Marcus Updateinfo to OVAL Converter 5.5 2022-05-20T06:27:43 DirectFB-1.7.1-6.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the DirectFB-1.7.1-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-2977 CVE-2014-2978 cpe:/o:suse:sles:12:sp2 MozillaFirefox-45.4.0esr-81.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the MozillaFirefox-45.4.0esr-81.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-5913 CVE-2009-0040 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 CVE-2009-1044 CVE-2009-1169 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1313 CVE-2009-1563 CVE-2009-2470 CVE-2009-2654 CVE-2009-3069 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3073 CVE-2009-3074 CVE-2009-3075 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3378 CVE-2009-3379 CVE-2009-3380 CVE-2009-3381 CVE-2009-3383 CVE-2009-3388 CVE-2009-3389 CVE-2009-3555 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2010-0164 CVE-2010-0165 CVE-2010-0166 CVE-2010-0167 CVE-2010-0168 CVE-2010-0169 CVE-2010-0170 CVE-2010-0171 CVE-2010-0172 CVE-2010-0173 CVE-2010-0174 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0181 CVE-2010-0182 CVE-2010-0654 CVE-2010-1028 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 CVE-2010-2755 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 CVE-2010-3170 CVE-2010-3173 CVE-2010-3174 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 CVE-2011-0068 CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 CVE-2011-0084 CVE-2011-1187 CVE-2011-1202 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2369 CVE-2011-2370 CVE-2011-2371 CVE-2011-2372 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2377 CVE-2011-2985 CVE-2011-2986 CVE-2011-2988 CVE-2011-2989 CVE-2011-2990 CVE-2011-2991 CVE-2011-2992 CVE-2011-2993 CVE-2011-2995 CVE-2011-2996 CVE-2011-2997 CVE-2011-3000 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3004 CVE-2011-3005 CVE-2011-3026 CVE-2011-3062 CVE-2011-3101 CVE-2011-3232 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 CVE-2011-3658 CVE-2011-3659 CVE-2011-3660 CVE-2011-3661 CVE-2011-3663 CVE-2012-0441 CVE-2012-0442 CVE-2012-0443 CVE-2012-0444 CVE-2012-0445 CVE-2012-0446 CVE-2012-0447 CVE-2012-0449 CVE-2012-0451 CVE-2012-0452 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0463 CVE-2012-0464 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2012-0759 CVE-2012-1937 CVE-2012-1938 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1956 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 CVE-2012-3982 CVE-2012-3983 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3988 CVE-2012-3989 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4191 CVE-2012-4192 CVE-2012-4193 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 CVE-2012-4201 CVE-2012-4202 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4207 CVE-2012-4208 CVE-2012-4209 CVE-2012-4210 CVE-2012-4212 CVE-2012-4213 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-4217 CVE-2012-4218 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5836 CVE-2012-5837 CVE-2012-5838 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 CVE-2012-5843 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0765 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 CVE-2013-0772 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0789 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1683 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1688 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1695 CVE-2013-1696 CVE-2013-1697 CVE-2013-1698 CVE-2013-1699 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1723 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5609 CVE-2013-5610 CVE-2013-5611 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5615 CVE-2013-5616 CVE-2013-5618 CVE-2013-5619 CVE-2013-6629 CVE-2013-6630 CVE-2013-6671 CVE-2013-6672 CVE-2013-6673 CVE-2014-1477 CVE-2014-1478 CVE-2014-1479 CVE-2014-1480 CVE-2014-1481 CVE-2014-1482 CVE-2014-1483 CVE-2014-1484 CVE-2014-1485 CVE-2014-1486 CVE-2014-1487 CVE-2014-1488 CVE-2014-1489 CVE-2014-1490 CVE-2014-1491 CVE-2014-1544 CVE-2014-1547 CVE-2014-1548 CVE-2014-1553 CVE-2014-1554 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557 CVE-2014-1562 CVE-2014-1563 CVE-2014-1564 CVE-2014-1565 CVE-2014-1567 CVE-2014-1574 CVE-2014-1575 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583 CVE-2014-1585 CVE-2014-1586 CVE-2014-1587 CVE-2014-1588 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-8634 CVE-2014-8635 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641 CVE-2015-0797 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0814 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0835 CVE-2015-0836 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-2721 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2726 CVE-2015-2728 CVE-2015-2730 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2743 CVE-2015-4000 CVE-2015-4473 CVE-2015-4474 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4495 CVE-2015-4497 CVE-2015-4498 CVE-2015-4500 CVE-2015-4501 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4513 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2016-1523 CVE-2016-1930 CVE-2016-1931 CVE-2016-1935 CVE-2016-1950 CVE-2016-1952 CVE-2016-1953 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 CVE-2016-2805 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814 CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2824 CVE-2016-2828 CVE-2016-2830 CVE-2016-2831 CVE-2016-2835 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-2839 CVE-2016-5250 CVE-2016-5252 CVE-2016-5254 CVE-2016-5257 CVE-2016-5258 CVE-2016-5259 CVE-2016-5261 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 CVE-2016-6354 cpe:/o:suse:sles:12:sp2 aaa_base-13.2+git20140911.61c1681-28.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the aaa_base-13.2+git20140911.61c1681-28.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-0461 cpe:/o:suse:sles:12:sp2 accountsservice-0.6.42-14.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the accountsservice-0.6.42-14.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2737 cpe:/o:suse:sles:12:sp2 alsa-1.0.27.2-11.10 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the alsa-1.0.27.2-11.10 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0035 cpe:/o:suse:sles:12:sp2 ant-1.9.4-1.31 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ant-1.9.4-1.31 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1571 cpe:/o:suse:sles:12:sp2 apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the apache-commons-beanutils-1.9.2-1.149 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3540 cpe:/o:suse:sles:12:sp2 apache-commons-daemon-1.0.15-4.181 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the apache-commons-daemon-1.0.15-4.181 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2729 cpe:/o:suse:sles:12:sp2 apache-commons-httpclient-3.1-4.364 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the apache-commons-httpclient-3.1-4.364 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-5783 cpe:/o:suse:sles:12:sp2 apache2-2.4.23-14.7 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the apache2-2.4.23-14.7 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0023 CVE-2009-1191 CVE-2009-1195 CVE-2009-1890 CVE-2009-1891 CVE-2009-1955 CVE-2009-1956 CVE-2009-2412 CVE-2009-2699 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2009-3560 CVE-2009-3720 CVE-2010-0408 CVE-2010-0425 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2011-1176 CVE-2011-3192 CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 CVE-2012-2687 CVE-2012-3499 CVE-2012-3502 CVE-2013-1896 CVE-2013-2249 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-4000 CVE-2016-1546 CVE-2016-4979 CVE-2016-5387 cpe:/o:suse:sles:12:sp2 apache2-mod_jk-1.2.40-5.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the apache2-mod_jk-1.2.40-5.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-5519 CVE-2014-8111 cpe:/o:suse:sles:12:sp2 apache2-mod_nss-1.0.14-18.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the apache2-mod_nss-1.0.14-18.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-4566 CVE-2014-3566 CVE-2015-5244 CVE-2016-3099 cpe:/o:suse:sles:12:sp2 apache2-mod_perl-2.0.8-11.43 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the apache2-mod_perl-2.0.8-11.43 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1667 cpe:/o:suse:sles:12:sp2 at-3.1.14-7.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the at-3.1.14-7.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-6354 cpe:/o:suse:sles:12:sp2 augeas-1.2.0-10.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the augeas-1.2.0-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-0786 CVE-2014-8119 cpe:/o:suse:sles:12:sp2 autofs-5.0.9-21.6 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the autofs-5.0.9-21.6 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-8169 cpe:/o:suse:sles:12:sp2 automake-1.13.4-6.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the automake-1.13.4-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-4029 cpe:/o:suse:sles:12:sp2 avahi-0.6.32-30.36 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the avahi-0.6.32-30.36 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0758 CVE-2010-2244 CVE-2011-1002 cpe:/o:suse:sles:12:sp2 bash-4.3-78.39 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the bash-4.3-78.39 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-2524 CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 cpe:/o:suse:sles:12:sp2 bind-9.9.9P1-46.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the bind-9.9.9P1-46.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0696 CVE-2009-4022 CVE-2010-3613 CVE-2010-3614 CVE-2010-3615 CVE-2011-0414 CVE-2011-1907 CVE-2011-1910 CVE-2011-2464 CVE-2011-4313 CVE-2012-1667 CVE-2012-3817 CVE-2012-3868 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2012-5689 CVE-2013-2266 CVE-2013-4854 CVE-2014-0591 CVE-2014-8500 CVE-2015-1349 CVE-2015-4620 CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 CVE-2015-8704 CVE-2016-1285 CVE-2016-1286 CVE-2016-2776 cpe:/o:suse:sles:12:sp2 binutils-2.26.1-9.12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the binutils-2.26.1-9.12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738 cpe:/o:suse:sles:12:sp2 busybox-1.21.1-3.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the busybox-1.21.1-3.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-9645 cpe:/o:suse:sles:12:sp2 bzip2-1.0.6-29.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the bzip2-1.0.6-29.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-0405 cpe:/o:suse:sles:12:sp2 chrony-2.3-3.110 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the chrony-2.3-3.110 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-4502 CVE-2012-4503 CVE-2014-0021 CVE-2016-1567 cpe:/o:suse:sles:12:sp2 cifs-utils-6.5-8.9 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cifs-utils-6.5-8.9 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2012-1586 cpe:/o:suse:sles:12:sp2 clamav-0.99.2-25.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the clamav-0.99.2-25.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-0405 CVE-2011-2721 CVE-2011-3627 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 CVE-2013-6497 CVE-2014-9050 CVE-2014-9328 CVE-2015-1461 CVE-2015-1462 CVE-2015-1463 CVE-2015-2170 CVE-2015-2221 CVE-2015-2222 CVE-2015-2305 CVE-2015-2668 cpe:/o:suse:sles:12:sp2 colord-gtk-lang-0.1.26-6.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the colord-gtk-lang-0.1.26-6.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-4349 cpe:/o:suse:sles:12:sp2 coolkey-1.1.0-147.67 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the coolkey-1.1.0-147.67 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2007-4129 cpe:/o:suse:sles:12:sp2 coreutils-8.25-12.8 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the coreutils-8.25-12.8 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 CVE-2015-4041 CVE-2015-4042 cpe:/o:suse:sles:12:sp2 cpio-2.11-29.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cpio-2.11-29.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-0624 CVE-2014-9112 cpe:/o:suse:sles:12:sp2 cpp48-4.8.5-30.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cpp48-4.8.5-30.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-5044 CVE-2015-5276 cpe:/o:suse:sles:12:sp2 cracklib-2.9.0-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cracklib-2.9.0-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-6318 cpe:/o:suse:sles:12:sp2 cron-4.2-58.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cron-4.2-58.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2006-2607 CVE-2010-0424 cpe:/o:suse:sles:12:sp2 ctags-5.8-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ctags-5.8-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-7204 cpe:/o:suse:sles:12:sp2 cups-1.7.5-12.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cups-1.7.5-12.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0163 CVE-2009-2820 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2941 CVE-2012-5519 CVE-2012-6094 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 cpe:/o:suse:sles:12:sp2 cups-filters-1.0.58-13.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cups-filters-1.0.58-13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-6473 CVE-2013-6474 CVE-2013-6475 CVE-2013-6476 CVE-2014-2707 CVE-2014-4336 CVE-2014-4337 CVE-2014-4338 CVE-2015-2265 CVE-2015-3258 CVE-2015-3279 CVE-2015-8327 CVE-2015-8560 cpe:/o:suse:sles:12:sp2 cups-pk-helper-0.2.5-3.72 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cups-pk-helper-0.2.5-3.72 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-4510 cpe:/o:suse:sles:12:sp2 curl-7.37.0-28.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the curl-7.37.0-28.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0037 CVE-2009-2417 CVE-2013-0249 CVE-2013-1944 CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-0139 CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2016-0755 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 cpe:/o:suse:sles:12:sp2 curl-7.37.0-31.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the curl-7.37.0-31.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 cpe:/o:suse:sles:12:sp2 cvs-1.12.12-181.54 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cvs-1.12.12-181.54 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-0804 cpe:/o:suse:sles:12:sp2 cyrus-sasl-2.1.26-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the cyrus-sasl-2.1.26-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0688 cpe:/o:suse:sles:12:sp2 davfs2-1.5.2-2.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the davfs2-1.5.2-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-4362 cpe:/o:suse:sles:12:sp2 dbus-1-1.8.16-19.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the dbus-1-1.8.16-19.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-4352 CVE-2012-3524 CVE-2013-2168 CVE-2014-3477 CVE-2014-3532 CVE-2014-3533 CVE-2014-3635 CVE-2014-3636 CVE-2014-3637 CVE-2014-3638 CVE-2014-3639 CVE-2014-7824 CVE-2014-8148 CVE-2015-0245 cpe:/o:suse:sles:12:sp2 dbus-1-glib-0.100.2-3.58 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the dbus-1-glib-0.100.2-3.58 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-1172 CVE-2013-0292 cpe:/o:suse:sles:12:sp2 dhcp-4.3.3-9.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the dhcp-4.3.3-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-1892 CVE-2010-2156 CVE-2010-3611 CVE-2010-3616 CVE-2011-0413 CVE-2011-0997 CVE-2011-2748 CVE-2011-2749 CVE-2011-4539 CVE-2011-4868 CVE-2012-3570 CVE-2012-3571 CVE-2012-3954 CVE-2012-3955 CVE-2013-2266 CVE-2015-8605 CVE-2016-2774 cpe:/o:suse:sles:12:sp2 dnsmasq-2.71-10.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the dnsmasq-2.71-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-3294 cpe:/o:suse:sles:12:sp2 dosfstools-3.0.26-6.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the dosfstools-3.0.26-6.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-8872 CVE-2016-4804 cpe:/o:suse:sles:12:sp2 dovecot22-2.2.13-2.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the dovecot22-2.2.13-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3430 cpe:/o:suse:sles:12:sp2 dracut-044-87.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the dracut-044-87.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-4453 cpe:/o:suse:sles:12:sp2 dstat-0.7.2-1.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the dstat-0.7.2-1.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-3894 cpe:/o:suse:sles:12:sp2 e2fsprogs-1.42.11-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the e2fsprogs-1.42.11-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-0247 CVE-2015-1572 cpe:/o:suse:sles:12:sp2 ecryptfs-utils-103-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ecryptfs-utils-103-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 CVE-2011-1835 CVE-2011-1836 CVE-2011-1837 CVE-2014-9687 CVE-2016-1572 cpe:/o:suse:sles:12:sp2 elfutils-0.158-6.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the elfutils-0.158-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-0172 CVE-2014-9447 cpe:/o:suse:sles:12:sp2 emacs-24.3-16.32 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the emacs-24.3-16.32 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-0035 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 cpe:/o:suse:sles:12:sp2 eog-3.20.4-7.7 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the eog-3.20.4-7.7 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-7447 CVE-2016-6855 cpe:/o:suse:sles:12:sp2 evince-3.20.1-5.66 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the evince-3.20.1-5.66 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643 cpe:/o:suse:sles:12:sp2 expat-2.1.0-17.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the expat-2.1.0-17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-2625 CVE-2009-3560 CVE-2009-3720 CVE-2012-0876 CVE-2012-1147 CVE-2012-1148 CVE-2015-1283 CVE-2016-0718 cpe:/o:suse:sles:12:sp2 fetchmail-6.3.26-12.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the fetchmail-6.3.26-12.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-2666 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-3482 cpe:/o:suse:sles:12:sp2 file-5.19-9.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the file-5.19-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-1571 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 cpe:/o:suse:sles:12:sp2 fontconfig-2.11.1-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the fontconfig-2.11.1-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-5384 cpe:/o:suse:sles:12:sp2 freeradius-server-3.0.3-10.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the freeradius-server-3.0.3-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-3547 CVE-2014-2015 cpe:/o:suse:sles:12:sp2 ft2demos-2.6.3-7.8.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ft2demos-2.6.3-7.8.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2011-0226 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/o:suse:sles:12:sp2 fuse-2.9.3-5.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the fuse-2.9.3-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-3297 CVE-2011-0541 CVE-2015-3202 cpe:/o:suse:sles:12:sp2 gd-2.1.0-12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gd-2.1.0-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-2497 CVE-2014-9709 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 cpe:/o:suse:sles:12:sp2 gdk-pixbuf-lang-2.34.0-16.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gdk-pixbuf-lang-2.34.0-16.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2485 CVE-2015-4491 CVE-2015-7552 CVE-2015-7673 CVE-2015-7674 CVE-2016-6352 cpe:/o:suse:sles:12:sp2 gdk-pixbuf-loader-rsvg-2.40.15-4.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.40.15-4.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-3146 CVE-2013-1881 cpe:/o:suse:sles:12:sp2 gdm-3.10.0.1-52.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gdm-3.10.0.1-52.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1709 cpe:/o:suse:sles:12:sp2 ghostscript-9.15-6.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ghostscript-9.15-6.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-3228 cpe:/o:suse:sles:12:sp2 giflib-progs-5.0.5-12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the giflib-progs-5.0.5-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-7555 CVE-2016-3977 cpe:/o:suse:sles:12:sp2 git-core-1.8.5.6-18.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the git-core-1.8.5.6-18.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2186 CVE-2014-9390 CVE-2016-2315 CVE-2016-2324 cpe:/o:suse:sles:12:sp2 glib2-lang-2.48.2-10.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the glib2-lang-2.48.2-10.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-4316 CVE-2012-3524 cpe:/o:suse:sles:12:sp2 glibc-2.22-49.16 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the glibc-2.22-49.16 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-5029 CVE-2012-3406 CVE-2012-4412 CVE-2013-0242 CVE-2013-1914 CVE-2013-2207 CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-7423 CVE-2014-0475 CVE-2014-4043 CVE-2014-5119 CVE-2014-6040 CVE-2014-7817 CVE-2014-8121 CVE-2014-9402 CVE-2014-9761 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 CVE-2015-7547 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779 CVE-2016-1234 CVE-2016-3075 CVE-2016-3706 CVE-2016-4429 cpe:/o:suse:sles:12:sp2 gnome-keyring-3.20.0-27.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gnome-keyring-3.20.0-27.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-3466 cpe:/o:suse:sles:12:sp2 gnome-settings-daemon-3.20.1-40.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gnome-settings-daemon-3.20.1-40.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-7300 cpe:/o:suse:sles:12:sp2 gnome-shell-3.20.4-70.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gnome-shell-3.20.4-70.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-4000 cpe:/o:suse:sles:12:sp2 gnutls-3.2.15-11.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gnutls-3.2.15-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-4989 CVE-2011-4128 CVE-2012-0390 CVE-2012-1569 CVE-2012-1573 CVE-2014-0092 CVE-2014-1959 CVE-2014-3466 CVE-2014-8564 CVE-2015-0294 CVE-2015-3622 CVE-2015-6251 cpe:/o:suse:sles:12:sp2 gpg2-2.0.24-3.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gpg2-2.0.24-3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2547 CVE-2013-4351 CVE-2013-4402 CVE-2014-4617 CVE-2015-1606 CVE-2015-1607 cpe:/o:suse:sles:12:sp2 gpgme-1.5.1-1.11 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gpgme-1.5.1-1.11 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3564 cpe:/o:suse:sles:12:sp2 groff-1.22.2-5.287 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the groff-1.22.2-5.287 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-5044 CVE-2009-5080 CVE-2009-5081 cpe:/o:suse:sles:12:sp2 grub2-2.02~beta2-104.16 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the grub2-2.02~beta2-104.16 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-8370 cpe:/o:suse:sles:12:sp2 gtk2-data-2.24.31-7.11 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gtk2-data-2.24.31-7.11 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-7447 cpe:/o:suse:sles:12:sp2 guestfs-data-1.32.4-14.18 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the guestfs-data-1.32.4-14.18 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2124 CVE-2013-4419 cpe:/o:suse:sles:12:sp2 gv-3.7.4-1.36 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gv-3.7.4-1.36 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-3386 cpe:/o:suse:sles:12:sp2 gvim-7.4.326-2.14 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gvim-7.4.326-2.14 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0316 cpe:/o:suse:sles:12:sp2 gzip-1.6-7.209 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the gzip-1.6-7.209 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-2624 CVE-2010-0001 cpe:/o:suse:sles:12:sp2 hardlink-1.0-6.38 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the hardlink-1.0-6.38 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 cpe:/o:suse:sles:12:sp2 hplip-3.14.6-3.14 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the hplip-3.14.6-3.14 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2004-0801 CVE-2010-4267 CVE-2011-2697 CVE-2011-2722 CVE-2013-4325 CVE-2013-6402 CVE-2013-6427 cpe:/o:suse:sles:12:sp2 hyper-v-7-13.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the hyper-v-7-13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2669 CVE-2012-5532 cpe:/o:suse:sles:12:sp2 ibus-chewing-1.4.14-4.11 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ibus-chewing-1.4.14-4.11 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-4509 cpe:/o:suse:sles:12:sp2 ipsec-tools-0.8.0-15.16 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ipsec-tools-0.8.0-15.16 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-4047 cpe:/o:suse:sles:12:sp2 iputils-s20121221-2.17 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the iputils-s20121221-2.17 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2529 cpe:/o:suse:sles:12:sp2 jakarta-commons-fileupload-1.1.1-120.113 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the jakarta-commons-fileupload-1.1.1-120.113 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2186 CVE-2014-0050 cpe:/o:suse:sles:12:sp2 java-1_7_0-openjdk-1.7.0.111-33.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the java-1_7_0-openjdk-1.7.0.111-33.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0547 CVE-2012-1682 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726 CVE-2012-3136 CVE-2012-3174 CVE-2012-3216 CVE-2012-4416 CVE-2012-4681 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089 CVE-2013-0169 CVE-2013-0401 CVE-2013-0422 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0450 CVE-2013-0809 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1488 CVE-2013-1493 CVE-2013-1500 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1569 CVE-2013-1571 CVE-2013-2383 CVE-2013-2384 CVE-2013-2407 CVE-2013-2412 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5805 CVE-2013-5806 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2483 CVE-2014-2490 CVE-2014-3566 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4266 CVE-2014-4268 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0400 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 cpe:/o:suse:sles:12:sp2 java-1_7_1-ibm-1.7.1_sr3.50-28.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the java-1_7_1-ibm-1.7.1_sr3.50-28.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8891 CVE-2014-8892 CVE-2015-0138 CVE-2015-0192 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 cpe:/o:suse:sles:12:sp2 java-1_8_0-ibm-1.8.0_sr3.0-10.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the java-1_8_0-ibm-1.8.0_sr3.0-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8891 CVE-2014-8892 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0486 CVE-2015-0488 CVE-2015-0491 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-5041 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-0686 CVE-2016-0687 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 cpe:/o:suse:sles:12:sp2 java-1_8_0-openjdk-1.8.0.101-14.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.101-14.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-2590 CVE-2015-2597 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916 CVE-2015-7575 CVE-2015-8126 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494 CVE-2016-0636 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 CVE-2016-3458 CVE-2016-3485 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610 cpe:/o:suse:sles:12:sp2 kbd-1.15.5-8.7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the kbd-1.15.5-8.7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-0460 cpe:/o:suse:sles:12:sp2 kdump-0.8.15-28.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the kdump-0.8.15-28.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-5759 cpe:/o:suse:sles:12:sp2 kernel-default-4.4.21-69.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the kernel-default-4.4.21-69.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-3939 CVE-2009-4026 CVE-2009-4027 CVE-2009-4131 CVE-2009-4138 CVE-2009-4536 CVE-2009-4538 CVE-2010-1146 CVE-2010-1436 CVE-2010-1641 CVE-2010-2066 CVE-2010-2942 CVE-2010-2954 CVE-2010-2955 CVE-2010-3081 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3301 CVE-2010-3310 CVE-2011-0712 CVE-2011-1020 CVE-2011-1577 CVE-2011-2203 CVE-2012-0056 CVE-2013-0160 CVE-2013-0231 CVE-2013-0913 CVE-2013-2850 CVE-2013-4312 CVE-2014-0038 CVE-2014-0196 CVE-2014-0691 CVE-2015-7833 CVE-2015-7884 CVE-2015-7885 CVE-2015-8709 CVE-2015-8812 CVE-2016-0617 CVE-2016-0723 CVE-2016-0728 CVE-2016-0758 CVE-2016-1237 CVE-2016-1583 CVE-2016-2143 CVE-2016-2184 CVE-2016-2185 CVE-2016-2186 CVE-2016-2188 CVE-2016-2383 CVE-2016-2384 CVE-2016-2847 CVE-2016-3134 CVE-2016-3135 CVE-2016-3136 CVE-2016-3137 CVE-2016-3138 CVE-2016-3140 CVE-2016-3156 CVE-2016-3672 CVE-2016-3689 CVE-2016-3713 CVE-2016-3951 CVE-2016-4470 CVE-2016-4482 CVE-2016-4486 CVE-2016-4557 CVE-2016-4558 CVE-2016-4569 CVE-2016-4578 CVE-2016-4794 CVE-2016-4805 CVE-2016-4951 CVE-2016-4997 CVE-2016-4998 CVE-2016-5195 CVE-2016-5244 CVE-2016-5412 CVE-2016-5696 CVE-2016-5828 CVE-2016-5829 CVE-2016-6197 CVE-2016-6480 CVE-2016-6828 CVE-2016-7039 CVE-2016-7097 CVE-2016-8658 cpe:/o:suse:sles:12:sp2 krb5-1.12.5-39.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the krb5-1.12.5-39.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2002-2443 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-3119 CVE-2016-3120 cpe:/o:suse:sles:12:sp2 krb5-appl-clients-1.0.3-1.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the krb5-appl-clients-1.0.3-1.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1526 CVE-2011-4862 cpe:/o:suse:sles:12:sp2 libFLAC++6-1.3.0-11.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libFLAC++6-1.3.0-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-8962 CVE-2014-9028 cpe:/o:suse:sles:12:sp2 libHX28-3.18-1.18 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libHX28-3.18-1.18 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2947 cpe:/o:suse:sles:12:sp2 libIlmImf-Imf_2_1-21-2.1.0-4.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libIlmImf-Imf_2_1-21-2.1.0-4.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-1720 CVE-2009-1721 cpe:/o:suse:sles:12:sp2 libMagickCore-6_Q16-1-6.8.8.1-33.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libMagickCore-6_Q16-1-6.8.8.1-33.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-0247 CVE-2012-0248 CVE-2012-1185 CVE-2012-1186 CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5010 CVE-2016-5118 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-6491 CVE-2016-6520 cpe:/o:suse:sles:12:sp2 libQt5Concurrent5-5.6.1-11.7 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libQt5Concurrent5-5.6.1-11.7 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/o:suse:sles:12:sp2 libQt5WebKit5-5.6.1-9.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libQt5WebKit5-5.6.1-9.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-8079 cpe:/o:suse:sles:12:sp2 libX11-6-1.6.2-4.10 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libX11-6-1.6.2-4.10 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 cpe:/o:suse:sles:12:sp2 libXRes1-1.0.7-3.53 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXRes1-1.0.7-3.53 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1988 cpe:/o:suse:sles:12:sp2 libXcursor1-1.1.14-3.59 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXcursor1-1.1.14-3.59 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2003 cpe:/o:suse:sles:12:sp2 libXext6-1.3.2-3.60 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXext6-1.3.2-3.60 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1982 cpe:/o:suse:sles:12:sp2 libXfixes3-32bit-5.0.1-3.53 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXfixes3-32bit-5.0.1-3.53 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1983 cpe:/o:suse:sles:12:sp2 libXfont1-1.5.1-10.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXfont1-1.5.1-10.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2895 CVE-2013-6462 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 cpe:/o:suse:sles:12:sp2 libXi6-1.7.4-9.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXi6-1.7.4-9.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1984 CVE-2013-1995 CVE-2013-1998 cpe:/o:suse:sles:12:sp2 libXinerama1-1.1.3-3.54 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXinerama1-1.1.3-3.54 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1985 cpe:/o:suse:sles:12:sp2 libXp6-1.0.2-3.57 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXp6-1.0.2-3.57 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2062 cpe:/o:suse:sles:12:sp2 libXrandr2-1.5.0-6.