: fix unthrottle races (bsc#1135642). - usb: core: Fix bug caused by duplicate interface PM usage counter (bnc#1012382). - usb: core: Fix unterminated string returned by usb_string() (bnc#1012382). - usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012382). - usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012382). - usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012382). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (bnc#1012382). - usbnet: ipheth: prevent TX queue timeouts when device not ready (bnc#1012382). - usb: serial: fix unthrottle races (bnc#1012382). - usb: serial: use variable for status (bnc#1012382). - usb: u132-hcd: fix resource leak (bnc#1012382). - usb: usbip: fix isoc packet num validation in get_pipe (bnc#1012382). - usb: w1 ds2490: Fix bug caused by improper use of altsetting array (bnc#1012382). - usb: yurex: Fix protection fault after device removal (bnc#1012382). - vfio/pci: use correct format characters (bnc#1012382). - vlan: disable SIOCSHWTSTAMP in container (bnc#1012382). - vrf: sit mtu should not be updated when vrf netdev is the link (bnc#1012382). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bnc#1012382). - x86/bugs: Change L1TF mitigation string to match upstream (bnc#1012382). - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bnc#1012382). - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bnc#1012382). - x86/cpu/bugs: Use __initconst for 'const' init data (bnc#1012382). - x86/cpufeatures: Hide AMD-specific speculation flags (bnc#1012382). - x86/Kconfig: Select SCHED_SMT if SMP enabled (bnc#1012382). - x86/MCE: Save microcode revision in machine check records (bnc#1012382). - x86/mds: Add MDSUM variant to the MDS documentation (bnc#1012382). - x86/microcode/intel: Add a helper which gives the microcode revision (bnc#1012382). - x86/microcode/intel: Check microcode revision before updating sibling threads (bnc#1012382). - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date (bnc#1012382). - x86/microcode: Update the new microcode revision unconditionally (bnc#1012382). - x86/mm: Use WRITE_ONCE() when setting PTEs (bnc#1012382). - x86/process: Consolidate and simplify switch_to_xtra() code (bnc#1012382). - x86/speculataion: Mark command line parser data __initdata (bnc#1012382). - x86/speculation: Add command line control for indirect branch speculation (bnc#1012382). - x86/speculation: Add prctl() control for indirect branch speculation (bnc#1012382). - x86/speculation: Add seccomp Spectre v2 user space protection mode (bnc#1012382). - x86/speculation: Avoid __switch_to_xtra() calls (bnc#1012382). - x86/speculation: Clean up spectre_v2_parse_cmdline() (bnc#1012382). - x86/speculation: Disable STIBP when enhanced IBRS is in use (bnc#1012382). - x86/speculation: Enable prctl mode for spectre_v2_user (bnc#1012382). - x86/speculation/l1tf: Document l1tf in sysfs (bnc#1012382). - x86/speculation: Mark string arrays const correctly (bnc#1012382). - x86/speculation/mds: Fix comment (bnc#1012382). - x86/speculation/mds: Fix documentation typo (bnc#1012382). - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bnc#1012382). - x86/speculation: Prepare arch_smt_update() for PRCTL mode (bnc#1012382). - x86/speculation: Prepare for conditional IBPB in switch_mm() (bnc#1012382). - x86/speculation: Prepare for per task indirect branch speculation control (bnc#1012382). - x86/speculation: Prevent stale SPEC_CTRL msr content (bnc#1012382). - x86/speculation: Provide IBPB always command line options (bnc#1012382). - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation (bnc#1012382). - x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bnc#1012382). - x86/speculation: Rename SSBD update functions (bnc#1012382). - x86/speculation: Reorder the spec_v2 code (bnc#1012382). - x86/speculation: Reorganize speculation control MSRs update (bnc#1012382). - x86/speculation: Split out TIF update (bnc#1012382). - x86/speculation: Support Enhanced IBRS on future CPUs (bnc#1012382). - x86/speculation: Support 'mitigations=' cmdline option (bnc#1012382 bsc#1112178). - x86/speculation: Unify conditional spectre v2 print functions (bnc#1012382). - x86/speculation: Update the TIF_SSBD comment (bnc#1012382). - xenbus: drop useless LIST_HEAD in xenbus_write_watch() and xenbus_file_write() (bsc#1065600). - xsysace: Fix error handling in ace_setup (bnc#1012382). Important SUSE bug 1005778 SUSE bug 1005780 SUSE bug 1005781 SUSE bug 1012382 SUSE bug 1019695 SUSE bug 1019696 SUSE bug 1022604 SUSE bug 1053043 SUSE bug 1063638 SUSE bug 1065600 SUSE bug 1066223 SUSE bug 1085535 SUSE bug 1085539 SUSE bug 1090888 SUSE bug 1099658 SUSE bug 1100132 SUSE bug 1106110 SUSE bug 1106284 SUSE bug 1106929 SUSE bug 1108838 SUSE bug 1109137 SUSE bug 1112178 SUSE bug 1117562 SUSE bug 1119086 SUSE bug 1120642 SUSE bug 1120843 SUSE bug 1120902 SUSE bug 1125580 SUSE bug 1126356 SUSE bug 1127155 SUSE bug 1128052 SUSE bug 1129770 SUSE bug 1131107 SUSE bug 1131543 SUSE bug 1131565 SUSE bug 1132374 SUSE bug 1132472 SUSE bug 1133190 SUSE bug 1133874 SUSE bug 1134338 SUSE bug 1134806 SUSE bug 1134813 SUSE bug 1135120 SUSE bug 1135281 SUSE bug 1135603 SUSE bug 1135642 SUSE bug 1135661 SUSE bug 1135878 SUSE bug 1136424 SUSE bug 1136438 SUSE bug 1136448 SUSE bug 1136449 SUSE bug 1136451 SUSE bug 1136452 SUSE bug 1136455 SUSE bug 1136458 SUSE bug 1136539 SUSE bug 1136573 SUSE bug 1136575 SUSE bug 1136586 SUSE bug 1136590 SUSE bug 1136598 SUSE bug 1136623 SUSE bug 1136810 SUSE bug 1136922 SUSE bug 1136935 SUSE bug 1136990 SUSE bug 1136993 SUSE bug 1137142 SUSE bug 1137162 SUSE bug 1137586 SUSE bug 1137739 SUSE bug 1137752 SUSE bug 1137915 SUSE bug 1138291 SUSE bug 1138293 SUSE bug 1138374 CVE-2018-7191 CVE-2019-11190 CVE-2019-11191 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11487 CVE-2019-11833 CVE-2019-12380 CVE-2019-12382 CVE-2019-12456 CVE-2019-12818 CVE-2019-12819 CVE-2019-3846 CVE-2019-5489 openSUSE Leap 42.3 This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). - CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1034481 SUSE bug 1034482 SUSE bug 1043898 SUSE bug 1043899 CVE-2017-7960 CVE-2017-7961 CVE-2017-8834 CVE-2017-8871 openSUSE Leap 42.3 This update for sssd fixes the following issues: Security issue fixed: - CVE-2018-16838: Fixed an authentication bypass related to the Group Policy Objects implementation (bsc#1124194). Non-security issue fixed: - Create directory to download and cache GPOs (bsc#1132879) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1124194 SUSE bug 1132879 CVE-2018-16838 openSUSE Leap 42.3 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird was updated to 60.7.1: Security issues fixed with MFSA 2019-17 (boo#1137595) - CVE-2019-11703: Fixed a heap-based buffer overflow in icalmemorystrdupanddequote() (bsc#1137595). - CVE-2019-11704: Fixed a heap-based buffer overflow in parser_get_next_char() (bsc#1137595). - CVE-2019-11705: Fixed a stack-based buffer overflow in icalrecur_add_bydayrules() (bsc#1137595). - CVE-2019-11706: Fixed a type confusion in icaltimezone_get_vtimezone_properties() (bsc#1137595). Also fixed: - No prompt for smartcard PIN when S/MIME signing is used Important SUSE bug 1137595 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 openSUSE Leap 42.3 This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). Bug fixes: - For a complete list of fixes check the release notes. * https://www.postgresql.org/docs/10/release-10-8.html * https://www.postgresql.org/docs/10/release-10-7.html This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1134689 CVE-2019-10130 openSUSE Leap 42.3 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 openSUSE Leap 42.3 This update for python-urllib3 fixes the following issues: python-urllib3 was updated to version 1.22 (fate#326733, bsc#1110422) and contains new features and lots of bugfixes: The full changelog can be found on: https://github.com/Lukasa/urllib3/blob/1.22/CHANGES.rst Security issues fixed: - CVE-2016-9015: TLS certificate validation vulnerability (bsc#1024540). (This issue did not affect our previous version 1.16.) Non security issues fixed: - bsc#1074247: Fix test suite, use correct date (gh#shazow/urllib3#1303). This update was imported from the SUSE:SLE-12-SP1:Update update project. Moderate SUSE bug 1024540 SUSE bug 1074247 SUSE bug 1110422 CVE-2016-9015 openSUSE Leap 42.3 This update for MozillaFirefox fixes the following issues: Mozilla Firefox 60.7.1esr was released to address MFSA 2019-18 (boo#1138614) * CVE-2019-11707: Fixed a type confusion in Array.pop Important SUSE bug 1138614 CVE-2019-11707 openSUSE Leap 42.3 This update for MozillaThunderbird to version 60.7.2 fixes the following issues: Security issues fixed: - CVE-2019-11707: Fixed a type confusion vulnerability in Arrary.pop (bsc#1138614) - CVE-2019-11708: Fixed an issue which could have allowed sandbox escape using Prompt:Open (bsc#1138872). Critical SUSE bug 1138614 SUSE bug 1138872 CVE-2019-11707 CVE-2019-11708 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issue: Security issue fixed: - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (boo#1120381) Moderate SUSE bug 1120381 CVE-2018-20467 openSUSE Leap 42.3 This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1065237 SUSE bug 1090671 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 openSUSE Leap 42.3 This update for enigmail fixes the following issues: enigmail was updated to 2.0.11: * CVE-2019-12269: Specially crafted inline PGP messages could spoof a "correctly signed" message (boo#1135855) enigmail was updated to 2.0.10: * various bug fixes for configuring and handling encrypted e-mail * UI fixes for dialogs, messages, and dark Thunderbird themes Important SUSE bug 1135855 CVE-2019-12269 openSUSE Leap 42.3 This update for python-Jinja2 fixes the following issues: Security issues fixed: - CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format (bsc#1132174). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). - CVE-2019-8341: Fixed command injection in function from_string (bsc#1125815). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1125815 SUSE bug 1132174 SUSE bug 1132323 CVE-2016-10745 CVE-2019-10906 CVE-2019-8341 openSUSE Leap 42.3 This update for aubio fixes the following issues: Fixed security issues leading to buffer overflows or segfaults (CVE-2018-19800, boo#1137828, CVE-2018-19801, boo#1137822, CVE-2018-19802, boo#1137823): Moderate SUSE bug 1137822 SUSE bug 1137823 SUSE bug 1137828 CVE-2018-19800 CVE-2018-19801 CVE-2018-19802 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - disable indirect reads that disclosed file contents from the local system (boo#1138425) Moderate SUSE bug 1138425 openSUSE Leap 42.3 This update for libmediainfo fixes the following issues: * CVE-2019-11373: Fixed out-of-bounds read in function File__Analyze:Get_L8 (boo#1133156) * CVE-2019-11372: Fixed out-of-bounds read in function MediaInfoLib:File__Tags_Helper:Synched_Test (boo#1133157) Moderate SUSE bug 1133156 SUSE bug 1133157 CVE-2019-11372 CVE-2019-11373 openSUSE Leap 42.3 This update for ansible fixes the following issues: Ansible was updated to version 2.8.1: Full changelog is at /usr/share/doc/packages/ansible/changelogs/ - Bugfixes - ACI - DO not encode query_string - ACI modules - Fix non-signature authentication - Add missing directory provided via ``--playbook-dir`` to adjacent collection loading - Fix "Interface not found" errors when using eos_l2_interface with nonexistant interfaces configured - Fix cannot get credential when `source_auth` set to `credential_file`. - Fix netconf_config backup string issue - Fix privilege escalation support for the docker connection plugin when credentials need to be supplied (e.g. sudo with password). - Fix vyos cli prompt inspection - Fixed loading namespaced documentation fragments from collections. - Fixing bug came up after running cnos_vrf module against coverity. - Properly handle data importer failures on PVC creation, instead of timing out. - To fix the ios static route TC failure in CI - To fix the nios member module params - To fix the nios_zone module idempotency failure - add terminal initial prompt for initial connection - allow include_role to work with ansible command - allow python_requirements_facts to report on dependencies containing dashes - asa_config fix - azure_rm_roledefinition - fix a small error in build scope. - azure_rm_virtualnetworkpeering - fix cross subscriptions virtual network peering. - cgroup_perf_recap - When not using file_per_task, make sure we don't prematurely close the perf files - display underlying error when reporting an invalid ``tasks:`` block. - dnf - fix wildcard matching for state: absent - docker connection plugin - accept version ``dev`` as 'newest version' and print warning. - docker_container - ``oom_killer`` and ``oom_score_adj`` options are available since docker-py 1.8.0, not 2.0.0 as assumed by the version check. - docker_container - fix network creation when ``networks_cli_compatible`` is enabled. - docker_container - use docker API's ``restart`` instead of ``stop``/``start`` to restart a container. - docker_image - if ``build`` was not specified, the wrong default for ``build.rm`` is used. - docker_image - if ``nocache`` set to ``yes`` but not ``build.nocache``, the module failed. - docker_image - module failed when ``source: build`` was set but ``build.path`` options not specified. - docker_network module - fix idempotency when using ``aux_addresses`` in ``ipam_config``. - ec2_instance - make Name tag idempotent - eos: don't fail modules without become set, instead show message and continue - eos_config: check for session support when asked to 'diff_against: session' - eos_eapi: fix idempotency issues when vrf was unspecified. - fix bugs for ce - more info see - fix incorrect uses of to_native that should be to_text instead. - hcloud_volume - Fix idempotency when attaching a server to a volume. - ibm_storage - Added a check for null fields in ibm_storage utils module. - include_tasks - whitelist ``listen`` as a valid keyword - k8s - resource updates applied with force work correctly now - keep results subset also when not no_log. - meraki_switchport - improve reliability with native VLAN functionality. - netapp_e_iscsi_target - fix netapp_e_iscsi_target chap secret size and clearing functionality - netapp_e_volumes - fix workload profileId indexing when no previous workload tags exist on the storage array. - nxos_acl some platforms/versions raise when no ACLs are present - nxos_facts fix <https://github.com/ansible/ansible/pull/57009> - nxos_file_copy fix passwordless workflow - nxos_interface Fix admin_state check for n6k - nxos_snmp_traps fix group all for N35 platforms - nxos_snmp_user fix platform fixes for get_snmp_user - nxos_vlan mode idempotence bug - nxos_vlan vlan names containing regex ctl chars should be escaped - nxos_vtp_* modules fix n6k issues - openssl_certificate - fix private key passphrase handling for ``cryptography`` backend. - openssl_pkcs12 - fixes crash when private key has a passphrase and the module is run a second time. - os_stack - Apply tags conditionally so that the module does not throw up an error when using an older distro of openstacksdk - pass correct loading context to persistent connections other than local - pkg_mgr - Ansible 2.8.0 failing to install yum packages on Amazon Linux - postgresql - added initial SSL related tests - postgresql - added missing_required_libs, removed excess param mapping - postgresql - move connect_to_db and get_pg_version into module_utils/postgres.py (https://github.com/ansible/ansible/pull/55514) - postgresql_db - add note to the documentation about