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXrandr2-1.5.0-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1986 CVE-2016-7947 CVE-2016-7948 cpe:/o:suse:sles:12:sp2 libXrender1-0.9.8-3.55 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXrender1-0.9.8-3.55 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1987 cpe:/o:suse:sles:12:sp2 libXt6-1.1.4-3.57 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXt6-1.1.4-3.57 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2002 CVE-2013-2005 cpe:/o:suse:sles:12:sp2 libXtst6-1.2.2-3.59 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXtst6-1.2.2-3.59 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2063 cpe:/o:suse:sles:12:sp2 libXv1-1.0.10-3.56 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXv1-1.0.10-3.56 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1989 CVE-2013-2066 cpe:/o:suse:sles:12:sp2 libXvMC1-1.0.8-3.56 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXvMC1-1.0.8-3.56 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1990 CVE-2013-1999 cpe:/o:suse:sles:12:sp2 libXvnc1-1.6.0-12.6 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXvnc1-1.6.0-12.6 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-0011 CVE-2014-8240 CVE-2015-0255 cpe:/o:suse:sles:12:sp2 libXxf86dga1-1.1.4-3.58 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXxf86dga1-1.1.4-3.58 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1991 CVE-2013-2000 cpe:/o:suse:sles:12:sp2 libXxf86vm1-1.1.3-3.53 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libXxf86vm1-1.1.3-3.53 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2001 cpe:/o:suse:sles:12:sp2 libapr-util1-1.5.3-1.46 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libapr-util1-1.5.3-1.46 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0023 CVE-2009-2412 CVE-2009-3560 CVE-2009-3720 CVE-2010-1623 cpe:/o:suse:sles:12:sp2 libapr1-1.5.1-2.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libapr1-1.5.1-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-2412 CVE-2011-0419 CVE-2011-1928 cpe:/o:suse:sles:12:sp2 libarchive13-3.1.2-22.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libarchive13-3.1.2-22.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-0211 CVE-2015-2304 CVE-2015-8918 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8929 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8933 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4301 CVE-2016-4302 CVE-2016-4809 cpe:/o:suse:sles:12:sp2 libasan2-32bit-5.3.1+r233831-9.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libasan2-32bit-5.3.1+r233831-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-5276 cpe:/o:suse:sles:12:sp2 libblkid1-2.28-40.28 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libblkid1-2.28-40.28 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-0157 CVE-2014-9114 CVE-2015-5218 CVE-2016-5011 cpe:/o:suse:sles:12:sp2 libcgroup-tools-0.41.rc1-4.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libcgroup-tools-0.41.rc1-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1006 CVE-2011-1022 cpe:/o:suse:sles:12:sp2 libdcerpc-atsvc0-4.2.4-26.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libdcerpc-atsvc0-4.2.4-26.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 cpe:/o:suse:sles:12:sp2 libdcerpc-binding0-32bit-4.4.2-29.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libdcerpc-binding0-32bit-4.4.2-29.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-1886 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948 CVE-2010-0547 CVE-2010-0728 CVE-2010-0787 CVE-2010-0926 CVE-2010-1635 CVE-2010-1642 CVE-2010-2063 CVE-2010-3069 CVE-2011-0719 CVE-2011-2522 CVE-2011-2694 CVE-2012-0817 CVE-2012-0870 CVE-2012-1182 CVE-2012-2111 CVE-2012-6150 CVE-2013-0172 CVE-2013-0213 CVE-2013-0214 CVE-2013-0454 CVE-2013-1863 CVE-2013-4124 CVE-2013-4408 CVE-2013-4475 CVE-2013-4476 CVE-2013-4496 CVE-2013-6442 CVE-2014-0178 CVE-2014-0239 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560 CVE-2014-8143 CVE-2015-0240 CVE-2015-3223 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-5370 CVE-2015-7560 CVE-2015-8467 CVE-2015-8543 CVE-2016-0771 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2115 CVE-2016-2118 CVE-2016-2119 cpe:/o:suse:sles:12:sp2 libdmx1-1.1.3-3.51 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libdmx1-1.1.3-3.51 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1992 cpe:/o:suse:sles:12:sp2 libecpg6-9.4.9-14.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libecpg6-9.4.9-14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2007-4772 CVE-2007-6600 CVE-2009-4034 CVE-2009-4136 CVE-2010-1169 CVE-2010-1170 CVE-2010-3433 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-5423 CVE-2016-5424 cpe:/o:suse:sles:12:sp2 libevent-2_0-5-2.0.21-4.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libevent-2_0-5-2.0.21-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-6272 cpe:/o:suse:sles:12:sp2 libexif12-0.6.21-6.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libexif12-0.6.21-6.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841 cpe:/o:suse:sles:12:sp2 libfreebl3-3.21.1-46.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libfreebl3-3.21.1-46.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-3170 CVE-2011-3389 CVE-2011-3640 CVE-2013-0743 CVE-2013-0791 CVE-2013-1620 CVE-2013-1739 CVE-2013-1740 CVE-2013-5605 CVE-2014-1492 CVE-2014-1568 CVE-2014-1569 CVE-2015-4000 CVE-2015-7181 CVE-2015-7182 CVE-2015-7575 CVE-2016-1938 CVE-2016-1950 CVE-2016-1978 CVE-2016-1979 CVE-2016-2834 cpe:/o:suse:sles:12:sp2 libfreetype6-2.6.3-7.8.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libfreetype6-2.6.3-7.8.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0946 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 CVE-2011-0226 CVE-2011-3256 CVE-2011-3439 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2014-2240 CVE-2014-2241 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 cpe:/o:suse:sles:12:sp2 libgc1-7.2d-3.75 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libgc1-7.2d-3.75 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2673 cpe:/o:suse:sles:12:sp2 libgcrypt20-1.6.1-16.33.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libgcrypt20-1.6.1-16.33.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-4242 CVE-2014-3591 CVE-2015-0837 CVE-2015-7511 CVE-2016-6313 cpe:/o:suse:sles:12:sp2 libgnomesu-2.0.0-353.6.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libgnomesu-2.0.0-353.6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1946 cpe:/o:suse:sles:12:sp2 libgoa-1_0-0-3.20.4-7.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libgoa-1_0-0-3.20.4-7.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-0240 CVE-2013-1799 cpe:/o:suse:sles:12:sp2 libgraphite2-3-1.3.1-6.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libgraphite2-3-1.3.1-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-1521 CVE-2016-1523 CVE-2016-1526 cpe:/o:suse:sles:12:sp2 libgssglue1-0.4-3.76 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libgssglue1-0.4-3.76 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2709 cpe:/o:suse:sles:12:sp2 libgypsy0-0.9-6.22 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libgypsy0-0.9-6.22 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-0523 CVE-2011-0524 cpe:/o:suse:sles:12:sp2 libhivex0-1.3.10-4.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libhivex0-1.3.10-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-9273 cpe:/o:suse:sles:12:sp2 libhogweed2-2.7.1-9.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libhogweed2-2.7.1-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 cpe:/o:suse:sles:12:sp2 libicu-doc-52.1-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libicu-doc-52.1-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-9654 cpe:/o:suse:sles:12:sp2 libidn-tools-1.28-4.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libidn-tools-1.28-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 cpe:/o:suse:sles:12:sp2 libimobiledevice6-1.2.0-7.31 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libimobiledevice6-1.2.0-7.31 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2142 CVE-2016-5104 cpe:/o:suse:sles:12:sp2 libipa_hbac0-1.13.4-18.10 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libipa_hbac0-1.13.4-18.10 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-4341 CVE-2011-1758 CVE-2013-0219 CVE-2013-0220 CVE-2013-0287 cpe:/o:suse:sles:12:sp2 libjansson4-2.7-1.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libjansson4-2.7-1.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-6401 cpe:/o:suse:sles:12:sp2 libjasper1-1.900.1-170.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libjasper1-1.900.1-170.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 cpe:/o:suse:sles:12:sp2 libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libjavascriptcoregtk-3_0-0-2.4.11-23.20 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-5112 CVE-2012-5133 CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386 CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390 CVE-2014-1748 CVE-2015-1071 CVE-2015-1076 CVE-2015-1081 CVE-2015-1083 CVE-2015-1120 CVE-2015-1122 CVE-2015-1127 CVE-2015-1153 CVE-2015-1155 CVE-2015-2330 CVE-2015-3658 CVE-2015-3659 CVE-2015-3727 CVE-2015-3731 CVE-2015-3741 CVE-2015-3743 CVE-2015-3745 CVE-2015-3747 CVE-2015-3748 CVE-2015-3749 CVE-2015-3752 CVE-2015-5788 CVE-2015-5794 CVE-2015-5801 CVE-2015-5809 CVE-2015-5822 CVE-2015-5928 cpe:/o:suse:sles:12:sp2 libjavascriptcoregtk-4_0-18-2.12.5-1.12 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libjavascriptcoregtk-4_0-18-2.12.5-1.12 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 cpe:/o:suse:sles:12:sp2 libjbig2-2.0-12.13 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libjbig2-2.0-12.13 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-6369 cpe:/o:suse:sles:12:sp2 libjpeg-turbo-1.3.1-30.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libjpeg-turbo-1.3.1-30.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-9092 cpe:/o:suse:sles:12:sp2 libjson-c2-0.11-2.15 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libjson-c2-0.11-2.15 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-6370 CVE-2013-6371 cpe:/o:suse:sles:12:sp2 libksba8-1.3.0-23.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libksba8-1.3.0-23.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 cpe:/o:suse:sles:12:sp2 liblcms1-1.19-17.28 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the liblcms1-1.19-17.28 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0793 CVE-2013-4276 cpe:/o:suse:sles:12:sp2 libldap-2_4-2-2.4.41-18.25.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libldap-2_4-2-2.4.41-18.25.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-1545 CVE-2015-1546 CVE-2015-6908 cpe:/o:suse:sles:12:sp2 libldb1-1.1.26-10.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libldb1-1.1.26-10.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-3223 CVE-2015-5330 cpe:/o:suse:sles:12:sp2 libltdl7-2.4.2-14.30 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libltdl7-2.4.2-14.30 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-3736 cpe:/o:suse:sles:12:sp2 liblua5_2-32bit-5.2.2-4.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the liblua5_2-32bit-5.2.2-4.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-5461 cpe:/o:suse:sles:12:sp2 liblzo2-2-2.08-1.13 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the liblzo2-2-2.08-1.13 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-4607 cpe:/o:suse:sles:12:sp2 libmms0-0.6.2-15.8 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libmms0-0.6.2-15.8 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-2892 cpe:/o:suse:sles:12:sp2 libmodplug1-0.8.8.4-13.63 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libmodplug1-0.8.8.4-13.63 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1761 CVE-2013-4233 CVE-2013-4234 cpe:/o:suse:sles:12:sp2 libmpfr4-3.1.2-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libmpfr4-3.1.2-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-9474 cpe:/o:suse:sles:12:sp2 libmspack0-0.4-14.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libmspack0-0.4-14.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2800 CVE-2010-2801 CVE-2014-9556 CVE-2014-9732 CVE-2015-4467 CVE-2015-4468 CVE-2015-4469 CVE-2015-4470 CVE-2015-4471 CVE-2015-4472 cpe:/o:suse:sles:12:sp2 libmusicbrainz4-2.1.5-27.79 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libmusicbrainz4-2.1.5-27.79 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2006-4197 cpe:/o:suse:sles:12:sp2 libmysqlclient18-10.0.27-12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libmysqlclient18-10.0.27-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2007-5970 CVE-2008-7247 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-5298 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-3470 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8964 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-2047 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-6662 cpe:/o:suse:sles:12:sp2 libneon27-0.30.0-3.64 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libneon27-0.30.0-3.64 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-2473 CVE-2009-2474 cpe:/o:suse:sles:12:sp2 libnghttp2-14-1.7.1-1.84 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libnghttp2-14-1.7.1-1.84 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-1544 cpe:/o:suse:sles:12:sp2 libnm-glib-vpn1-1.0.12-8.6 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libnm-glib-vpn1-1.0.12-8.6 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-2924 CVE-2016-0764 cpe:/o:suse:sles:12:sp2 libopenssl-devel-1.0.2j-55.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libopenssl-devel-1.0.2j-55.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2006-7250 CVE-2008-5077 CVE-2009-0590 CVE-2009-0591 CVE-2009-0789 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2010-0740 CVE-2010-0742 CVE-2010-1633 CVE-2010-2939 CVE-2010-3864 CVE-2010-5298 CVE-2011-0014 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 CVE-2012-0050 CVE-2012-0884 CVE-2012-1165 CVE-2012-2110 CVE-2012-2686 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 CVE-2014-0076 CVE-2014-0160 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-5139 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-3197 CVE-2015-3216 CVE-2015-4000 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798 CVE-2016-0799 CVE-2016-0800 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2109 CVE-2016-2176 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304 CVE-2016-6306 CVE-2016-7052 cpe:/o:suse:sles:12:sp2 libotr5-4.0.0-9.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libotr5-4.0.0-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-2851 cpe:/o:suse:sles:12:sp2 libpango-1_0-0-1.40.1-9.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpango-1_0-0-1.40.1-9.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-0020 CVE-2011-0064 cpe:/o:suse:sles:12:sp2 libpcsclite1-1.8.10-3.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpcsclite1-1.8.10-3.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-0407 CVE-2010-4531 cpe:/o:suse:sles:12:sp2 libpng12-0-1.2.50-13.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpng12-0-1.2.50-13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-3026 CVE-2011-3045 CVE-2011-3048 CVE-2012-3386 CVE-2013-7353 CVE-2013-7354 CVE-2015-7981 CVE-2015-8126 cpe:/o:suse:sles:12:sp2 libpng15-15-1.5.22-4.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpng15-15-1.5.22-4.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3026 CVE-2011-3048 CVE-2011-3328 CVE-2011-3464 CVE-2012-3386 CVE-2015-8126 cpe:/o:suse:sles:12:sp2 libpng16-16-1.6.8-11.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpng16-16-1.6.8-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-1205 CVE-2011-2501 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2011-3328 CVE-2013-6954 CVE-2014-0333 CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 cpe:/o:suse:sles:12:sp2 libpolkit0-0.113-5.6.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpolkit0-0.113-5.6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-0750 CVE-2011-1485 CVE-2013-4288 CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625 cpe:/o:suse:sles:12:sp2 libpoppler-glib8-0.43.0-15.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpoppler-glib8-0.43.0-15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 cpe:/o:suse:sles:12:sp2 libpoppler44-0.24.4-12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpoppler44-0.24.4-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3607 CVE-2009-3608 CVE-2013-1788 CVE-2013-1789 CVE-2013-1790 CVE-2013-4473 CVE-2013-4474 CVE-2015-8868 cpe:/o:suse:sles:12:sp2 libproxy1-0.4.13-16.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libproxy1-0.4.13-16.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-4504 cpe:/o:suse:sles:12:sp2 libpulse-mainloop-glib0-32bit-5.0-2.7 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpulse-mainloop-glib0-32bit-5.0-2.7 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3970 cpe:/o:suse:sles:12:sp2 libpython2_7-1_0-2.7.9-24.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpython2_7-1_0-2.7.9-24.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1521 CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-1753 CVE-2013-4238 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 cpe:/o:suse:sles:12:sp2 libpython3_4m1_0-3.4.1-12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libpython3_4m1_0-3.4.1-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 cpe:/o:suse:sles:12:sp2 libqt4-32bit-4.8.6-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libqt4-32bit-4.8.6-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0945 CVE-2011-3193 CVE-2011-3922 CVE-2012-4929 CVE-2012-6093 CVE-2013-0254 CVE-2013-4549 CVE-2014-0190 CVE-2015-0295 CVE-2015-1858 CVE-2015-1859 CVE-2015-1860 cpe:/o:suse:sles:12:sp2 libraptor2-0-2.0.10-3.63 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libraptor2-0-2.0.10-3.63 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-0037 cpe:/o:suse:sles:12:sp2 libruby2_1-2_1-2.1.2-12.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libruby2_1-2_1-2.1.2-12.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-8080 CVE-2014-8090 cpe:/o:suse:sles:12:sp2 libsmi-0.4.8-18.55 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libsmi-0.4.8-18.55 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2891 cpe:/o:suse:sles:12:sp2 libsndfile1-1.0.25-25.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libsndfile1-1.0.25-25.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0186 CVE-2011-2696 CVE-2014-9496 CVE-2014-9756 CVE-2015-7805 CVE-2015-8075 cpe:/o:suse:sles:12:sp2 libsnmp30-32bit-5.7.3-4.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libsnmp30-32bit-5.7.3-4.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2141 CVE-2014-2284 CVE-2014-2285 CVE-2014-3565 CVE-2015-5621 cpe:/o:suse:sles:12:sp2 libsoup-2_4-1-2.54.1-4.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libsoup-2_4-1-2.54.1-4.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2054 cpe:/o:suse:sles:12:sp2 libspice-client-glib-2_0-8-0.31-7.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libspice-client-glib-2_0-8-0.31-7.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-4425 cpe:/o:suse:sles:12:sp2 libspice-server1-0.12.7-6.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libspice-server1-0.12.7-6.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-4282 CVE-2015-3247 CVE-2015-5260 CVE-2015-5261 CVE-2016-0749 CVE-2016-2150 cpe:/o:suse:sles:12:sp2 libsqlite3-0-3.8.10.2-3.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libsqlite3-0-3.8.10.2-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-6153 cpe:/o:suse:sles:12:sp2 libsrtp1-1.5.2-2.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libsrtp1-1.5.2-2.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2139 cpe:/o:suse:sles:12:sp2 libssh2-1-1.4.3-19.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libssh2-1-1.4.3-19.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-1782 CVE-2016-0787 cpe:/o:suse:sles:12:sp2 libsystemd0-228-117.12 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libsystemd0-228-117.12 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-1174 CVE-2013-4288 CVE-2016-7795 cpe:/o:suse:sles:12:sp2 libtag1-1.9.1-1.218 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libtag1-1.9.1-1.218 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2396 cpe:/o:suse:sles:12:sp2 libtasn1-3.7-11.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libtasn1-3.7-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3467 CVE-2014-3468 CVE-2014-3469 CVE-2015-2806 CVE-2015-3622 CVE-2016-4008 cpe:/o:suse:sles:12:sp2 libtcnative-1-0-1.1.32-9.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libtcnative-1-0-1.1.32-9.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-4000 cpe:/o:suse:sles:12:sp2 libthai-data-0.1.25-4.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libthai-data-0.1.25-4.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-4012 cpe:/o:suse:sles:12:sp2 libtiff5-32bit-4.0.6-26.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libtiff5-32bit-4.0.6-26.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-2285 CVE-2009-2347 CVE-2010-2065 CVE-2010-2067 CVE-2010-2233 CVE-2010-4665 CVE-2011-0192 CVE-2011-1167 CVE-2012-1173 CVE-2012-2113 CVE-2012-3401 CVE-2012-4564 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2016-3186 CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 cpe:/o:suse:sles:12:sp2 libudisks2-0-2.1.3-1.13 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libudisks2-0-2.1.3-1.13 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-0004 cpe:/o:suse:sles:12:sp2 libupsclient1-2.7.1-4.55 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libupsclient1-2.7.1-4.55 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2944 cpe:/o:suse:sles:12:sp2 libusbmuxd4-1.0.10-2.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libusbmuxd4-1.0.10-2.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-5104 cpe:/o:suse:sles:12:sp2 libvdpau1-1.1.1-6.73 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libvdpau1-1.1.1-6.73 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 cpe:/o:suse:sles:12:sp2 libvirt-2.0.0-26.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libvirt-2.0.0-26.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2242 CVE-2011-1146 CVE-2011-2511 CVE-2011-4600 CVE-2012-3445 CVE-2013-0170 CVE-2013-1962 CVE-2013-2218 CVE-2013-2230 CVE-2013-4153 CVE-2013-4154 CVE-2013-4239 CVE-2013-4296 CVE-2013-4297 CVE-2013-4311 CVE-2013-4399 CVE-2013-4400 CVE-2013-4401 CVE-2013-6436 CVE-2013-6457 CVE-2013-6458 CVE-2014-0028 CVE-2014-0179 CVE-2014-1447 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823 CVE-2014-8136 CVE-2015-0236 CVE-2015-5247 CVE-2015-5313 cpe:/o:suse:sles:12:sp2 libvncclient0-0.9.9-16.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libvncclient0-0.9.9-16.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 cpe:/o:suse:sles:12:sp2 libvorbis-doc-1.3.3-8.23 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libvorbis-doc-1.3.3-8.23 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-1420 CVE-2009-3379 CVE-2012-0444 cpe:/o:suse:sles:12:sp2 libvte9-0.28.2-19.7 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libvte9-0.28.2-19.7 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2738 cpe:/o:suse:sles:12:sp2 libxcb-dri2-0-1.10-3.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libxcb-dri2-0-1.10-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-2064 cpe:/o:suse:sles:12:sp2 libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libxerces-c-3_1-3.1.1-12.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-1885 CVE-2015-0252 CVE-2016-0729 CVE-2016-2099 CVE-2016-4463 cpe:/o:suse:sles:12:sp2 libxml2-2-2.9.4-27.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libxml2-2-2.9.4-27.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2010-4494 CVE-2011-1944 CVE-2012-5134 CVE-2013-0338 CVE-2013-1969 CVE-2014-0191 CVE-2014-3660 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 cpe:/o:suse:sles:12:sp2 libyaml-0-2-0.1.6-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libyaml-0-2-0.1.6-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:suse:sles:12:sp2 libzip2-0.11.1-12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the libzip2-0.11.1-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2015-2331 cpe:/o:suse:sles:12:sp2 logrotate-3.8.7-3.14 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the logrotate-3.8.7-3.14 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1098 CVE-2011-1154 CVE-2011-1155 cpe:/o:suse:sles:12:sp2 logwatch-7.4.3-15.65 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the logwatch-7.4.3-15.65 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1018 cpe:/o:suse:sles:12:sp2 mailman-2.1.17-1.18 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the mailman-2.1.17-1.18 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-0707 cpe:/o:suse:sles:12:sp2 mailx-12.5-28.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the mailx-12.5-28.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2004-2771 CVE-2014-7844 cpe:/o:suse:sles:12:sp2 mipv6d-2.0.2.umip.0.4-19.63 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the mipv6d-2.0.2.umip.0.4-19.63 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2522 CVE-2010-2523 cpe:/o:suse:sles:12:sp2 mozilla-nspr-32bit-4.12-15.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the mozilla-nspr-32bit-4.12-15.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-1545 CVE-2015-7183 cpe:/o:suse:sles:12:sp2 mutt-1.6.0-54.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the mutt-1.6.0-54.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-0467 CVE-2014-9116 cpe:/o:suse:sles:12:sp2 ntp-4.2.8p8-14.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ntp-4.2.8p8-14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0159 CVE-2009-1252 CVE-2013-5211 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2014-9297 CVE-2014-9298 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7705 CVE-2015-7848 CVE-2015-7849 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7853 CVE-2015-7854 CVE-2015-7855 CVE-2015-7871 CVE-2015-7973 CVE-2015-7974 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8138 CVE-2015-8139 CVE-2015-8140 CVE-2015-8158 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 cpe:/o:suse:sles:12:sp2 opensc-0.13.0-1.107 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the opensc-0.13.0-1.107 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0368 CVE-2010-4523 cpe:/o:suse:sles:12:sp2 openslp-2.0.0-11.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the openslp-2.0.0-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-3609 CVE-2016-6354 cpe:/o:suse:sles:12:sp2 openssh-7.2p2-55.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the openssh-7.2p2-55.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-2653 CVE-2015-5352 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-8325 CVE-2016-0777 CVE-2016-0778 CVE-2016-1908 CVE-2016-3115 CVE-2016-6210 CVE-2016-6515 cpe:/o:suse:sles:12:sp2 openvpn-2.3.8-16.6.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the openvpn-2.3.8-16.6.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-8104 cpe:/o:suse:sles:12:sp2 openvswitch-2.5.1-24.15 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the openvswitch-2.5.1-24.15 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-3449 cpe:/o:suse:sles:12:sp2 opie-2.4-724.56 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the opie-2.4-724.56 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2489 CVE-2011-2490 cpe:/o:suse:sles:12:sp2 p7zip-9.20.1-6.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the p7zip-9.20.1-6.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-1038 CVE-2016-2335 cpe:/o:suse:sles:12:sp2 pam-1.1.8-14.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the pam-1.1.8-14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-3430 CVE-2010-3431 CVE-2010-3853 CVE-2011-3148 CVE-2011-3149 CVE-2014-2583 cpe:/o:suse:sles:12:sp2 pam-modules-12.1-23.12 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the pam-modules-12.1-23.12 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-3172 cpe:/o:suse:sles:12:sp2 pam_krb5-2.4.4-4.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the pam_krb5-2.4.4-4.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-3825 CVE-2009-1384 cpe:/o:suse:sles:12:sp2 pam_ssh-2.0-1.39 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the pam_ssh-2.0-1.39 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-1273 cpe:/o:suse:sles:12:sp2 patch-2.7.5-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the patch-2.7.5-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-4651 CVE-2015-1196 CVE-2015-1395 CVE-2015-1396 cpe:/o:suse:sles:12:sp2 pcsc-ccid-1.4.14-1.42 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the pcsc-ccid-1.4.14-1.42 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-4530 cpe:/o:suse:sles:12:sp2 perl-32bit-5.18.2-11.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the perl-32bit-5.18.2-11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-4777 CVE-2015-8853 CVE-2016-1238 CVE-2016-2381 CVE-2016-6185 cpe:/o:suse:sles:12:sp2 perl-Config-IniFiles-2.82-3.12 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the perl-Config-IniFiles-2.82-3.12 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2451 cpe:/o:suse:sles:12:sp2 perl-HTML-Parser-3.71-1.145 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the perl-HTML-Parser-3.71-1.145 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-3627 cpe:/o:suse:sles:12:sp2 perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the perl-LWP-Protocol-https-6.04-5.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3230 cpe:/o:suse:sles:12:sp2 perl-Tk-804.031-3.76 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the perl-Tk-804.031-3.76 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2006-4484 cpe:/o:suse:sles:12:sp2 perl-XML-LibXML-2.0019-5.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the perl-XML-LibXML-2.0019-5.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-3451 cpe:/o:suse:sles:12:sp2 perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the perl-YAML-LibYAML-0.38-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-1152 CVE-2013-6393 CVE-2014-2525 CVE-2014-9130 cpe:/o:suse:sles:12:sp2 pigz-2.3-5.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the pigz-2.3-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-1191 cpe:/o:suse:sles:12:sp2 powerpc-utils-1.3.2-17.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the powerpc-utils-1.3.2-17.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-4040 cpe:/o:suse:sles:12:sp2 ppc64-diag-2.7.1-5.6 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ppc64-diag-2.7.1-5.6 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-4038 CVE-2014-4039 cpe:/o:suse:sles:12:sp2 ppp-2.4.7-1.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ppp-2.4.7-1.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3158 cpe:/o:suse:sles:12:sp2 procmail-3.22-267.12 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the procmail-3.22-267.12 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3618 cpe:/o:suse:sles:12:sp2 python-2.7.9-24.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the python-2.7.9-24.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-4238 cpe:/o:suse:sles:12:sp2 python-cupshelpers-1.5.7-7.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the python-cupshelpers-1.5.7-7.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-4405 cpe:/o:suse:sles:12:sp2 python-imaging-1.1.7-21.15 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the python-imaging-1.1.7-21.15 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-1932 cpe:/o:suse:sles:12:sp2 python-libxml2-2.9.4-27.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the python-libxml2-2.9.4-27.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2012-5134 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 cpe:/o:suse:sles:12:sp2 python-pyOpenSSL-16.0.0-2.3.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the python-pyOpenSSL-16.0.0-2.3.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-4314 cpe:/o:suse:sles:12:sp2 python-pywbem-0.7.0-4.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the python-pywbem-0.7.0-4.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-6418 cpe:/o:suse:sles:12:sp2 python-requests-2.8.1-6.11.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the python-requests-2.8.1-6.11.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-1829 CVE-2014-1830 CVE-2015-2296 cpe:/o:suse:sles:12:sp2 qemu-2.6.1-27.15 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the qemu-2.6.1-27.15 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-0928 CVE-2008-1945 CVE-2008-2382 CVE-2008-4539 CVE-2012-3515 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4526 CVE-2013-4527 CVE-2013-4529 CVE-2013-4530 CVE-2013-4531 CVE-2013-4533 CVE-2013-4534 CVE-2013-4535 CVE-2013-4536 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4541 CVE-2013-4542 CVE-2013-4544 CVE-2013-6399 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0150 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461 CVE-2014-3640 CVE-2014-7840 CVE-2014-8106 CVE-2015-1779 CVE-2015-3209 CVE-2015-3456 CVE-2015-4037 CVE-2015-5154 CVE-2015-5225 CVE-2015-5278 CVE-2015-5279 CVE-2015-5745 CVE-2015-6815 CVE-2015-6855 CVE-2015-7295 CVE-2015-7512 CVE-2015-7549 CVE-2015-8345 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-3710 CVE-2016-3712 CVE-2016-4002 CVE-2016-4020 CVE-2016-4439 CVE-2016-4441 CVE-2016-4453 CVE-2016-4454 CVE-2016-4952 CVE-2016-4964 CVE-2016-5105 CVE-2016-5106 CVE-2016-5107 CVE-2016-5126 CVE-2016-5238 CVE-2016-5337 CVE-2016-5338 CVE-2016-5403 CVE-2016-6351 CVE-2016-6490 CVE-2016-6833 CVE-2016-6836 CVE-2016-6888 CVE-2016-7116 CVE-2016-7155 CVE-2016-7156 CVE-2016-7157 cpe:/o:suse:sles:12:sp2 quagga-0.99.22.1-12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the quagga-0.99.22.1-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-1674 CVE-2010-1675 CVE-2016-2342 CVE-2016-4049 cpe:/o:suse:sles:12:sp2 radvd-1.9.7-2.12 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the radvd-1.9.7-2.12 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-3602 cpe:/o:suse:sles:12:sp2 res-signingkeys-3.0.18-26.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the res-signingkeys-3.0.18-26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3566 cpe:/o:suse:sles:12:sp2 rpcbind-0.2.3-21.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the rpcbind-0.2.3-21.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-7236 cpe:/o:suse:sles:12:sp2 rpm-32bit-4.11.2-15.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the rpm-32bit-4.11.2-15.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-6435 CVE-2014-8118 cpe:/o:suse:sles:12:sp2 rsync-3.1.0-12.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the rsync-3.1.0-12.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1097 CVE-2014-2855 CVE-2014-8242 CVE-2014-9512 cpe:/o:suse:sles:12:sp2 rsyslog-8.4.0-14.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the rsyslog-8.4.0-14.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-3200 CVE-2013-4758 CVE-2013-6370 CVE-2013-6371 CVE-2014-3634 CVE-2014-3683 cpe:/o:suse:sles:12:sp2 rtkit-0.11_git201205151338-8.14 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the rtkit-0.11_git201205151338-8.14 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-4326 cpe:/o:suse:sles:12:sp2 ruby-2.1-1.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the ruby-2.1-1.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-4492 CVE-2010-0541 CVE-2011-1004 CVE-2011-1005 CVE-2011-4815 cpe:/o:suse:sles:12:sp2 sblim-sfcb-1.4.8-8.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the sblim-sfcb-1.4.8-8.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-5185 cpe:/o:suse:sles:12:sp2 shim-0.9-20.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the shim-0.9-20.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 cpe:/o:suse:sles:12:sp2 socat-1.7.2.4-3.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the socat-1.7.2.4-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-3571 CVE-2014-0019 CVE-2015-4000 cpe:/o:suse:sles:12:sp2 squashfs-4.3-6.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the squashfs-4.3-6.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-4024 CVE-2012-4025 cpe:/o:suse:sles:12:sp2 squid-3.5.21-23.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the squid-3.5.21-23.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-5643 CVE-2014-7141 CVE-2014-7142 CVE-2014-9749 CVE-2015-5400 CVE-2016-2390 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3947 CVE-2016-3948 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 cpe:/o:suse:sles:12:sp2 squidGuard-1.4-23.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the squidGuard-1.4-23.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-3700 CVE-2009-3826 cpe:/o:suse:sles:12:sp2 strongswan-5.1.3-22.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the strongswan-5.1.3-22.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-0790 CVE-2012-2388 CVE-2013-2944 CVE-2013-5018 CVE-2013-6075 CVE-2013-6076 CVE-2014-2338 CVE-2014-9221 CVE-2015-4171 CVE-2015-8023 cpe:/o:suse:sles:12:sp2 stunnel-5.00-3.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the stunnel-5.00-3.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1762 CVE-2014-0016 CVE-2015-3644 cpe:/o:suse:sles:12:sp2 sudo-1.8.10p3-6.16 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the sudo-1.8.10p3-6.16 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-1163 CVE-2010-1646 CVE-2011-0010 CVE-2012-2337 CVE-2013-1775 CVE-2013-1776 CVE-2014-9680 cpe:/o:suse:sles:12:sp2 supportutils-3.0-85.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the supportutils-3.0-85.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-1602 cpe:/o:suse:sles:12:sp2 sysconfig-0.84.0-13.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the sysconfig-0.84.0-13.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-4182 cpe:/o:suse:sles:12:sp2 syslog-service-2.0-778.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the syslog-service-2.0-778.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3634 cpe:/o:suse:sles:12:sp2 systemtap-3.0-7.15 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the systemtap-3.0-7.15 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-2911 CVE-2009-4273 CVE-2010-0411 CVE-2010-0412 cpe:/o:suse:sles:12:sp2 sysvinit-tools-2.88+-96.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the sysvinit-tools-2.88+-96.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2483 cpe:/o:suse:sles:12:sp2 tar-1.27.1-8.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the tar-1.27.1-8.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-0624 cpe:/o:suse:sles:12:sp2 tcpdump-4.5.1-10.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the tcpdump-4.5.1-10.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2014-9140 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 cpe:/o:suse:sles:12:sp2 tftp-5.2-10.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the tftp-5.2-10.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2199 cpe:/o:suse:sles:12:sp2 tomcat-8.0.36-11.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the tomcat-8.0.36-11.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-1976 CVE-2014-0050 CVE-2015-5174 CVE-2015-5345 CVE-2015-5346 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092 cpe:/o:suse:sles:12:sp2 unixODBC-2.3.4-6.5 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the unixODBC-2.3.4-6.5 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1145 cpe:/o:suse:sles:12:sp2 unzip-6.00-32.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the unzip-6.00-32.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636 cpe:/o:suse:sles:12:sp2 update-alternatives-1.18.4-14.216 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the update-alternatives-1.18.4-14.216 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-0840 cpe:/o:suse:sles:12:sp2 vino-3.20.2-5.8 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the vino-3.20.2-5.8 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 cpe:/o:suse:sles:12:sp2 vorbis-tools-1.4.0-26.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the vorbis-tools-1.4.0-26.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2008-1686 CVE-2014-9638 CVE-2014-9639 CVE-2014-9640 CVE-2015-6749 cpe:/o:suse:sles:12:sp2 vsftpd-3.0.2-31.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the vsftpd-3.0.2-31.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-1419 cpe:/o:suse:sles:12:sp2 w3m-0.5.3-157.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the w3m-0.5.3-157.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2074 CVE-2012-4929 cpe:/o:suse:sles:12:sp2 wget-1.14-10.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the wget-1.14-10.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2252 CVE-2012-4929 CVE-2014-4877 CVE-2015-2059 CVE-2016-4971 cpe:/o:suse:sles:12:sp2 wireshark-1.12.13-31.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the wireshark-1.12.13-31.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2009-1210 CVE-2009-1267 CVE-2009-1268 CVE-2009-1269 CVE-2009-3241 CVE-2009-3242 CVE-2009-3243 CVE-2010-1455 CVE-2010-2993 CVE-2010-3445 CVE-2010-4300 CVE-2010-4301 CVE-2010-4538 CVE-2011-0024 CVE-2011-0538 CVE-2011-0713 CVE-2011-1138 CVE-2011-1139 CVE-2011-1140 CVE-2011-1143 CVE-2011-1590 CVE-2011-1591 CVE-2011-1592 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-3266 CVE-2011-3360 CVE-2011-3483 CVE-2012-2392 CVE-2012-2393 CVE-2012-2394 CVE-2012-3548 CVE-2012-4048 CVE-2012-4049 CVE-2012-4285 CVE-2012-4286 CVE-2012-4287 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-4293 CVE-2012-4294 CVE-2012-4295 CVE-2012-4296 CVE-2012-4297 CVE-2012-4298 CVE-2012-5237 CVE-2012-5238 CVE-2012-5239 CVE-2012-5240 CVE-2012-5592 CVE-2012-5593 CVE-2012-5594 CVE-2012-5595 CVE-2012-5596 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-5601 CVE-2012-5602 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-1582 CVE-2013-1583 CVE-2013-1584 CVE-2013-1585 CVE-2013-1586 CVE-2013-1587 CVE-2013-1588 CVE-2013-1589 CVE-2013-1590 CVE-2013-2475 CVE-2013-2476 CVE-2013-2477 CVE-2013-2478 CVE-2013-2479 CVE-2013-2480 CVE-2013-2481 CVE-2013-2482 CVE-2013-2483 CVE-2013-2484 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-2488 CVE-2013-3555 CVE-2013-3556 CVE-2013-3557 CVE-2013-3558 CVE-2013-3559 CVE-2013-3560 CVE-2013-3561 CVE-2013-3562 CVE-2013-4083 CVE-2013-4920 CVE-2013-4921 CVE-2013-4922 CVE-2013-4923 CVE-2013-4924 CVE-2013-4925 CVE-2013-4926 CVE-2013-4927 CVE-2013-4928 CVE-2013-4929 CVE-2013-4930 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5717 CVE-2013-5718 CVE-2013-5719 CVE-2013-5720 CVE-2013-5721 CVE-2013-5722 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7113 CVE-2013-7114 CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 CVE-2014-2907 CVE-2014-4020 CVE-2014-5161 CVE-2014-5162 CVE-2014-5163 CVE-2014-5164 CVE-2014-5165 CVE-2015-0559 CVE-2015-0560 CVE-2015-0561 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-3814 CVE-2015-7830 CVE-2015-8711 CVE-2015-8712 CVE-2015-8713 CVE-2015-8714 CVE-2015-8715 CVE-2015-8716 CVE-2015-8717 CVE-2015-8718 CVE-2015-8719 CVE-2015-8720 CVE-2015-8721 CVE-2015-8722 CVE-2015-8723 CVE-2015-8724 CVE-2015-8725 CVE-2015-8726 CVE-2015-8727 CVE-2015-8728 CVE-2015-8729 CVE-2015-8730 CVE-2015-8731 CVE-2015-8732 CVE-2015-8733 CVE-2016-2523 CVE-2016-2530 CVE-2016-2531 CVE-2016-2532 CVE-2016-5350 CVE-2016-5351 CVE-2016-5352 CVE-2016-5353 CVE-2016-5354 CVE-2016-5355 CVE-2016-5356 CVE-2016-5357 CVE-2016-5358 CVE-2016-5359 CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 cpe:/o:suse:sles:12:sp2 wpa_supplicant-2.2-14.2 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the wpa_supplicant-2.2-14.2 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-3686 CVE-2015-0210 CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-5130 CVE-2015-5310 CVE-2015-8041 cpe:/o:suse:sles:12:sp2 xalan-j2-2.7.0-264.133 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xalan-j2-2.7.0-264.133 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-0107 cpe:/o:suse:sles:12:sp2 xdg-utils-20140630-5.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xdg-utils-20140630-5.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-9622 cpe:/o:suse:sles:12:sp2 xen-4.7.0_12-23.4 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xen-4.7.0_12-23.4 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-0222 CVE-2014-3124 CVE-2014-3640 CVE-2014-3672 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-7815 CVE-2015-1779 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5239 CVE-2015-5278 CVE-2015-5307 CVE-2015-6815 CVE-2015-6855 CVE-2015-7311 CVE-2015-7504 CVE-2015-7512 CVE-2015-7549 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8104 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8615 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4439 CVE-2016-4441 CVE-2016-5238 CVE-2016-5338 CVE-2016-6258 CVE-2016-6259 CVE-2016-6351 CVE-2016-7092 CVE-2016-7093 CVE-2016-7094 cpe:/o:suse:sles:12:sp2 xf86-video-intel-2.99.917.641_ge4ef6e9-12.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xf86-video-intel-2.99.917.641_ge4ef6e9-12.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2014-4910 cpe:/o:suse:sles:12:sp2 xfsprogs-4.3.0-8.8 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xfsprogs-4.3.0-8.8 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-2150 cpe:/o:suse:sles:12:sp2 xinetd-2.3.15-7.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xinetd-2.3.15-7.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2012-0862 CVE-2013-4342 cpe:/o:suse:sles:12:sp2 xlockmore-5.43-5.30 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xlockmore-5.43-5.30 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2013-4143 cpe:/o:suse:sles:12:sp2 xorg-x11-7.6_1-14.17 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xorg-x11-7.6_1-14.17 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-0465 cpe:/o:suse:sles:12:sp2 xorg-x11-libs-7.6-45.14 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xorg-x11-libs-7.6-45.14 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2895 cpe:/o:suse:sles:12:sp2 xorg-x11-server-7.6_1.18.3-57.34 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xorg-x11-server-7.6_1.18.3-57.34 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2010-2240 CVE-2013-1940 CVE-2013-4396 CVE-2013-6424 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 CVE-2015-0255 CVE-2015-3164 CVE-2015-3418 cpe:/o:suse:sles:12:sp2 xscreensaver-5.22-7.1 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the xscreensaver-5.22-7.1 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2015-8025 cpe:/o:suse:sles:12:sp2 yast2-3.1.206-36.3 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the yast2-3.1.206-36.3 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-3177 cpe:/o:suse:sles:12:sp2 yast2-core-3.1.23-6.38 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the yast2-core-3.1.23-6.38 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2011-2483 CVE-2011-3177 cpe:/o:suse:sles:12:sp2 yast2-users-3.1.57-16.7 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the yast2-users-3.1.57-16.7 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2016-1601 cpe:/o:suse:sles:12:sp2 zoo-2.10-1020.56 on GA media (Moderate) SUSE Linux Enterprise Server 12 SP2 These are all security issues fixed in the zoo-2.10-1020.56 package on the GA media of SUSE Linux Enterprise Server 12 SP2. Moderate CVE-2006-0855 CVE-2007-1669 cpe:/o:suse:sles:12:sp2 Security update for python-tablib (Moderate) SUSE OpenStack Cloud 7 This update for python-tablib fixes the following issues: - CVE-2017-2810: Use yaml.safe_load and yaml.safe_dump to avoid executing code when importing data (bsc#1044329) Moderate SUSE bug 1044329 CVE-2017-2810 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs4, nodejs6 (Moderate) SUSE OpenStack Cloud 7 This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (bsc#1044946) - CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bsc#1048299) Non-security fixes: - GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282) - New upstream LTS release 6.11.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.1 - New upstream LTS release 6.11.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.0 - New upstream LTS release 6.10.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.3 - New upstream LTS release 6.10.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.2 - New upstream LTS release 6.10.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.1 - New upstream LTS release 6.10.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.0 - New upstream LTS release 4.8.4 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.4 - New upstream LTS release 4.8.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.3 - New upstream LTS release 4.8.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.2 - New upstream LTS release 4.8.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.1 - New upstream LTS release 4.8.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0 Moderate SUSE bug 1041282 SUSE bug 1041283 SUSE bug 1044946 SUSE bug 1048299 CVE-2017-1000381 CVE-2017-11499 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-pycrypto (Important) SUSE OpenStack Cloud 7 This update for python-pycrypto fixes the following issues: - CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420). python-paramiko was adjusted to work together with this python-pycrypto change. (bsc#1047666) Important SUSE bug 1017420 SUSE bug 1047666 CVE-2013-7459 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-XStatic-jquery-ui (Low) SUSE OpenStack Cloud 7 This update for python-XStatic-jquery-ui fixes the following issues: - CVE-2016-7103: possible cross-site scripting in dialog closeText could lead to arbitrary code injection (bsc#996004) Low SUSE bug 996004 CVE-2016-7103 cpe:/o:suse:suse-openstack-cloud:7 Security update for dnsmasq (Important) SUSE OpenStack Cloud 7 This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] Important SUSE bug 1060354 SUSE bug 1060355 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 cpe:/o:suse:suse-openstack-cloud:7 Security update for openstack-glance (Moderate) SUSE OpenStack Cloud 7 This update for openstack-glance fixes the following issues: - Restrict image_location metadata When `show_multiple_locations` is enabled in Glance, any user can rewrite the metadata information for locations, causing a security breach. (bsc#1023507) Moderate SUSE bug 1023507 cpe:/o:suse:suse-openstack-cloud:7 Security update for openstack-aodh (Moderate) SUSE OpenStack Cloud 7 This update for openstack-aodh fixes the following security issues: - CVE-2017-12440: Aodh did not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allowed remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee (bsc#1052604). - gnocchi: Fix alarms for unprivileged user. Moderate SUSE bug 1052604 CVE-2017-12440 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Ruby on Rails stack (Moderate) SUSE OpenStack Cloud 7 This update brings version 4.2.9 of the Ruby on Rails stack to provide the latest fixes and improvements from upstream. The following security issues have been fixed by upstream: rubygem-actionpack-4_2 - CVE-2016-2098: Action Pack in Ruby on Rails allowed remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method (bsc#968849). rubygem-activerecord-4_2 - CVE-2016-6317: Action Record did not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allowed remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request (bsc#993313). rubygem-actionview-4_2 - CVE-2016-6316: Cross-site scripting (XSS) vulnerability in Action View might have allowed remote attackers to inject arbitrary web script or HTML via text declared as 'HTML safe' and used as attribute values in tag handlers (bsc#993302). Additionally, the following packages have been updated to version 4.2.9: - rubygem-rails-4_2 - rubygem-railties-4_2 - rubygem-activesupport-4_2 - rubygem-activerecord-4_2 - rubygem-activejob-4_2 - rubygem-actionview-4_2 - rubygem-actionpack-4_2 - rubygem-actionmailer-4_2 Moderate SUSE bug 1055962 SUSE bug 968849 SUSE bug 993302 SUSE bug 993313 CVE-2016-2098 CVE-2016-6316 CVE-2016-6317 cpe:/o:suse:suse-openstack-cloud:7 Security update for ansible and monasca-installer (Moderate) SUSE OpenStack Cloud 7 This update for ansible provides version 2.2.3.0 and fixes the following security issues: - CVE-2017-7481: Data for lookup plugins used as variables was not being marked as 'unsafe' and could lead to unintentional disclosure of information. (bsc#1038785) - CVE-2016-9587: Prevent compromised host to execute commands on the controller (bsc#1019021). - CVE-2017-7466: Prevent arbitrary code execution on control nodes. For more information about the upstream bugs fixed, please see /usr/share/doc/packages/ansible/CHANGELOG.md Additionally, monasca-installer received several compatibility fixes for ansible. Moderate SUSE bug 1019021 SUSE bug 1038785 SUSE bug 1056094 CVE-2016-9587 CVE-2017-7466 CVE-2017-7481 cpe:/o:suse:suse-openstack-cloud:7 Security update for storm, storm-kit (Important) SUSE OpenStack Cloud 7 This update for storm, storm-kit fixes the following issues: - Update storm to version 1.0.5 (bsc#1059463, CVE-2017-9799) - Update storm-kit to version 1.0.5 (bsc#1059463, CVE-2017-9799) - Initial package (bsc#1048688, fate#323204) Important SUSE bug 1048688 SUSE bug 1059463 CVE-2017-9799 cpe:/o:suse:suse-openstack-cloud:7 Security update for openstack-nova (Moderate) SUSE OpenStack Cloud 7 This update for openstack-nova brings the latest version provided by the OpenStack upstream project including the following security fix: - CVE-2017-16239: Filter Scheduler bypass through rebuild action (bsc#1066198). Moderate SUSE bug 1066198 CVE-2017-16239 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-PyJWT (Moderate) SUSE OpenStack Cloud 7 This update for python-PyJWT fixes the following issues: - CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys (bsc#1054106) Moderate SUSE bug 1054106 CVE-2017-12880 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-oslo.middleware (Moderate) SUSE OpenStack Cloud 7 This update for python-oslo.middleware fixes the following issues: Security issue fixed: - CVE-2017-2592: Using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure (bsc#1022043). Moderate SUSE bug 1022043 CVE-2017-2592 cpe:/o:suse:suse-openstack-cloud:7 Security update for openstack-magnum (Moderate) SUSE OpenStack Cloud 7 This update for openstack-magnum fixes the following issues: Security issues fixed: - CVE-2016-7404: Magnum created instances have full API access to creating user's OpenStack account (bsc#998182). Bugfixes: - Fixed exception for InvalidParameterValue. - Updated patches have been tested against magnum-3.1.2.dev20 Moderate SUSE bug 998182 CVE-2016-7404 cpe:/o:suse:suse-openstack-cloud:7 Security update for several openstack-components (Important) SUSE OpenStack Cloud 7 This update for openstack-ceilometer, -cinder, -dashboard, -glance, -heat, -keystone, -manila, -magnum and -novaopenstack-keystone provides the latest code from OpenStack Newton. - nova: Add release note that legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. (bsc#1030406, CVE-2017-7214) - nova: Remove PrivTmp from openstack-nova-compute service. (bsc#1024328) - dashboard: Remove dangerous safestring declaration. (bsc#1032322, CVE-2017-7400) Important SUSE bug 1024328 SUSE bug 1030406 SUSE bug 1032322 CVE-2017-7214 CVE-2017-7400 cpe:/o:suse:suse-openstack-cloud:7 Security update for glibc (Important) SUSE OpenStack Cloud 7 This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) Non security bugs fixed: - Fix crash in resolver on memory allocation failure (bsc#1086690) Important SUSE bug 1086690 SUSE bug 1094150 SUSE bug 1094154 SUSE bug 1094161 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 cpe:/o:suse:suse-openstack-cloud:7 Security update for git (Important) SUSE OpenStack Cloud 7 This update for git fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Important SUSE bug 1095218 SUSE bug 1095219 CVE-2018-11233 CVE-2018-11235 cpe:/o:suse:suse-openstack-cloud:7 Security update for kernel-firmware (Moderate) SUSE OpenStack Cloud 7 This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Moderate SUSE bug 1095735 CVE-2017-5715 cpe:/o:suse:suse-openstack-cloud:7 Security update for libvirt (Important) SUSE OpenStack Cloud 7 This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through (bsc#1092885) Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Moderate) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: Update to version 20180425 (bsc#1091836) Fix provided for: - GLK B0 6-7a-1/01 0000001e->00000022 Pentium Silver N/J5xxx, Celeron N/J4xxx - Name microcodes which are not allowed to load late with a *.early suffix Moderate SUSE bug 1091836 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Important SUSE bug 1087066 SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_7_0-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent classloading + S8190478: Improved interface method selection + S8190877: Better handling of abstract classes + S8191696: Better mouse positioning + S8192030: Better MTSchema support + S8193409: Improve AES supporting classes + S8193414: Improvements in MethodType lookups + S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries + S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability + S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability + S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability + S8189989, CVE-2018-2798, bsc#1090028: Improve container portability + S8189993, CVE-2018-2799, bsc#1090029: Improve document portability + S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms + S8192025, CVE-2018-2814, bsc#1090032: Less referential references + S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation + S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For additional changes please consult the changelog. Important SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:suse-openstack-cloud:7 Security update for gpg2 (Important) SUSE OpenStack Cloud 7 This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed: - bsc#1086039 - Dom0 does not represent DomU cpu flags Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1086039 SUSE bug 1092631 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Important) SUSE OpenStack Cloud 7 IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449]: Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 cpe:/o:suse:suse-openstack-cloud:7 Security update for ntp (Moderate) SUSE OpenStack Cloud 7 This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update is a reissue of the previous update with LTSS channels included. Moderate SUSE bug 1077445 SUSE bug 1082063 SUSE bug 1082210 SUSE bug 1083417 SUSE bug 1083420 SUSE bug 1083422 SUSE bug 1083424 SUSE bug 1083426 CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095). - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650). - CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962). - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Fix excessive newline in /proc/*/status (bsc#1094823). - Fix the patch content (bsc#1085185) - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). Important SUSE bug 1068032 SUSE bug 1079152 SUSE bug 1082962 SUSE bug 1083650 SUSE bug 1083900 SUSE bug 1085185 SUSE bug 1086400 SUSE bug 1087007 SUSE bug 1087012 SUSE bug 1087036 SUSE bug 1087086 SUSE bug 1087095 SUSE bug 1089895 SUSE bug 1090534 SUSE bug 1090955 SUSE bug 1092497 SUSE bug 1092552 SUSE bug 1092813 SUSE bug 1092904 SUSE bug 1094033 SUSE bug 1094353 SUSE bug 1094823 SUSE bug 1095042 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1096728 SUSE bug 1097356 SUSE bug 973378 CVE-2017-13305 CVE-2017-18241 CVE-2017-18249 CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 cpe:/o:suse:suse-openstack-cloud:7 Recommended update for mariadb (Important) SUSE OpenStack Cloud 7 This MariaDB update to version 10.2.15 brings the following fixes and improvements. Security issues: - CVE-2018-2767: The embedded server library now supports SSL when connecting to remote servers (bsc#1088681). - Collected CVEs fixes: * 10.2.15: CVE-2018-2786, CVE-2018-2759, CVE-2018-2777, CVE-2018-2810, CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * 10.2.13: CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2612 * 10.2.10: CVE-2017-10378, CVE-2017-10268, CVE-2017-15365 * 10.2.8: CVE-2017-3636, CVE-2017-3641, CVE-2017-3653, CVE-2017-10320, CVE-2017-10365, CVE-2017-10379, CVE-2017-10384, CVE-2017-10286, CVE-2017-3257 * 10.2.6: CVE-2017-3308, CVE-2017-3309, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464 * 10.2.5: CVE-2017-3313, CVE-2017-3302 Bugfixes: - bsc#1092544: Update suse_skipped_tests.list and add tests that are failing with GCC 8. - bsc#1012075: MariaDB Test Suite issue with test sys_vars.secure_file_priv.test. - bsc#1019948: mariadb even tumbleweed version is super old. - bsc#1039034: no ODBC support in MariaDB Server. - bsc#1041891: Make mariadb tests pass and exclude failures. - bsc#1042632: Mariadb fails to build with openssl-1.1. - bsc#1043328: Update mariadb in TW to 10.2 and drop comat with mysql. - bsc#1047218: trackerbug: packages do not build reproducibly from including build time. - bsc#1055165: mariadb build with cassandra enabled. - bsc#1055268: MariaDB configurations are not overwritable. - bsc#1058374: Use bind-address directive and SSL section settings in default my.cnf. - bsc#1058729: MariaDB - mysql-test - connect.drop-open-error is failing (regression). - bsc#1060110: The mariadb install script depends on hostname but does not require it. - bsc#1062583: Stop using boost-devel. - bsc#1067443: incomplete revert of the mariadb service rename. - bsc#1068906: MariaDB: ALTER TABLE can't rename columns with CHECK constraints. - bsc#1069401: Database failed apply with mariadb 10.2 : RuntimeError: Galera cluster did not start after 600 seconds. - bsc#1080891: server:database/mariadb: up-streaming patches. - bsc#1083087: Galera bootstrap failes work after MariaDB 10.2.13 upgrade. - bsc#1082318: mariadb-connector-c.changes and xtrabackup need to use %doc instead of %license. Release notes and changelog: - https://mariadb.com/kb/en/library/mariadb-10215-release-notes - https://mariadb.com/kb/en/library/mariadb-10215-changelog Important SUSE bug 1012075 SUSE bug 1019948 SUSE bug 1039034 SUSE bug 1041891 SUSE bug 1042632 SUSE bug 1043328 SUSE bug 1047218 SUSE bug 1055165 SUSE bug 1055268 SUSE bug 1058374 SUSE bug 1058729 SUSE bug 1060110 SUSE bug 1062583 SUSE bug 1067443 SUSE bug 1068906 SUSE bug 1069401 SUSE bug 1080891 SUSE bug 1082318 SUSE bug 1083087 SUSE bug 1088681 SUSE bug 1092544 SUSE bug 1093130 CVE-2017-10268 CVE-2017-10286 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-15365 CVE-2017-3257 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3313 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Moderate) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Moderate) SUSE OpenStack Cloud 7 This update for nodejs6 to version 6.14.3 fixes the following issues: The following security vulnerability was addressed: - Fixed a denial of service (DoS) vulnerability in Buffer.fill(), which could hang when being called (CVE-2018-7167, bsc#1097375). The following other changes were made: - Use absolute paths in executable shebang lines - Fixed building with ICU61.1 (bsc#1091764) Moderate SUSE bug 1091764 SUSE bug 1097375 CVE-2018-7167 cpe:/o:suse:suse-openstack-cloud:7 Recommended update for ucode-intel (Important) SUSE OpenStack Cloud 7 The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1096141 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:suse-openstack-cloud:7 Security update for perl (Important) SUSE OpenStack Cloud 7 This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] Important SUSE bug 1068565 SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1082234 SUSE bug 1096718 CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:suse-openstack-cloud:7 Security update for shadow (Important) SUSE OpenStack Cloud 7 This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Important SUSE bug 1099310 CVE-2016-6252 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes: - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Important SUSE bug 1027519 SUSE bug 1087289 SUSE bug 1094725 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1097523 CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-sprockets-2_12 (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-sprockets-2_12 fixes the following issues: Security issue fixed: - CVE-2018-3760: Fix path traversal in sprockets/server.rb:forbidden_request?() that can allow remote attackers to read arbitrary files (bsc#1098369). Moderate SUSE bug 1098369 CVE-2018-3760 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Important) SUSE OpenStack Cloud 7 This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) The following other bugs were fixed: - Fix libnss_wins.so.2 link libreplace with rpath (bsc#1054849) Important SUSE bug 1054849 SUSE bug 1103411 CVE-2018-10858 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/o:suse:suse-openstack-cloud:7 Security update for clamav (Moderate) SUSE OpenStack Cloud 7 This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Moderate SUSE bug 1082858 SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 cpe:/o:suse:suse-openstack-cloud:7 Security update to ucode-intel (Important) SUSE OpenStack Cloud 7 ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Moderate) SUSE OpenStack Cloud 7 This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Moderate SUSE bug 1081741 SUSE bug 1103411 CVE-2018-1050 CVE-2018-10858 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5390 aka 'SegmentSmack': The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-9385: When printing the 'driver_override' option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: do not attach backing with duplicate UUID (bsc#1076110). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix for allocator and register thread race (bsc#1076110). - bcache: fix for data collapse after re-attaching an attached device (bsc#1076110). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: properly set task state in bch_writeback_thread() (bsc#1064232). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: return attach error when no cache set exist (bsc#1076110). - bcache: segregate flash only volume write streams (bsc#1076110). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - ext4: fix unsupported feature message formatting (bsc#1098435). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc@1097140). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: use atomic bitwise operations when handling reset requests (bsc#1101557). - kabi/severities: add PASS to drivers/md/bcache/*, no one uses bcache kernel module. - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - signals: avoid unnecessary taking of sighand->siglock (bsc#1096130). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/grant-table: log the lack of grants (bnc#1085042). Important SUSE bug 1064232 SUSE bug 1076110 SUSE bug 1083635 SUSE bug 1085042 SUSE bug 1086652 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1090123 SUSE bug 1091171 SUSE bug 1094248 SUSE bug 1096130 SUSE bug 1096480 SUSE bug 1096978 SUSE bug 1097140 SUSE bug 1097551 SUSE bug 1098016 SUSE bug 1098425 SUSE bug 1098435 SUSE bug 1099924 SUSE bug 1100089 SUSE bug 1100416 SUSE bug 1100418 SUSE bug 1100491 SUSE bug 1101557 SUSE bug 1102340 SUSE bug 1102851 SUSE bug 1103097 SUSE bug 1103119 SUSE bug 1103580 CVE-2017-18344 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-5814 CVE-2018-9385 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Important SUSE bug 1027519 SUSE bug 1091107 SUSE bug 1103276 CVE-2018-3646 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssh (Moderate) SUSE OpenStack Cloud 7 This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Moderate SUSE bug 1076957 CVE-2016-10708 cpe:/o:suse:suse-openstack-cloud:7 Security update for grafana, kafka, logstash and monasca-installer (Moderate) SUSE OpenStack Cloud 7 This update for grafana, kafka, logstash and monasca-installer fixes the following issues: The following security issues have been fixed: grafana: - CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in dashboard links. (bsc#1096985) kafka: - CVE-2018-1288: Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. (bsc#1102920) logstash: - CVE-2018-3817: Fix potential leak of sensitive data when logging warnings about deprecated options. (bsc#1090849) Additionally, the following non-security issues have been fixed: monasca-installer: - Add complete set of elasticsearch performance tunables. - Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343) - Fix bad elasticsearch-curator configuration. (bsc#1090192) - Enable bootstrap.memory_lock for Elasticsearch. (bsc#1090343) logstash: - Declare Gemfile as config to prevent loss of installed plugins when updating. - Stop installing prebuilt jruby for non-x86. kafka: - Update to version 0.10.2.2 (bsc#1102920, CVE-2018-1288) - Add noreplace directive for /etc/kafka/server.properties. - Reduce package ownership of tmpfiles.d to bare minium. (SLE12 SP2) - Set log rotation options. (bsc#1094448) - Disable jmxremote debugging. (bsc#1095603) - Increase open file limits. (bsc#1086909) Moderate SUSE bug 1086909 SUSE bug 1090192 SUSE bug 1090343 SUSE bug 1090849 SUSE bug 1094448 SUSE bug 1095603 SUSE bug 1096985 SUSE bug 1102920 CVE-2018-12099 CVE-2018-1288 CVE-2018-3817 cpe:/o:suse:suse-openstack-cloud:7 Security update for couchdb (Important) SUSE OpenStack Cloud 7 This update for couchdb to 1.7.2 fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API (bsc#1100973). - CVE-2017-12636: CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allowed an admin user in Apache CouchDB to execute arbitrary shell commands as the CouchDB user (bsc#1068386). Important SUSE bug 1068386 SUSE bug 1100973 CVE-2017-12636 CVE-2018-8007 cpe:/o:suse:suse-openstack-cloud:7 Security update for OpenStack (Moderate) SUSE OpenStack Cloud 7 This update for OpenStack fixes the following issues: The following security issue with openstack-keystone has been fixed: - CVE-2018-14432: Reduce duplication in federated authentication APIs. (bsc#1102151) Additionally, the following non-security issues have been fixed: openstack-dashboard: - Fetch and show Cinder availability zones list during volume creation and volume creation from image. (bsc#1100751) openstack-heat: - Add Trunk resource support. openstack-horizon-plugin-designate-ui: - Install all designate panels that are available. openstack-nova: - Stop _undefine_domain erroring if domain not found. (bsc#1099902) - Fix Nova to allow using cinder v3 endpoint. (bsc#1095482) python-os-vif: - Check if interface belongs to a Linux Bridge before removing. (bsc#1084724) Moderate SUSE bug 1084724 SUSE bug 1095482 SUSE bug 1099902 SUSE bug 1100751 SUSE bug 1102151 CVE-2018-14432 cpe:/o:suse:suse-openstack-cloud:7 Security update for crowbar, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui (Moderate) SUSE OpenStack Cloud 7 This update for crowbar, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui fixes the following issues: This security issues was fixed: - CVE-2018-3760: Upgrade rubygem-sprockets to prevent an information leak. Specially crafted requests could have been be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production (bsc#1098369). - CVE-2016-861: Add rate limiting for glance api (bsc#1005886) These non-security issues were fixed for crowbar: - upgrade: Lock crowbar-ui before admin upgrade - upgrade: Make sure schemas are properly migrated after the upgrade These non-security issues were fixed for crowbar-core: - upgrade: Add the upgrade menu entry - upgrade: Fix upgrade link - apache: copytruncate apache logs bsc#1083093 - Fix exception handling in get_log_lines - upgrade: Raise the default timeouts for most time consuming actions - upgrade: Do not allow manila-share on compute nodes - control_lib: fix host allocation check - upgrade: Check input is a valid node for nodes - upgrade: Provide better information after the failure - upgrade: Report missing scripts - upgrade: Improve error messages with lists - upgrade: Do not allow cinder-volume on compute nodes - upgrade: Fix file layout for rails' autoloading (bsc#1096759) - upgrade: Added API calls for postponing/resuming compute nodes upgrade - upgrade: Unlock crowbar-ui after completed upgrade - upgrade: Do not check if ceph roles are present on compute nodes - upgrade: Fix labels for SOC8 repositories - upgrade: Finish only controllers step These non-security issues were fixed for crowbar-ha: - haproxy: increased SSL stick table to 100k - DRBD: Fix DRBD resources setup on reinstall node - pacemaker: allow multiple meta parameters (bsc#1093898) These non-security issues were fixed for crowbar-openstack: - nova: reload nova-placement-api (bsc#1103383) - Synchronize SSL in the cluster (bsc#1081518) - neutron: add force_metadata attribute - copytruncate apache logs instead of creating - rabbitmq: set client timout to default value - Revert 'database: Split database-server role into backend specific roles' - Revert 'database: Allow parallel deployments of postgresql and mysql' - Revert 'database: Allow parallel HA deployment of PostgreSQL and MariaDB' - Revert 'database: Fix 'Attributes' UI after role renaming' - Revert 'monasca: Fix check for mysql after it got moved to a separate role' - Revert 'Restore caching of db_settings' - Revert 'database: Migration fixes for separate DB roles' - database: Migration fixes for separate DB roles - Restore caching of db_settings - monasca: Fix check for mysql after it got moved to a separate role - database: Fix 'Attributes' UI after role renaming - database: Allow parallel HA deployment of PostgreSQL and MariaDB - database: Allow parallel deployments of postgresql and mysql - database: Split database-server role into backend specific roles - Do not automatically put manila-share roles to compute nodes - rabbitmq: check for rabbit readiness - rabbitmq: Make sure rabbit is running on cluster - monasca: various monasca-installer improvements - manila: Correct field name for cluster name - mariadb: Add prefix to configs - mariadb: Remove redundant config values - aodh: Add config for alarm_history_ttl (bsc#1073703) These non-security issues were fixed for crowbar-ui: - upgrade: Dummy backend for status testing - upgrade: Refactor postpone nodes upgrade - upgrade: Allow interruption of status wait loop - upgrade: Added ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - upgrade: Add ability to postpone upgrade nodes - Add ability to postpone upgrade - upgrade: Remove openstack precheck - upgrade: Fixed error key for ha_configured - upgrade: Remove CEPH related code - Remove the non-essential database-configuration controller - remove ui typo test - Remove database configuration option - upgrade: Update SUSE-OpenStack-Cloud-8 label - upgrade: Update admin and nodes repo names - enable and document docker development environment Moderate SUSE bug 1005886 SUSE bug 1073703 SUSE bug 1081518 SUSE bug 1083093 SUSE bug 1093898 SUSE bug 1096759 SUSE bug 1098369 SUSE bug 1103383 CVE-2016-8611 CVE-2018-3760 cpe:/o:suse:suse-openstack-cloud:7 Security update for libvirt (Moderate) SUSE OpenStack Cloud 7 This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) These non-security issues were fixed: - bsc#1100112: schema: allow any strings in smbios entry qemu: escape smbios entry strings - bsc#1091427: libxl: fix segfault in libxlReconnectDomain - bsc#959329: libxl: don't set hasManagedSave when performing save Moderate SUSE bug 1079869 SUSE bug 1091427 SUSE bug 1094325 SUSE bug 1094725 SUSE bug 1100112 SUSE bug 959329 CVE-2017-5715 cpe:/o:suse:suse-openstack-cloud:7 Security update for dovecot22 (Important) SUSE OpenStack Cloud 7 This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) Important SUSE bug 1082828 CVE-2017-15130 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018). Important SUSE bug 1104668 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:suse-openstack-cloud:7 Security update for libzypp, zypper (Important) SUSE OpenStack Cloud 7 This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML <install-summary> attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) - do not recommend cron (bsc#1079334) - Improve signature check callback messages (bsc#1045735) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735) Important SUSE bug 1036304 SUSE bug 1045735 SUSE bug 1049825 SUSE bug 1070851 SUSE bug 1076192 SUSE bug 1079334 SUSE bug 1088705 SUSE bug 1091624 SUSE bug 1092413 SUSE bug 1096803 SUSE bug 1099847 SUSE bug 1100028 SUSE bug 1101349 SUSE bug 1102429 CVE-2017-9269 CVE-2018-7685 cpe:/o:suse:suse-openstack-cloud:7 Security update for openslp (Important) SUSE OpenStack Cloud 7 This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Moderate) SUSE OpenStack Cloud 7 This update for nodejs6 to version 6.14.4 fixes the following issues: Security issues fixed: CVE-2018-12115: Fixed an out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (bsc#1105019) CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter (bsc#1097158) Other issues fixed: - Recommend same major version npm package (bsc#1097748) Moderate SUSE bug 1097158 SUSE bug 1097748 SUSE bug 1105019 CVE-2018-0732 CVE-2018-12115 cpe:/o:suse:suse-openstack-cloud:7 Security update for apache2 (Moderate) SUSE OpenStack Cloud 7 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the 'Location' or other outbound header key or value. (bsc#1104826) Moderate SUSE bug 1016715 SUSE bug 1104826 CVE-2016-4975 CVE-2016-8743 cpe:/o:suse:suse-openstack-cloud:7 Security update for gnutls (Moderate) SUSE OpenStack Cloud 7 This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Moderate SUSE bug 1047002 SUSE bug 1105437 SUSE bug 1105459 SUSE bug 1105460 CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Moderate) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668) - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668) - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668) - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668) - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) Moderate SUSE bug 1104668 CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Moderate) SUSE OpenStack Cloud 7 This update for nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes: - Update to LTS release 6.12.2 (bsc#1072322): * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ * https://nodejs.org/en/blog/release/v6.12.2/ * https://nodejs.org/en/blog/release/v6.12.1/ * https://nodejs.org/en/blog/release/v6.12.0/ * https://nodejs.org/en/blog/release/v6.11.5/ * https://nodejs.org/en/blog/release/v6.11.4/ * https://nodejs.org/en/blog/release/v6.11.3/ * https://nodejs.org/en/blog/release/v6.11.2/ Moderate SUSE bug 1056058 SUSE bug 1066242 SUSE bug 1072322 CVE-2017-14919 CVE-2017-15896 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 cpe:/o:suse:suse-openstack-cloud:7 Security update for wireshark (Moderate) SUSE OpenStack Cloud 7 This update for wireshark to version 2.4.9 fixes the following issues: Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Moderate SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 SUSE bug 1106514 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 cpe:/o:suse:suse-openstack-cloud:7 Security update for smt, yast2-smt (Important) SUSE OpenStack Cloud 7 This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) Important SUSE bug 1006984 SUSE bug 1006989 SUSE bug 1037811 SUSE bug 1097560 SUSE bug 1097824 SUSE bug 1103809 SUSE bug 1103810 SUSE bug 1104076 SUSE bug 977043 CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 cpe:/o:suse:suse-openstack-cloud:7 Security update for yast2-smt (Important) SUSE OpenStack Cloud 7 This update fixes the following issues in yast2-smt: - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Added missing translation marks (bsc#1037811) - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. Important SUSE bug 1037811 SUSE bug 1097560 SUSE bug 977043 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Moderate) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Moderate SUSE bug 1089039 SUSE bug 1101246 SUSE bug 1101470 SUSE bug 1104789 SUSE bug 1106197 SUSE bug 997043 CVE-2018-0737 cpe:/o:suse:suse-openstack-cloud:7 Security update for qemu (Moderate) SUSE OpenStack Cloud 7 This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Moderate SUSE bug 1092885 SUSE bug 1096223 SUSE bug 1098735 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 cpe:/o:suse:suse-openstack-cloud:7 Security update for ghostscript (Important) SUSE OpenStack Cloud 7 This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the 'CS' and 'SC' PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in 'ztype' could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect 'restoration of privilege' checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Important SUSE bug 1106171 SUSE bug 1106172 SUSE bug 1106173 SUSE bug 1106195 SUSE bug 1107410 SUSE bug 1107411 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107422 SUSE bug 1107423 SUSE bug 1107426 SUSE bug 1107581 SUSE bug 1108027 SUSE bug 1109105 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 cpe:/o:suse:suse-openstack-cloud:7 Security update for openslp (Important) SUSE OpenStack Cloud 7 This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to '&#xa;' - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1106812 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 cpe:/o:suse:suse-openstack-cloud:7 Security update for qpdf (Moderate) SUSE OpenStack Cloud 7 This update for qpdf fixes the following issues: qpdf was updated to 7.1.1. Security issues fixed: - CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577). - CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579). - CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578). - CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581). - CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960). - CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312). - CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313). - CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311). * Check release notes for detailed bug fixes. * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes Moderate SUSE bug 1040311 SUSE bug 1040312 SUSE bug 1040313 SUSE bug 1050577 SUSE bug 1050578 SUSE bug 1050579 SUSE bug 1050581 SUSE bug 1055960 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql10 (Moderate) SUSE OpenStack Cloud 7 This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a 'x.y' format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Moderate SUSE bug 1108308 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-10938: A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw (bnc#1106016). - CVE-2018-10940: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bnc#1092903). - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-13093: There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13094: An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-13095: A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-14678: The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges (bnc#1102715). - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 (bnc#1107689). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). The following security bugs were fixed: - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863). The following non-security bugs were fixed: - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - kABI: protect struct x86_emulate_ops (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: MMU: always terminate page walks at level 1 (bsc#1062604). - kvm: MMU: simplify last_pte_bitmap (bsc#1062604). - kvm: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108239). - net: ena: fix device destruction to gracefully free resources (bsc#1108239). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239). - net: ena: fix incorrect usage of memory barriers (bsc#1108239). - net: ena: fix missing calls to READ_ONCE (bsc#1108239). - net: ena: fix missing lock during device destruction (bsc#1108239). - net: ena: fix potential double ena_destroy_device() (bsc#1108239). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108239). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382 bsc#1100152). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfs: Use an appropriate work queue for direct-write completion (bsc#1082519). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - provide special timeout module parameters for EC2 (bsc#1065364). - stop_machine: Atomically queue and wake stopper threads (git-fixes). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86: Drop kernel trampoline stack. It is involved in breaking kdump/kexec infrastucture. (bsc#1099597) - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Important SUSE bug 1012382 SUSE bug 1042286 SUSE bug 1062604 SUSE bug 1064232 SUSE bug 1065364 SUSE bug 1082519 SUSE bug 1082863 SUSE bug 1084536 SUSE bug 1085042 SUSE bug 1088810 SUSE bug 1089066 SUSE bug 1092903 SUSE bug 1094466 SUSE bug 1095344 SUSE bug 1096547 SUSE bug 1097104 SUSE bug 1099597 SUSE bug 1099811 SUSE bug 1099813 SUSE bug 1099844 SUSE bug 1099845 SUSE bug 1099846 SUSE bug 1099849 SUSE bug 1099863 SUSE bug 1099864 SUSE bug 1099922 SUSE bug 1099993 SUSE bug 1099999 SUSE bug 1100000 SUSE bug 1100001 SUSE bug 1100152 SUSE bug 1102517 SUSE bug 1102715 SUSE bug 1102870 SUSE bug 1103445 SUSE bug 1104319 SUSE bug 1104495 SUSE bug 1105292 SUSE bug 1105296 SUSE bug 1105322 SUSE bug 1105348 SUSE bug 1105396 SUSE bug 1105536 SUSE bug 1106016 SUSE bug 1106095 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1106512 SUSE bug 1106594 SUSE bug 1107689 SUSE bug 1107735 SUSE bug 1107966 SUSE bug 1108239 SUSE bug 1108399 SUSE bug 1109333 CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14617 CVE-2018-14678 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 CVE-2018-7480 CVE-2018-7757 CVE-2018-9363 cpe:/o:suse:suse-openstack-cloud:7 Security update for binutils (Moderate) SUSE OpenStack Cloud 7 This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a 'SECTION' type that has a '0' value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to 'no'. - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add '-z undefs' command line option as the inverse of the '-z defs' option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during 'objdump -D' execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). Moderate SUSE bug 1029907 SUSE bug 1029908 SUSE bug 1029909 SUSE bug 1030296 SUSE bug 1030297 SUSE bug 1030298 SUSE bug 1030584 SUSE bug 1030585 SUSE bug 1030588 SUSE bug 1030589 SUSE bug 1031590 SUSE bug 1031593 SUSE bug 1031595 SUSE bug 1031638 SUSE bug 1031644 SUSE bug 1031656 SUSE bug 1037052 SUSE bug 1037057 SUSE bug 1037061 SUSE bug 1037066 SUSE bug 1037273 SUSE bug 1044891 SUSE bug 1044897 SUSE bug 1044901 SUSE bug 1044909 SUSE bug 1044925 SUSE bug 1044927 SUSE bug 1065643 SUSE bug 1065689 SUSE bug 1065693 SUSE bug 1068640 SUSE bug 1068643 SUSE bug 1068887 SUSE bug 1068888 SUSE bug 1068950 SUSE bug 1069176 SUSE bug 1069202 SUSE bug 1074741 SUSE bug 1077745 SUSE bug 1079103 SUSE bug 1079741 SUSE bug 1080556 SUSE bug 1081527 SUSE bug 1083528 SUSE bug 1083532 SUSE bug 1085784 SUSE bug 1086608 SUSE bug 1086784 SUSE bug 1086786 SUSE bug 1086788 SUSE bug 1090997 SUSE bug 1091015 SUSE bug 1091365 SUSE bug 1091368 CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Moderate) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) Non security issues fixed: - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Moderate SUSE bug 1094508 SUSE bug 1103276 SUSE bug 1111014 CVE-2018-15468 CVE-2018-17963 cpe:/o:suse:suse-openstack-cloud:7 Security update for ntp (Moderate) SUSE OpenStack Cloud 7 NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql96 (Important) SUSE OpenStack Cloud 7 This update for postgresql96 to 9.6.10 fixes the following issues: These security issues were fixed: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with 'INSERT ... ON CONFLICT DO UPDATE'. An attacker with 'CREATE TABLE' privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain 'INSERT' and limited 'UPDATE' privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202) For addition details please see https://www.postgresql.org/docs/current/static/release-9-6-10.html Important SUSE bug 1104199 SUSE bug 1104202 CVE-2018-10915 CVE-2018-10925 cpe:/o:suse:suse-openstack-cloud:7 Security update for clamav (Moderate) SUSE OpenStack Cloud 7 This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:suse-openstack-cloud:7 Security update for net-snmp (Important) SUSE OpenStack Cloud 7 This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Important SUSE bug 1027353 SUSE bug 1081164 SUSE bug 1102775 SUSE bug 1111122 CVE-2018-18065 cpe:/o:suse:suse-openstack-cloud:7 Security update for smt (Moderate) SUSE OpenStack Cloud 7 SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Moderate SUSE bug 1104076 SUSE bug 1111056 CVE-2018-12472 cpe:/o:suse:suse-openstack-cloud:7 Security update for apache2 (Important) SUSE OpenStack Cloud 7 This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Important SUSE bug 1109961 CVE-2018-11763 cpe:/o:suse:suse-openstack-cloud:7 Security update for wireshark (Important) SUSE OpenStack Cloud 7 This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Important SUSE bug 1111647 CVE-2018-12086 CVE-2018-18227 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T?BİTAK UEKAE K?k Sertifika Hizmet Sağlayıcısı - S?r?m 3 ACEDICOM Root Certinomis - Autorit? Racine T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı PSCProcert CA 沃通根证书, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Important SUSE bug 1012260 SUSE bug 1021577 SUSE bug 1026191 SUSE bug 1041469 SUSE bug 1041894 SUSE bug 1049703 SUSE bug 1061204 SUSE bug 1064786 SUSE bug 1065464 SUSE bug 1066489 SUSE bug 1073210 SUSE bug 1078436 SUSE bug 1091551 SUSE bug 1092697 SUSE bug 1094767 SUSE bug 1096515 SUSE bug 1107343 SUSE bug 1108771 SUSE bug 1108986 SUSE bug 1109363 SUSE bug 1109465 SUSE bug 1110506 SUSE bug 1110507 SUSE bug 703591 SUSE bug 839074 SUSE bug 857131 SUSE bug 893359 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 cpe:/o:suse:suse-openstack-cloud:7 Security update for systemd (Important) SUSE OpenStack Cloud 7 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for 'add support for sector-size= option' - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. Important SUSE bug 1106923 SUSE bug 1108835 SUSE bug 1109252 SUSE bug 1110445 SUSE bug 1111278 SUSE bug 1112024 SUSE bug 1113083 SUSE bug 1113632 SUSE bug 1113665 CVE-2018-15686 CVE-2018-15688 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Moderate) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Moderate SUSE bug 1112209 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:suse-openstack-cloud:7 Security update for rpm (Important) SUSE OpenStack Cloud 7 This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Important SUSE bug 943457 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql94 (Important) SUSE OpenStack Cloud 7 This update for postgresql94 to 9.4.19 fixes the following security issue: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199). A dump/restore is not required for this update unless you use the functions query_to_xml, cursor_to_xml, cursor_to_xmlschema, query_to_xmlschema, and query_to_xml_and_xmlschema. In this case please see the first entry of https://www.postgresql.org/docs/9.4/static/release-9-4-18.html Important SUSE bug 1104199 CVE-2018-10915 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssh (Moderate) SUSE OpenStack Cloud 7 This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 964336 CVE-2018-15473 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-oslo.cache, python-oslo.concurrency, python-oslo.db, python-oslo.log, python-oslo.messaging, python-oslo.middleware, python-oslo.serialization, python-oslo.service, python-oslo.utils, python-oslo.versionedobjects, python-oslo.vmware, python-oslotest (Moderate) SUSE OpenStack Cloud 7 This update for python-oslo.cache, python-oslo.concurrency, python-oslo.db, python-oslo.log, python-oslo.messaging, python-oslo.middleware, python-oslo.serialization, python-oslo.service, python-oslo.utils, python-oslo.versionedobjects, python-oslo.vmware, python-oslotest fixes the following issues: python-oslo.cache was updated to 1.14.1: - use stable/newton constraints python-oslo.concurrency was updated to version 3.14.1: - Ignore prlimit argument on Windows - Update .gitreview for stable/newton python-oslo.db was updated to version 4.13.6: - Fix marker checking when value is None python-oslo.log was updated to version 3.16.1: - Fix races in unit tests python-oslo.messaging was updated to fix: - Skip logging sensitive information to avoid credential leak - Avoid reconnect to the same AMQP server while trying to error handle the original server error (bsc#1109756) python-oslo.middleware was updated to version 3.19.1: - Filter token data out of catch_errors middleware (CVE-2017-2592 bsc#1022043) python-oslo.serialization was updated to version 2.13.2: - Don't iterate through addresses in netaddr.IPNetwork python-oslo.service was updated to version 1.16.1: - Fix race condition with fast threads python-oslo.utils was updated to version 3.16.1: - Updated from global requirements python-oslo.versionedobjects was updated to version 1.17.1: - update from global requirements python-oslo.vmware was updated to version 2.14.1: - Updated from global requirements python-oslotest was updated to version 2.10.1: - Updated from global requirements Moderate SUSE bug 1022043 SUSE bug 1109756 CVE-2017-2592 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-cryptography, python-pyOpenSSL (Important) SUSE OpenStack Cloud 7 This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) - avoid bad interaction with python-cryptography package. (bsc#1021578) Important SUSE bug 1021578 SUSE bug 1111634 SUSE bug 1111635 CVE-2018-1000807 CVE-2018-1000808 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Important) SUSE OpenStack Cloud 7 java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:suse-openstack-cloud:7 Security update for ghostscript (Important) SUSE OpenStack Cloud 7 This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Important SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117274 SUSE bug 1117313 SUSE bug 1117327 SUSE bug 1117331 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 cpe:/o:suse:suse-openstack-cloud:7 Security update for git (Important) SUSE OpenStack Cloud 7 This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Important SUSE bug 1110949 CVE-2018-17456 cpe:/o:suse:suse-openstack-cloud:7 Security update for libqt5-qtbase (Moderate) SUSE OpenStack Cloud 7 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Moderate SUSE bug 1118595 SUSE bug 1118596 CVE-2018-15518 CVE-2018-19873 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Important SUSE bug 1097410 SUSE bug 1106873 SUSE bug 1119069 SUSE bug 1119105 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/o:suse:suse-openstack-cloud:7 Security update for qemu (Moderate) SUSE OpenStack Cloud 7 This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Moderate SUSE bug 1106222 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1114422 CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 cpe:/o:suse:suse-openstack-cloud:7 Security update for mailman (Important) SUSE OpenStack Cloud 7 This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Important SUSE bug 1077358 SUSE bug 1099510 SUSE bug 1101288 SUSE bug 925502 SUSE bug 995352 CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 cpe:/o:suse:suse-openstack-cloud:7 Security update for ansible (Important) SUSE OpenStack Cloud 7 This update for ansible fixes the following issues: - CVE-2017-7550: A flaw was found in the way Ansible passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the 'params' argument, and noting this in the module documentation. (bsc#1065872) Important SUSE bug 1065872 CVE-2017-7550 cpe:/o:suse:suse-openstack-cloud:7 Security update for memcached (Important) SUSE OpenStack Cloud 7 This update for memcached fixes the following issues: Security issues fixed: - CVE-2011-4971: remote DoS (bsc#817781). - CVE-2013-0179: DoS when printing out keys to be deleted in verbose mode (bsc#798458). - CVE-2013-7239: SASL authentication allows wrong credentials to access memcache (bsc#857188). - CVE-2013-7290: remote DoS (segmentation fault) via a request to delete a key (bsc#858677). - CVE-2013-7291: remote DoS (crash) via a request that triggers 'unbounded key print' (bsc#858676). - CVE-2016-8704: Server append/prepend remote code execution (bsc#1007871). - CVE-2016-8705: Server update remote code execution (bsc#1007870). - CVE-2016-8706: Server ASL authentication remote code execution (bsc#1007869). - CVE-2017-9951: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705) (bsc#1056865). Important SUSE bug 1007869 SUSE bug 1007870 SUSE bug 1007871 SUSE bug 1056865 SUSE bug 798458 SUSE bug 817781 SUSE bug 857188 SUSE bug 858676 SUSE bug 858677 CVE-2011-4971 CVE-2013-0179 CVE-2013-7239 CVE-2013-7290 CVE-2013-7291 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706 CVE-2017-9951 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-paramiko (Important) SUSE OpenStack Cloud 7 This update for python-paramiko fixes the following issues: - CVE-2018-7750: Fixed transport.py in the SSH server implementation of Paramiko that does not properly check whether authentication is completed before processing other requests (bsc#1085276). Important SUSE bug 1085276 CVE-2018-7750 cpe:/o:suse:suse-openstack-cloud:7 Security update for erlang (Moderate) SUSE OpenStack Cloud 7 This update for erlang fixes the following security issue: - CVE-2017-1000385: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself. (bsc#1070960) Moderate SUSE bug 1070960 CVE-2017-1000385 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Django (Moderate) SUSE OpenStack Cloud 7 This update for python-Django fixes the following issues: Security issues fixed: - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. (bsc#1083305) - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters. (bsc#1083304) - CVE-2017-12794: Fixed XSS possibility in traceback section of technical 500 debug page (bsc#1056284) - CVE-2017-7234: Open redirect vulnerability in django.views.static.serve() (bsc#1031451) - CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (bsc#1031450) - CVE-2016-9014: DNS rebinding vulnerability when DEBUG=True (bsc#1008047) - CVE-2016-9013: User with hardcoded password created when running tests on Oracle (bsc#1008050) - CVE-2016-7401: CSRF protection bypass on a site with Google Analytics (bsc#1001374) Moderate SUSE bug 1001374 SUSE bug 1008047 SUSE bug 1008050 SUSE bug 1031450 SUSE bug 1031451 SUSE bug 1056284 SUSE bug 1083304 SUSE bug 1083305 CVE-2016-7401 CVE-2016-9013 CVE-2016-9014 CVE-2017-12794 CVE-2017-7233 CVE-2017-7234 CVE-2018-7536 CVE-2018-7537 cpe:/o:suse:suse-openstack-cloud:7 Security update for apache2 (Moderate) SUSE OpenStack Cloud 7 This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \'Session\' header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. [bsc#1086820] Moderate SUSE bug 1086774 SUSE bug 1086775 SUSE bug 1086813 SUSE bug 1086814 SUSE bug 1086817 SUSE bug 1086820 CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (bsc#1075428). - Revert 'e1000e: Separate signaling for link check/link up' (bsc#1075428). - Revert 'led: core: Fix brightness setting when setting delay_off=0' (bnc#1012382). - Revert 'watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).' This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dm io: fix duplicate bio completion due to missing ref count (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bnc#1012382). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - perf/x86/intel: Add model number for Skylake Server to perf (FATE#321269). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - storvsc: do not schedule work elements during host reset (bsc#1070536, bsc#1057734). - storvsc_drv: use embedded work structure for host rescan (bsc#1070536, bsc#1057734). - storvsc_drv: use separate workqueue for rescan (bsc#1070536, bsc#1057734). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Important SUSE bug 1012382 SUSE bug 1031717 SUSE bug 1046610 SUSE bug 1057734 SUSE bug 1070536 SUSE bug 1075428 SUSE bug 1076847 SUSE bug 1077560 SUSE bug 1082153 SUSE bug 1082299 SUSE bug 1083125 SUSE bug 1083745 SUSE bug 1083836 SUSE bug 1084353 SUSE bug 1084610 SUSE bug 1084721 SUSE bug 1084829 SUSE bug 1085042 SUSE bug 1085185 SUSE bug 1085224 SUSE bug 1085402 SUSE bug 1085404 SUSE bug 1086162 SUSE bug 1086194 SUSE bug 1087088 SUSE bug 1087260 SUSE bug 1087845 SUSE bug 1088241 SUSE bug 1088242 SUSE bug 1088600 SUSE bug 1088684 SUSE bug 1089198 SUSE bug 1089608 SUSE bug 1089644 SUSE bug 1089752 SUSE bug 1090643 CVE-2017-18257 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Pillow (Moderate) SUSE OpenStack Cloud 7 This update for python-Pillow fixes the following issues: * CVE-2016-9190: Pillow allows context-dependent attackers to execute arbitrary code by using the \'crafted image file\' approach, related to an \'Insecure Sign Extension\' issue affecting the ImagingNew in Storage.c component. (bsc#1008846) * CVE-2016-3076: Heap-based buffer overflow in the j2k_encode_entry function allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. (bsc#973786) Moderate SUSE bug 1008846 SUSE bug 973786 CVE-2016-3076 CVE-2016-9190 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Moderate) SUSE OpenStack Cloud 7 This update for nodejs6 fixes the following issues: - Fix some node-gyp permissions - New upstream LTS release 6.14.1: * Security fixes: + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability (bsc#1087463) + CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459) + CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453) - New upstream LTS release 6.13.1: * http,tls: better support for IPv6 addresses * console: added console.count() and console.clear() * crypto: + expose ECDH class + added cypto.randomFill() and crypto.randomFillSync() + warn on invalid authentication tag length * deps: upgrade libuv to 1.16.1 * dgram: added socket.setMulticastInterface() * http: add agent.keepSocketAlive and agent.reuseSocket as to allow overridable keep-alive behavior of Agent * lib: return this from net.Socket.end() * module: add builtinModules api that provides list of all builtin modules in Node * net: return this from getConnections() * promises: more robust stringification for unhandled rejections * repl: improve require() autocompletion * src: + add openssl-system-ca-path configure option + add --use-bundled-ca --use-openssl-ca check + add process.ppid * tls: accept lookup option for tls.connect() * tools,build: a new macOS installer! * url: WHATWG URL api support * util: add %i and %f formatting specifiers - remove any old manpage files in %pre from before update-alternatives were used to manage symlinks to these manpages. - Add Recommends and BuildRequire on python2 for npm. node-gyp requires this old version of python for now. This is only needed for binary modules. - even on recent codestreams there is no binutils gold on s390 only on s390x - New upstream LTS release 6.12.3: * v8: profiler-related fixes * mostly documentation and test related changes - Enable CI tests in %check target Moderate SUSE bug 1087453 SUSE bug 1087459 SUSE bug 1087463 CVE-2018-7158 CVE-2018-7159 CVE-2018-7160 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-pysaml2 (Low) SUSE OpenStack Cloud 7 This update for python-pysaml2 fixes the following issues: - CVE-2017-1000433: When python optimizations are enabled, any user is able to login without knowing their password. (bsc#1074662) Low SUSE bug 1074662 CVE-2017-1000433 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). These non-security issues were fixed: - bsc#1086039: Ensure that Dom0 does represent DomU cpu flags correctly - bsc#1027519: Fixed shadow mode guests Important SUSE bug 1027519 SUSE bug 1086039 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2018-10471 CVE-2018-10472 CVE-2018-8897 cpe:/o:suse:suse-openstack-cloud:7 Security update for curl (Moderate) SUSE OpenStack Cloud 7 This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098) Non security issues fixed: - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825) Moderate SUSE bug 1086825 SUSE bug 1092098 CVE-2018-1000301 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox to the ESR 52.8 release fixes the following issues: Mozil to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/o:suse:suse-openstack-cloud:7 Security update for qemu (Important) SUSE OpenStack Cloud 7 This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This feature was added: - Add support for block resize support for xen disks through the monitor This non-security issue was fixed: - bsc#1079405: Add new look up path 'sys/class/tpm' for tpm cancel path based on Linux 4.0 change Important SUSE bug 1079405 SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' The following related and non-security bugs were fixed: - cpuid: Fix cpuid.edx.7.0 propagation to guest - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). Important SUSE bug 1056427 SUSE bug 1068032 SUSE bug 1075087 SUSE bug 1080157 SUSE bug 1087082 SUSE bug 1090953 SUSE bug 1091041 SUSE bug 1092289 SUSE bug 1093215 SUSE bug 1094019 CVE-2018-3639 cpe:/o:suse:suse-openstack-cloud:7 Security update for bash (Moderate) SUSE OpenStack Cloud 7 This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299) - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) Non-security issues fixed: - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247) Moderate SUSE bug 1000396 SUSE bug 1001299 SUSE bug 1086247 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:suse-openstack-cloud:7 Security update for icu (Moderate) SUSE OpenStack Cloud 7 icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999) Moderate SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 1087932 SUSE bug 929629 SUSE bug 990636 CVE-2014-8146 CVE-2014-8147 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:suse-openstack-cloud:7 Security update for openstack-nova (Low) SUSE OpenStack Cloud 7 This update for openstack-nova fixes the following bugs and security issues: The following security-issue has been fixed: - CVE-2017-18191: libvirt: Block swap volume attempts with encrypted volumes. (bsc#1081685) Additionally, the following bugs have been fixed: - Set TasksMax to infinity for openstack-nova-compute. (bsc#1070603) - Fix qemu-img convert image incompatability in alpine linux. (bsc#1073933) - Update openstack-nova-placement-api handling. + Remove the systemd .service file. the placement-api should run in a real WSGI container. + Add a apache vhost sample configuration. Low SUSE bug 1070603 SUSE bug 1073933 SUSE bug 1081685 CVE-2017-18191 cpe:/o:suse:suse-openstack-cloud:7 Security update for ImageMagick (Moderate) SUSE OpenStack Cloud 7 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 cpe:/o:suse:suse-openstack-cloud:7 Security update for freeradius-server (Important) SUSE OpenStack Cloud 7 This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Important SUSE bug 1132549 SUSE bug 1132664 CVE-2019-11234 CVE-2019-11235 cpe:/o:suse:suse-openstack-cloud:7 Security update for libssh2_org (Important) SUSE OpenStack Cloud 7 This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:suse-openstack-cloud:7 Security update for wpa_supplicant (Moderate) SUSE OpenStack Cloud 7 This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). Moderate SUSE bug 1104205 SUSE bug 1109209 CVE-2018-14526 cpe:/o:suse:suse-openstack-cloud:7 Security update for atftp (Important) SUSE OpenStack Cloud 7 This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:suse-openstack-cloud:7 Security update for krb5 (Important) SUSE OpenStack Cloud 7 This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Important SUSE bug 1120489 CVE-2018-20217 cpe:/o:suse:suse-openstack-cloud:7 Security update for hostinfo, supportutils (Important) SUSE OpenStack Cloud 7 This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) Important SUSE bug 1054979 SUSE bug 1099498 SUSE bug 1115245 SUSE bug 1117751 SUSE bug 1117776 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 SUSE bug 1125623 SUSE bug 1125666 CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Moderate) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: - Reject invalid EC point coordinates (bsc#1131291) This helps openssl using services that do not do this verification on their own. Moderate SUSE bug 1131291 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Moderate) SUSE OpenStack Cloud 7 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Save registry file outside share as unprivileged user (bsc#1131060). Non-security issue fixed: - Backport changes to support quotas with SMB2 (bsc#1106119). Moderate SUSE bug 1106119 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Moderate) SUSE OpenStack Cloud 7 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fixed an issue where the first login failed and subsequent ones work (bsc#1126463). - Fixed winbind running out of memory with high number of domain groups (bsc#1114459). - Backport changes to support quotas with SMB2 (bsc#1106119). Moderate SUSE bug 1087481 SUSE bug 1106119 SUSE bug 1114459 SUSE bug 1126463 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:suse-openstack-cloud:7 Security update for jakarta-commons-fileupload (Important) SUSE OpenStack Cloud 7 This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Important SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1133135 CVE-2018-11212 CVE-2018-3639 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Important) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:suse-openstack-cloud:7 Security update for systemd (Important) SUSE OpenStack Cloud 7 This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) Important SUSE bug 1080919 SUSE bug 1121563 SUSE bug 1125352 SUSE bug 1126056 SUSE bug 1127557 SUSE bug 1128657 SUSE bug 1130230 SUSE bug 1132348 SUSE bug 1132400 SUSE bug 1132721 SUSE bug 955942 CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 cpe:/o:suse:suse-openstack-cloud:7 Security update for qemu (Important) SUSE OpenStack Cloud 7 This update for qemu fixes the following issues: Following security issues were fixed: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Important SUSE bug 1111331 SUSE bug 1129622 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network could use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. (bnc#1096748). - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. (bnc#1096748). - CVE-2016-8636: Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c allowed local users to cause a denial of service (memory corruption), obtain sensitive information or possibly have unspecified other impact via a write or read request involving the 'RDMA protocol over infiniband' (aka Soft RoCE) technology (bnc#1024908). - CVE-2017-18174: In the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533). - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c has multiple race conditions (bnc#1133188). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (bsc#1131427). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2019-9503, CVE-2019-8564: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828, bnc#1132673). The following non-security bugs were fixed: - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - add mainline tags to four hyperv patches - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - Drivers: hv: vmbus: Define an API to retrieve virtual processor index (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the event page (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the message page (bsc#1122822).++ kernel-source.spec (revision 4)Release: &lt;RELEASE>.gbd4498d - Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt controller (bsc#1122822). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1111331). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - MDS: Add CVE refs - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1129279). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1129279). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1129279). - net: ena: complete host info to match latest ENA spec (bsc#1129279). - net: ena: enable Low Latency Queues (bsc#1129279). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1129279). - net: ena: fix auto casting to boolean (bsc#1129279). - net: ena: fix compilation error in xtensa architecture (bsc#1129279). - net: ena: fix crash during ena_remove() (bsc#1129279). - net: ena: fix crash during failed resume from hibernation (bsc#1129279). - net: ena: fix indentations in ena_defs for better readability (bsc#1129279). - net: ena: Fix Kconfig dependency on X86 (bsc#1129279). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1129279). - net: ena: fix race between link up and device initalization (bsc#1129279). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1129279). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1129279). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1129279). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1129279). - net: ena: minor performance improvement (bsc#1129279). - net: ena: remove ndo_poll_controller (bsc#1129279). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1129279). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1129279). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129279). - net: ena: update driver version to 2.0.1 (bsc#1129279). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1129279). - PCI: hv: Add vPCI version protocol negotiation (bnc#1043485, bsc#1122822). - PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC (bnc#1034113, bsc#1122822). - PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg() (bnc#1094268, bsc#1122822). - PCI: hv: Do not sleep in compose_msi_msg() (bsc#1082632, bsc#1122822). - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#1087906, bsc#1122822). - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659, bsc#1122822). - PCI: hv: Fix comment formatting and use proper integer fields (bnc#1043485, bsc#1122822). - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (bsc#1087659, bsc#1122822). - PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659, bsc#1122822). - PCI: hv: Serialize the present and eject work items (bsc#1087659, bsc#1122822). - PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs (bnc#1043485, bsc#1122822). - PCI: hv: Temporary own CPU-number-to-vCPU-number infra (bnc#1043485, bsc#1122822). - PCI: hv: Use effective affinity mask (bsc#1109772, bsc#1122822). - PCI: hv: Use page allocation for hbus structure (bnc#1043485, bsc#1122822). - PCI: hv: Use vPCI protocol version 1.2 (bnc#1043485, bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - powerpc/64: Disable the speculation barrier from the command line (bsc#1068032). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390: add explicit <linux/stringify.h> for jump label (bsc#1111331). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - Use upstream variant of two pci-hyperv patches - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382 bsc#1100152). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1111331). - x86/bugs: Rename SSBD_NO to SSB_NO (bsc#1111331). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#1111331). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772, bsc#1122822). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86: stop exporting msr-index.h to userland (bsc#1111331). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382 bsc#1100152). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382 bsc#1100152). Important SUSE bug 1012382 SUSE bug 1024908 SUSE bug 1034113 SUSE bug 1043485 SUSE bug 1068032 SUSE bug 1073311 SUSE bug 1080157 SUSE bug 1080533 SUSE bug 1082632 SUSE bug 1087231 SUSE bug 1087659 SUSE bug 1087906 SUSE bug 1093158 SUSE bug 1094268 SUSE bug 1096748 SUSE bug 1100152 SUSE bug 1103186 SUSE bug 1106913 SUSE bug 1109772 SUSE bug 1111331 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1116841 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1122822 SUSE bug 1124832 SUSE bug 1125580 SUSE bug 1129279 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131587 SUSE bug 1132673 SUSE bug 1132828 SUSE bug 1133188 CVE-2016-8636 CVE-2017-17741 CVE-2017-18174 CVE-2018-1091 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-19407 CVE-2019-11091 CVE-2019-11486 CVE-2019-3882 CVE-2019-8564 CVE-2019-9503 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Important) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: ucode-intel was updated to official QSR 2019.1 microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded Broadwell CPU ucode that was missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssh (Important) SUSE OpenStack Cloud 7 This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Important SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:suse-openstack-cloud:7 Security update for systemd (Moderate) SUSE OpenStack Cloud 7 This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Moderate SUSE bug 1005023 SUSE bug 1076696 SUSE bug 1101591 SUSE bug 1114981 SUSE bug 1115518 SUSE bug 1119971 SUSE bug 1120323 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 cpe:/o:suse:suse-openstack-cloud:7 Security update for curl (Important) SUSE OpenStack Cloud 7 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380). - Fixed an issue with live migration (bsc#1133818). - Added upstream bug fix (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1116380 SUSE bug 1130680 SUSE bug 1133818 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Important SUSE bug 1135824 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_0-openjdk (Moderate) SUSE OpenStack Cloud 7 This update for java-1_7_0-openjdk fixes the following issues: Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed: - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: - Please check the package Changelog for detailed information. Moderate SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1134297 CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:suse-openstack-cloud:7 Security update for bind (Important) SUSE OpenStack Cloud 7 This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 cpe:/o:suse:suse-openstack-cloud:7 Security update for libvirt (Important) SUSE OpenStack Cloud 7 This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other security issues fixed: - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). - qemu: Add support for using AES secret for SCSI hotplug Important SUSE bug 1111331 SUSE bug 1131595 SUSE bug 1135273 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-3886 cpe:/o:suse:suse-openstack-cloud:7 Security update for python (Important) SUSE OpenStack Cloud 7 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:suse-openstack-cloud:7 Security update for ghostscript (Important) SUSE OpenStack Cloud 7 This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Important SUSE bug 1122319 CVE-2019-6116 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-rack (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-rack fixes the following issues: Security issued fixed: - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method (bsc#1116600). Moderate SUSE bug 1114828 SUSE bug 1116600 CVE-2018-16471 cpe:/o:suse:suse-openstack-cloud:7 Recommended update for mariadb, mariadb-connector-c (Important) SUSE OpenStack Cloud 7 This update for mariadb to version 10.2.22 fixes the following issues: Security issues fixed: - Update to MariaDB 10.2.22 GA: * CVE-2019-2510: (bsc#1122198) * CVE-2019-2537: (bsc#1122198) - Update to MariaDB 10.2.19 GA (bsc#1116686): * CVE-2018-3282: (bsc#1112432) * CVE-2016-9843: (bsc#1013882) * CVE-2018-3174: (bsc#1112368) * CVE-2018-3143: (bsc#1112421) * CVE-2018-3156: (bsc#1112417) * CVE-2018-3251: (bsc#1112397) * CVE-2018-3185: (bsc#1112384) * CVE-2018-3277: (bsc#1112391) * CVE-2018-3162: (bsc#1112415) * CVE-2018-3173: (bsc#1112386) * CVE-2018-3200: (bsc#1112404) * CVE-2018-3284: (bsc#1112377) - Update to MariaDB 10.2.18 GA: * CVE-2017-10320: (bsc#1064113) * CVE-2017-10365: (bsc#1064114) * CVE-2017-15365: (bsc#1072167) * CVE-2018-3058: (bsc#1101676) * CVE-2018-3063: (bsc#1101677) * CVE-2018-3064: (bsc#1103342) * CVE-2018-3066: (bsc#1101678) * CVE-2018-2759, CVE-2018-2777, CVE-2018-2786, CVE-2018-2810, CVE-2018-3060 Other issues fixed: - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). - Fixed database corruption after renaming a prefix-indexed column (bsc#1120041). - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754). The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Important SUSE bug 1013882 SUSE bug 1064113 SUSE bug 1064114 SUSE bug 1072167 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112377 SUSE bug 1112384 SUSE bug 1112386 SUSE bug 1112391 SUSE bug 1112397 SUSE bug 1112404 SUSE bug 1112415 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1112767 SUSE bug 1116686 SUSE bug 1118754 SUSE bug 1120041 SUSE bug 1122198 SUSE bug 1122475 SUSE bug 1127027 CVE-2016-9843 CVE-2017-10320 CVE-2017-10365 CVE-2017-15365 CVE-2018-2759 CVE-2018-2777 CVE-2018-2786 CVE-2018-2810 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3162 CVE-2018-3173 CVE-2018-3174 CVE-2018-3185 CVE-2018-3200 CVE-2018-3251 CVE-2018-3277 CVE-2018-3282 CVE-2018-3284 cpe:/o:suse:suse-openstack-cloud:7 Security update for Cloud7 packages (Moderate) SUSE OpenStack Cloud 7 This update provides fixes for the following packages issues: caasp-openstack-heat-templates: - Update to version 1.0+git.1553079189.3bf8922: * SCRD-2813 Add support for CPI parameters - Update to version 1.0+git.1547562889.43707e7: * Switch LB protocol from HTTP to HTTPS crowbar: - Update to version 4.0+git.1551088848.823bcaa3: * install-chef-suse: filter comments from authorized_keys file crowbar-core: - Update to version 4.0+git.1556285635.ab602dd4d: * network: run wicked ifdown for interface cleanup (bsc#1063535) - Update to version 4.0+git.1554931881.d98412e0e: * Fix cloud-mkcloud9-job-backup-restore (SCRD-7126) - Update to version 4.0+git.1552239940.5bc9aaac4: * crowbar: Do not rely on Chef::Util::FileEdit to write the file (bsc#1127752) - Update to version 4.0+git.1550493400.9787ea9ad: * upgrade: Delay status switch after upgrade ends - Update to version 4.0+git.1549474445.d9a35cf52: * fix hound warning * Support RAID 0 - Packaged default upgrade timeouts file - Update to version 4.0+git.1549136953.afcde921f: * apache2: enable sslsessioncache - Update to version 4.0+git.1548859099.0edbbfdc2: * upgrade: Add default upgrade timeouts file crowbar-ha: - Update to version 4.0+git.1556181005.47c643d: * pacemaker: wait more for founder if SBD is configured (SCRD-8462) * pacemaker: don't check cluster members on founder (SCRD-8462) - Update to version 4.0+git.1554215159.8a42a71: * improve galera HA setup (bsc#1122875) crowbar-openstack: - Update to version 4.0+git.1554887450.ff7c30c1c: * neutron: Added option to use L3 HA with Keepalived - Update to version 4.0+git.1554843756.5622551da: * ironic: Fix regression in helper - Update to version 4.0+git.1554814630.ec3c89f25: * ceilometer: Install package which contains cron file (bsc#1130414) - Update to version 4.0+git.1551459192.89433e13b: * rabbit: fix mirroring regex - Update to version 4.0+git.1550582615.f6b433ec7: * ceilometer: Use pacemaker to handle expirer cron link (bsc#1113107) - Update to version 4.0+git.1550262335.9667fa580: * mysql: Do not set a custom logfile for mysqld (bsc#1112767) * mysql: create .my.cnf in root home directory for mysql cmdline - Update to version 4.0+git.1549986893.df836d6cc: * mariadb: Remove installing the xtrabackup package * ssl: Fix ACL setup in ssl_setup provider (bsc#1123709) galera-python-clustercheck: - readtimeout.patch: Add socket read timeout (bsc#1122053) openstack-ceilometer: - Install openstack-ceilometer-expirer.cron into /usr/share/ceilometer This is needed in a clustered environment where multiple ceilometer-collector services are installed on different nodes (and due to that multiple expirer cron jobs installed). That can lead to deadlocks when the cron jobs run in parallel on the different nodes (bsc#1113107) openstack-heat-gbp: - switch to newton branch python-PyKMIP: - Fix a denial-of-service bug by setting the server socket timeout (bsc#1120767 CVE-2018-1000872) python-pysaml2: - Fix for the authentication bypass due to optimizations (CVE-2017-1000433, bsc#1074662) rubygem-crowbar-client: - Update to 3.9.0 - Add support for the restricted APIs - Add --raw to 'proposal show' and 'proposal edit' - Correctly parse error messages that we don't handle natively - Better upgrade repocheck output - Update to 3.7.0 - upgrade: Use cloud_version config for upgrade - ses: Add ses upload subcommand - Add cloud_version config field. - Wrap os-release file parsing for better reuse. - upgrade: Fix repocheck component in error message - upgrade: Better repocheck output - updated to version 3.6.1 * Hide the database step when it is not used (bsc#1118004) * Fix help strings * Describe how to upgrade more nodes with one command Moderate SUSE bug 1063535 SUSE bug 1074662 SUSE bug 1112767 SUSE bug 1113107 SUSE bug 1118004 SUSE bug 1120767 SUSE bug 1122053 SUSE bug 1122875 SUSE bug 1123709 SUSE bug 1127558 SUSE bug 1127752 SUSE bug 1128954 SUSE bug 1128987 SUSE bug 1130414 SUSE bug 1131053 CVE-2017-1000433 CVE-2018-1000872 cpe:/o:suse:suse-openstack-cloud:7 Security update for vim (Important) SUSE OpenStack Cloud 7 This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-activejob-4_2 (Low) SUSE OpenStack Cloud 7 This update for rubygem-activejob-4_2 fixes the following issues: Security issue fixed: - CVE-2018-16476: Fixed broken access control vulnerability (bsc#1117632). Low SUSE bug 1117632 CVE-2018-16476 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssh (Moderate) SUSE OpenStack Cloud 7 This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Moderate SUSE bug 1065237 SUSE bug 1090671 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There is an unchecked kstrdup of fwstr, which may have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1131543) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not have ended with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) The following non-security bugs were fixed: - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1134596). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1134596). Important SUSE bug 1099658 SUSE bug 1106284 SUSE bug 1110785 SUSE bug 1113769 SUSE bug 1120843 SUSE bug 1120885 SUSE bug 1131543 SUSE bug 1131565 SUSE bug 1132374 SUSE bug 1132472 SUSE bug 1134537 SUSE bug 1134596 SUSE bug 1134848 SUSE bug 1135281 SUSE bug 1135603 SUSE bug 1136424 SUSE bug 1136446 SUSE bug 1136586 SUSE bug 1136935 SUSE bug 1137586 CVE-2018-17972 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Jinja2 (Important) SUSE OpenStack Cloud 7 This update for python-Jinja2 fixes the following issues: Security issues fixed: - CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format (bsc#1132174). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). - CVE-2019-8341: Fixed command injection in function from_string (bsc#1125815). Important SUSE bug 1125815 SUSE bug 1132174 SUSE bug 1132323 CVE-2016-10745 CVE-2019-10906 CVE-2019-8341 cpe:/o:suse:suse-openstack-cloud:7 Security update for dbus-1 (Important) SUSE OpenStack Cloud 7 This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:suse-openstack-cloud:7 Security update for gstreamer-plugins-base (Important) SUSE OpenStack Cloud 7 This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:suse-openstack-cloud:7 Security update for sqlite3 (Important) SUSE OpenStack Cloud 7 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:suse-openstack-cloud:7 Security update for gstreamer-0_10-plugins-base (Important) SUSE OpenStack Cloud 7 This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:suse-openstack-cloud:7 Security update for libssh2_org (Moderate) SUSE OpenStack Cloud 7 This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Important SUSE bug 1138872 CVE-2019-11708 cpe:/o:suse:suse-openstack-cloud:7 Security update for dnsmasq (Moderate) SUSE OpenStack Cloud 7 This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. (bsc#1076958) Non-security issue fixed: - Reload system dbus to pick up policy change on install (bsc#1054429). Moderate SUSE bug 1054429 SUSE bug 1076958 CVE-2017-15107 cpe:/o:suse:suse-openstack-cloud:7 Security update for glib2 (Important) SUSE OpenStack Cloud 7 This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Important SUSE bug 1061599 SUSE bug 1107116 SUSE bug 1107121 SUSE bug 1137001 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Pillow (Important) SUSE OpenStack Cloud 7 This update for python-Pillow fixes the following issues: Security issue fixed: - CVE-2016-9189: Fixed a integer overflows leading to memory disclosure in PyImaging_MapBuffer() (bsc#1008845). Important SUSE bug 1008845 CVE-2016-9189 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql10 (Important) SUSE OpenStack Cloud 7 This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#) - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#) - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#) - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190) The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).' This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701). - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701). - x86/microcode/amd: Hand down the CPU family (bsc#1134701). - x86/microcode/amd: Move private inlines to .c and mark local functions static (bsc#1134701). - x86/microcode/intel: Drop stashed AP patch pointer optimization (bsc#1134701). - x86/microcode/intel: Fix allocation size of struct ucode_patch (bsc#1134701). - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/intel: Remove intel_lib.c (bsc#1134701). - x86/microcode/intel: Remove unused arg of get_matching_model_microcode() (bsc#1134701). - x86/microcode/intel: Rename load_microcode_early() to find_microcode_patch() (bsc#1134701). - x86/microcode/intel: Rename local variables of type struct mc_saved_data (bsc#1134701). - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701). - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701). - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701). - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701). - x86/microcode/intel: Use correct buffer size for saving microcode data (bsc#1134701). - x86/microcode: Collect CPU info on resume (bsc#1134701). - x86/microcode: Export the microcode cache linked list (bsc#1134701). - x86/microcode: Fix loading precedence (bsc#1134701). - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg (bsc#1134701). - x86/microcode: Issue the debug printk on resume only on success (bsc#1134701). - x86/microcode: Rework microcode loading (bsc#1134701). - x86/microcode: Run the AP-loading routine only on the application processors (bsc#1134701). Important SUSE bug 1096254 SUSE bug 1108382 SUSE bug 1109137 SUSE bug 1127155 SUSE bug 1133190 SUSE bug 1133738 SUSE bug 1134395 SUSE bug 1134701 SUSE bug 1136922 SUSE bug 1136935 SUSE bug 1137194 SUSE bug 1138291 SUSE bug 1140575 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:suse-openstack-cloud:7 Security update for glib2 (Important) SUSE OpenStack Cloud 7 This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Important SUSE bug 1139959 SUSE bug 1140122 CVE-2019-13012 cpe:/o:suse:suse-openstack-cloud:7 Security update for xrdp (Important) SUSE OpenStack Cloud 7 This update for xrdp fixes the following issues: Security issues fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). - CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). - CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). Other issues addressed: - The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) - Fixed an issue with delayed X KeyRelease events (bsc#1100453) - Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) - Avoid use of hard-coded sesman port. (bsc#1060644) - Backport upstream commit 5575197, sesman should stop setting LANG and let initialization scripts take care of it (bsc#1023988). - Backport upstream patches for 32bpp support (bsc#1022098). - Fixed a regression connecting from Windows 10. (bsc#1090174) Important SUSE bug 1014524 SUSE bug 1015567 SUSE bug 1022098 SUSE bug 1023988 SUSE bug 1029912 SUSE bug 1060644 SUSE bug 1069591 SUSE bug 1090174 SUSE bug 1100453 SUSE bug 1101506 CVE-2013-1430 CVE-2017-16927 CVE-2017-6967 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:suse-openstack-cloud:7 Security update for polkit (Moderate) SUSE OpenStack Cloud 7 This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Important) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:suse-openstack-cloud:7 Security update for bzip2 (Important) SUSE OpenStack Cloud 7 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:suse-openstack-cloud:7 Security update for glibc (Moderate) SUSE OpenStack Cloud 7 This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Moderate SUSE bug 1127223 SUSE bug 1127308 SUSE bug 1128574 CVE-2009-5155 CVE-2019-9169 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) - Fixed an issue with live migrations, which used to fail when spectre is enabled on xen boot cmdline (bsc#1116380) - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1105528 SUSE bug 1108940 SUSE bug 1114423 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1116380 SUSE bug 1117756 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 cpe:/o:suse:suse-openstack-cloud:7 Security update for bzip2 (Important) SUSE OpenStack Cloud 7 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-requests (Moderate) SUSE OpenStack Cloud 7 This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed an issue which could ease attackers to discover credentials by sniffing the network (bsc#1111622). Moderate SUSE bug 1111622 CVE-2018-18074 cpe:/o:suse:suse-openstack-cloud:7 Security update for polkit (Important) SUSE OpenStack Cloud 7 This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Important SUSE bug 1115375 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Django (Moderate) SUSE OpenStack Cloud 7 This update for python-Django fixes the following issues: - Fixed CVE-2019-6975 (bsc#1124991) * Added CVE-2019-6975.patch to fix uncontrolled memory consumption * If ``django.utils.numberformat.format()`` -- used by ``contrib.admin`` as well as the the ``floatformat``, ``filesizeformat``, and ``intcomma`` templates filters -- received a ``Decimal`` with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to ``'{:f}'.format()``. To avoid this, decimals with more than 200 digits are now formatted using scientific notation. Moderate SUSE bug 1124991 CVE-2019-6975 cpe:/o:suse:suse-openstack-cloud:7 Security update for mariadb (Important) SUSE OpenStack Cloud 7 This update for mariadb fixes the following issues: Update to MariaDB 10.0.38 GA (bsc#1136037). Security issues fixed: - CVE-2019-2537: Denial of service via multiple protocols (bsc#1136037) - CVE-2019-2529: Denial of service via multiple protocols (bsc#1136037) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Removed PerconaFT from the package as it has AGPL licence (bsc#1118754). - Do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Removed 'umask 077' from mysql-systemd-helper that caused new datadirs created with wrong permissions (bsc#1132666). Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10038-release-notes - https://kb.askmonty.org/en/mariadb-10038-changelog - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Important SUSE bug 1013882 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112397 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 SUSE bug 1132666 SUSE bug 1136037 CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 CVE-2019-2529 CVE-2019-2537 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3 (Important) SUSE OpenStack Cloud 7 This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Important SUSE bug 1109663 SUSE bug 1109847 SUSE bug 1138459 CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Twisted (Moderate) SUSE OpenStack Cloud 7 This update for python-Twisted fixes the following issue: Security issue fixed: - CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks (bsc#1137825). Moderate SUSE bug 1137825 CVE-2019-12387 cpe:/o:suse:suse-openstack-cloud:7 Security update for evince (Important) SUSE OpenStack Cloud 7 This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:suse-openstack-cloud:7 Security update for squid (Moderate) SUSE OpenStack Cloud 7 This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials (bsc#1141329). - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332). - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Moderate SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 CVE-2019-12525 CVE-2019-12529 CVE-2019-13345 cpe:/o:suse:suse-openstack-cloud:7 Security update for python (Important) SUSE OpenStack Cloud 7 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:suse-openstack-cloud:7 Security update for libvirt (Important) SUSE OpenStack Cloud 7 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issue fixed: - qemu: Add support for overriding max threads per process limit (bsc#1133719) Important SUSE bug 1133719 SUSE bug 1138301 SUSE bug 1138303 CVE-2019-10161 CVE-2019-10167 cpe:/o:suse:suse-openstack-cloud:7 Security update for qemu (Important) SUSE OpenStack Cloud 7 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Important SUSE bug 1135902 SUSE bug 1140402 SUSE bug 1143794 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql94 (Important) SUSE OpenStack Cloud 7 This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql96 (Important) SUSE OpenStack Cloud 7 This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Django (Important) SUSE OpenStack Cloud 7 This update for python-Django fixes the following issues: - CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' (bsc#1142880). - CVE-2019-14233: Fixed a denial of service in strip_tags() (bsc#1142882). - CVE-2019-14234: Fixed an SQL injection in key and index lookups for 'JSONField'/'HStoreField' (bsc#1142883). - CVE-2019-14235: Fixed a potential memory exhaustion in 'django.utils.encoding.uri_to_iri()' (bsc#1142885). Important SUSE bug 1142880 SUSE bug 1142882 SUSE bug 1142883 SUSE bug 1142885 CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Important) SUSE OpenStack Cloud 7 This update for nodejs6 fixes the following issues: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290). Important SUSE bug 1140290 CVE-2019-13173 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-rails-html-sanitizer (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2018-3741: Fixed a XSS vulnerability due to insufficient filtering in scrub_attribute (bsc#1086598). Moderate SUSE bug 1086598 CVE-2018-3741 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-loofah (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-loofah fixes the following issues: - Security issue fixed: - CVE-2018-8048: Update fix to make Loofah::HTML5::Scrub.force_correct_attribute_escaping! callable from other gems (bsc#1086598). Moderate SUSE bug 1086598 CVE-2018-8048 cpe:/o:suse:suse-openstack-cloud:7 Security update for perl (Important) SUSE OpenStack Cloud 7 This update for perl fixes the following issues: Security issue fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). Important SUSE bug 1114674 CVE-2018-18311 cpe:/o:suse:suse-openstack-cloud:7 Security update for libsolv, libzypp, zypper (Moderate) SUSE OpenStack Cloud 7 This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 and fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Fixes for libzypp: - Fixes a bug where locking the kernel was not possible (bsc#1113296) - Fixes a file descriptor leak (bsc#1116995) - Will now run file conflict check on dry-run (best with download-only) (bsc#1140039) Fixes for zypper: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) - Fixes bash completion option detection (bsc#1049825) Moderate SUSE bug 1049825 SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1116995 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 SUSE bug 1140039 SUSE bug 1145521 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') could have caused a system lock up and a denial of service (bnc#1123161). - CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922). - CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857). - CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). The following non-security bugs were fixed: - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652, bsc#1144288). - bcache: fix race in btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1130972, bsc#1144257). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1130972, bsc#1144273). - bcache: performance improvement for btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652, bsc#1144288). - btrfs: improve delayed refs iterations (bsc#1076033, bsc#1107256). - i40e: add functions to control default VSI (bsc#1141628). - i40e: set default VSI without a reset (bsc#1141628). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1142098). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - qib/hfi1: Fix MR reference count leak on write with immediate (bsc#1045640). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (XSA-300). Important SUSE bug 1045640 SUSE bug 1076033 SUSE bug 1107256 SUSE bug 1123161 SUSE bug 1130972 SUSE bug 1134399 SUSE bug 1139358 SUSE bug 1140012 SUSE bug 1140652 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141628 SUSE bug 1142023 SUSE bug 1142098 SUSE bug 1142857 SUSE bug 1143045 SUSE bug 1143048 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1144257 SUSE bug 1144273 SUSE bug 1144288 SUSE bug 1144920 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1146163 CVE-2017-18551 CVE-2018-20855 CVE-2018-20856 CVE-2019-10207 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 CVE-2019-15117 CVE-2019-15118 CVE-2019-3819 cpe:/o:suse:suse-openstack-cloud:7 Security update for spice (Important) SUSE OpenStack Cloud 7 This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Pillow (Moderate) SUSE OpenStack Cloud 7 This update for python-Pillow fixes the following issues: - CVE-2016-2533: Fixed a buffer overflow in the PCD decoding (bsc#967970). - CVE-2016-4009: Fixed an interger overflow in ImagingResampleHorizontal() (bsc#975500). Moderate SUSE bug 967970 SUSE bug 975500 CVE-2016-2533 CVE-2016-4009 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Important SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:suse-openstack-cloud:7 Security update for curl (Important) SUSE OpenStack Cloud 7 This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Important SUSE bug 1135715 SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-SQLAlchemy (Important) SUSE OpenStack Cloud 7 This update for python-SQLAlchemy fixes the following issues: Security issues fixed: - CVE-2019-7164: Fixed SQL Injection via the order_by parameter (bsc#1124593). - CVE-2019-7548: Fixed SQL Injection via the group_by parameter (bsc#1124593). Important SUSE bug 1124593 CVE-2019-7164 CVE-2019-7548 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Important SUSE bug 1122292 SUSE bug 1122299 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141787 SUSE bug 1141789 SUSE bug 1147021 CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Django (Moderate) SUSE OpenStack Cloud 7 This update for python-Django fixes the following issues: Security issue fixed: - CVE-2019-12781: Add incorrect HTTP detection with reverse-proxy connecting via HTTPS (bsc#1139945). Moderate SUSE bug 1139945 CVE-2019-12781 cpe:/o:suse:suse-openstack-cloud:7 Security update for ibus (Important) SUSE OpenStack Cloud 7 This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-urllib3 (Moderate) SUSE OpenStack Cloud 7 This update for python-urllib3 fixes the following issues: Security issues fixed: - CVE-2019-9740: Fixed CRLF injection issue (bsc#1129071). - CVE-2019-11236: Fixed CRLF injection via request parameter (bsc#1132663). - CVE-2018-20060: Remove Authorization header when redirecting cross-host (bsc#1119376). Moderate SUSE bug 1119376 SUSE bug 1129071 SUSE bug 1132663 CVE-2018-20060 CVE-2019-11236 CVE-2019-9740 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Moderate) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3 (Important) SUSE OpenStack Cloud 7 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Important SUSE bug 1120644 SUSE bug 1122191 CVE-2018-20406 CVE-2019-5010 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) Important SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1149324 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Twisted (Moderate) SUSE OpenStack Cloud 7 This update for python-Twisted fixes the following issues: Security issue fixed: - CVE-2019-12855: Fixed TLS certificate verification to protecting against MITM attacks (bsc#1138461). Moderate SUSE bug 1138461 CVE-2019-12855 cpe:/o:suse:suse-openstack-cloud:7 Security update for dovecot22 (Important) SUSE OpenStack Cloud 7 This update for dovecot22 fixes the following issues: - CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Important SUSE bug 1145559 CVE-2019-11500 cpe:/o:suse:suse-openstack-cloud:7 Security update for ghostscript (Important) SUSE OpenStack Cloud 7 This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Important SUSE bug 1129180 SUSE bug 1131863 SUSE bug 1134156 SUSE bug 1140359 SUSE bug 1146882 SUSE bug 1146884 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 cpe:/o:suse:suse-openstack-cloud:7 Security update for curl (Important) SUSE OpenStack Cloud 7 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Important SUSE bug 1123371 SUSE bug 1123377 SUSE bug 1123378 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 cpe:/o:suse:suse-openstack-cloud:7 Security update for libsoup (Moderate) SUSE OpenStack Cloud 7 This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes: - bsc#1086036: translation-update-upstream commented out for Leap Moderate SUSE bug 1052916 SUSE bug 1086036 SUSE bug 1100097 CVE-2017-2885 CVE-2018-12910 cpe:/o:suse:suse-openstack-cloud:7 Security update for libgcrypt (Moderate) SUSE OpenStack Cloud 7 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Important SUSE bug 1087200 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1133810 SUSE bug 1140868 SUSE bug 1145665 SUSE bug 1149323 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 cpe:/o:suse:suse-openstack-cloud:7 Security update for binutils (Moderate) SUSE OpenStack Cloud 7 This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly. Moderate SUSE bug 1109412 SUSE bug 1109413 SUSE bug 1109414 SUSE bug 1111996 SUSE bug 1112534 SUSE bug 1112535 SUSE bug 1113247 SUSE bug 1113252 SUSE bug 1113255 SUSE bug 1116827 SUSE bug 1118830 SUSE bug 1118831 SUSE bug 1120640 SUSE bug 1121034 SUSE bug 1121035 SUSE bug 1121056 SUSE bug 1133131 SUSE bug 1133232 SUSE bug 1141913 SUSE bug 1142772 CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2019-1010180 cpe:/o:suse:suse-openstack-cloud:7 Security update for sudo (Important) SUSE OpenStack Cloud 7 This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:suse-openstack-cloud:7 Security update for libpcap (Important) SUSE OpenStack Cloud 7 This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:suse:suse-openstack-cloud:7 Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer (Moderate) SUSE OpenStack Cloud 7 This update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer fixes the following issues: In python-pysaml2 the following security issue was fixed: - CVE-2016-10127: Fixed an XML external entity attack. (bsc#1019074) crowbar-core was updated to version 4.0+git.1570463621.40b11cd48: * network: Don't set datapath-ids on ovs-bridges anymore (bsc#1152916) * barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011) * gems: Update easy_diff to 1.0.0 (SOC-10505) * crowbar: Do not read /etc/crowbar.install.key in non-SUSE init script * transition.sh: Do not read /etc/crowbar.install.key * gather_logs: Make it a bit useful again * gather_logs: Do not read /etc/crowbar.install.key * network: Allow locking down the network config for nodes (bsc#1120657) * network: Check existing upper layers before bond setup (bsc#1120657) * network: never plug two interface into the same ovs bridge (bsc#1120657) * network: Avoid plugging the same interface to two ovs bridges (bsc#1120657) * nic library: some helper for identifying base interface (bsc#1120657) * network: Rework the vlan port replugging code (bsc#1120657) * network: DRY out 'kill_nic_files' (noref) * Add CVE-2019-5477 the to travis ignore list (SOC-9635) crowbar-openstack was updated to version 4.0+git.1569429513.e7016b2b6: * tempest: don't rely on service catalogue (SOC-10633) * nova: set default attribute for max_threads_per_process * database: Hardcode ruby version for package installation (SOC-10010) * neutron: restore dhcp_domain in stable/4.0 (bsc#1145867) * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719) grafana was updated to: - CVE-2019-15043: Adds authentication to a few rest endpoints that could be used to access grafana snapshot apis to cause denial of service (SOC-10357 bsc#1148383) Also see https://github.com/grafana/grafana/compare/v5.4.4...v5.4.5 grafana was updated to version 4.6.5: - CVE-2018-19039: Users with Editor or Admin permissions could exfiltrate files (jsc#SOC-9976 bsc#1115960) grafana was updated version to 4.6.4: - CVE-2018-15727 / CVE-2018-558213: Fixed an authentication bypass because an attacker can generate a valid 'remember me'cookie knowing only a username of an LDAP or OAuth user (jsc#SOC-9980 bsc#1106515) Other fixes: * sql: added code migration type * release 4.6.3 * fix default alias * fixes broken alert eval when first condition is using OR * fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951 * fix: fix for avatar images when gzip is turned on, fixes #5952 * sets version to 4.6.2 * prom: add support for default step param (#9866) * build: fixed jshint error * fix: Html escaping caused issue in InfluxDB query editor, could not pick greater than or less then operators, fixes #9871 * heatmap: fix tooltip in 'Time series bucket' mode, #9332 (#9867) * fix cloudwatch ec2_instance_attribute (#9718) * colorpicker: fix color string change #9769 (#9780) * changes version to 4.6.1 * fix: panel view now wraps, no scrolling required, fixes #9746 * plugins: fix for loading external plugins behind auth proxy, fixes #9509 * fix: color picker bug at series overrides page, #9715 (#9738) * tech: switch to golang 1.9.2 * tech: add missing include * save as should only delete threshold for panels with alerts * fix: graphite annotation tooltip included undefined, fixes #9707 * build: updated version to v4.6.0 * plugins: added backward compatible path for rxjs * ux: updated singlestat default colors * prometheus: fixed unsaved changes warning when changing time range due to step option on query model was changed in datasource.query code, fixes #9675 * fix: firefox can now create region annotations, fixes #9638 * alerting: only editors can pause rules * fix: another fix for playlist view state, #9639 * fix: fixed playlist controls and view state, fixes #9639 * prom: adds pre built grafana dashboard * bump version for publish_testing.sh * update version to 4.6.0-beta3 * plugins: expose dashboard impression store * modify $__timeGroup macro so it can be used in select clause (#9527) * plugins: fixes path issue on Windows * prometheus: enable gzip for /metrics endpoint * fix: fixed save to file button in export modal, fixes #9586 * mysql: add usage stats for mysql * pluginloader: esModule true for systemjs config * Fix heatmap Y axis rendering (#9580) * fix vector range * prometheus: add builtin template variable as range vectors * fix: fixed prometheus step issue that caused browser crash, fixes #9575 * fix: getting started panel and mark adding data source as done, fixes #9568 * Fixes for annotations API (#9577) * bump packagecloud script * build: added imports of rxjs utility functions * prepare for v4.6.0-beta2 release * fix template variable expanding * annotations: quote reserved fields (#9550) * ux: align alert and btn colors * fix: fixed color pickers that were broken in minified builds, fixes #9549 * textpanel: fixes #9491 * csv: fix import for saveAs shim * plugins: expose more util and flot dependencies * alert_tab: clear test result when testing rules * (cloudwatch) fix cloudwatch query error over 24h (#9536) * show error message when cloudwatch datasource can't add * update packagecloud script for 4.6.0-beta1 * changelog: adds note about closing #9516 * alerting: add count_non_null reducer * Update rpm.md * fix: can now remove annotation tags without popover closing * tech: add backward compatibility for <spectrum-picker> directive (#9510) * fix: fixed links on new 404 page, fixes #9493 * logging: dont use cli logger in http_server * oauth: raise error if session state is missing * oauth: provide more logging for failed oauth requests * prepare for 4.6.0-beta1 release * docs: updated whats new article * docs: initial draft release v46 * graph: fix y-axis decimalTick check. Fixes #9405 * minor docs update * docs: annotation docs update * changelog: adds note about closing #7104 * changelog: adds note about closing #9373 * metrics: disable gzip for /metrics endpoint (#9468) * Annotation docs (#9506) * Update CHANGELOG.md * Update PLUGIN_DEV.md * Update PLUGIN_DEV.md * Update README.md * Fixed link issue in CHANGELOG * Create PLUGIN_DEV.md * changelog: adds note about closing #9371,#5334,#8812 * ds_edit: placeholder should only be cert header * fixed minor styling issus (#9497) * fix: alert api limit param did not work and caused SQL syntax error, fixes #9492 * annotations: add endpoint for writing graphite-like events (#9495) * Update unsaved_changes_modal.ts * fix: set lastSeenAt date when creating users to then years in past insteasd of empty date, fixes #9260 * ux: minor ux fix * Retain old name for TLS client auth * Return error if datasource TLS CA not parsed * Datasource settings: Make HTTP all caps * Datasource HTTP settings: Add TLS skip verify * Make URL capitalisation consistent in UI * Alias macron package in app_routes.go * Verify datasource TLS and split client auth and CA * Tidy spacing in datasource TLS settings * Tests: Clarify what InsecureSkipVerify does * postgres: add missing ngInject decorator * docs: initial docs for new annotation features, #9483 * Adds note for #9209 to changelog * Postgres Data Source (#9475) * tech: expose more to plugins, closes #9456 * Fix NaN handling (#9469) * snapshots: improve snapshot listing performance, #9314 (#9477) * mysql: fix interpolation for numbers in temp vars * Added docs for Kafka alerting * Fixed failing go tests * gofmt fixes * Added tests * Kafka REST Proxy works with Grafana * added insrtuctions for oauth2 okta bitbucket (#9471) * Unified Color picker fixes (#9466) * Show min interval query option for mixed datasource (#9467) * gzip: plugin readme content set explicitly * ignore pattern for vendored libs * fix: escape metric segment auto complete, fixes #9423 * Corrected a PostgreSQL SELECT statement. (#9460) * tests: found the unhandled promise issue in the dash import tests * testing: fixing tests * annotations: minor change to default/edit annotation color * Create annotations (#8197) * OAuth: Rename sslcli * OAuth: Separate TLS client auth and CA config * OAuth: Check both TLS client cert and key * Always verify TLS unless explicitly told otherwise * fix: threshold's colors in table panels (#9445) (#9453) * singlestat: fix sizing bug #9337 (#9448) * Revert 'Fix coloring in singlestat if null value (#9438)' (#9443) * Fix coloring in singlestat if null value (#9438) * fix: missing semicolon * changed jsontree to use jsonexplorer (#9416) * docs page for authproxy (#9420) * Update codebox (#9430) * Series color picker fix (#9442) * fix type in readme * removed commented line * changelog: adds note about closing #9110 * Fixed typo * Change empty string checks and improve logging * changelog: adds note about closing #9208 * Fix spelling on 404 page. * Lint fix * Update kbn.js * Add Norwegian Krone denominator for currency * fixed layout for column options, changed dropdown for date format kept old code * build: add noUnusedLocals to tsc parameters * build: install go based on env variable * changes go version to 1.9.1 * changelog: adds note about closing #9226 * changelog: add note about closing #9429 * changelog: adds note about closing #9399 * Fix formatting issue * Add milliseconds format in table panel's config * support for s3 path (#9151) * Remove apparently unnecessary .flush() calls. * Fix empty message and toolong attribute names Use default state message if no message is provided by the user Slice attribute name to maximum of 50 chars * Address review comments. * changelog: add note about closing #7175 * plugin_loader: expose app_events to plugins * Add the missing comma * colorpicker: refactoring the new unififed colorpicker, #9347 * Unified colorpicker (#9347) * fix missing column headers in excel export (#9413) * build: remove clean plugin from dev build * build: fixed broken elastic unit test * shore: cleanup unused stuff in common.d.ts * Build URL for close alert request differently * some restyling (#9409) * Docs text fixes (#9408) * Checkbox fixes (#9400) * fix: ensure panel.datasource is null as default * plugibs: expose more to plugins * properly parse & pass upload image bool from config * break out slack upload into separate function * tech: minor npm scripts update * build: fixed build * refactoring: minor refactoring of PR #8916 * Update script to make it use OpsGenie's REST API * docs: minor docs fix * Merge branch 'master' of github.com:grafana/grafana * build: minor webpack fix * docs: updated building from source docs * playlist: play and edit should use same width * shore: fixed html indentation, #9368 * tech: updated yarn.lock * shore: minor cleanup * Webpack (#9391) * fixing json for CI * adding support for token-based slack file.upload API call for posting images to slack * changelog: adds note about closing #8479 * changelog: adds note about closing #8050 * changelog: adds note about closing #9386 * change pdiff to percent_diff for conditions * panel: rename label on csv export modal * add diff and pdiff for conditions * fix, add targetContainsTemplate() * fix cloudwatch alert bug * add debug log * move extend statistics handling code to backend * fix assume role * improve cloudwatch tsdb * refactor cloudwatch code * remove obsolete code * move cloudwatch crendential related code * remove old handler * fix annotation query * fix time * fix dimension convertion * re-implement annotation query * fix parameter format * fix alert feature * fix parameter format * refactor cloudwatch to support new tsdb interface * refactor cloudwatch frontend code * refactor cloudwatch frontend code * fix test * re-implement dimension_values() * fix error message * remove performEC2DescribeInstances() * re-implement ec2_instance_attribute() * re-implement ebs_volume_ids() * import the change, https://github.com/grafana/grafana/pull/9268 * fix conflict * fix test * remove obsolete GetMetricStatistics() * fix test * move test code * fix conflict * porting other suggestion * re-implement get regions * move the metric find query code * (cloudwatch) move query parameter to 'parameters' * parse duration * remove offset for startTime * cache creds for keys/credentials auth type * fix test * fix invalid query filter * count up metrics * (cloudwatch) alerting * add brazil currency * tech: upgrade of systemjs to 0.20.x working * tech: reverted to systemjs * tech: migrating elasticsearch to typescript * changelog: add note about using golang 1.9 * change go version to 1.9 * changelog: adds note about closing #9367 * tech: systemjs upgrade * made a text-panel page, maybe we don't need it * cleaned up html/sass and added final touches * Enable dualstack in every net.Dialer, fixes #9364 * jaeger: capitalize tracer name * jaeger: logging improvement * tech: systemjs upgrade * Have include intervalFactor in its calculation, so always equal to the step query parameter. * alertlist: toggle play/pause button * updated css and html for recent state changes for alert lists * Fix export_modal message (#9353) * s3: minor fix for PR #9223 * internal metrics: add grafana version * changelog: adds note about closing 5765 * Update latest.json * typescript: stricter typescript option * prom_docker: give targets correct job name * testdata: add bucket scenarios for heatmap * dev-docker: add grafana as target * changelog: add note ablout closing #9319 * introduce smtp config option for EHLO identity * changelog: note about closing #9250 * go fmt * new page for text, needs more work * replaced img in graph, created alert list page * docs: update docs * Update CHANGELOG.md * changelog: adds note about closing #5873 * replaced image * Docs new updates (#9324) * Update CHANGELOG.md * Update latest.json * cleanup: removed unused file * tech: remove bower and moved remaining bower dependencies to npm * tech: cleanup and fixed build issue * tech: upgraded angularjs and moved dependency from bower to npm, closes #9327 * follow go idiom and return error as second param * tech: updated tsconfig * docker: adds alertmanager to prometheus fig * tech: more tslint rules * another img update * tech: removing unused variables from typescript files, and making tslint rules more strict * deleted old shortcuts instruction * text uppdates for dashlist and singlestat(+img). updated the keyboard shortcuts * context is reserved for go's context * make ds a param for Query * remove batch abstraction * rename executor into tsdbqueryendpoint * remove unused structs * refactor response flow * tech: removed test component * ux: minor singlestat update * singlestat: minor change * Update CHANGELOG.md * Singlestat time (#9298) * tech: progress on react poc * adds note about closing #9213 * Update _navbar.scss * replaced images, updating text(not finished) * fix: close for 'Unsaved Changes' modal, #9284 (#9313) * Initial graphite tags support (#9239) * tech: initial react poc * Make details more clean in PD description * bug: enable HEAD requests again * Add `DbClusterIdentifier` to CloudWatch dimensions (#9297) * templating: fix dependent variable updating (#9306) * Fix adhoc filters restoration (#9303) * Explicitly refer to Github 'OAuth' applications * config bucket and region for s3 uploader * fixes bug introduced with prom namespaces * fixing spelling of millesecond -> millisecond * fixing spelling of millesecond -> millisecond * Remove duplicate bus.AddHandler() (#9289) * Update CHANGELOG.md * use same key as mt * tag alert queries that return no_data * updated error page html+css, added ds_store to ignore (#9285) * public/app/plugins/panel/graph/specs/graph_specs.ts: relax tests to be 'within' instead of 'equal', so they won't fail on i686 (#9286) * Fix path to icon (#9276) * adds note about fix in v4.5.2 * skip NaN values when writing to graphite * addded mass units, #9265 (#9273) * Fully fill out nulls in cloudfront data source (#9268) * make it possible to configure sampler type * mark >=400 responses as error * change port for jaeger dev container * logwrapper for jaeger * make samplerconfig.param configurable * adds custom tags from settings * use route as span name * add trace headers for outgoing requests * docker file for running jaeger * better formating for error trace * attach context with span to *http.Request * add traces for datasource reverse proxy requests * trace failed executions * use tags instead of logs * use opentracing ext package when possible * set example port to zipkin default * adds codahale to vendor * makes jaeger tracing configurable * add trace parameters for outgoing requests * adds basic traces using open traces * require dashboard panels to have id * fix: jsonData should not be allowed to be null, fixes #9258 * packaging: reduce package size * Update upgrading.md (#9263) * Added --pluginUrl option to grafana-cli for local network plugin installation * adds note about closing #1395 * add locale format * update changelog * fixes broken tests :boom: * minor code adjusetments * pass context to image uploaders * remove unused deps * Reduced OAuth scope to read_write * GCS support via JSON API * gofmt fixes * Added GCS support #8370 * move more known datasources from others * Remove alert thresholds on panel duplicate, issue #9178 (#9257) * 4.5.1 docs + update version to 5.0.0-pre1 * publish_both.sh update for 4.5.1 * Update CHANGELOG.md * docs: updated changelog * packaging: reducing package size be only including public vendor stuff we need * docs: update download links * allow ssl renegotiation for datasources * check args for query * add test for completer * fix * follow token name change * (prometheus) support label value completion * (prometheus) support label name completion * get s3 url via aws-sdk-go, fix #9189 * Prometheus: Rework the interaction between auto interval (computed based on graph resolution), min interval (where specified, per query) and intervalFactor (AKA resolution, where specified, per query). As a bonus, have and reflect the actual interval (not the auto interval), taking into account min interval and Prometheus' 11k data points limit. * minor fix * (prometheus) support instant query for table format, use checkbox to switch query type * (prometheus) instant query support * Add thumbnail to card * Add values to the hipchat card * Reorder editorconfig * Enable datasources to be able to round off to a UTC day properly * Include triggering metrics to pagerduty alerts novnc was updated to fix the following issue: - Add tightPNG encoding (bsc#1145796) This encoding is needed to allow noVNC to work with instances that run on ESX hypervisors. It is not possible to update the Newton package to noVNC 1.1.0 as that version is not supported with openstack-nova until Rocky. openstack-keystone was updated to fix: - A domain_admin should be allowed to list role assignments for the domain and for all projects of this domain with a domain-scoped token. (bsc#1118159) openstack-neutron was updated to fix: - Add path to not update device lists in large sets. (bsc#1136784) Since the ssh timeout issue was resolved, start adding back the removed patches. Backport based on comment #1. - Revert OVS timeout patch as it also seams to cause CI issues. (SOC-10092) - Since the CI failures are mostly seen in ha jobs, let us first try to revert the last added HA related patches. Once we nail down the issue, we can add one at a time. (SOC-10092) - Disallow router interface out of subnet IP range (bsc#1108033) - Fix for dhcp serializing port delete and network rpc calls (bsc#1143475) - Fixed a function call error with get_reader_session Fixed an argument issue with respect to Context not having 'bein' function, we should have passed the session instead of context. Also fixed another function argument error with respect to 'is_ha_router_port'. (bsc#1133722) - Divide and conquer local hridge flows beasts (bsc#1133722) - Choose random value for HA routes vr_id - Change duplicate OVS bridge datapath ids - Async notify neutron server for HA states - Divide and conquer security group beasts - Change default local ovs connection timeout (bsc#1136784) - Do not call update device list in large sets (bsc#1136784) - More accurate agent restart state transfer (bsc#1136784) - OVS agent: Always send start flag during initial sync (bsc#1136784) - Keep HA ports info for HA router during entire lifecycle - Packets getting lost during SNAT with too many connections - Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860) - neutron-keepalived-state-change will check VIP before spawning ip monitor (bsc#1131961) - handle database query correctly - Fix the update port status issue without getting the ports to BUILD status.