state dump and the incorrect rc (https://github.com/ansible/ansible/pull/57297) - postgresql_db - fix for postgresql_db fails if stderr contains output - postgresql_ping - fixed a typo in the module documentation - preserve actual ssh error when we cannot connect. - route53_facts - the module did not advertise check mode support, causing it not to be run in check mode. - sysctl: the module now also checks the output of STDERR to report if values are correctly set (https://github.com/ansible/ansible/pull/55695) - ufw - correctly check status when logging is off - uri - always return a value for status even during failure - urls - Handle redirects properly for IPv6 address by not splitting on ``:`` and rely on already parsed hostname and port values - vmware_vm_facts - fix the support with regular ESXi - vyos_interface fix <https://github.com/ansible/ansible/pull/57169> - we don't really need to template vars on definition as we do this on demand in templating. - win_acl - Fix qualifier parser when using UNC paths - - win_hostname - Fix non netbios compliant name handling - winrm - Fix issue when attempting to parse CLIXML on send input failure - xenserver_guest - fixed an issue where VM whould be powered off even though check mode is used if reconfiguration requires VM to be powered off. - xenserver_guest - proper error message is shown when maximum number of network interfaces is reached and multiple network interfaces are added at once. - yum - Fix false error message about autoremove not being supported - yum - fix failure when using ``update_cache`` standalone - yum - handle special "_none_" value for proxy in yum.conf and .repo files Update to version 2.8.0 Major changes: * Experimental support for Ansible Collections and content namespacing - Ansible content can now be packaged in a collection and addressed via namespaces. This allows for easier sharing, distribution, and installation of bundled modules/roles/plugins, and consistent rules for accessing specific content via namespaces. * Python interpreter discovery - The first time a Python module runs on a target, Ansible will attempt to discover the proper default Python interpreter to use for the target platform/version (instead of immediately defaulting to /usr/bin/python). You can override this behavior by setting ansible_python_interpreter or via config. (see https://github.com/ansible/ansible/pull/50163) * become - The deprecated CLI arguments for --sudo, --sudo-user, --ask-sudo-pass, -su, --su-user, and --ask-su-pass have been removed, in favor of the more generic --become, --become-user, --become-method, and --ask-become-pass. * become - become functionality has been migrated to a plugin architecture, to allow customization of become functionality and 3rd party become methods (https://github.com/ansible/ansible/pull/50991) - addresses CVE-2018-16859, CVE-2018-16876, CVE-2019-3828, CVE-2018-16837 For the full changelog see /usr/share/doc/packages/ansible/changelogs or online: https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst Moderate SUSE bug 1109957 SUSE bug 1112959 SUSE bug 1118896 SUSE bug 1126503 CVE-2018-16837 CVE-2018-16859 CVE-2018-16876 CVE-2019-3828 openSUSE Leap 42.3 This update for compat-openssl098 fixes the following issues: - CVE-2019-1559: Fix 0-byte record padding oracle via SSL_shutdown (bsc#1127080) - Reject invalid EC point coordinates (bsc#1131291) - Fixed "The 9 Lives of Bleichenbacher's CAT: Cache ATtacks on TLS Implementations" (bsc#1117951) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1117951 SUSE bug 1127080 SUSE bug 1131291 CVE-2019-1559 openSUSE Leap 42.3 This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1133375 CVE-2019-9928 openSUSE Leap 42.3 This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1133375 CVE-2019-9928 openSUSE Leap 42.3 This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 openSUSE Leap 42.3 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1136976 CVE-2019-8457 openSUSE Leap 42.3 This update for wireshark to version 2.4.15 fixes the following issues: Security issue fixed: - Fixed a denial of service in the dissection engine (bsc#1136021). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1136021 openSUSE Leap 42.3 This update for chromium fixes the following issues: Chromium was updated to 75.0.3770.90 (boo#1137332 boo#1138287): * CVE-2019-5842: Use-after-free in Blink. Also updated to 75.0.3770.80 boo#1137332: * CVE-2019-5828: Use after free in ServiceWorker * CVE-2019-5829: Use after free in Download Manager * CVE-2019-5830: Incorrectly credentialed requests in CORS * CVE-2019-5831: Incorrect map processing in V8 * CVE-2019-5832: Incorrect CORS handling in XHR * CVE-2019-5833: Inconsistent security UI placemen * CVE-2019-5835: Out of bounds read in Swiftshader * CVE-2019-5836: Heap buffer overflow in Angle * CVE-2019-5837: Cross-origin resources size disclosure in Appcache * CVE-2019-5838: Overly permissive tab access in Extensions * CVE-2019-5839: Incorrect handling of certain code points in Blink * CVE-2019-5840: Popup blocker bypass * Various fixes from internal audits, fuzzing and other initiatives * CVE-2019-5834: URL spoof in Omnibox on iOS Update to 74.0.3729.169: * Feature fixes update only Update to 74.0.3729.157: * Various security fixes from internal audits, fuzzing and other initiatives Includes security fixes from 74.0.3729.131 (boo#1134218): * CVE-2019-5827: Out-of-bounds access in SQLite * CVE-2019-5824: Parameter passing error in media player Update to 74.0.3729.108 boo#1133313: * CVE-2019-5805: Use after free in PDFium * CVE-2019-5806: Integer overflow in Angle * CVE-2019-5807: Memory corruption in V8 * CVE-2019-5808: Use after free in Blink * CVE-2019-5809: Use after free in Blink * CVE-2019-5810: User information disclosure in Autofill * CVE-2019-5811: CORS bypass in Blink * CVE-2019-5813: Out of bounds read in V8 * CVE-2019-5814: CORS bypass in Blink * CVE-2019-5815: Heap buffer overflow in Blink * CVE-2019-5818: Uninitialized value in media reader * CVE-2019-5819: Incorrect escaping in developer tools * CVE-2019-5820: Integer overflow in PDFium * CVE-2019-5821: Integer overflow in PDFium * CVE-2019-5822: CORS bypass in download manager * CVE-2019-5823: Forced navigation from service worker * CVE-2019-5812: URL spoof in Omnibox on iOS * CVE-2019-5816: Exploit persistence extension on Android * CVE-2019-5817: Heap buffer overflow in Angle on Windows Update to 73.0.3686.103: * Various feature fixes Update to 73.0.3683.86: * Just feature fixes around - Update conditions to use system harfbuzz on TW+ - Require java during build - Enable using pipewire when available - Rebase chromium-vaapi.patch to match up the Fedora one Update to 73.0.3683.75 boo#1129059: * CVE-2019-5787: Use after free in Canvas. * CVE-2019-5788: Use after free in FileAPI. * CVE-2019-5789: Use after free in WebMIDI. * CVE-2019-5790: Heap buffer overflow in V8. * CVE-2019-5791: Type confusion in V8. * CVE-2019-5792: Integer overflow in PDFium. * CVE-2019-5793: Excessive permissions for private API in Extensions. * CVE-2019-5794: Security UI spoofing. * CVE-2019-5795: Integer overflow in PDFium. * CVE-2019-5796: Race condition in Extensions. * CVE-2019-5797: Race condition in DOMStorage. * CVE-2019-5798: Out of bounds read in Skia. * CVE-2019-5799: CSP bypass with blob URL. * CVE-2019-5800: CSP bypass with blob URL. * CVE-2019-5801: Incorrect Omnibox display on iOS. * CVE-2019-5802: Security UI spoofing. * CVE-2019-5803: CSP bypass with Javascript URLs'. * CVE-2019-5804: Command line command injection on Windows. Important SUSE bug 1129059 SUSE bug 1133313 SUSE bug 1134218 SUSE bug 1137332 SUSE bug 1138287 CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 CVE-2019-5802 CVE-2019-5803 CVE-2019-5804 CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 CVE-2019-5824 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5842 openSUSE Leap 42.3 This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators (bsc#1134689). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1134689 CVE-2019-10130 openSUSE Leap 42.3 This update for libheimdal fixes the following issues: libheimdal was updated to version 7.7.0: + Bug fixes: - PKCS#11 hcrypto back-end: + initialize the p11_module_load function list + verify that not only is a mechanism present but that its mechanism info states that it offers the required encryption, decryption or digest services - krb5: + Starting with 7.6, Heimdal permitted requesting authenticated anonymous tickets. However, it did not verify that a KDC in fact returned an anonymous ticket when one was requested. + Cease setting the KDCOption reaquest_anonymous flag when issuing S4UProxy (constrained delegation) TGS requests. + when the Win2K PKINIT compatibility option is set, do not require krbtgt otherName to match when validating KDC certificate. + set PKINIT_BTMM flag per Apple implementation + use memset_s() instead of memset() - kdc: + When generating KRB5SignedPath in the AS, use the reply client name rather than the one from the request, so validation will work correctly in the TGS. + allow checksum of PA-FOR-USER to be HMAC_MD5. Even if TGT used an enctype with a different checksum. Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is always HMAC_MD5, and that's what Windows and MIT clients send. In Heimdal both the client and kdc use instead the checksum of the TGT, and therefore work with each other but Windows and MIT clients fail against Heimdal KDC. Both Windows and MIT KDC would allow any keyed checksum to be used so Heimdal client work fine against it. Change Heimdal KDC to allow HMAC_MD5 even for non RC4 based TGT in order to support per-spec clients. + use memset_s() instead of memset() + Detect Heimdal 1.0 through 7.6 clients that issue S4UProxy (constrained delegation) TGS Requests with the request anonymous flag set. These requests will be treated as S4UProxy requests and not anonymous requests. - HDB: + Set SQLite3 backend default page size to 8KB. + Add hdb_set_sync() method - kadmind: + disable HDB sync during database load avoiding unnecessary disk i/o. - ipropd: + disable HDB sync during receive_everything. Doing an fsync per-record when receiving the complete HDB is a performance disaster. Among other things, if the HDB is very large, then one slave receving a full HDB can cause other slaves to timeout and, if HDB write activity is high enough to cause iprop log truncation, then also need full syncs, which leads to a cycle of full syncs for all slaves until HDB write activity drops. Allowing the iprop log to be larger helps, but improving receive_everything() performance helps even more. - kinit: + Anonymous PKINIT tickets discard the realm information used to locate the issuing AS. Store the issuing realm in the credentials cache in order to locate a KDC which can renew them. + Do not leak the result of krb5_cc_get_config() when determining anonymous PKINIT start realm. - klist: + Show transited-policy-checked, ok-as-delegate and anonymous flags when listing credentials. - tests: + Regenerate certs so that they expire before the 2038 armageddon so the test suite will pass on 32-bit operating systems until the underlying issues can be resolved. - documentation: + rename verify-password to verify-password-quality + hprop default mode is encrypt + kadmind "all" permission does not include "get-keys" + verify-password-quality might not be stateless Version 7.6.0: + Security (#555): - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum When the Heimdal KDC checks the checksum that is placed on the S4U2Self packet by the server to protect the requested principal against modification, it does not confirm that the checksum algorithm that protects the user name (principal) in the request is keyed. This allows a man-in-the-middle attacker who can intercept the request to the KDC to modify the packet by replacing the user name (principal) in the request with any desired user name (principal) that exists in the KDC and replace the checksum protecting that name with a CRC32 checksum (which requires no prior knowledge to compute). This would allow a S4U2Self ticket requested on behalf of user name (principal) user@EXAMPLE.COM to any service to be changed to a S4U2Self ticket with a user name (principal) of Administrator@EXAMPLE.COM. This ticket would then contain the PAC of the modified user name (principal). - CVE-2019-12098, client-only: RFC8062 Section 7 requires verification of the PA-PKINIT-KX key exchange when anonymous PKINIT is used. Failure to do so can permit an active attacker to become a man-in-the-middle. + Bug fixes: - Happy eyeballs: Don't wait for responses from known-unreachable KDCs. - kdc: + check return copy_Realm, copy_PrincipalName, copy_EncryptionKey - kinit: + cleanup temporary ccaches + see man page for "kinit --anonymous" command line syntax change - kdc: + Make anonymous AS-requests more RFC8062-compliant. Updated expired test certificates + Features: - kuser: support authenticated anonymous AS-REQs in kinit - kdc: support for anonymous TGS-REQs - kgetcred support for anonymous service tickets - Support builds with OpenSSL 1.1.1 Moderate SUSE bug 1047218 SUSE bug 1084909 CVE-2018-16860 CVE-2019-12098 openSUSE Leap 42.3 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage() (bsc#1138464). - Fixed a file content disclosure via SVG and WMF decoding (bsc#1138425).- CVE-2019-11472: Fixed a denial of service in ReadXWDImage() (bsc#1133204). - CVE-2019-11470: Fixed a denial of service in ReadCINImage() (bsc#1133205). - CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498). - CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501). - CVE-2019-10131: Fixed a off-by-one read in formatIPTCfromBuffer function in coders/meta.c (bsc#1134075). - CVE-2017-12806: Fixed a denial of service through memory exhaustion in format8BIM() (bsc#1135232). - CVE-2017-12805: Fixed a denial of service through memory exhaustion in ReadTIFFImage() (bsc#1135236). - CVE-2019-11598: Fixed a heap-based buffer over-read in WritePNMImage() (bsc#1136732) We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1133204 SUSE bug 1133205 SUSE bug 1133498 SUSE bug 1133501 SUSE bug 1134075 SUSE bug 1135232 SUSE bug 1135236 SUSE bug 1136183 SUSE bug 1136732 SUSE bug 1138425 SUSE bug 1138464 CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11470 CVE-2019-11472 CVE-2019-11505 CVE-2019-11506 CVE-2019-11597 CVE-2019-11598 openSUSE Leap 42.3 This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 4.9.0.1: * Several issues with SYSTEM VERSIONING tables * Fixed json encode error in export * Fixed JavaScript events not activating on input (sql bookmark issue) * Show Designer combo boxes when adding a constraint * Fix edit view * Fixed invalid default value for bit field * Fix several errors relating to GIS data types * Fixed javascript error PMA_messages is not defined * Fixed import XML data with leading zeros * Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4) * Fixed MySQL 8.0.0 issues with GIS display * Fixed "Server charset" in "Database server" tab showing wrong information * Fixed can not copy user on Percona Server 5.7 * Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems - boo#1137497 / PMASA-2019-4 / CVE-2019-12616 / CWE-661: Fixed CSRF vulnerability in login form https://www.phpmyadmin.net/security/PMASA-2019-4/ - boo#1137496 / PMASA-2019-3 / CVE-2019-11768 / CWE-661: Fixed SQL injection in Designer feature https://www.phpmyadmin.net/security/PMASA-2019-3/ Moderate SUSE bug 1137496 SUSE bug 1137497 CVE-2019-11768 CVE-2019-12616 openSUSE Leap 42.3 This update for irssi fixes the following issues: irssi was updated to 1.1.3: - CVE-2019-13045: Fix a use after free issue when sending the SASL login on (automatic and manual) reconnects (#1055, #1058) (boo#1139802) - Fix regression of #779 where autolog_ignore_targets would not matching itemless windows anymore (#1012, #1013) Moderate SUSE bug 1139802 CVE-2019-13045 openSUSE Leap 42.3 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1123371 SUSE bug 1123377 SUSE bug 1123378 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 openSUSE Leap 42.3 This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1122706 CVE-2019-3813 openSUSE Leap 42.3 This update for MozillaThunderbird to version 60.5.0 fixes the following issues: Security vulnerabilities addressed (MFSA 2019-03 boo#1122983 MFSA 2018-31): - CVE-2018-18500: Use-after-free parsing HTML5 stream - CVE-2018-18505: Privilege escalation through IPC channel messages - CVE-2016-5824: DoS (use-after-free) via a crafted ics file - CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 - CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Use-after-free with select element - CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Integer overflow when calculating buffer sizes for images - CVE-2018-12405: Memory safety bugs fixed in Firefox 64, 60.4, and Thunderbird 60.4 Other bugs fixed and changes made: - FileLink provider WeTransfer to upload large attachments - Thunderbird now allows the addition of OpenSearch search engines from a local XML file using a minimal user inferface: [+] button to select a file an add, [-] to remove. - More search engines: Google and DuckDuckGo available by default in some locales - During account creation, Thunderbird will now detect servers using the Microsoft Exchange protocol. It will offer the installation of a 3rd party add-on (Owl) which supports that protocol. - Thunderbird now compatible with other WebExtension-based FileLink add-ons like the Dropbox add-on - New WebExtensions FileLink API to facilitate add-ons - Fix decoding problems for messages with less common charsets (cp932, cp936) - New messages in the drafts folder (and other special or virtual folders) will no longer be included in the new messages notification - Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. - Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 - Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters - While composing a message, a link not removed when link location was removed in the link properties panel - Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding - If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. - Body search/filtering didn't reliably ignore content of tags - Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons - Incorrect display of correspondents column since own email address was not always detected - Spurious 
 (encoded newline) inserted into drafts and sent email - Double-clicking on a word in the Write window sometimes launched the Advanced Property Editor or Link Properties dialog - Fixe Cookie removal - "Download rest of message" was not working if global inbox was used - Fix Encoding problems for users (especially in Poland) when a file was sent via a folder using "Sent to > Mail recipient" due to a problem in the Thunderbird MAPI interface - According to RFC 4616 and RFC 5721, passwords containing non-ASCII characters are encoded using UTF-8 which can lead to problems with non-compliant providers, for example office365.com. The SMTP LOGIN and POP3 USER/PASS authentication methods are now using a Latin-1 encoding again to work around this issue - Fix shutdown crash/hang after entering an empty IMAP password Important SUSE bug 1122983 CVE-2016-5824 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 openSUSE Leap 42.3 This update for discount to version 2.2.4 fixes the following issues: Security issues fixed: - CVE-2018-11468: Fixed a heap-based buffer over-read in the __mkd_trim_line function from mkdio.c (boo#1094809) - CVE-2018-12495: Fixed a heap-based buffer over-read via a crafted file (boo#1098252) Moderate SUSE bug 1094809 SUSE bug 1098252 CVE-2018-11468 CVE-2018-12495 openSUSE Leap 42.3 This update for phpMyAdmin to version 4.8.5 fixes the following issues: Security issues fixed: - CVE-2019-6799: Fixed an arbitrary file read vulnerability (boo#1123272) - CVE-2019-6798: Fixed a SQL injection in the designer interface (boo#1123271) Other changes: * Fix rxport to SQL format not available * Fix QR code not shown when adding two-factor authentication to a user account * Fix issue with adding a new user in MySQL 8.0.11 and newer * Fix frozen interface relating to Text_Plain_Sql plugin * Fix missing table level operations tab Important SUSE bug 1123271 SUSE bug 1123272 CVE-2019-6798 CVE-2019-6799 openSUSE Leap 42.3 This update for nginx fixes the following issues: nginx was updated to 1.14.2: - Bugfix: nginx could not be built on Fedora 28 Linux. - Bugfix: in handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. - Change: the logging level of the "http request", "https proxy request", "unsupported protocol", "version too low", "no suitable key share", and "no suitable signature algorithm" SSL errors has been lowered from "crit" to "info". - Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to switch off "ssl_prefer_server_ciphers" in a virtual server if it was switched on in the default server. - Bugfix: nginx could not be built with LibreSSL 2.8.0. - Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL 1.1.1, the TLS 1.3 protocol was always enabled. - Bugfix: sending a disk-buffered request body to a gRPC backend might fail. - Bugfix: connections with some gRPC backends might not be cached when using the "keepalive" directive. - Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. Changes with nginx 1.14.1: - Security: when using HTTP/2 a client might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). - Security: processing of a specially crafted mp4 file with the ngx_http_mp4_module might result in worker process memory disclosure (CVE-2018-16845). - Bugfix: working with gRPC backends might result in excessive memory consumption. Changes with nginx 1.13.12: - Bugfix: connections with gRPC backends might be closed unexpectedly when returning a large response. Changes with nginx 1.13.10 - Feature: the "set" parameter of the "include" SSI directive now allows writing arbitrary responses to a variable; the "subrequest_output_buffer_size" directive defines maximum response size. - Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, to avoid timeouts being incorrectly triggered on system time changes. - Feature: the "escape=none" parameter of the "log_format" directive. Thanks to Johannes Baiter and Calin Don. - Feature: the $ssl_preread_alpn_protocols variable in the ngx_stream_ssl_preread_module. - Feature: the ngx_http_grpc_module. - Bugfix: in memory allocation error handling in the "geo" directive. - Bugfix: when using variables in the "auth_basic_user_file" directive a null character might appear in logs. Thanks to Vadim Filimonov. Moderate SUSE bug 1115015 SUSE bug 1115022 SUSE bug 1115025 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 openSUSE Leap 42.3 This update for libu2f-host fixes the following issues: Security issue fixed: - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781). Low SUSE bug 1124781 CVE-2018-20340 openSUSE Leap 42.3 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) This update was imported from the SUSE:SLE-12:Update update project. Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 openSUSE Leap 42.3 This update for docker-runc fixes the following issues: Security issue fixed: - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1121967 CVE-2019-5736 openSUSE Leap 42.3 This update for MozillaFirefox to version 60.5.1 fixes the following issues: Security issues fixed (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in Skia library. - CVE-2019-5785: Fixed an integer overflow in the Skia library. - CVE-2018-18335: Fixed a buffer overflow in Skia library with accelerated Canvas 2D by disabling Canvas 2D. This vulnerability does not affect Linux platform. Important SUSE bug 1125330 CVE-2018-18335 CVE-2018-18356 CVE-2019-5785 openSUSE Leap 42.3 This update for Chromium to version 72.0.3626.96 fixes the following issues: Security issues fixed (bsc#1123641 and bsc#1124936): - CVE-2019-5784: Inappropriate implementation in V8 - CVE-2019-5754: Inappropriate implementation in QUIC Networking. - CVE-2019-5782: Inappropriate implementation in V8. - CVE-2019-5755: Inappropriate implementation in V8. - CVE-2019-5756: Use after free in PDFium. - CVE-2019-5757: Type Confusion in SVG. - CVE-2019-5758: Use after free in Blink. - CVE-2019-5759: Use after free in HTML select elements. - CVE-2019-5760: Use after free in WebRTC. - CVE-2019-5761: Use after free in SwiftShader. - CVE-2019-5762: Use after free in PDFium. - CVE-2019-5763: Insufficient validation of untrusted input in V8. - CVE-2019-5764: Use after free in WebRTC. - CVE-2019-5765: Insufficient policy enforcement in the browser. - CVE-2019-5766: Insufficient policy enforcement in Canvas. - CVE-2019-5767: Incorrect security UI in WebAPKs. - CVE-2019-5768: Insufficient policy enforcement in DevTools. - CVE-2019-5769: Insufficient validation of untrusted input in Blink. - CVE-2019-5770: Heap buffer overflow in WebGL. - CVE-2019-5771: Heap buffer overflow in SwiftShader. - CVE-2019-5772: Use after free in PDFium. - CVE-2019-5773: Insufficient data validation in IndexedDB. - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. - CVE-2019-5775: Insufficient policy enforcement in Omnibox. - CVE-2019-5776: Insufficient policy enforcement in Omnibox. - CVE-2019-5777: Insufficient policy enforcement in Omnibox. - CVE-2019-5778: Insufficient policy enforcement in Extensions. - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. - CVE-2019-5780: Insufficient policy enforcement. - CVE-2019-5781: Insufficient policy enforcement in Omnibox. For a full list of changes refer to https://chromereleases.googleblog.com/2019/02/stable-channel-update-for-desktop.html Important SUSE bug 1123641 SUSE bug 1124936 CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769 CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774 CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779 CVE-2019-5780 CVE-2019-5781 CVE-2019-5782 CVE-2019-5784 openSUSE Leap 42.3 This update for php7 fixes the following issues: Security issue fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function (bsc#1123354). - CVE-2019-6978: Fixed a double free in the gdImage*Ptr() functions (bsc#1123522). - CVE-2018-19935: Fixed a Denial of Service in php_imap.c which could be triggered via an empty string in the message argument to imap_mail (bsc#1118832). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1118832 SUSE bug 1123354 SUSE bug 1123522 CVE-2018-19935 CVE-2019-6977 CVE-2019-6978 openSUSE Leap 42.3 This update for libgit2 fixes the following issues: Security issues fixed: - CVE-2018-19456: Fixed a code execution by malicious .gitmodules file (bsc#1110949) - various string-to-integer and buffer handling fixes (bsc#1114729). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1110949 SUSE bug 1114729 CVE-2018-19456 openSUSE Leap 42.3 This update for pspp to version 1.2.0 fixes the following issues: Security issue fixed: - CVE-2018-20230: Fixed a heap-based buffer overflow in read_bytes_internal function that could lead to denial-of-service (bsc#1120061). Other bug fixes and changes: - Add upstream patch to avoid compiling with old Texinfo 4.13. - New experimental command SAVE DATA COLLECTION to save MDD files. - MTIME and YMDHMS variable formats now supported. - Spread sheet rendering now done via spread-sheet-widget. This update introduces a new package called spread-sheet-widget as dependency. Moderate SUSE bug 1120061 CVE-2018-20230 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issue fixed: - CVE-2019-7397: Fixed a Memory leak in WritePDFImage function in pdf.c (bsc#1124366). Low SUSE bug 1124366 CVE-2019-7397 openSUSE Leap 42.3 This update for gthumb fixes the following issues: Security issue fixed: - CVE-2018-18718: Fixed a double-free in add_themes_from_dir function from dlg-contact-sheet.c (boo#1113749) Important SUSE bug 1113749 CVE-2018-18718 openSUSE Leap 42.3 This update for nodejs6 to version 6.16.0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka "PortSmash") (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1117625 SUSE bug 1117626 SUSE bug 1117627 SUSE bug 1117629 SUSE bug 1117630 CVE-2018-0734 CVE-2018-12116 CVE-2018-12120 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-5407 openSUSE Leap 42.3 This update for kauth fixes the following issues: Security issue fixed: - CVE-2019-7443: Fixed an insecure handling of arguments in helpers by removing the support of passing gui variants (bsc#1124863). Moderate SUSE bug 1124863 CVE-2019-7443 openSUSE Leap 42.3 This update for MozillaThunderbird to version 60.5.1 fixes the following issues: Security issues fixed (MFSA 2019-06 bsc#1125330): - CVE-2018-18356: Fixed a Use-after-free in Skia. - CVE-2019-5785: Fixed an Integer overflow in Skia. - CVE-2018-18335: Fixed a Buffer overflow in Skia by default deactivating Canvas 2D. This issue does not affect Linuc distributions. - CVE-2018-18509: Fixed a flaw which during verification of certain S/MIME signatures showing mistekenly that emails bring a valid sugnature. Important SUSE bug 1125330 CVE-2018-18335 CVE-2018-18356 CVE-2018-18509 CVE-2019-5785 openSUSE Leap 42.3 This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage["cursor"] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1111498 SUSE bug 1117025 SUSE bug 1117382 SUSE bug 1120658 SUSE bug 1122000 SUSE bug 1122344 SUSE bug 1123333 SUSE bug 1123892 SUSE bug 1125352 CVE-2019-6454 openSUSE Leap 42.3 The openSUSE Leap 42.3 kernel was updated to 4.4.175 to receive various bugfixes. The following security bugs were fixed: - CVE-2018-5391: Fixed a vulnerability, which allowed an attacker to cause a denial of service attack with low rates of packets targeting IP fragment re-assembly. (bsc#1103097) - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735). The following non-security bugs were fixed: - ASoC: Intel: mrfld: fix uninitialized variable access (bnc#1012382). - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bnc#1012382). - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bnc#1012382). - Documentation/network: reword kernel version reference (bnc#1012382). - IB/core: type promotion bug in rdma_rw_init_one_mr() (). - IB/rxe: Fix incorrect cache cleanup in error flow (). - IB/rxe: replace kvfree with vfree (). - NFC: nxp-nci: Include unaligned.h instead of access_ok.h (bnc#1012382). - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1020413, ). - RDMA/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" (bnc#1012382). - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" (bnc#1012382). - Revert "exec: load_script: do not blindly truncate shebang string" (bnc#1012382). - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" (bnc#1012382). - Revert "loop: Fold __loop_release into loop_release" (bnc#1012382). - Revert "loop: Get rid of loop_index_mutex" (bnc#1012382). - Revert "mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902)." - Revert most of 4.4.174 (kabi). - acpi, nfit: Fix ARS overflow continuation (bsc#1125000). - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1124775). - alpha: Fix Eiger NR_IRQS to 128 (bnc#1012382). - alpha: fix page fault handling for r16-r18 targets (bnc#1012382). - alsa: compress: Fix stop handling on compressed capture streams (bnc#1012382). - alsa: hda - Add quirk for HP EliteBook 840 G5 (bnc#1012382). - alsa: hda - Serialize codec registrations (bnc#1012382). - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bnc#1012382). - arc: perf: map generic branches to correct hardware condition (bnc#1012382). - arm64: KVM: Skip MMIO insn after emulation (bnc#1012382). - arm64: ftrace: do not adjust the LR value (bnc#1012382). - arm64: hyp-stub: Forbid kprobing of the hyp-stub (bnc#1012382). - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bnc#1012382). - arm: OMAP2+: hwmod: Fix some section annotations (bnc#1012382). - arm: cns3xxx: Fix writing to wrong PCI config registers after alignment (bnc#1012382). - arm: dts: Fix OMAP4430 SDP Ethernet startup (bnc#1012382). - arm: dts: da850-evm: Correct the sound card name (bnc#1012382). - arm: dts: kirkwood: Fix polarity of GPIO fan lines (bnc#1012382). - arm: dts: mmp2: fix TWSI2 (bnc#1012382). - arm: iop32x/n2100: fix PCI IRQ mapping (bnc#1012382). - arm: pxa: avoid section mismatch warning (bnc#1012382). - batman-adv: Avoid WARN on net_device without parent in netns (bnc#1012382). - batman-adv: Force mac header to start of data on xmit (bnc#1012382). - bluetooth: Fix unnecessary error message for HCI request completion (bnc#1012382). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - can: bcm: check timer values before ktime conversion (bnc#1012382). - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it (bnc#1012382). - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125809). - char/mwave: fix potential Spectre v1 vulnerability (bnc#1012382). - cifs: Always resolve hostname before reconnecting (bnc#1012382). - cifs: Do not count -ENODATA as failure for query directory (bnc#1012382). - cifs: Fix possible hang during async MTU reads and writes (bnc#1012382). - cifs: Limit memory used by lock request calls to a page (bnc#1012382). - cifs: check ntwrk_buf_start for NULL before dereferencing it (bnc#1012382). - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bnc#1012382). - cpufreq: intel_pstate: Fix HWP on boot CPU after system resume (bsc#1120017). - cpuidle: big.LITTLE: fix refcount leak (bnc#1012382). - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bnc#1012382). - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bnc#1012382). - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bnc#1012382). - dccp: fool proof ccid_hc_[rt]x_parse_options() (bnc#1012382). - debugfs: fix debugfs_rename parameter checking (bnc#1012382). - dlm: Do not swamp the CPU with callbacks queued during recovery (bnc#1012382). - dm thin: fix bug where bio that overwrites thin block ignores FUA (bnc#1012382). - dmaengine: imx-dma: fix wrong callback invoke (bnc#1012382). - drbd: Avoid Clang warning about pointless switch statment (bnc#1012382). - drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bnc#1012382). - drbd: narrow rcu_read_lock in drbd_sync_handshake (bnc#1012382). - drbd: skip spurious timeout (ping-timeo) when failing promote (bnc#1012382). - drivers: core: Remove glue dirs from sysfs earlier (bnc#1012382). - drm/bufs: Fix Spectre v1 vulnerability (bnc#1012382). - drm/i915: Block fbdev HPD processing during suspend (bsc#1106929) - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1106929) - drm/modes: Prevent division by zero htotal (bnc#1012382). - drm/vmwgfx: Fix setting of dma masks (bsc#1106929) - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user (bsc#1106929) - enic: fix checksum validation for IPv6 (bnc#1012382). - exec: load_script: do not blindly truncate shebang string (bnc#1012382). - f2fs: fix wrong return value of f2fs_acl_create (bnc#1012382). - f2fs: move dir data flush to write checkpoint process (bnc#1012382). - f2fs: read page index before freeing (bnc#1012382). - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (bnc#1012382). - fs/epoll: drop ovflist branch prediction (bnc#1012382). - fs: add the fsnotify call to vfs_iter_write (bnc#1012382). - fs: do not scan the inode cache before SB_BORN is set (bnc#1012382). - fs: fix lost error code in dio_complete (bsc#1117744). - fuse: call pipe_buf_release() under pipe lock (bnc#1012382). - fuse: decrement NR_WRITEBACK_TEMP on the right page (bnc#1012382). - fuse: handle zero sized retrieve correctly (bnc#1012382). - futex: Fix (possible) missed wakeup (bsc#1050549). - gdrom: fix a memory leak bug (bnc#1012382). - gfs2: Revert "Fix loop in gfs2_rbm_find" (bnc#1012382). - gpio: pl061: handle failed allocations (bnc#1012382). - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1106929) - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1106929) - hid: debug: fix the ring buffer implementation (bnc#1012382). - hid: lenovo: Add checks to fix of_led_classdev_register (bnc#1012382). - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (git-fixes). - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bnc#1012382). - hwmon: (lm80) fix a missing check of the status of SMBus read (bnc#1012382). - i2c-axxia: check for error conditions first (bnc#1012382). - igb: Fix an issue that PME is not enabled during runtime suspend (bnc#1012382). - inet: frags: add a pointer to struct netns_frags (bnc#1012382). - inet: frags: better deal with smp races (bnc#1012382). - inet: frags: break the 2GB limit for frags storage (bnc#1012382). - inet: frags: change inet_frags_init_net() return value (bnc#1012382). - inet: frags: do not clone skb in ip_expire() (bnc#1012382). - inet: frags: fix ip6frag_low_thresh boundary (bnc#1012382). - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB (bnc#1012382). - inet: frags: get rif of inet_frag_evicting() (bnc#1012382). - inet: frags: refactor ipfrag_init() (bnc#1012382). - inet: frags: refactor ipv6_frag_init() (bnc#1012382). - inet: frags: refactor lowpan_net_frag_init() (bnc#1012382). - inet: frags: remove inet_frag_maybe_warn_overflow() (bnc#1012382). - inet: frags: remove some helpers (bnc#1012382). - inet: frags: reorganize struct netns_frags (bnc#1012382). - inet: frags: use rhashtables for reassembly units (bnc#1012382). - input: bma150 - register input device after setting private data (bnc#1012382). - input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bnc#1012382). - input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bnc#1012382). - input: xpad - add support for SteelSeries Stratus Duo (bnc#1012382). - intel_pstate: Update frequencies of policy->cpus only from ->set_policy() (bsc#1120017). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bnc#1012382). - ip: add helpers to process in-order fragments faster (bnc#1012382). - ip: frags: fix crash in ip_do_fragment() (bnc#1012382). - ip: process in-order fragments efficiently (bnc#1012382). - ip: use rb trees for IP frag queue (bnc#1012382). - ipfrag: really prevent allocation on netns exit (bnc#1012382). - ipv4: frags: precedence bug in ip_expire() (bnc#1012382). - ipv6: Consider sk_bound_dev_if when binding a socket to an address (bnc#1012382). - ipv6: frags: rewrite ip6_expire_frag_queue() (bnc#1012382). - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bnc#1012382). - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bnc#1012382). - kABI: protect linux/kfifo.h include in hid-debug (kabi). - kABI: protect struct hda_bus (kabi). - kaweth: use skb_cow_head() to deal with cloned skbs (bnc#1012382). - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes (bnc#1012382). - kernel/hung_task.c: break RCU locks based on jiffies (bnc#1012382). - kvm: VMX: Fix x2apic check in vmx_msr_bitmap_mode() (bsc#1124166). - kvm: VMX: Missing part of upstream commit 904e14fb7cb9 (bsc#1124166). - kvm: x86: Fix single-step debugging (bnc#1012382). - kvm: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (bnc#1012382). - l2tp: copy 4 more bytes to linear part if necessary (bnc#1012382). - l2tp: fix reading optional fields of L2TPv3 (bnc#1012382). - l2tp: remove l2specific_len dependency in l2tp_core (bnc#1012382). - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125810). - libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1124811). - libnvdimm: Use max contiguous area for namespace size (bsc#1124780). - libnvdimm: fix ars_status output length calculation (bsc#1124777). - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549). - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bnc#1012382). - mac80211: fix radiotap vendor presence bitmap handling (bnc#1012382). - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bnc#1012382). - memstick: Prevent memstick host from getting runtime suspended during card detection (bnc#1012382). - mips: OCTEON: do not set octeon_dma_bar_type if PCI is disabled (bnc#1012382). - mips: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds (bnc#1012382). - mips: bpf: fix encoding bug for mm_srlv32_op (bnc#1012382). - mips: cm: reprime error cause (bnc#1012382). - misc: vexpress: Off by one in vexpress_syscfg_exec() (bnc#1012382). - mm, oom: fix use-after-free in oom_kill_process (bnc#1012382). - mm, page_alloc: drop should_suppress_show_mem (bnc#1125892, bnc#1106061). - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (bnc#1012382). - mmc: bcm2835: Fix DMA channel leak on probe error (bsc#1120902). - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe (bnc#1012382). - modpost: validate symbol names also in find_elf_symbol (bnc#1012382). - mtd: rawnand: gpmi: fix MX28 bus master lockup problem (bnc#1012382). - net/mlx4_core: Add masking for a few queries on HCA caps (bnc#1012382). - net/rose: fix NULL ax25_cb kernel panic (bnc#1012382). - net: Fix usage of pskb_trim_rcsum (bnc#1012382). - net: bridge: Fix ethernet header pointer before check skb forwardable (bnc#1012382). - net: dp83640: expire old TX-skb (bnc#1012382). - net: dsa: slave: Do not propagate flag changes on down slave interfaces (bnc#1012382). - net: fix pskb_trim_rcsum_slow() with odd trim offset (bnc#1012382). - net: ieee802154: 6lowpan: fix frag reassembly (bnc#1012382). - net: ipv4: Fix memory leak in network namespace dismantle (bnc#1012382). - net: ipv4: do not handle duplicate fragments as overlapping (bnc#1012382 bsc#1116345). - net: modify skb_rbtree_purge to return the truesize of all purged skbs (bnc#1012382). - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends (bnc#1012382). - net: systemport: Fix WoL with password after deep sleep (bnc#1012382). - net_sched: refetch skb protocol for each filter (bnc#1012382). - netrom: switch to sock timer API (bnc#1012382). - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1125014). - nfs: nfs_compare_mount_options always compare auth flavors (bnc#1012382). - nfsd4: fix crash on writing v4_end_grace before nfsd startup (bnc#1012382). - niu: fix missing checks of niu_pci_eeprom_read (bnc#1012382). - ocfs2: do not clear bh uptodate for block read (bnc#1012382). - openvswitch: Avoid OOB read when parsing flow nlattrs (bnc#1012382). - perf tests evsel-tp-sched: Fix bitwise operator (bnc#1012382). - perf tools: Add Hygon Dhyana support (bnc#1012382). - perf unwind: Take pgoff into account when reporting elf to libdwfl (bnc#1012382). - perf unwind: Unwind with libdw does not take symfs into account (bnc#1012382). - perf/core: Do not WARN() for impossible ring-buffer sizes (bnc#1012382). - perf/core: Fix impossible ring-buffer sizes warning (bnc#1012382). - perf/x86/intel/uncore: Add Node ID mask (bnc#1012382). - pinctrl: msm: fix gpio-hog related boot issues (bnc#1012382). - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes (bnc#1012382). - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK (bnc#1012382). - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1099810). - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bnc#1012382). - powerpc/uaccess: fix warning/error with access_ok() (bnc#1012382). - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bnc#1012382). - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125808). - rcu: Force boolean subscript for expedited stall warnings (bnc#1012382). - rhashtable: Add rhashtable_lookup() (bnc#1012382). - rhashtable: add rhashtable_lookup_get_insert_key() (bnc#1012382 bsc#1042286). - rhashtable: add schedule points (bnc#1012382). - rhashtable: reorganize struct rhashtable layout (bnc#1012382). - s390/early: improve machine detection (bnc#1012382). - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (bnc#1012382). - s390/smp: fix CPU hotplug deadlock with CPU rescan (bnc#1012382). - sata_rcar: fix deferred probing (bnc#1012382). - sched/wake_q: Document wake_q_add() (bsc#1050549). - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549). - sched/wake_q: Reduce reference counting for special users (bsc#1050549). - scripts/decode_stacktrace: only strip base path when a prefix of the path (bnc#1012382). - scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes - scsi: lpfc: Correct LCB RJT handling (bnc#1012382). - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1125796). - scsi: mpt3sas: API 's to support NVMe drive addition to SML (bsc#1117108). - scsi: mpt3sas: API's to remove nvme drive from sml (bsc#1117108). - scsi: mpt3sas: Add PCI device ID for Andromeda (bsc#1117108). - scsi: mpt3sas: Add an I/O barrier (bsc#1117108). - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108). - scsi: mpt3sas: Add nvme device support in slave alloc, target alloc and probe (bsc#1117108). - scsi: mpt3sas: Add-Task-management-debug-info-for-NVMe-drives (bsc#1117108). - scsi: mpt3sas: Added support for SAS Device Discovery Error Event (bsc#1117108). - scsi: mpt3sas: Added support for nvme encapsulated request message (bsc#1117108). - scsi: mpt3sas: Adding support for SAS3616 HBA device (bsc#1117108). - scsi: mpt3sas: Allow processing of events during driver unload (bsc#1117108). - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108). - scsi: mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (bsc#1117108). - scsi: mpt3sas: Bug fix for big endian systems (bsc#1117108). - scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (bsc#1117108). - scsi: mpt3sas: Cache enclosure pages during enclosure add (bsc#1117108). - scsi: mpt3sas: Configure reply post queue depth, DMA and sgl tablesize (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108). - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108). - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108). - scsi: mpt3sas: Display chassis slot information of the drive (bsc#1117108). - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives while processing Async Broadcast primitive event (bsc#1117108). - scsi: mpt3sas: Do not access the structure after decrementing it's instance reference count (bsc#1117108). - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura controllers (bsc#1117108). - scsi: mpt3sas: Enhanced handling of Sense Buffer (bsc#1117108). - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108). - scsi: mpt3sas: Fix calltrace observed while running IO & reset (bsc#1117108). - scsi: mpt3sas: Fix indentation (bsc#1117108). - scsi: mpt3sas: Fix memory allocation failure test in 'mpt3sas_base_attach()' (bsc#1117108). - scsi: mpt3sas: Fix nvme drives checking for tlr (bsc#1117108). - scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (bsc#1117108). - scsi: mpt3sas: Fix removal and addition of vSES device during host reset (bsc#1117108). - scsi: mpt3sas: Fix sparse warnings (bsc#1117108). - scsi: mpt3sas: Fix, False timeout prints for ioctl and other internal commands during controller reset (bsc#1117108). - scsi: mpt3sas: Fixed memory leaks in driver (bsc#1117108). - scsi: mpt3sas: For NVME device, issue a protocol level reset (bsc#1117108). - scsi: mpt3sas: Handle NVMe PCIe device related events generated from firmware (bsc#1117108). - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108). - scsi: mpt3sas: Incorrect command status was set/marked as not used (bsc#1117108). - scsi: mpt3sas: Increase event log buffer to support 24 port HBA's (bsc#1117108). - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer address (bsc#1117108). - scsi: mpt3sas: Introduce Base function for cloning (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi reply (bsc#1117108). - scsi: mpt3sas: Introduce function to clone mpi request (bsc#1117108). - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1117108). - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108). - scsi: mpt3sas: Lockless access for chain buffers (bsc#1117108). - scsi: mpt3sas: NVMe drive support for BTDHMAPPING ioctl command and log info (bsc#1117108). - scsi: mpt3sas: Optimize I/O memory consumption in driver (bsc#1117108). - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot time (bsc#1117108). - scsi: mpt3sas: Processing of Cable Exception events (bsc#1117108). - scsi: mpt3sas: Reduce memory footprint in kdump kernel (bsc#1117108). - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108). - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108). - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108). - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108). - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Replace PCI pool old API (bsc#1117108). - scsi: mpt3sas: Report Firmware Package Version from HBA Driver (bsc#1117108). - scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices (bsc#1117108). - scsi: mpt3sas: Set NVMe device queue depth as 128 (bsc#1117108). - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108). - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108). - scsi: mpt3sas: Update MPI Headers (bsc#1117108). - scsi: mpt3sas: Update driver version "25.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update driver version "26.100.00.00" (bsc#1117108). - scsi: mpt3sas: Update mpt3sas driver version (bsc#1117108). - scsi: mpt3sas: Updated MPI headers to v2.00.48 (bsc#1117108). - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108). - scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#1117108). - scsi: mpt3sas: check command status before attempting abort (bsc#1117108). - scsi: mpt3sas: clarify mmio pointer types (bsc#1117108). - scsi: mpt3sas: cleanup _scsih_pcie_enumeration_event() (bsc#1117108). - scsi: mpt3sas: fix an out of bound write (bsc#1117108). - scsi: mpt3sas: fix dma_addr_t casts (bsc#1117108). - scsi: mpt3sas: fix format overflow warning (bsc#1117108). - scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#1117108). - scsi: mpt3sas: fix possible memory leak (bsc#1117108). - scsi: mpt3sas: fix pr_info message continuation (bsc#1117108). - scsi: mpt3sas: fix spelling mistake: "disbale" -> "disable" (bsc#1117108). - scsi: mpt3sas: lockless command submission (bsc#1117108). - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1117108). - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1117108). - scsi: mpt3sas: remove a stray KERN_INFO (bsc#1117108). - scsi: mpt3sas: remove redundant copy_from_user in _ctl_getiocinfo (bsc#1117108). - scsi: mpt3sas: remove redundant wmb (bsc#1117108). - scsi: mpt3sas: scan and add nvme device after controller reset (bsc#1117108). - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1117108). - scsi: mpt3sas: set default value for cb_idx (bsc#1117108). - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1117108). - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1117108). - scsi: mpt3sas: simplify task management functions (bsc#1117108). - scsi: mpt3sas: switch to generic DMA API (bsc#1117108). - scsi: mpt3sas: switch to pci_alloc_irq_vectors (bsc#1117108). - scsi: mpt3sas: use list_splice_init() (bsc#1117108). - scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#1117108). - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1125794). - scsi: target: make the pi_prot_format ConfigFS path readable (bsc#1123933). - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355). - seq_buf: Make seq_buf_puts() null-terminate the buffer (bnc#1012382). - serial: fsl_lpuart: clear parity enable bit when disable parity (bnc#1012382). - signal: Always notice exiting tasks (bnc#1012382). - signal: Better detection of synchronous signals (bnc#1012382). - signal: Restore the stop PTRACE_EVENT_EXIT (bnc#1012382). - skge: potential memory corruption in skge_get_regs() (bnc#1012382). - smack: fix access permissions for keyring (bnc#1012382). - smsc95xx: Use skb_cow_head to deal with cloned skbs (bnc#1012382). - soc/tegra: Do not leak device tree node reference (bnc#1012382). - staging: iio: ad7780: update voltage on read (bnc#1012382). - staging: iio: adc: ad7280a: handle error from __ad7280_read32() (bnc#1012382). - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 (bnc#1012382). - staging:iio:ad2s90: Make probe handle spi_setup failure (bnc#1012382). - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN (bnc#1012382). - test_hexdump: use memcpy instead of strncpy (bnc#1012382). - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bnc#1012382). - timekeeping: Use proper seqcount initializer (bnc#1012382). - tipc: use destination length for copy string (bnc#1012382). - tracing/uprobes: Fix output for multiple string arguments (bnc#1012382). - tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428). - tty/ldsem: Convert to regular lockdep annotations (bnc#1105428). - tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428). - tty/n_hdlc: fix __might_sleep warning (bnc#1012382). - tty: Do not block on IO when ldisc change is pending (bnc#1105428). - tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bnc#1105428). - tty: Handle problem if line discipline does not have receive_buf (bnc#1012382). - tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428). - tty: Simplify tty->count math in tty_reopen() (bnc#1105428). - tty: fix data race between tty_init_dev and flush of buf (bnc#1105428). - tty: serial: samsung: Properly set flags in autoCTS mode (bnc#1012382). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (bnc#1012382). - uapi/if_ether.h: prevent redefinition of struct ethhdr (bnc#1012382). - ucc_geth: Reset BQL queue when stopping device (bnc#1012382). - udf: Fix BUG on corrupted inode (bnc#1012382). - um: Avoid marking pages with "changed protection" (bnc#1012382). - usb: dwc2: Remove unnecessary kfree (bnc#1012382). - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bnc#1012382). - usb: hub: delay hub autosuspend if USB3 port is still link training (bnc#1012382). - usb: phy: am335x: fix race condition in _probe (bnc#1012382). - usb: serial: pl2303: add new PID to support PL2303TB (bnc#1012382). - usb: serial: simple: add Motorola Tetra TPG2200 device id (bnc#1012382). - video: clps711x-fb: release disp device node in probe() (bnc#1012382). - vt: invoke notifier on screen size change (bnc#1012382). - x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() (bnc#1012382). - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) (bnc#1012382). - x86/a.out: Clear the dump structure initially (bnc#1012382). - x86/fpu: Add might_fault() to user_insn() (bnc#1012382). - x86/kaslr: Fix incorrect i8254 outb() parameters (bnc#1012382). - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bnc#1012382). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi (bnc#1012382). - xfrm: refine validation of template and selector families (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1020413 SUSE bug 1031492 SUSE bug 1042286 SUSE bug 1050549 SUSE bug 1078355 SUSE bug 1086095 SUSE bug 1086652 SUSE bug 1099810 SUSE bug 1103097 SUSE bug 1105428 SUSE bug 1106061 SUSE bug 1106929 SUSE bug 1116345 SUSE bug 1117108 SUSE bug 1117645 SUSE bug 1117744 SUSE bug 1120017 SUSE bug 1120758 SUSE bug 1120902 SUSE bug 1123933 SUSE bug 1124166 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1124775 SUSE bug 1124777 SUSE bug 1124780 SUSE bug 1124811 SUSE bug 1125000 SUSE bug 1125014 SUSE bug 1125446 SUSE bug 1125794 SUSE bug 1125796 SUSE bug 1125808 SUSE bug 1125809 SUSE bug 1125810 SUSE bug 1125892 SUSE bug 802154 CVE-2018-5391 CVE-2019-3459 CVE-2019-3460 CVE-2019-7221 CVE-2019-7222 openSUSE Leap 42.3 This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1104301 CVE-2018-5383 openSUSE Leap 42.3 This update for php5 fixes the following issues: Security vulnerability fixed: - CVE-2019-6977: Fixed a heap buffer overflow in gdImageColorMatch in gd_color_match.c (bsc#1123354) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1123354 CVE-2019-6977 openSUSE Leap 42.3 This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 openSUSE Leap 42.3 This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 openSUSE Leap 42.3 This update for chromium fixes the following issues: Chromium was updated: to 72.0.3626.121: * CVE-2019-5786: Use-after-free in FileReader fixed (boo#1127602) * Feature fixes update only Important SUSE bug 1127602 CVE-2019-5786 openSUSE Leap 42.3 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-17189: Fixed a denial of service in mod_http2, via slow and unneeded request bodies (bsc#1122838) - CVE-2018-17199: Fixed that mod_session_cookie did not respect expiry time (bsc#1122839) Non-security issue fixed: - sysconfig.d is not created anymore if it already exists (bsc#1121086) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1121086 SUSE bug 1122838 SUSE bug 1122839 CVE-2018-17189 CVE-2018-17199 openSUSE Leap 42.3 This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-14662: mon: limit caps allowed to access the config store (bsc#1111177) - CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (bsc#1114710) - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth (bsc#1121567) Non-security issue fixed: - os/bluestore: avoid frequent allocator dump on bluefs rebalance failure (bsc#1113246) This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1111177 SUSE bug 1113246 SUSE bug 1114710 SUSE bug 1121567 CVE-2018-14662 CVE-2018-16846 CVE-2018-16889 openSUSE Leap 42.3 This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 openSUSE Leap 42.3 This update for chromium to version 73.0.3683.75 fixes the following issues: Security issues fixed (bsc#1129059): - CVE-2019-5787: Fixed a use after free in Canvas. - CVE-2019-5788: Fixed a use after free in FileAPI. - CVE-2019-5789: Fixed a use after free in WebMIDI. - CVE-2019-5790: Fixed a heap buffer overflow in V8. - CVE-2019-5791: Fixed a type confusion in V8. - CVE-2019-5792: Fixed an integer overflow in PDFium. - CVE-2019-5793: Fixed excessive permissions for private API in Extensions. - CVE-2019-5794: Fixed security UI spoofing. - CVE-2019-5795: Fixed an integer overflow in PDFium. - CVE-2019-5796: Fixed a race condition in Extensions. - CVE-2019-5797: Fixed a race condition in DOMStorage. - CVE-2019-5798: Fixed an out of bounds read in Skia. - CVE-2019-5799: Fixed a CSP bypass with blob URL. - CVE-2019-5800: Fixed a CSP bypass with blob URL. - CVE-2019-5801: Fixed an incorrect Omnibox display on iOS. - CVE-2019-5802: Fixed security UI spoofing. - CVE-2019-5803: Fixed a CSP bypass with Javascript URLs'. - CVE-2019-5804: Fixed a command line injection on Windows. Release notes: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html Important SUSE bug 1129059 CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 CVE-2019-5802 CVE-2019-5803 CVE-2019-5804 openSUSE Leap 42.3 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun (bsc#1127820). - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet (bsc#1127821). - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a local attacker to bypass the chain of trust checks (bsc#1127822). This update was imported from the SUSE:SLE-12-SP3:Update update project. Important SUSE bug 1127820 SUSE bug 1127821 SUSE bug 1127822 CVE-2018-12178 CVE-2018-12180 CVE-2018-3630 openSUSE Leap 42.3 This update for moinmoin-wiki to version 1.9.10 fixes the following security issue: - CVE-2017-5934: Cross-site scripting vulnerability in the GUI editor (boo#1111104) Moderate SUSE bug 1111104 CVE-2017-5934 openSUSE Leap 42.3 This update for icecast fixes the following security issues: - CVE-2018-18820: A buffer overflow in url-auth could have potentially allowed remote code execution (boo#1114434) Important SUSE bug 1114434 CVE-2018-18820 openSUSE Leap 42.3 This update for Mozilla Thunderbird to version 52.8 fixes the following issues: Security issues fixed (MFSA 2018-13, boo#1092548): - CVE-2018-5183: Backport critical security fixes in Skia - CVE-2018-5154: Use-after-free with SVG animations and clip paths - CVE-2018-5155: Use-after-free with SVG animations and text paths - CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - CVE-2018-5168: Lightweight themes can be installed without user interaction - CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension - CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8, and Thunderbird 52.8 - CVE-2018-5161: Hang via malformed headers (bsc#1093970) - CVE-2018-5162: Encrypted mail leaks plaintext through src attribute (bsc#1093971) - CVE-2018-5170: Filename spoofing for external attachments (bsc#1093972) - CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack (bsc#1093969) - CVE-2018-5185: Leaking plaintext through HTML forms (bsc#1093973) Important SUSE bug 1092548 SUSE bug 1093152 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185 openSUSE Leap 42.3 This update for enigmail to version 2.0.5 fixes the following issues: Improvements on previous fixes on CVE-2017-17688, boo#1093151 and CVE-2017-17689, boo#1093152 (EFAIL): - do not decrypt MIME parts unnecessarily - improve Error Message for Missing Message Modification Code Moderate SUSE bug 1093151 SUSE bug 1093152 CVE-2017-17688 CVE-2017-17689 openSUSE Leap 42.3 This update for enigmail to version 2.0.6 fixes the following issues: Security issues fixed: - Replies to a partially encrypted message may have revealed protected information: no longer display PGP/MIME message part followed by unencrypted data (boo#1094781) - Signature could be spoofed via Inline-PGP in HTML Mails The following bugs were fixed: - Filter actions could forget selected mail folder names Moderate SUSE bug 1094781 openSUSE Leap 42.3 This update for wireshark fixes the following issues: Minor vulnerabilities that could be used to trigger dissector crashes or cause excessive memory use by making Wireshark read specially crafted packages from the network or capture files (boo#1094301): - CVE-2018-11356: DNS dissector crash - CVE-2018-11357: Multiple dissectors could consume excessive memory - CVE-2018-11358: Q.931 dissector crash - CVE-2018-11359: The RRC dissector and other dissectors could crash - CVE-2018-11360: GSM A DTAP dissector crash - CVE-2018-11362: LDSS dissector crash This update to version 2.4.7 also contains bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.7.html Moderate SUSE bug 1094301 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11362 openSUSE Leap 42.3 This update for fixes the following security issues: * path sanity-checks on NTFS can read arbitrary memory (CVE-2018-11233, boo#1095218) * arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235, boo#1095219) Important SUSE bug 1095218 SUSE bug 1095219 CVE-2018-11233 CVE-2018-11235 openSUSE Leap 42.3 This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 openSUSE Leap 42.3 This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 openSUSE Leap 42.3 This update for taglib fixes this security issues: - CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function allowed remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (bsc#1096180). Low SUSE bug 1096180 CVE-2018-11439 openSUSE Leap 42.3 This update for MozillaFirefox, mozilla-nss fixes the following issues: Security issue fixed in Mozilla Firefox 60.0.2 ESR: - CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia (MFSA 2018-14, boo#1096449) The following bugs were fixed: - In KDE Open with option in download dialog has no effect with kmozillahelper (boo#1094747) - Startup crashes on aarch64 (boo#1093059) Mozilla Firefox now requires NSS 3.36.4 (boo#1096515). The following changes are included in NSS: - Fix issues connecting to servers recently upgraded to TLS 1.3 (SSL_RX_MALFORMED_SERVER_HELLO error) - Fix a rare bug with PKCS#12 files - Apply additional harding (relro linker option) Important SUSE bug 1093059 SUSE bug 1094747 SUSE bug 1096449 SUSE bug 1096515 CVE-2018-6126 openSUSE Leap 42.3 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120119 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 openSUSE Leap 42.3 This update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures: - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525) - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched. Moderate SUSE bug 1096745 SUSE bug 1097525 CVE-2018-12019 CVE-2018-12020 openSUSE Leap 42.3 This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. This update was imported from the SUSE:SLE-12-SP1:Update update project. Important SUSE bug 1087066 SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 openSUSE Leap 42.3 This update for irssi fixes the following issues: - CVE-2019-5882: Use after free when hidden lines were expired from the scroll buffer (boo#1121396) This update to the 1.1.2 version also fixes a number of stability issues and bugs. Important SUSE bug 1121396 CVE-2019-5882 openSUSE Leap 42.3 This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 openSUSE Leap 42.3 This update for redis to 4.0.10 fixes the following issues: These security issues were fixed: - CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack (bsc#1097430). - CVE-2018-11219: Prevent integer overflow in Lua scripting (bsc#1097768). For Leap 42.3 and openSUSE SLE 12 backports this is a jump from 4.0.6. For additional details please see - https://raw.githubusercontent.com/antirez/redis/4.0.9/00-RELEASENOTES - https://raw.githubusercontent.com/antirez/redis/4.0.8/00-RELEASENOTES - https://raw.githubusercontent.com/antirez/redis/4.0.7/00-RELEASENOTES Important SUSE bug 1097430 SUSE bug 1097768 CVE-2018-11218 CVE-2018-11219 openSUSE Leap 42.3 This update for go1.9 fixes the following issues: Security issues fixed: - CVE-2018-7187: arbitrary command execution via VCS path (boo#1081495) Non-security changes: - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition Moderate SUSE bug 1081495 CVE-2018-7187 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: The following security fixes were fixed: - CVE-2018-10805: Fixed a memory leak in ReadYCBCRImage in coders/ycbcr.c and rgb.c, cmyk.c and gray.c (boo#1095812) - Fixed invalid memory reads in dcm.c (boo#1075821#c14) Low SUSE bug 1075821 SUSE bug 1095812 CVE-2018-10805 openSUSE Leap 42.3 This update for phpMyAdmin fixes multiple issues. Security issues fixed: * CVE-2018-12613: File inclusion and remote code execution attack (boo#1098751) * CVE-2018-12581: XSS in Designer feature (boo#1098752) This update to version 4.8.2 also contains number of upstream bug fixes and improvements. Important SUSE bug 1098751 SUSE bug 1098752 CVE-2018-12581 CVE-2018-12613 openSUSE Leap 42.3 This security update for MozillaFirefox to version 60.1.0esr fixes multiple issues. Security issues fixed (MFSA 2018-16, boo#1098998): - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-12361: Integer overflow in SwizzleData - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12371: Integer overflow in Skia library during edge builder allocation - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming - CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments - CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 - CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 Other issues fixed: - various stability and regression fixes - do not disable system installed unsigned language packs (bmo#1464766) Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12369 CVE-2018-12371 CVE-2018-5156 CVE-2018-5187 CVE-2018-5188 openSUSE Leap 42.3 This update for mailman to version 2.1.27 fixes the following issues: This security issue was fixed: - CVE-2018-0618: Additional protections against injecting scripts into listinfo and error messages pages (bsc#1099510). These non-security issues were fixed: - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and IP address. - An option has been added to bin/add_members to issue invitations instead of immediately adding members. - A new BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE setting has been added to enable blocking web subscribes from IPv4 addresses listed in Spamhaus SBL, CSS or XBL. It will work with IPv6 addresses if Python's py2-ipaddress module is installed. The module can be installed via pip if not included in your Python. - Mailman has a new 'security' log and logs authentication failures to the various web CGI functions. The logged data include the remote IP and can be used to automate blocking of IPs with something like fail2ban. Since Mailman 2.1.14, these have returned an http 401 status and the information should be logged by the web server, but this new log makes that more convenient. Also, the 'mischief' log entries for 'hostile listname' noe include the remote IP if available. - admin notices of (un)subscribes now may give the source of the action. This consists of a %(whence)s replacement that has been added to the admin(un)subscribeack.txt templates. Thanks to Yasuhito FUTATSUKI for updating the non-English templates and help with internationalizing the reasons. - there is a new BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE setting to enable blocking web subscribes for addresses in domains listed in the Spamhaus DBL. Moderate SUSE bug 1099510 CVE-2018-0618 openSUSE Leap 42.3 This update for git-annex to version 6.20180626 fixes the following issues: - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier (bsc#1098062). - CVE-2018-10859: Prevent local gpg encrypted file disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes (bsc#1098364). This update brings many other bug fixes and new features. http://hackage.haskell.org/package/git-annex-6.20180626/changelog has a detailed list of changes. Moderate SUSE bug 1098062 SUSE bug 1098364 CVE-2018-10857 CVE-2018-10859 openSUSE Leap 42.3 This update for aria2 fixes the following security issue: - CVE-2019-3500: Metadata and potential password leaks via --log= (boo#1120488) Moderate SUSE bug 1120488 CVE-2019-3500 openSUSE Leap 42.3 This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base (MFSA 2018-16, bsc#1098998): - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-5188: Memory safety bugs fixed in Thunderbird 52.9.0 Security issues fixed that affect e-mail privacy and integrity (including EFAIL): - CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails (bsc#1100082) - CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward (bsc#1100079) - CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field (bsc#1100081) The following options are available for added security in certain scenarios: - Option for not decrypting subordinate message parts that otherwise might reveal decryted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security. The following upstream changes are included: - Thunderbird will now prompt to compact IMAP folders even if the account is online - Fix various problems when forwarding messages inline when using "simple" HTML view The following tracked packaging changes are included: - correct requires and provides handling (boo#1076907) - reduce memory footprint with %ix86 at linking time via additional compiler flags (boo#1091376) - Build from upstream source archive and verify source signature (boo#1085780) Moderate SUSE bug 1076907 SUSE bug 1085780 SUSE bug 1091376 SUSE bug 1098998 SUSE bug 1100079 SUSE bug 1100081 SUSE bug 1100082 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-5188 openSUSE Leap 42.3 This update for sssd provides the following fixes: This security issue was fixed: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users (bsc#1098377) These non-security issues were fixed: - Fix a segmentation fault in sss_cache command. (bsc#1072728) - Fix a failure in autofs initialisation sequence upon system boot. (bsc#1010700) - Fix race condition on boot between SSSD and autofs. (bsc#1010700) - Fix a bug where file descriptors were not closed (bsc#1080156) - Fix an issue where sssd logs were not rotated properly (bsc#1080156) - Remove whitespaces from netgroup entries (bsc#1087320) - Remove misleading log messages (bsc#1101877) - exit() the forked process if exec()-ing a child process fails (bsc#1110299) - Do not schedule the machine renewal task if adcli is not executable (bsc#1110299) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1010700 SUSE bug 1072728 SUSE bug 1080156 SUSE bug 1087320 SUSE bug 1098377 SUSE bug 1101877 SUSE bug 1110299 CVE-2018-10852 openSUSE Leap 42.3 This update for ucode-intel fixes the following issues: The microcode bundles was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 openSUSE Leap 42.3 This update for nextcloud fixes the following issues: Security issues fixed: - CVE-2018-3761: Fix improper authentication on the OAuth2 token endpoint (bsc#1100344). - CVE-2018-3762: Fix improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to (bsc#1100343). Moderate SUSE bug 1100343 SUSE bug 1100344 CVE-2018-3761 CVE-2018-3762 openSUSE Leap 42.3 This update for mutt fixes the following issues: Security issues fixed: - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles ".." directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes: - mutt reports as neomutt and incorrect version (bsc#1094717) - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830) - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129) - (neo)mutt displaying times in Zulu time (bsc#1061343) - mutt unconditionally segfaults when displaying a message (bsc#986534) - For openSUSE Leap 42.3, retain split of -lang and -doc (boo#1120935) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1061343 SUSE bug 1094717 SUSE bug 1101428 SUSE bug 1101566 SUSE bug 1101567 SUSE bug 1101568 SUSE bug 1101569 SUSE bug 1101570 SUSE bug 1101571 SUSE bug 1101573 SUSE bug 1101576 SUSE bug 1101577 SUSE bug 1101578 SUSE bug 1101581 SUSE bug 1101582 SUSE bug 1101583 SUSE bug 1101588 SUSE bug 1101589 SUSE bug 1120935 SUSE bug 980830 SUSE bug 982129 SUSE bug 986534 CVE-2014-9116 CVE-2018-14349 CVE-2018-14350 CVE-2018-14351 CVE-2018-14352 CVE-2018-14353 CVE-2018-14354 CVE-2018-14355 CVE-2018-14356 CVE-2018-14357 CVE-2018-14358 CVE-2018-14359 CVE-2018-14360 CVE-2018-14361 CVE-2018-14362 CVE-2018-14363 openSUSE Leap 42.3 This update for gitolite fixes the following security issue: - CVE-2018-20683: The rsync command line was not handled correctly, allow malicious rsync options (boo#1121570) The version update to 3.6.11 also contains a number of upstream bug fixes. Moderate SUSE bug 1121570 CVE-2018-20683 openSUSE Leap 42.3 This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed (bsc#1095163): - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia - CVE-2018-6127: Use after free in indexedDB - CVE-2018-6129: Out of bounds memory access in WebRTC - CVE-2018-6130: Out of bounds memory access in WebRTC - CVE-2018-6131: Incorrect mutability protection in WebAssembly - CVE-2018-6132: Use of uninitialized memory in WebRTC - CVE-2018-6133: URL spoof in Omnibox - CVE-2018-6134: Referrer Policy bypass in Blink - CVE-2018-6135: UI spoofing in Blink - CVE-2018-6136: Out of bounds memory access in V8 - CVE-2018-6137: Leak of visited status of page in Blink - CVE-2018-6138: Overly permissive policy in Extensions - CVE-2018-6139: Restrictions bypass in the debugger extension API - CVE-2018-6140: Restrictions bypass in the debugger extension API - CVE-2018-6141: Heap buffer overflow in Skia - CVE-2018-6142: Out of bounds memory access in V8 - CVE-2018-6143: Out of bounds memory access in V8 - CVE-2018-6144: Out of bounds memory access in PDFium - CVE-2018-6145: Incorrect escaping of MathML in Blink - CVE-2018-6147: Password fields not taking advantage of OS protections in Views - CVE-2018-6148: Incorrect handling of CSP header (boo#1096508) - CVE-2018-6149: Out of bounds write in V8 (boo#1097452) The following tracked packaging changes are included: - Require ffmpeg >= 4.0 (boo#1095545) Important SUSE bug 1070421 SUSE bug 1093031 SUSE bug 1095163 SUSE bug 1095545 SUSE bug 1096508 SUSE bug 1097452 CVE-2018-6123 CVE-2018-6124 CVE-2018-6125 CVE-2018-6126 CVE-2018-6127 CVE-2018-6128 CVE-2018-6129 CVE-2018-6130 CVE-2018-6131 CVE-2018-6132 CVE-2018-6133 CVE-2018-6134 CVE-2018-6135 CVE-2018-6136 CVE-2018-6137 CVE-2018-6138 CVE-2018-6139 CVE-2018-6140 CVE-2018-6141 CVE-2018-6142 CVE-2018-6143 CVE-2018-6144 CVE-2018-6145 CVE-2018-6147 CVE-2018-6148 CVE-2018-6149 openSUSE Leap 42.3 This update for mailman fixes the following issues: Security issue fixed: - CVE-2018-13796: Fix a content spoofing vulnerability with invalid list name messages inside the web UI (boo#1101288). Bug fixes: - update to 2.1.29: * Fixed the listinfo and admin overview pages that were broken - update to 2.1.28: * It is now possible to edit HTML and text templates via the web admin UI in a supported language other than the list's preferred_language. * The Japanese translation has been updated * The German translation has been updated * The Esperanto translation has been updated * The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was not working. This is fixed. * Escaping of HTML entities for the web UI is now done more selectively. Moderate SUSE bug 1101288 CVE-2018-13796 openSUSE Leap 42.3 This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed (boo#1102530): - CVE-2018-6153: Stack buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC - CVE-2018-6157: Type confusion in WebRTC - CVE-2018-6158: Use after free in Blink - CVE-2018-6159: Same origin policy bypass in ServiceWorker - CVE-2018-6161: Same origin policy bypass in WebAudio - CVE-2018-6162: Heap buffer overflow in WebGL - CVE-2018-6163: URL spoof in Omnibox - CVE-2018-6164: Same origin policy bypass in ServiceWorker - CVE-2018-6165: URL spoof in Omnibox - CVE-2018-6166: URL spoof in Omnibox - CVE-2018-6167: URL spoof in Omnibox - CVE-2018-6168: CORS bypass in Blink - CVE-2018-6169: Permissions bypass in extension installation - CVE-2018-6170: Type confusion in PDFium - CVE-2018-6171: Use after free in WebBluetooth - CVE-2018-6172: URL spoof in Omnibox - CVE-2018-6173: URL spoof in Omnibox - CVE-2018-6174: Integer overflow in SwiftShader - CVE-2018-6175: URL spoof in Omnibox - CVE-2018-6176: Local user privilege escalation in Extensions - CVE-2018-6177: Cross origin information leak in Blink - CVE-2018-6178: UI spoof in Extensions - CVE-2018-6179: Local file information leak in Extensions - CVE-2018-6044: Request privilege escalation in Extensions - CVE-2018-4117: Cross origin information leak in Blink The following user interface changes are included: - Chrome will show the "Not secure" warning on all plain HTTP pages Important SUSE bug 1102530 CVE-2018-4117 CVE-2018-6044 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 openSUSE Leap 42.3 This update for znc fixes the following issues: - Update to version 1.7.1 * CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf (bnc#1101281) * CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. (bnc#1101280) - Update to version 1.7.0 * Make ZNC UI translateable to different languages * Configs written before ZNC 0.206 can't be read anymore * Implement IRCv3.2 capabilities away-notify, account-notify, extended-join * Implement IRCv3.2 capabilities echo-message, cap-notify on the "client side" * Update capability names as they are named in IRCv3.2: znc.in/server-time-iso→server-time, znc.in/batch→batch. Old names will continue working for a while, then will be removed in some future version. * Make ZNC request server-time from server when available * Add "AuthOnlyViaModule" global/user setting * Stop defaulting real name to "Got ZNC?" * Add SNI SSL client support * Add support for CIDR notation in allowed hosts list and in trusted proxy list * Add network-specific config for cert validation in addition to user-supplied fingerprints: TrustAllCerts, defaults to false, and TrustPKI, defaults to true. * Add /attach command for symmetry with /detach. Unlike /join it allows wildcards. - Update to version 1.6.6: * Fix use-after-free in znc --makepem. It was broken for a long time, but started segfaulting only now. This is a useability fix, not a security fix, because self-signed (or signed by a CA) certificates can be created without using --makepem, and then combined into znc.pem. Moderate SUSE bug 1101280 SUSE bug 1101281 CVE-2018-14055 CVE-2018-14056 openSUSE Leap 42.3 This update fixes two security issues in live555: - CVE-2018-4013: Remote code execution vulnerability (bsc#1114779) - CVE-2019-6256: Denial of Service issue with RTSP-over-HTTP tunneling via x-sessioncookie HTTP headers (boo#1121892) This library is statically linked into VLC. However VLC is not affected because it only uses the live555 library to implement the RTSP client. Moderate SUSE bug 1114779 SUSE bug 1121892 CVE-2018-4013 CVE-2019-6256 openSUSE Leap 42.3 This update for blueman fixes the following issues: The following security issue was addressed: - Fixed the polkit authorization checks in blueman, which previously allowed any user with access to the D-Bus system bus to trigger certain network configuration logic in blueman without authentication (boo#1083066). Moderate SUSE bug 1083066 openSUSE Leap 42.3 This update for enigmail to 2.0.8 fixes the following issues: The enigmail 2.0.8 release addresses a security issue and solves a few regression bugs. * A security issue has been fixed that allows an attacker to prepare a plain, unauthenticated HTML message in a way that it looks like it's signed and/or encrypted (boo#1104036) Moderate SUSE bug 1104036 openSUSE Leap 42.3 This update for seamonkey fixes the following issues: Mozilla Seamonkey was updated to 2.49.4: Now uses Gecko 52.9.1esr (boo#1098998). Security issues fixed with MFSA 2018-16 (boo#1098998): * CVE-2018-12359: Buffer overflow using computed size of canvas element * CVE-2018-12360: Use-after-free when using focus() * CVE-2018-12362: Integer overflow in SSSE3 scaler * CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture * CVE-2018-12363: Use-after-free when appending DOM nodes * CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins * CVE-2018-12365: Compromised IPC child process can list local filenames * CVE-2018-12366: Invalid data handling during QCMS transformations * CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 Localizations finally included again (boo#1062195) Updated summary and description to more accurately reflect what SeaMonkey is, giving less prominence to the long- discontinued Mozilla Application Suite that many users may no longer be familiar with Update to Seamonkey 2.49.2 * Gecko 52.6esr (including security relevant fixes) (boo#1077291) * fix issue in Composer * With some themes, the menulist- and history-dropmarker didn't show * Scrollbars didn't show the buttons * WebRTC has been disabled by default. It needs an add-on to enable it per site * The active title bar was not visually emphasized Correct requires and provides handling (boo#1076907) Important SUSE bug 1020631 SUSE bug 1062195 SUSE bug 1076907 SUSE bug 1077291 SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-5156 CVE-2018-5188 openSUSE Leap 42.3 This update for aubio fixes the following issues: - CVE-2018-14522: Fixed a crash in aubio_pitch_set_unit (bsc#1102359) - CVE-2018-14523: Fixed a buffer overrread resulting in crash or information leakage in new_aubio_pitchyinfft (bsc#1102364) Moderate SUSE bug 1102359 SUSE bug 1102364 CVE-2018-14522 CVE-2018-14523 openSUSE Leap 42.3 This update for libunwind fixes one minor security issue and one bug. The following security issue was fixed: - CVE-2015-3239: off-by-one error that could be triggered when reading untrusted binaries (boo#936786) The following packaging bug was fixed: - boo#1122012: The 32 bit were not generated on Leap 42.3 Low SUSE bug 1122012 SUSE bug 936786 CVE-2015-3239 openSUSE Leap 42.3 This update for php7 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2017-9120: Fixed an buffer overflow in mysqli_real_escape_string, which could be exploited via along string and could result in an application crash or have other unspecified impacts. (bsc#1103661) This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1103659 SUSE bug 1103661 CVE-2017-9120 CVE-2018-14851 openSUSE Leap 42.3 ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 This update was imported from the SUSE:SLE-15:Update update project. Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 openSUSE Leap 42.3 This update for zeromq fixes the following issues: Security issue fixed: - CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow (bsc#1121717) Important SUSE bug 1121717 CVE-2019-6250 openSUSE Leap 42.3 This update for nextcloud to version 13.0.5 fixes the following issues: Security issues fixed: - CVE-2018-3780: Fixed a missing sanitization of search results for an autocomplete field that could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. (boo#1105598) Other bugs fixed: - Fix highlighting of the upload drop zone - Apply ldapUserFilter on members of group - Make the DELETION of groups match greedy on the groupID - Add parent index to share table - Log full exception in cron instead of only the message - Properly lock the target file on dav upload when not using part files - LDAP backup server should not be queried when auth fails - Fix filenames in sharing integration tests - Lower log level for quota manipulation cases - Let user set avatar in nextcloud if LDAP provides invalid image data - Improved logging of smb connection errors - Allow admin to disable fetching of avatars as well as a specific attribute - Allow to disable encryption - Update message shown when unsharing a file - Fixed English grammatical error on Settings page. - Request a valid property for DAV opendir - Allow updating the token on session regeneration - Prevent lock values from going negative with memcache backend - Correctly handle users with numeric user ids - Correctly parse the subject parameters for link (un)shares of calendars - Fix "parsing" of email-addresses in comments and chat messages - Sanitize parameters in createSessionToken() while logging - Also retry rename operation on InvalidArgumentException - Improve url detection in comments - Only bind to ldap if configuration for the first server is set - Use download manager from PDF.js to download the file - Fix trying to load removed scripts - Only pull for new messages if the session is allowed to be kept alive - Always push object data - Add prioritization for Talk Moderate SUSE bug 1105598 CVE-2018-3780 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: Security issue fixed: - Disable PS, PS2, PS3 and PDF coders by default, remove gs calls from delegates.mgk (boo#1105592) Important SUSE bug 1105592 openSUSE Leap 42.3 This update for phpMyAdmin to version 4.8.3 addresses multiple issues. Security issues fixed: - CVE-2018-15605: vulnerability in the file import feature allowed cross-site scripting via importing a specially-crafted file (PMASA-2018-5, boo#1105726) This update also contains a number of upstream bug fixes in the UI and behavior. Moderate SUSE bug 1105726 CVE-2018-15605 openSUSE Leap 42.3 This update for zutils to version 1.7 fixes one security issue: - CVE-2018-1000637: buffer overrun in zcat utility (boo#1103878) Please note that the zutils zcat utility is distinct from the default gzip zcat utility. Moderate SUSE bug 1103878 CVE-2018-1000637 openSUSE Leap 42.3 This update for nextcloud fixes security issues and bugs. Security issues fixed: - CVE-2018-3780: Stored XSS in autocomplete suggestions for file comments (boo#1114817) This update also contains all bug fixes and improvements in the 13.0.8 version, including: - Password expiration time changed from 12h to 7d - Bug fixes to the OAuth brute force protection - Various other bug fixes and improvements Moderate SUSE bug 1114817 CVE-2018-3780 openSUSE Leap 42.3 This update for podofo version 0.9.6 fixes the following issues: Security issues fixed: - CVE-2017-5852: Fix a infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp) (boo#1023067) - CVE-2017-5854: Fix a NULL pointer dereference in PdfOutputStream.cpp (boo#1023070) - CVE-2017-5886: Fix a heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp) (boo#1023380) - CVE-2017-6844: Fix a buffer overflow in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) (boo#1027782) - CVE-2017-6847: Fix a NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) (boo#1027778) - CVE-2017-7379: Fix a heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp) (boo#1032018) - CVE-2018-5296: Fix a denial of service in the ReadXRefSubsection function (boo#1075021) - CVE-2018-5309: Fix a integer overflow in the ReadObjectsFromStream function (boo#1075322) - CVE-2017-5853: Fix a signed integer overflow in PdfParser.cpp (boo#1023069) - CVE-2017-5855: Fix a NULL pointer dereference in the ReadXRefSubsection function (boo#1023071) - CVE-2017-6840: Fix a invalid memory read in the GetColorFromStack function (boo#1027787) - CVE-2017-6845: Fix a NULL pointer dereference in the SetNonStrokingColorSpace function (boo#1027779) - CVE-2017-7378: Fix a heap-based buffer overflow in the ExpandTabs function (boo#1032017) - CVE-2017-7380: Fix four null pointer dereferences (boo#1032019) - CVE-2017-8054: Fix a denial of service in the GetPageNodeFromArray function (boo#1035596) - CVE-2018-5295: Fix a integer overflow in the ParseStream function (boo#1075026) - CVE-2018-5308: Fix undefined behavior in the PdfMemoryOutputStream::Write function (boo#1075772) - CVE-2018-8001: Fix a heap overflow read vulnerability in the UnescapeName function (boo#1084894) - CVE-2017-7994, CVE-2017-8787: Fix a denial of service via a crafted PDF document (boo#1035534, boo#1037739) Important SUSE bug 1023067 SUSE bug 1023069 SUSE bug 1023070 SUSE bug 1023071 SUSE bug 1023380 SUSE bug 1027778 SUSE bug 1027779 SUSE bug 1027782 SUSE bug 1027787 SUSE bug 1032017 SUSE bug 1032018 SUSE bug 1032019 SUSE bug 1035534 SUSE bug 1035596 SUSE bug 1037739 SUSE bug 1075021 SUSE bug 1075026 SUSE bug 1075322 SUSE bug 1075772 SUSE bug 1084894 CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5855 CVE-2017-5886 CVE-2017-6840 CVE-2017-6844 CVE-2017-6845 CVE-2017-6847 CVE-2017-7378 CVE-2017-7379 CVE-2017-7380 CVE-2017-7994 CVE-2017-8054 CVE-2017-8787 CVE-2018-5295 CVE-2018-5296 CVE-2018-5308 CVE-2018-5309 CVE-2018-8001 openSUSE Leap 42.3 This update for MozillaThunderbird to version 60.0 fixes the following issues: These security issues were fixed: - CVE-2018-12359: Prevent buffer overflow using computed size of canvas element (bsc#1098998). - CVE-2018-12360: Prevent use-after-free when using focus() (bsc#1098998). - CVE-2018-12361: Prevent integer overflow in SwizzleData (bsc#1098998). - CVE-2018-12362: Prevent integer overflow in SSSE3 scaler (bsc#1098998). - CVE-2018-5156: Prevent media recorder segmentation fault when track type is changed during capture (bsc#1098998). - CVE-2018-12363: Prevent use-after-free when appending DOM nodes (bsc#1098998). - CVE-2018-12364: Prevent CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998). - CVE-2018-12365: Prevent compromised IPC child process listing local filenames (bsc#1098998). - CVE-2018-12371: Prevent integer overflow in Skia library during edge builder allocation (bsc#1098998). - CVE-2018-12366: Prevent invalid data handling during QCMS transformations (bsc#1098998). - CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998). - CVE-2018-5187: Various memory safety bugs (bsc#1098998). - CVE-2018-5188: Various memory safety bugs (bsc#1098998). These can not, in general, be exploited through email, but are potential risks in browser or browser-like contexts. These non-security issues were fixed: - Storing of remote content settings fixed (bsc#1084603) - Improved message handling and composing - Improved handling of message templates - Support for OAuth2 and FIDO U2F - Various Calendar improvements - Various fixes and changes to e-mail workflow - Various IMAP fixes - Native desktop notifications Important SUSE bug 1084603 SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12371 CVE-2018-5156 CVE-2018-5187 CVE-2018-5188 openSUSE Leap 42.3 This update for Chromium to version 69.0.3497.81 fixes multiple issues. Security issues fixed (boo#1107235): - CVE-2018-16065: Out of bounds write in V8 - CVE-2018-16066:Out of bounds read in Blink - CVE-2018-16067: Out of bounds read in WebAudio - CVE-2018-16068: Out of bounds write in Mojo - CVE-2018-16069:Out of bounds read in SwiftShader - CVE-2018-16070: Integer overflow in Skia - CVE-2018-16071: Use after free in WebRTC - CVE-2018-16073: Site Isolation bypass after tab restore - CVE-2018-16074: Site Isolation bypass using Blob URLS - Out of bounds read in Little-CMS - CVE-2018-16075: Local file access in Blink - CVE-2018-16076: Out of bounds read in PDFium - CVE-2018-16077: Content security policy bypass in Blink - CVE-2018-16078: Credit card information leak in Autofill - CVE-2018-16079: URL spoof in permission dialogs - CVE-2018-16080: URL spoof in full screen mode - CVE-2018-16081: Local file access in DevTools - CVE-2018-16082: Stack buffer overflow in SwiftShader - CVE-2018-16083: Out of bounds read in WebRTC - CVE-2018-16084: User confirmation bypass in external protocol handling - CVE-2018-16085: Use after free in Memory Instrumentation - CVE-2017-15430: Unsafe navigation in Chromecast (boo#1106341) - CVE-2018-16086: Script injection in New Tab Page - CVE-2018-16087: Multiple download restriction bypass - CVE-2018-16088: User gesture requirement bypass The re2 regular expression library was updated to the current version 2018-09-01. Important SUSE bug 1106341 SUSE bug 1107235 CVE-2017-15430 CVE-2018-16065 CVE-2018-16066 CVE-2018-16067 CVE-2018-16068 CVE-2018-16069 CVE-2018-16070 CVE-2018-16071 CVE-2018-16073 CVE-2018-16074 CVE-2018-16075 CVE-2018-16076 CVE-2018-16077 CVE-2018-16078 CVE-2018-16079 CVE-2018-16080 CVE-2018-16081 CVE-2018-16082 CVE-2018-16083 CVE-2018-16084 CVE-2018-16085 CVE-2018-16086 CVE-2018-16087 CVE-2018-16088 openSUSE Leap 42.3 This update to Mozilla Firefox 60.2.0esr fixes the following issues: Security issues fixed (MFSA 2018-21, boo#1107343): - CVE-2018-12377: Use-after-free in refresh driver timers - CVE-2018-12378: Use-after-free in IndexedDB - CVE-2017-16541: Proxy bypass using automount and autofs (boo#1066489) - CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 Important SUSE bug 1066489 SUSE bug 1107343 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 openSUSE Leap 42.3 This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 openSUSE Leap 42.3 This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues. Multiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343) - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343) - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1066489) - CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (bsc#1107343) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) - CVE-2018-12359: Buffer overflow using computed size of canvas element (bsc#1098998) - CVE-2018-12360: Use-after-free when using focus() (bsc#1098998) - CVE-2018-12361: Integer overflow in SwizzleData (bsc#1098998) - CVE-2018-12362: Integer overflow in SSSE3 scaler (bsc#1098998) - CVE-2018-12363: Use-after-free when appending DOM nodes (bsc#1098998) - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins (bsc#1098998) - CVE-2018-12365: Compromised IPC child process can list local filenames (bsc#1098998) - CVE-2018-12371: Integer overflow in Skia library during edge builder allocation (bsc#1098998) - CVE-2018-12366: Invalid data handling during QCMS transformations (bsc#1098998) - CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming (bsc#1098998) - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture (bsc#1098998) - CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 (bsc#1098998) - CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60 (bsc#1098998) Other bugs fixes: - Fix date display issues (bsc#1109379) - Fix start-up crash due to folder name with special characters (bsc#1107772) Important SUSE bug 1066489 SUSE bug 1084603 SUSE bug 1098998 SUSE bug 1107343 SUSE bug 1107772 SUSE bug 1109363 SUSE bug 1109379 CVE-2017-16541 CVE-2018-12359 CVE-2018-12360 CVE-2018-12361 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12383 CVE-2018-12385 CVE-2018-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-5188 openSUSE Leap 42.3 This update for okular fixes the following security issue: - CVE-2018-1000801: Prevent directory traversal vulnerability in function unpackDocumentArchive could have resulted in arbitrary file creation via a specially crafted Okular archive (bsc#1107591). Moderate SUSE bug 1107591 CVE-2018-1000801 openSUSE Leap 42.3 This update for GraphicsMagick fixes the following issues: - CVE-2018-16644: Added missing check for length in the functions ReadDCMImage and ReadPICTImage, which allowed remote attackers to cause a denial of service via a crafted image (bsc#1107609) - CVE-2018-16645: Prevent excessive memory allocation issue in the functions ReadBMPImage and ReadDIBImage, which allowed remote attackers to cause a denial of service via a crafted image file (bsc#1107604) Low SUSE bug 1107604 SUSE bug 1107609 CVE-2018-16644 CVE-2018-16645 openSUSE Leap 42.3 This update for Chromium to version 69.0.3497.92 fixes the following issues: Security issues fixed ((boo#1108114): - Function signature mismatch in WebAssembly - URL Spoofing in Omnibox The following tracked packaging issues were fixed: - the chromium package incorrectly provied swiftshader resolvables (boo#1108175) Moderate SUSE bug 1108114 SUSE bug 1108175 openSUSE Leap 42.3 This update for ffmpeg-4 to version 4.0.2 fixes the following issues: These security issues were fixed: - CVE-2018-15822: The flv_write_packet function did not check for an empty audio packet, leading to an assertion failure and DoS (bsc#1105869). - CVE-2018-13300: An improper argument passed to the avpriv_request_sample function may have triggered an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure (bsc#1100348). These non-security issues were fixed: - Enable webvtt encoders and decoders (boo#1092241). - Build codec2 encoder and decoder, add libcodec2 to enable_decoders and enable_encoders. - Enable mpeg 1 and 2 encoders. Low SUSE bug 1092241 SUSE bug 1100348 SUSE bug 1105869 CVE-2018-13300 CVE-2018-15822 openSUSE Leap 42.3 This update for jhead fixes the following security issues: - CVE-2016-3822: jhead remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data (bsc#1108480). - CVE-2018-16554: The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling (bsc#1108480). Moderate SUSE bug 1108480 CVE-2016-3822 CVE-2018-16554 openSUSE Leap 42.3 This update for Chromium to version 69.0.3497.100 fixes the following issues: - Security relevant fixes from internal audits, fuzzing and other initiatives (boo#boo#1108774) Moderate SUSE bug 1108774 openSUSE Leap 42.3 This update for obs-service-refresh_patches fixes the following security issue: - An attacker creating a specially formated archive could have tricked the service in deleting directories that shouldn't be deleted (boo#1108189) Moderate SUSE bug 1108189 openSUSE Leap 42.3 This update for hylafax+ fixes the following issues: Security issues fixed in 5.6.1: - CVE-2018-17141: multiple vulnerabilities affecting fax page reception in JPEG format Specially crafted input may have allowed remote execution of arbitrary code (boo#1109084) Additionally, this update also contains all upstream corrections and bugfixes in the 5.6.1 version, including: - fix RFC2047 encoding by notify - add jobcontrol PageSize feature - don't wait forever after +FRH:3 - fix faxmail transition between a message and external types - avoid pagehandling from introducing some unnecessary EOM signals - improve proxy connection error handling and logging - add initial ModemGroup limits feature - pass the user's uid onto the session log file for sent faxes - improve job waits to minimize triggers - add ProxyTaglineFormat and ProxyTSI features Critical SUSE bug 1109084 CVE-2018-17141 openSUSE Leap 42.3 This update for Mozilla Firefox to version 60.2.1esr fixes the following issues: Security issues fixed (MFSA 2018-23): - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (boo#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (boo#1107343) Bugx fixed: - Fixed a startup crash affecting users migrating from older ESR releases Moderate SUSE bug 1107343 SUSE bug 1109363 CVE-2018-12383 CVE-2018-12385 openSUSE Leap 42.3 This update for bitcoin to version 0.16.3 fixes the following issues: - CVE-2018-17144: Prevent remote denial of service (application crash) exploitable by miners via duplicate input (bsc#1108992). For additional changes please check the changelog. Important SUSE bug 1108992 CVE-2018-17144 openSUSE Leap 42.3 This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite (boo#1108272) - 'info' learns new '-p' option to show only physical repos (as opposed to wild repos) The update to 3.6.8 contains: - fix bug when deleting *all* hooks for a repo - allow trailing slashes in repo names - make pre-receive hook driver bail on non-zero exit of a pre-receive hook - allow templates in gitolite.conf (new feature) - various optimiations The update to 3.6.7 contains: - allow repo-specific hooks to be organised into subdirectories, and allow the multi-hook driver to be placed in some other location of your choice - allow simple test code to be embedded within the gitolite.conf file; see contrib/utils/testconf for how. (This goes on the client side, not on the server) - allow syslog "facility" to be changed, from the default of 'local0' - allow syslog "facility" to be changed, from the default of replaced with a space separated list of members The update to 3.6.6 contains: - simple but important fix for a future perl deprecation (perl will be removing "." from @INC in 5.24) - 'perms' now requires a '-c' to activate batch mode (should not affect interactive use but check your scripts perhaps?) - gitolite setup now accepts a '-m' option to supply a custom message (useful when it is used by a script) Moderate SUSE bug 1108272 CVE-2018-16976 openSUSE Leap 42.3 This update for Mozilla Firefox to version 60.2.2esr contains the following security fixes (MFSA 2018-24): - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) Important SUSE bug 1110506 SUSE bug 1110507 CVE-2018-12386 CVE-2018-12387 openSUSE Leap 42.3 This update for MozillaThunderbird fixes the following issues: Thunderbird 63 ESR was updated to version 60.3.0 to fix the following issues (bsc#1112852): Security issues fixed (MFSA 2018-28): - CVE-2018-12389: Fixed memory safety bugs. - CVE-2018-12390: Fixed memory safety bugs. - CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin. - CVE-2018-12392: Fixed crash with nested event loops. - CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript. Non-security issues fixed: - various theme fixes - Shift+PageUp/PageDown in Write window - Gloda attachment filtering - Mailing list address auto-complete enter/return handling - Thunderbird hung if HTML signature references non-existent image - Filters not working for headers that appear more than once Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12391 CVE-2018-12392 CVE-2018-12393 openSUSE Leap 42.3 This update for axis fixes the following security issue: - CVE-2018-8032: Prevent cross-site scripting (XSS) attack in the default servlet/services (bsc#1103658). This update was imported from the SUSE:SLE-12:Update update project. Moderate SUSE bug 1103658 CVE-2018-8032 openSUSE Leap 42.3 hostapd was updated to fix following security issue: - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data (bsc#1104205) Low SUSE bug 1104205 CVE-2018-14526 openSUSE Leap 42.3 This update for virtualbox version 5.2.24 fixes the following issues: Update fixes multiple vulnerabilities: CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509, CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554, CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446, CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506, and CVE-2019-2553 (boo#1122212). Non-security issues fixed: - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel, contributed by Robert Conde - USB: fixed a problem causing failures attaching SuperSpeed devices which report USB version 3.1 (rather than 3.0) on Windows hosts - Audio: added support for surround speaker setups used by Windows 10 Build 1809 - Linux hosts: fixed conflict between Debian and Oracle build desktop files - Linux guests: fixed building drivers on SLES 12.4 - Linux guests: fixed building shared folder driver with older kernels Important SUSE bug 1122212 CVE-2018-0734 CVE-2018-11763 CVE-2018-11784 CVE-2018-3309 CVE-2019-2446 CVE-2019-2448 CVE-2019-2450 CVE-2019-2451 CVE-2019-2500 CVE-2019-2501 CVE-2019-2504 CVE-2019-2505 CVE-2019-2506 CVE-2019-2508 CVE-2019-2509 CVE-2019-2511 CVE-2019-2520 CVE-2019-2521 CVE-2019-2522 CVE-2019-2523 CVE-2019-2524 CVE-2019-2525 CVE-2019-2526 CVE-2019-2527 CVE-2019-2548 CVE-2019-2552 CVE-2019-2553 CVE-2019-2554 CVE-2019-2555 CVE-2019-2556 openSUSE Leap 42.3 This update for krb5 fixes the following security issue: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1120489 CVE-2018-20217 openSUSE Leap 42.3 This update for Mozilla Firefox to version 60.3.0esr fixes security issues and stability bugs. The following security issues were fixed (MFSA 2018-27, boo#1112852): - CVE-2018-12392: Crash with nested event loops - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts - CVE-2018-12397: WebExtension local file access vulnerability - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 openSUSE Leap 42.3 This update for jhead fixes the following issues: Security issues fixed: - CVE-2018-17088: The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. (boo#1108672) - CVE-2018-16554: The ProcessGpsInfo function may have allowed a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling. (boo#1108480) Moderate SUSE bug 1108480 SUSE bug 1108672 CVE-2018-16554 CVE-2018-17088 openSUSE Leap 42.3 This update for VirtualBox 5.2.20 fixes security issues and bugs. A number of vulnerabilities were fixed a affecting multiple components of VirtualBox bsc#1112097: CVE-2018-0732, CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, and CVE-2018-3298. This update also contains various bug fixes in the 5.2.20 release: - VMM: fixed task switches triggered by INTn instruction - Storage: fixed connecting to certain iSCSI targets - Storage: fixed handling of flush requests when configured to be ignored when the host I/O cache is used - Drag and drop fixes - Video recording: fixed starting video recording on VM power up - Various fixes to Linux Additions Moderate SUSE bug 1112097 CVE-2018-0732 CVE-2018-2909 CVE-2018-3287 CVE-2018-3288 CVE-2018-3289 CVE-2018-3290 CVE-2018-3291 CVE-2018-3292 CVE-2018-3293 CVE-2018-3294 CVE-2018-3295 CVE-2018-3296 CVE-2018-3297 CVE-2018-3298 openSUSE Leap 42.3 This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka "PortSmash") (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629) This update was imported from the SUSE:SLE-12:Update update project. Important SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1117625 SUSE bug 1117626 SUSE bug 1117627 SUSE bug 1117629 SUSE bug 1117630 CVE-2018-0734 CVE-2018-12116 CVE-2018-12120 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-5407 openSUSE Leap 42.3 This update for PackageKit fixes the following issues: - Fixed displaying the license agreement pop up window during package update (bsc#1038425). This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1038425 openSUSE Leap 42.3 This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 openSUSE Leap 42.3 This update for libmatroska, mkvtoolnix fixes the following issues: Security issue fixed: - CVE-2018-4022: Fixed use-after-free vulnerability that existed in the way MKV (matroska) file format was handled (bsc#1113709). Low SUSE bug 1113709 CVE-2018-4022 openSUSE Leap 42.3 This update for virtualbox fixes the following issues: virtualbox was updated to version 5.2.22 (released November 09 2018 by Oracle). Security issues fixed: - Fixed a guest-to-host excape via the e1000 virtual network driver (bsc#1115041). Non-security issues fixed: - Audio: Fixed a regression in the Core Audio backend causing a hang when returning from host sleep when processing input buffers. - Audio: Fixed a potential crash in the HDA emulation if a stream has no valid mixer sink attached. - Linux Additions: Disable 3D for recent guests using Wayland (bug #18116). - Linux Additions: Fix for rebuilding kernel modules for new kernels on RPM guests. - Linux Additions: Further fixes for Linux 4.19. - Linux Additions: Fixed errors rebuilding initrd files with dracut on EL 6 (bug 18055#). - Linux Additions: Fixed 5.2.20 regression: guests not remembering the screen size after shutdown and restart (bug #18078). Important SUSE bug 1115041 openSUSE Leap 42.3 This update for Chromium to version 70.0.3538.110 fixes the following security issue: - CVE-2018-17479: Use-after-free in GPU (boo#1116608) Important SUSE bug 1116608 CVE-2018-17479 openSUSE Leap 42.3 This update for freerdp fixes the following issues: Security issues fixed: - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) This update was imported from the SUSE:SLE-12-SP2:Update update project. Important SUSE bug 1085416 SUSE bug 1087240 SUSE bug 1104918 SUSE bug 1116708 SUSE bug 1117963 SUSE bug 1117964 SUSE bug 1117965 SUSE bug 1117966 SUSE bug 1117967 SUSE bug 1120507 CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 openSUSE Leap 42.3 This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) This update was imported from the SUSE:SLE-12-SP2:Update update project. Moderate SUSE bug 1005023 SUSE bug 1076696 SUSE bug 1101591 SUSE bug 1114981 SUSE bug 1115518 SUSE bug 1119971 SUSE bug 1120323 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 openSUSE Leap 42.3 This update for mozilla-nss to version 3.36.6 fixes the following issues: Security issues fixed: - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069) Moderate SUSE bug 1106873 SUSE bug 1119069 CVE-2018-12384 CVE-2018-12404