(bsc#1131053) - OVS Raise RuntimeError in_get_dp if id is None - OVS Survive errors from check ovs status - Trigger port status DOWN on VIF replug.patch - Fix dvr ha router gateway port binding to incorrect host - DVR HA Unbinding a HA router from agent does not clear HA interface - Don't trigger DVR port update if status the same - Add retry decorator update_segment_host_mapping (bsc#1127558) - Do state report after setting start flag on OVS restart openstack-nova was updated to fix: Security issue fixed: - CVE-2016-10127: Fixed XXE in XML Parsing (bsc#1019074) - Allow to attach more than 26 volumes (bsc#1118900) openstack-tempest was updated to fix: - Avoid server check teardown exception breaking tearDown (SOC 10092) python-urllib3 was updated to fix: - Add missing dependency on python-six (bsc#1150895) sleshammer was updated to fix: - Really drop etc/udev/rules.d/70-persistent-net.rules from the overlay it was still present in the tarball. (SOC-9288) rubygem-chef was updated to fix: - pretty print inspect results and force encode the content (SOC-9954) - updated to version 1.0.0 - Unmerge Arrays containing Hashes - Handle duplicate values in arrays correctly rubygem-easy_diff was updated to version 0.0.6 - Fix merging arrays of hashes Moderate SUSE bug 1019074 SUSE bug 1052286 SUSE bug 1106515 SUSE bug 1108033 SUSE bug 1115960 SUSE bug 1118159 SUSE bug 1118900 SUSE bug 1120657 SUSE bug 1127558 SUSE bug 1128954 SUSE bug 1128987 SUSE bug 1131053 SUSE bug 1131961 SUSE bug 1132860 SUSE bug 1133719 SUSE bug 1133722 SUSE bug 1136784 SUSE bug 1143475 SUSE bug 1145796 SUSE bug 1145867 SUSE bug 1148383 SUSE bug 1150895 SUSE bug 1152916 CVE-2016-10127 CVE-2018-15727 CVE-2018-19039 CVE-2018-558213 CVE-2019-15043 CVE-2019-5477 cpe:/o:suse:suse-openstack-cloud:7 Security update for nfs-utils (Moderate) SUSE OpenStack Cloud 7 This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Moderate SUSE bug 1150733 CVE-2019-3689 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Important SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1143797 SUSE bug 1146874 SUSE bug 1149813 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). Important SUSE bug 1010399 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010421 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1025108 SUSE bug 1043008 SUSE bug 1047281 SUSE bug 1074235 SUSE bug 1092611 SUSE bug 1120374 SUSE bug 1137990 SUSE bug 1149429 SUSE bug 1154738 SUSE bug 959933 SUSE bug 983922 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7789 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Important) SUSE OpenStack Cloud 7 This update for samba fixes the following issues: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Important) SUSE OpenStack Cloud 7 This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:suse-openstack-cloud:7 Security update for gdb (Moderate) SUSE OpenStack Cloud 7 This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Add gdb-s390-handle-arch13.diff to handle most new s390 arch13 instructions. [fate#327369, jsc#ECO-368] Moderate SUSE bug 1115034 SUSE bug 1142772 SUSE bug 1145692 CVE-2019-1010180 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-haml (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-haml fixes the following issue: - CVE-2017-1002201: Fixed an insufficient character escape that could have led to arbitrary code execution (bsc#1155089). Moderate SUSE bug 1155089 CVE-2017-1002201 cpe:/o:suse:suse-openstack-cloud:7 Security update for libssh2_org (Moderate) SUSE OpenStack Cloud 7 This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:suse-openstack-cloud:7 Security update for libseccomp (Moderate) SUSE OpenStack Cloud 7 This update for libseccomp fixes the following issues: Update to new upstream release 2.4.1: * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 (bsc#1128828 CVE-2019-9893): * Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates Update to release 2.3.3: * Updated the syscall table for Linux v4.15-rc7 Update to release 2.3.2: * Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes - ignore make check error for ppc64/ppc64le, bypass bsc#1142614 Moderate SUSE bug 1082318 SUSE bug 1128828 SUSE bug 1142614 CVE-2019-9893 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Important) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) - requires coreutils for the %post script (bsc#1154043) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1154043 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:suse-openstack-cloud:7 Security update for libjpeg-turbo (Important) SUSE OpenStack Cloud 7 This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Important SUSE bug 1156402 CVE-2019-2201 cpe:/o:suse:suse-openstack-cloud:7 Security update for ghostscript (Important) SUSE OpenStack Cloud 7 This update for ghostscript fixes the following issue: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). Important SUSE bug 1156275 CVE-2019-14869 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17055: The AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). - CVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems (bnc#1151347). - CVE-2019-15902: A backporting issue was discovered that re-introduced the Spectre vulnerability it had aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15291: Fixed a NULL pointer dereference issue that could be caused by a malicious USB device (bnc#1146519). - CVE-2019-15807: Fixed a memory leak in the SCSI module that could be abused to cause denial of service (bnc#1148938). - CVE-2019-13272: Fixed a mishandled the recording of the credentials of a process that wants to create a ptrace relationship, which allowed local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). (bnc#1140671). - CVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's kvm hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15505: An out-of-bounds issue had been fixed that could be caused by crafted USB device traffic (bnc#1147122). - CVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555). - CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: A NULL pointer dereference was fixed that could be malicious USB device (bnc#1146361). - CVE-2019-15924: A a NULL pointer dereference has been fixed in the drivers/net/ethernet/intel/fm10k module (bnc#1149612). - CVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025). - CVE-2019-15926: An out-of-bounds access was fixed in the drivers/net/wireless/ath/ath6kl module. (bnc#1149527). - CVE-2019-15927: An out-of-bounds access was fixed in the sound/usb/mixer module (bnc#1149522). - CVE-2019-15666: There was an out-of-bounds array access in the net/xfrm module that could cause denial of service (bnc#1148394). - CVE-2019-15219: A NULL pointer dereference was fixed that could be abused by a malicious USB device (bnc#1146519 1146524). - CVE-2019-15220: A use-after-free issue was fixed that could be caused by a malicious USB device (bnc#1146519 1146526). - CVE-2019-15221: A NULL pointer dereference was fixed that could be caused by a malicious USB device (bnc#1146519 1146529). - CVE-2019-14814: A heap-based buffer overflow was fixed in the marvell wifi chip driver. That issue allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: A missing length check while parsing WMM IEs was fixed (bsc#1146512, bsc#1146514, bsc#1146516). - CVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip driver was fixed. Local users would have abused this issue to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477) - CVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865). - CVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath was fixed (bnc#1146378). - CVE-2019-15290: A NULL pointer dereference in ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378). - CVE-2019-15212: A double-free issue was fixed in drivers/usb driver (bnc#1146391). - CVE-2016-10906: A use-after-free issue was fixed in drivers/net/ethernet/arc (bnc#1146584). - CVE-2019-15211: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/v4l2-core driver (bnc#1146519). - CVE-2019-15217: A a NULL pointer dereference issue caused by a malicious USB device was fixed in the drivers/media/usb/zr364xx driver (bnc#1146519). - CVE-2019-15214: An a use-after-free issue in the sound subsystem was fixed (bnc#1146519). - CVE-2019-15218: A NULL pointer dereference caused by a malicious USB device was fixed in the drivers/media/usb/siano driver (bnc#1146413). - CVE-2019-15215: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425). - CVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver (bnc#1146285). - CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966) - CVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967) - CVE-2019-16231: The fjes driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bnc#1150466) - CVE-2019-18805: Fix signed integer overflow in tcp_ack_update_rtt() that could have lead to a denial of service or possibly unspecified other impact (bsc#1156187) - CVE-2019-18680: A NULL pointer dereference in rds_tcp_kill_sock() could cause denial of service (bnc#1155898) The following non-security bugs were fixed: - cpu/speculation: Uninline and export CPU mitigations helpers (bnc#1117665). - documentation: Add ITLB_MULTIHIT documentation (bnc#1117665). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ib/core: array_index_nospec: Sanitize speculative array (bsc#1155671) - ipv6: Update ipv6 defrag code (add bsc#1141054). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm kABI Fix for NX patches (bsc#1117665). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665). - kvm: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage (bsc#1117665). - kvm: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed (bsc#1117665). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - kvm: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault() (bsc#1117665). - kvm: x86: MMU: Encapsulate the type of rmap-chain head in a new struct (bsc#1117665). - kvm: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault() (bsc#1117665). - kvm: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (bsc#1117665). - kvm: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (bsc#1117665). - kvm: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() (bsc#1117665). - kvm: x86: MMU: always set accessed bit in shadow PTEs (bsc#1117665). - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: extend usage of RET_MMIO_PF_* constants (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT (bnc#1117665). - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - kvm: x86: simplify ept_misconfig (bsc#1117665). - media: smsusb: better handle optional alignment (bsc#1146413). - mm: use upstream patch for bsc#1106913 - scsi: scsi_transport_fc: Drop double list_del() (bsc#1084878) - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1068032, bsc#1092497). - x86/cpu: Add Atom Tremont (Jacobsville) (bsc#1117665). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bsc#1150223). - x86/mitigations: Backport the STIBP pile See bsc#1139550 - xen-blkfront: avoid ENOMEM in blkif_recover after migration (bsc#1149849). Important SUSE bug 1068032 SUSE bug 1084878 SUSE bug 1092497 SUSE bug 1106913 SUSE bug 1117665 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137865 SUSE bug 1139550 SUSE bug 1140671 SUSE bug 1141054 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1145477 SUSE bug 1146285 SUSE bug 1146361 SUSE bug 1146378 SUSE bug 1146391 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146512 SUSE bug 1146514 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146584 SUSE bug 1147122 SUSE bug 1148394 SUSE bug 1148938 SUSE bug 1149376 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149555 SUSE bug 1149612 SUSE bug 1149849 SUSE bug 1150025 SUSE bug 1150112 SUSE bug 1150223 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150466 SUSE bug 1151347 SUSE bug 1151350 SUSE bug 1152685 SUSE bug 1152782 SUSE bug 1152788 SUSE bug 1153158 SUSE bug 1154372 SUSE bug 1155671 SUSE bug 1155898 SUSE bug 1156187 CVE-2016-10906 CVE-2017-18509 CVE-2017-18595 CVE-2018-12207 CVE-2018-20976 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-13272 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15098 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15290 CVE-2019-15291 CVE-2019-15505 CVE-2019-15666 CVE-2019-15807 CVE-2019-15902 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16413 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18680 CVE-2019-18805 CVE-2019-9456 CVE-2019-9506 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Important) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-ecdsa (Moderate) SUSE OpenStack Cloud 7 This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding (bsc#1153165). - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding (bsc#1154217). Moderate SUSE bug 1153165 SUSE bug 1154217 CVE-2019-14853 CVE-2019-14859 cpe:/o:suse:suse-openstack-cloud:7 Security update for sqlite3 (Important) SUSE OpenStack Cloud 7 This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:suse-openstack-cloud:7 Security update for cups (Important) SUSE OpenStack Cloud 7 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). Important SUSE bug 1146358 SUSE bug 1146359 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:suse-openstack-cloud:7 Security update for clamav (Moderate) SUSE OpenStack Cloud 7 This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Moderate SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1151839 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:suse-openstack-cloud:7 Security update for mailman (Important) SUSE OpenStack Cloud 7 This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Important SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:suse-openstack-cloud:7 Security update for LibVNCServer (Critical) SUSE OpenStack Cloud 7 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:suse-openstack-cloud:7 Security update for clamav (Important) SUSE OpenStack Cloud 7 This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:suse-openstack-cloud:7 Security update for permissions (Moderate) SUSE OpenStack Cloud 7 This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused segmentation fault (bsc#1157198). Moderate SUSE bug 1093414 SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3688 CVE-2019-3690 cpe:/o:suse:suse-openstack-cloud:7 Security update for strongswan (Important) SUSE OpenStack Cloud 7 This update for strongswan provides the following fixes: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Other issues addressed: - Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853). - Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit. - Handle unexpected informational message from SonicWall. (bsc#1009254) Important SUSE bug 1009254 SUSE bug 1071853 SUSE bug 1093536 SUSE bug 1094462 SUSE bug 1107874 SUSE bug 1109845 CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2018-5388 cpe:/o:suse:suse-openstack-cloud:7 Security update for caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, crowbar-ui, etcd, flannel, galera-3, mariadb, mariadb-connector-c, openstack-dashboard-theme-SUSE, openstack-heat-templates, openstack-neutron, openstack-nova, openstack-quickstart, patterns-cloud, python-oslo.messaging, python-oslo.utils, python-pysaml2 (Moderate) SUSE OpenStack Cloud 7 This update for caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, crowbar-ui, etcd, flannel, galera-3, mariadb, mariadb-connector-c, openstack-dashboard-theme-SUSE, openstack-heat-templates, openstack-neutron, openstack-nova, openstack-quickstart, patterns-cloud, python-oslo.messaging, python-oslo.utils, python-pysaml2 fixes the following issues: Security fix for mariadb: - MariaDB was update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - adjust mysql-systemd-helper ('shutdown protected MySQL' section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to 'found left-over process' situation when regular mariadb is started [bsc#1143215] - update suse_skipped_tests.list - remove client_ed25519.so plugin because it's shipped in mariadb-connector-c package (libmariadb_plugins) - update suse_skipped_tests.list - update to 10.2.25 GA * Fixes for the following security vulnerabilities: * 10.2.23: none * 10.2.24: CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 * 10.2.25: none * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10223-release-notes https://mariadb.com/kb/en/library/mariadb-10223-changelog https://mariadb.com/kb/en/library/mariadb-10224-release-notes https://mariadb.com/kb/en/library/mariadb-10224-changelog https://mariadb.com/kb/en/library/mariadb-10225-release-notes https://mariadb.com/kb/en/library/mariadb-10225-changelog - remove mariadb-10.2.22-fix_path.patch that was applied upstream in mariadb 10.2.23 - remove caching_sha2_password.so because it's shipped in mariadb-connector-c package (libmariadb_plugins) - remove xtrabackup scripts as it was replaced by mariabackup (we already removed xtrabackup requires in the first phase) - fix reading options for multiple instances if my${INSTANCE}.cnf is used. Also remove 'umask 077' from mysql-systemd-helper that causes that new datadirs are created with wrong permissions. Set correct permissions for files created by us (mysql_upgrade_info, .run-mysql_upgrade) [bsc#1132666] - fix build comment to not refer to openSUSE - tracker bug [bsc#1136035] - Update to version 1.0+git.1560518045.ad7dc6d: * Patching node before bootstraping - Update to version 4.0+git.1573109906.0f62e9503: * Ignore CVE-2017-1002201 in CI builds (bsc#1155089) - Update to version 4.0+git.1573038068.1e32b3205: * Make sure the input file with ssh key exists (SOC-10133) * mysql: fix WSREP sync race (SOC-10717) * mysql: stop service for mysql_install_db (SOC-10717) - Update to version 4.0+git.1571404877.8edf9dd5c: * Do not use obsoleted --endpoint-type option with CLI * [4.0] Configurable timeout for Galera pre-sync - Switch to stable/7-8 branch - Update to 25.3.25: * A new Galera configuration parameter cert.optimistic_pa was added. If the parameter value is set to true, full parallelization in applying write sets is allowed as determined by certification algorithm. If set to false, no more parallelism is allowed in applying than seen on the master. * Support for ECDH OpenSSL engines on CentOS 6 (galera#520) * Fixed compilation on Debian testing and unstable (galera#516, galera#528) - Add unescape_IPv6_bind_ip.patch * https://github.com/dciabrin/galera-1/commit/0f6f8aeeb09809280c956514cfd5844b8acad4f9 - remove galera-3-25.3.23-scons_fixes.patch (merged upstream) - update to 25.3.24: * A support for new certification key type was added to allow more relaxed certification rules for foreign key references (galera#491). * New status variables were added to display the number of open transactions and referenced client connections inside Galera provider (galera#492). * GCache was sometimes cleared unnecessarily on startup if the recovered state had smaller sequence number than the highest found from GCache. Now only entries with sequence number higher than recovery point will be cleared (galera#498). * Non-primary configuration is saved into grastate.dat only when if the node is in closing state (galera#499). * Exception from GComm was not always handled properly resulting in Galera to remain in half closed state. This was fixed by propagating the error condition appropriately to upper layers (galera#500). * A new status variable displaying the total weight of the cluster nodes was added (galera#501). * The value of pc.weight did not reflect the actual effective value after setting it via wsrep_provider_options. This was fixed by making sure that the new value is taken into use before returning the control back to caller (galera#505, MDEV-11959) * Use of ECHD algorithms with old OpenSSL versions was enabled (galera#511). * Default port value is now used by garbd if the port is not explicitly given in cluster address (MDEV-15531). * Correct error handling for posix_fallocate(). * Failed causal reads are retried during configuration changes. - New upstream version 3.1.2 [bsc#1136035] * CONC-383: client plugins can't be loaded due to missing prefix * Fixed version setting in GnuTLS by moving 'NORMAL' at the end of priority string * CONC-386: Added support for pem files which contain certificate and private key. * Replication/Binlog API: The main mechanism used in replication is the binary log. * CONC-395: Dashes and underscores are not interchangeable in options in my.cnf * CONC-384: Incorrect packet when a connection attribute name or value is equal to or greater than 251 * CONC-388: field->def_length is always set to 0 * Getter should get and the setter should set CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS * Disable LOAD DATA LOCAL INFILE support by default and auto-enable it for the duration of one query, if the query string starts with the word 'load'. In all other cases the application should enable LOAD DATA LOCAL INFILE support explicitly. * Changed return code for mysql_optionv/mysql_get_optionv to 1 (was -1) and added CR_NOT_IMPLEMENTED error message if a option is unknown or not supported. * mingw fix: use lowercase names for include files * CONC-375: Fixed handshake errors when mixing TLSv1.3 cipher suites with cipher suites from other TLS protocols * CONC-312: Added new caching_sha2_password authentication plugin for authentication with MySQL 8.0 - refresh mariadb-connector-c-2.3.1_unresolved_symbols.patch and private_library.patch - pack caching_sha2_password.so and client_ed25519.so - move libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 [bsc#1126088] - Switch to new GitHub repo - Add trigger for openstack-horizon-plugin-murano-ui - Update to version 0.0.0+git.1515995585.81ed236: * Migrate templates job to Zuul v3 - add 0001-set_db_attribute-differs-between-vsctl-and-native.patch (bsc#1152916) part of lp#1630920 - add copytruncate to openstack-neutron.logrotate (bsc#1126428) - Add 0001-When-converting-sg-rules-to-iptables-do-not-emit-dpo.patch (bsc#1129729) - Add back the HA related patches that we removed to debug(SOC-10092) Add 0001-Keep-HA-ports-info-for-HA-router-during-entire-lifecycle.patch backported from https://review.opendev.org/#/c/659644/1 Add 0001-Async-notify-neutron-server-for-HA-states.patch backported from https://review.opendev.org/#/c/658507/1 Add 0001-Change-duplicate-OVS-bridge-datapath-ids.patch backported from https://review.opendev.org/#/c/649192/3 Add 0001-Choose-random-value-for-HA-routes-vr_id.patch backported from https://review.opendev.org/#/c/651988/2 - add copytruncate to openstack-nova.logrorate (bsc#1126428) - Update to version 2016.2+git.1492839294.d76879d: * Setup monasca-agent - Update to version 2016.2+git.1492611783.2908851: * Adding support for monasca - Update to version 2016.2+git.1490964440.09a9673: * Move aliases inside Keystone vhost configuration - Update to version 2016.2+git.1486720712.bea5be9: * Use qemu instead of lxc as virt_type fallback * Check for net/subnet/router existance before creating it * Use get_or_*() functions for Heat - skip magnum service image for non-x86_64 - add 0001-Suppress-excessive-debug-logs-when-consume-rabbit (bsc#1123053): - Add adjust-to-setuptools-8-plus.patch (SOC-10947): this patch fixes oslo.utils breakage caused by the more recent python-setuptools version introduced by (bsc#1075812). - Revert change on using license macro from previous commit. Moderate SUSE bug 1075812 SUSE bug 1123053 SUSE bug 1126088 SUSE bug 1126428 SUSE bug 1129729 SUSE bug 1132666 SUSE bug 1136035 SUSE bug 1143215 SUSE bug 1152916 SUSE bug 1155089 CVE-2017-1002201 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 cpe:/o:suse:suse-openstack-cloud:7 Security update for haproxy (Important) SUSE OpenStack Cloud 7 This update for haproxy fixes the following issues: - CVE-2019-18277: Fixed HTTP smuggling in messages with transfer-encoding header missing the 'chunked' value (bsc#1154980). Important SUSE bug 1154980 CVE-2019-18277 cpe:/o:suse:suse-openstack-cloud:7 Security update for git (Important) SUSE OpenStack Cloud 7 This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023) Important SUSE bug 1082023 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158788 SUSE bug 1158789 SUSE bug 1158790 SUSE bug 1158791 SUSE bug 1158792 SUSE bug 1158793 SUSE bug 1158795 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Important SUSE bug 1158328 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Important SUSE bug 1120374 SUSE bug 1122983 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 cpe:/o:suse:suse-openstack-cloud:7 Security update for util-linux (Important) SUSE OpenStack Cloud 7 This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user (bsc#1084300). These non-security issues were fixed: - Fixed crash loop in lscpu (bsc#1072947). - Fixed possible segfault of umount -a - Fixed mount -a on NFS bind mounts (bsc#1080740). - Fixed lsblk on NVMe (bsc#1078662). Important SUSE bug 1072947 SUSE bug 1078662 SUSE bug 1080740 SUSE bug 1084300 CVE-2018-7738 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-loofah (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-loofah fixes the following issues: Security issues fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute `from` from the allowlist (bsc#1113969). - CVE-2018-8048: Fixed XSS vulnerability due to unescaped characters by libcxml2 (bsc#1085967). Moderate SUSE bug 1085967 SUSE bug 1113969 CVE-2018-16468 CVE-2018-8048 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Important) SUSE OpenStack Cloud 7 This update for nodejs6 to version 6.16.0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka 'PortSmash') (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629) Important SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1117625 SUSE bug 1117626 SUSE bug 1117627 SUSE bug 1117629 SUSE bug 1117630 CVE-2018-0734 CVE-2018-12116 CVE-2018-12120 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123 CVE-2018-5407 cpe:/o:suse:suse-openstack-cloud:7 Security update for systemd (Important) SUSE OpenStack Cloud 7 This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage['cursor'] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Important SUSE bug 1111498 SUSE bug 1117025 SUSE bug 1117382 SUSE bug 1120658 SUSE bug 1122000 SUSE bug 1122344 SUSE bug 1123333 SUSE bug 1123892 SUSE bug 1125352 CVE-2019-6454 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). The following non-security bugs were fixed: - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ata: Fix racy link clearance (bsc#1107866). - btrfs: Fix wrong first_key parameter in replace_path (follow up fixes for bsc#1084721). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (bsc#1113192) - fscache: fix race between enablement and dropping of object (bsc#1107385). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ip: hash fragments consistently (bsc#1042286 bsc#1108145). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - libfc: sync strings with upstream versions (bsc#1114763). - md: reorder flag_bits to match upstream commits The ordering in the patches was backward. - mm: add support for releasing multiple instances of a page (bsc#1100105). - mm: rename __page_frag functions to __page_frag_cache, drop order from drain (bsc#1100105). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - NFS: add nostatflush mount option (bsc#1065726). - nospec: Include <asm/barrier.h> dependency (bsc#1114648). - ovl: after setting xattributes, you need to copy the attributes in order to make sure the mode and ctime/mtime is set (bsc#1107299). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - Revert 'kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)' This reverts commit 54da5757cbbb39ab15b3cd09cf922a8a9e32209c. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1091197). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - sd: disable logical block provisioning if 'lpbme' is not set (bsc#1086095). - tcp: prevent bogus FRTO undos with non-SACK flows (bsc#1086535). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bsc#1105931). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555, bsc#1117187). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs/dmapi: restore event in xfs_getbmap (bsc#1095344, bsc#1114763). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). Important SUSE bug 1012382 SUSE bug 1023175 SUSE bug 1042286 SUSE bug 1065600 SUSE bug 1065726 SUSE bug 1070805 SUSE bug 1084721 SUSE bug 1086095 SUSE bug 1086535 SUSE bug 1091158 SUSE bug 1091171 SUSE bug 1091197 SUSE bug 1094825 SUSE bug 1095344 SUSE bug 1098996 SUSE bug 1099523 SUSE bug 1099597 SUSE bug 1100105 SUSE bug 1101555 SUSE bug 1103624 SUSE bug 1104731 SUSE bug 1105025 SUSE bug 1105931 SUSE bug 1106293 SUSE bug 1107256 SUSE bug 1107299 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108145 SUSE bug 1108498 SUSE bug 1109330 SUSE bug 1110286 SUSE bug 1110837 SUSE bug 1111062 SUSE bug 1113192 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114190 SUSE bug 1114648 SUSE bug 1114763 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1116027 SUSE bug 1116183 SUSE bug 1116345 SUSE bug 1117186 SUSE bug 1117187 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1119714 SUSE bug 1119946 SUSE bug 1119947 SUSE bug 1120743 SUSE bug 1120758 SUSE bug 1121621 SUSE bug 1123161 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 cpe:/o:suse:suse-openstack-cloud:7 Security update for procps (Important) SUSE OpenStack Cloud 7 This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:suse-openstack-cloud:7 Security update for texlive (Important) SUSE OpenStack Cloud 7 This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Important SUSE bug 1109673 CVE-2018-17407 cpe:/o:suse:suse-openstack-cloud:7 Security update for kernel-firmware (Important) SUSE OpenStack Cloud 7 This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Important SUSE bug 1104301 CVE-2018-5383 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql (Important) SUSE OpenStack Cloud 7 This update for python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql fixes the following issues: Security issue fixed for python-paramiko: - CVE-2018-1000805: Fixed an authentication bypass (bnc#1111151). Non-security issues fixed: - python-oslo.messaging: Fixed an issue if the client tries to reconnect after connection was lost (bsc#1123054). - python-ovs: Fixed memory leak in c parser (bsc#1116437). - python-ovs: Switched away from noarch and build the C based backend (bsc#1115099). - python-psql2mysql: Update to version 0.5.0+git.1539592188.13e5d0f. Important SUSE bug 1111151 SUSE bug 1115099 SUSE bug 1116437 SUSE bug 1123054 CVE-2018-1000805 cpe:/o:suse:suse-openstack-cloud:7 Security update for python (Important) SUSE OpenStack Cloud 7 This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Django (Moderate) SUSE OpenStack Cloud 7 This update for python-Django fixes the following issues: Security issue fixed: - CVE-2019-3498: Fixed a content spoofing attack in the default 404 page (bsc#1120932) Moderate SUSE bug 1120932 CVE-2019-3498 cpe:/o:suse:suse-openstack-cloud:7 Security update for qemu (Important) SUSE OpenStack Cloud 7 This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604). - CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function. - CVE-2017-13672: Fixed a denial of service via vectors involving display update. Non-security issues fixed: - Fixed bad guest time after migration (bsc#1113231). Important SUSE bug 1084604 SUSE bug 1113231 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1119493 SUSE bug 1123156 CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2018-7858 CVE-2019-6778 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 cpe:/o:suse:suse-openstack-cloud:7 Security update for libvirt (Moderate) SUSE OpenStack Cloud 7 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues fixed: - libxl: save current memory value after successful balloon (bsc#1120813). - spec: Don't restart libvirt-guests when updating libvirt-client (bsc#1104662). Moderate SUSE bug 1104662 SUSE bug 1120813 SUSE bug 1127458 CVE-2019-3840 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Important SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 cpe:/o:suse:suse-openstack-cloud:7 Security update for LibVNCServer (Important) SUSE OpenStack Cloud 7 This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120119 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Important SUSE bug 1122292 SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1128158 CVE-2018-11212 CVE-2018-1890 CVE-2019-2422 CVE-2019-2449 cpe:/o:suse:suse-openstack-cloud:7 Security update for libssh2_org (Moderate) SUSE OpenStack Cloud 7 This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:suse-openstack-cloud:7 Security update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas (Moderate) SUSE OpenStack Cloud 7 This update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas fixes the following issues: Security vulnerabity fixed in openstack-cinder: - CVE-2017-15139: Fixed a leakage of sensitive information between tenants in certain storage volume configurations (bsc#1105476) Bug fixes and other changes in openstack-horizon-plugin-designate-ui: - Remove the py{c} files unconditionally without error messages Bug fixes and other changes in openstack-neutron: - Fixed an issue with neutron leaving behind ovs ports when already in skipped_ports (bsc#1124695) - Require version and release to ensure that subpackages are consistent and coherent (bsc#1119902) - Fixed an issue with lbass neutron ports being down or in status build (bsc#1119902) - Enable liberal TCP connection tracking to prevent connection resets (bsc#1116475) - Switch to mariadb.service - Add dependency on rabbitmq to neutron-server.service Bug fixes and changes in openstack-neutron-lbaas.changes - Improve performance of loadbalancer objects (bsc#1089834) Moderate SUSE bug 1089834 SUSE bug 1105476 SUSE bug 1116475 SUSE bug 1119902 SUSE bug 1124695 CVE-2017-15139 cpe:/o:suse:suse-openstack-cloud:7 Security update for ghostscript (Important) SUSE OpenStack Cloud 7 This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Moderate) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Moderate SUSE bug 1129231 cpe:/o:suse:suse-openstack-cloud:7 Security update for ntp (Moderate) SUSE OpenStack Cloud 7 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1125401 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Moderate) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Other issues addressed: - Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Moderate SUSE bug 1100078 SUSE bug 1113975 SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 cpe:/o:suse:suse-openstack-cloud:7 Security update for sssd (Moderate) SUSE OpenStack Cloud 7 This update for sssd provides the following fixes: This security issue was fixed: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users (bsc#1098377) These non-security issues were fixed: - Fix a segmentation fault in sss_cache command. (bsc#1072728) - Fix a failure in autofs initialisation sequence upon system boot. (bsc#1010700) - Fix race condition on boot between SSSD and autofs. (bsc#1010700) - Fix a bug where file descriptors were not closed (bsc#1080156) - Fix an issue where sssd logs were not rotated properly (bsc#1080156) - Remove whitespaces from netgroup entries (bsc#1087320) - Remove misleading log messages (bsc#1101877) - exit() the forked process if exec()-ing a child process fails (bsc#1110299) - Do not schedule the machine renewal task if adcli is not executable (bsc#1110299) Moderate SUSE bug 1010700 SUSE bug 1072728 SUSE bug 1080156 SUSE bug 1087320 SUSE bug 1098377 SUSE bug 1101877 SUSE bug 1110299 CVE-2018-10852 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Moderate) SUSE OpenStack Cloud 7 This update for nodejs6 to version 6.17.0 fixes the following issues: Security issues fixed: - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127533). - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532). - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Release Notes: https://nodejs.org/en/blog/release/v6.17.0/ Moderate SUSE bug 1127080 SUSE bug 1127532 SUSE bug 1127533 CVE-2019-1559 CVE-2019-5737 CVE-2019-5739 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829). - CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732). - CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728). The following non-security bugs were fixed: - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ipv4: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - netfilter: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599, bsc#1105402, bsc#1127758). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1108145). - scsi: megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (bsc#1121698). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bsc#1122821). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen-netfront: Fix hang on device removal (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Important SUSE bug 1012382 SUSE bug 1075697 SUSE bug 1082943 SUSE bug 1098599 SUSE bug 1102959 SUSE bug 1105402 SUSE bug 1107829 SUSE bug 1108145 SUSE bug 1109137 SUSE bug 1109330 SUSE bug 1110286 SUSE bug 1117645 SUSE bug 1119019 SUSE bug 1120691 SUSE bug 1121698 SUSE bug 1121805 SUSE bug 1122821 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1125315 SUSE bug 1127155 SUSE bug 1127758 SUSE bug 1127961 SUSE bug 1128166 SUSE bug 1129080 SUSE bug 1129179 CVE-2018-14633 CVE-2019-2024 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 cpe:/o:suse:suse-openstack-cloud:7 Security update for bash (Important) SUSE OpenStack Cloud 7 This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Important SUSE bug 1130324 CVE-2019-9924 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Important SUSE bug 1125330 SUSE bug 1127987 SUSE bug 1129821 SUSE bug 1130262 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 cpe:/o:suse:suse-openstack-cloud:7 Security update for apache2 (Important) SUSE OpenStack Cloud 7 This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Important SUSE bug 1131233 SUSE bug 1131237 SUSE bug 1131239 SUSE bug 1131241 SUSE bug 1131245 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:suse-openstack-cloud:7 Security update for clamav (Important) SUSE OpenStack Cloud 7 This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:suse-openstack-cloud:7 Security update for dovecot22 (Important) SUSE OpenStack Cloud 7 This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Important SUSE bug 1111789 SUSE bug 1123022 SUSE bug 1130116 CVE-2019-3814 CVE-2019-7524 cpe:/o:suse:suse-openstack-cloud:7 Security update for sqlite3 (Moderate) SUSE OpenStack Cloud 7 This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Moderate SUSE bug 1119687 SUSE bug 1131576 CVE-2018-20346 CVE-2018-20506 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-actionpack-4_2 (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-actionpack-4_2 fixes the following issues: Security issues fixed: - CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272). - CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271). Moderate SUSE bug 1129271 SUSE bug 1129272 CVE-2019-5418 CVE-2019-5419 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) Other issue addressed: - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). Important SUSE bug 1026236 SUSE bug 1114988 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129623 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:suse-openstack-cloud:7 Security update for wget (Important) SUSE OpenStack Cloud 7 This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Important SUSE bug 1131493 CVE-2019-5953 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3 (Important) SUSE OpenStack Cloud 7 This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 CVE-2019-9636 cpe:/o:suse:suse-openstack-cloud:7 Security update for curl (Important) SUSE OpenStack Cloud 7 This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758). Important SUSE bug 1112758 SUSE bug 1131886 CVE-2018-16839 cpe:/o:suse:suse-openstack-cloud:7 Security update for cups (Important) SUSE OpenStack Cloud 7 This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:suse-openstack-cloud:7 Security update for pam_radius (Important) SUSE OpenStack Cloud 7 This update for pam_radius fixes the following issues: - CVE-2015-9542: Fixed a buffer overflow in password field (bsc#1163933). - On s390x didn't decrypt passwords correctly (bsc#1141670). Important SUSE bug 1141670 SUSE bug 1163933 CVE-2015-9542 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). - CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329). Important SUSE bug 1155321 SUSE bug 1156318 SUSE bug 1159329 SUSE bug 1161719 SUSE bug 1163809 SUSE bug 1165528 SUSE bug 1169658 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 cpe:/o:suse:suse-openstack-cloud:7 Security update for shibboleth-sp (Moderate) SUSE OpenStack Cloud 7 This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files (bsc#1157471). Moderate SUSE bug 1157471 CVE-2019-19191 cpe:/o:suse:suse-openstack-cloud:7 Security update for LibVNCServer (Important) SUSE OpenStack Cloud 7 This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:suse-openstack-cloud:7 Security update for icu (Moderate) SUSE OpenStack Cloud 7 This update for icu fixes the following issues: - CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend() (bsc#1166844). Moderate SUSE bug 1166844 CVE-2020-10531 cpe:/o:suse:suse-openstack-cloud:7 Security update for openldap2 (Important) SUSE OpenStack Cloud 7 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643). Non-security issues fixed: - Update to version 2.28.2 (bsc#1170643): + Fix excessive CPU usage due to GdkFrameClock not being stopped. + Fix UI process crash when EGL_WL_bind_wayland_display extension is not available. + Fix position of select popup menus in X11. + Fix playing of Youtube 'live stream'/H264 URLs. + Fix a crash under X11 when cairo uses xcb. + Fix the build in MIPS64. + Fix several crashes and rendering issues. Important SUSE bug 1170643 CVE-2020-3899 cpe:/o:suse:suse-openstack-cloud:7 Security update for ghostscript (Important) SUSE OpenStack Cloud 7 This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603). Important SUSE bug 1170603 CVE-2020-12268 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: Update to version 68.8.0 ESR (bsc#1171186): - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection - CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 Important SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:suse-openstack-cloud:7 Security update for squid (Important) SUSE OpenStack Cloud 7 This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-11945: fixes a potential remote execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (bsc#1170423). Important SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12524 CVE-2020-11945 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: Fixed a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which leads to a wait_til_ready out-of-bounds read (bnc#1165111). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). - CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem caused by mishandling invalid descriptors (bnc#1168854). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bnc#1170345). - CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bnc#1168829). - CVE-2017-18255: The perf_cpu_time_max_percent_handler function in kernel/events/core.c allowed local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation (bnc#1087813). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971). - CVE-2019-5108: Fixed a denial-of-service vulnerability caused by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912). - CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c allowed attackers to cause a denial of service (soft lockup) via a crafted journal size (bnc#1164069). - CVE-2018-21008: Fixed a use-after-free which could be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155). - CVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bnc#1157804). - CVE-2019-14615: Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may have allowed an unauthenticated user to potentially enable information disclosure via local access (bnc#1160195, bsc#1165881). - CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bnc#1159911). - CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910). - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908). - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841). - CVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem image, performing some operations, and unmounting could lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819). - CVE-2019-19319: Fixed an issue with a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). - CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). - CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). - CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827). - CVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904). - CVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). - CVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). - CVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). - CVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). - CVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823). - CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). - CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: Fixed a information disclosure on powerpc related to the Spectre-RSB mitigation. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038 1157923). - CVE-2019-18683: Fixed a privilege escalation where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem) (bnc#1155897). - CVE-2019-19062: Fixed a memory leak in the crypto_report() function in crypto/crypto_user_base.c, which allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). - CVE-2019-11091,CVE-2018-12126,CVE-2018-12130,CVE-2018-12127: Earlier mitigations for the 'MDS' Microarchitectural Data Sampling attacks were not complete. An additional fix was added to the x86_64 fast systemcall path to further mitigate these attacks. (bsc#1164846 bsc#1170847) The following non-security bugs were fixed: - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (bsc#1155311). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1155311). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1155311). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1155311). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1155311). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1155311). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1155311). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1155311). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1155311). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1155311). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1155311). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1155311). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1155311). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1155311). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1155311). - cgroup: avoid copying strings longer than the buffers (bsc#1146544). - cgroup: use strlcpy() instead of strscpy() to avoid spurious warning (bsc#1146544). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - fix PageHeadHuge() race with THP split (VM Functionality, bsc#1165311). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279 bsc#1156060). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - futex: Use smp_store_release() in mark_wake_futex() (bsc#1157464). - Input: add safety guards to input_set_keycode() (bsc#1168075). - ipv4: correct gso_size for UFO (bsc#1154844). - ipv6: fix memory accounting during ipv6 queue expire (bsc#1162227) (bsc#1162227). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (bsc#1037216). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1146544). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mitigations: Clear CPU buffers on the SYSCALL fast path (bsc#1164846). - xen/pv: Fix a boot up hang revealed by int3 self test (bsc#1153811). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). Important SUSE bug 1037216 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1087082 SUSE bug 1087813 SUSE bug 1091041 SUSE bug 1099279 SUSE bug 1120386 SUSE bug 1131107 SUSE bug 1133147 SUSE bug 1136449 SUSE bug 1137325 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1146612 SUSE bug 1149591 SUSE bug 1153811 SUSE bug 1154844 SUSE bug 1155311 SUSE bug 1155897 SUSE bug 1156060 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157158 SUSE bug 1157303 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157464 SUSE bug 1157804 SUSE bug 1157923 SUSE bug 1158021 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1159297 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159912 SUSE bug 1160195 SUSE bug 1162227 SUSE bug 1162298 SUSE bug 1162928 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164078 SUSE bug 1164846 SUSE bug 1165111 SUSE bug 1165311 SUSE bug 1165873 SUSE bug 1165881 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1170056 SUSE bug 1170345 SUSE bug 1170778 CVE-2017-18255 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-21008 CVE-2019-11091 CVE-2019-14615 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15213 CVE-2019-18660 CVE-2019-18675 CVE-2019-18683 CVE-2019-19052 CVE-2019-19062 CVE-2019-19066 CVE-2019-19073 CVE-2019-19074 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19767 CVE-2019-19768 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20096 CVE-2019-3701 CVE-2019-5108 CVE-2019-9455 CVE-2019-9458 CVE-2020-10690 CVE-2020-10720 CVE-2020-10942 CVE-2020-11494 CVE-2020-11608 CVE-2020-11609 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-8992 CVE-2020-9383 cpe:/o:suse:suse-openstack-cloud:7 Security update for apache2 (Important) SUSE OpenStack Cloud 7 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1168407 SUSE bug 1169066 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-PyYAML (Important) SUSE OpenStack Cloud 7 This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader (bsc#1165439). Important SUSE bug 1165439 CVE-2020-1747 cpe:/o:suse:suse-openstack-cloud:7 Security update for git (Moderate) SUSE OpenStack Cloud 7 This update for git to 2.26.2 fixes the following issues: Security issue fixed: - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936). Non-security issue fixed: - Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - Enabled access for git-daemon in firewall configuration (bsc#1170302). - Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741). Moderate SUSE bug 1149792 SUSE bug 1168930 SUSE bug 1169605 SUSE bug 1169786 SUSE bug 1169936 SUSE bug 1170302 SUSE bug 1170741 SUSE bug 1170939 CVE-2020-11008 CVE-2020-5260 cpe:/o:suse:suse-openstack-cloud:7 Security update for mailman (Important) SUSE OpenStack Cloud 7 This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug (bsc#1171363). - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). - Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920). Important SUSE bug 1167068 SUSE bug 1170558 SUSE bug 1171363 SUSE bug 682920 CVE-2020-12108 CVE-2020-12137 cpe:/o:suse:suse-openstack-cloud:7 Security update for tomcat (Important) SUSE OpenStack Cloud 7 This update for tomcat fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS. CVE-2019-17563 (bsc#1159729) When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. CVE-2019-17569 (bsc#1164825) Invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header. Important SUSE bug 1136085 SUSE bug 1159723 SUSE bug 1159729 SUSE bug 1164825 SUSE bug 1171928 CVE-2019-0221 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-9484 cpe:/o:suse:suse-openstack-cloud:7 Security update for python (Moderate) SUSE OpenStack Cloud 7 This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). Additionally a new 'shared-python-startup' package is provided containing startup files. python-rpm-macros was updated to fix: - Do not write .pyc files for tests (bsc#1171561) Moderate SUSE bug 1027282 SUSE bug 1041090 SUSE bug 1042670 SUSE bug 1073269 SUSE bug 1073748 SUSE bug 1078326 SUSE bug 1078485 SUSE bug 1081750 SUSE bug 1084650 SUSE bug 1086001 SUSE bug 1149792 SUSE bug 1153830 SUSE bug 1155094 SUSE bug 1159035 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 SUSE bug 1170411 SUSE bug 1171561 SUSE bug 945401 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:suse-openstack-cloud:7 Security update for qemu (Moderate) SUSE OpenStack Cloud 7 This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240). - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873). - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018). - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066). - CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811). - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156). Moderate SUSE bug 1123156 SUSE bug 1146873 SUSE bug 1149811 SUSE bug 1161066 SUSE bug 1163018 SUSE bug 1166240 SUSE bug 1170940 CVE-2019-12068 CVE-2019-15890 CVE-2019-6778 CVE-2020-1711 CVE-2020-1983 CVE-2020-7039 CVE-2020-8608 cpe:/o:suse:suse-openstack-cloud:7 Security update for krb5-appl (Important) SUSE OpenStack Cloud 7 This update for krb5-appl fixes the following issues: - CVE-2020-10188: Fixed a remote root execution (bsc#1165787). Important SUSE bug 1165787 CVE-2020-10188 cpe:/o:suse:suse-openstack-cloud:7 Security update for libexif (Moderate) SUSE OpenStack Cloud 7 This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Moderate SUSE bug 1055857 SUSE bug 1059893 SUSE bug 1120943 SUSE bug 1160770 SUSE bug 1171475 SUSE bug 1171847 SUSE bug 1172105 SUSE bug 1172116 SUSE bug 1172121 CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:suse:suse-openstack-cloud:7 Security update for vim (Moderate) SUSE OpenStack Cloud 7 This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225 and bsc#1172031). Moderate SUSE bug 1172031 SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:suse-openstack-cloud:7 Security update for ruby2.1 (Important) SUSE OpenStack Cloud 7 This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286). - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286). - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452). - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607). - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632). - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754). - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757). - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782). - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002). - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434). - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782). - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441). - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436). - CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433). - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440). - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437). - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530). - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532). - CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007). - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008). - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014). - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009). - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010). - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011). - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058). - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627). - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623). - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622). - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620). - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617). - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611). - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995). - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992). - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990). - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517). Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072). Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275) Important SUSE bug 1043983 SUSE bug 1048072 SUSE bug 1055265 SUSE bug 1056286 SUSE bug 1056782 SUSE bug 1058754 SUSE bug 1058755 SUSE bug 1058757 SUSE bug 1062452 SUSE bug 1069607 SUSE bug 1069632 SUSE bug 1073002 SUSE bug 1078782 SUSE bug 1082007 SUSE bug 1082008 SUSE bug 1082009 SUSE bug 1082010 SUSE bug 1082011 SUSE bug 1082014 SUSE bug 1082058 SUSE bug 1087433 SUSE bug 1087434 SUSE bug 1087436 SUSE bug 1087437 SUSE bug 1087440 SUSE bug 1087441 SUSE bug 1112530 SUSE bug 1112532 SUSE bug 1130611 SUSE bug 1130617 SUSE bug 1130620 SUSE bug 1130622 SUSE bug 1130623 SUSE bug 1130627 SUSE bug 1152990 SUSE bug 1152992 SUSE bug 1152994 SUSE bug 1152995 SUSE bug 1171517 SUSE bug 1172275 CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_7_0-openjdk to version 7u261 fixes the following issues: - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1169511 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:suse-openstack-cloud:7 Security update for tigervnc (Important) SUSE OpenStack Cloud 7 This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Important SUSE bug 1159856 SUSE bug 1159858 SUSE bug 1159860 SUSE bug 1160250 SUSE bug 1160251 SUSE bug 1160937 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Moderate) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). The following non-security bugs were fixed: - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1171698). - KEYS: allow reaching the keys quotas exactly (bsc#1171689). - KEYS: reaching the keys quotas correctly (bsc#1171689). - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). Important SUSE bug 1154824 SUSE bug 1164871 SUSE bug 1171098 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171689 SUSE bug 1171698 SUSE bug 1172221 SUSE bug 1172317 CVE-2020-0543 CVE-2020-10757 CVE-2020-12114 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12656 cpe:/o:suse:suse-openstack-cloud:7 Security update for virglrenderer (Important) SUSE OpenStack Cloud 7 This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Important SUSE bug 1159478 SUSE bug 1159479 SUSE bug 1159482 SUSE bug 1159486 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:suse:suse-openstack-cloud:7 Security update for adns (Important) SUSE OpenStack Cloud 7 This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Critical) SUSE OpenStack Cloud 7 This update for nodejs6 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916). Critical SUSE bug 1166916 SUSE bug 1172443 CVE-2020-7598 CVE-2020-8174 cpe:/o:suse:suse-openstack-cloud:7 Security update for perl (Important) SUSE OpenStack Cloud 7 This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601). - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) Important SUSE bug 1102840 SUSE bug 1160039 SUSE bug 1170601 SUSE bug 1171863 SUSE bug 1171864 SUSE bug 1171866 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm fixes the following issues: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352). Important SUSE bug 1160968 SUSE bug 1169511 SUSE bug 1171352 SUSE bug 1172277 CVE-2019-2949 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1160398 SUSE bug 1169511 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:suse-openstack-cloud:7 Security update for curl (Important) SUSE OpenStack Cloud 7 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:suse-openstack-cloud:7 Security update for tomcat (Important) SUSE OpenStack Cloud 7 This update for tomcat fixes the following issues: - CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405) Important SUSE bug 1172405 CVE-2020-8022 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3-requests (Moderate) SUSE OpenStack Cloud 7 This update for python3-requests provides the following fix: python-requests was updated to 2.20.1. Update to version 2.20.1: * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. Update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging Update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. - Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https connections will fail. Moderate SUSE bug 1054413 SUSE bug 1073879 SUSE bug 1111622 SUSE bug 1122668 SUSE bug 761500 SUSE bug 922448 SUSE bug 929736 SUSE bug 935252 SUSE bug 945455 SUSE bug 947357 SUSE bug 961596 SUSE bug 967128 CVE-2015-2296 CVE-2018-18074 cpe:/o:suse:suse-openstack-cloud:7 Security update for mutt (Important) SUSE OpenStack Cloud 7 This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:suse-openstack-cloud:7 Security update for squid (Important) SUSE OpenStack Cloud 7 This update for squid fixes the following issues: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). Important SUSE bug 1167373 SUSE bug 1173304 CVE-2019-18860 CVE-2020-14059 cpe:/o:suse:suse-openstack-cloud:7 Security update for ntp (Moderate) SUSE OpenStack Cloud 7 This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Moderate SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:suse:suse-openstack-cloud:7 Security update for mozilla-nspr, mozilla-nss (Important) SUSE OpenStack Cloud 7 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 Important SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173022 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:suse-openstack-cloud:7 Security update for openldap2 (Important) SUSE OpenStack Cloud 7 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). Important SUSE bug 1170715 SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1167231 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:suse:suse-openstack-cloud:7 Security update for bind (Important) SUSE OpenStack Cloud 7 This update for bind fixes the following issues: - Amended documentation referring to rule types 'krb5-subdomain' and 'ms-subdomain'. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. [CVE-2018-5741] - Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server address records are limited to 4 for any domain. [CVE-2020-8616] - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. [CVE-2020-8617] [bsc#1109160, bsc#1171740, CVE-2018-5741, bind-CVE-2018-5741.patch, CVE-2020-8616, bind-CVE-2020-8616.patch, CVE-2020-8617, bind-CVE-2020-8617.patch] - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367 bsc#1118368) - Using a drop-in file Important SUSE bug 1109160 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1171740 CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:suse-openstack-cloud:7 Security update for xrdp (Important) SUSE OpenStack Cloud 7 This update for xrdp provides the following fix: - CVE-2020-4044: xrdp-sesman can be crashed remotely over port 3350 (bsc#1173580). - Fixed an issue where xrdp-sesman could not restart (bsc#1155952). - Fixed an issue where xrdp could not start due to an error in the service file use absolute path in ExecStart (bsc#1155789). - Fixed a PAM error after 2nd xrdp session after logout (bsc#1153471). - Fixed a crash in xrdp-sesman, caused by terminating and reconnecting an xrdp session (bsc#1152711). - Fixed a failure in RDP session recovery (bsc#1150584). - Fixed a process leak (bsc#1144379). - Let systemd handle the daemons, fixing daemon start failures. (bsc#1138954, bsc#1144327) - Don't try to create .vnc directory if it already exists. (bsc#1157860) Important SUSE bug 1138954 SUSE bug 1144327 SUSE bug 1144379 SUSE bug 1150584 SUSE bug 1152711 SUSE bug 1153471 SUSE bug 1155789 SUSE bug 1155952 SUSE bug 1157860 SUSE bug 1173580 CVE-2017-6967 CVE-2020-4044 cpe:/o:suse:suse-openstack-cloud:7 Security update for squid (Important) SUSE OpenStack Cloud 7 This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Important SUSE bug 1173455 CVE-2020-15049 cpe:/o:suse:suse-openstack-cloud:7 Security update for mailman (Important) SUSE OpenStack Cloud 7 This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Important SUSE bug 1173998 CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 cpe:/o:suse:suse-openstack-cloud:7 Security update for grub2 (Important) SUSE OpenStack Cloud 7 This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes - Fix packed-not-aligned error on GCC 8 (bsc#1084632) - Backport gcc-7 build fixes Important SUSE bug 1084632 SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:suse-openstack-cloud:7 Security update for ghostscript (Important) SUSE OpenStack Cloud 7 This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Moderate) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Moderate SUSE bug 1173948 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:suse-openstack-cloud:7 Security update for libX11 (Important) SUSE OpenStack Cloud 7 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10732: A flaw was found in the implementation of userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - x86/dumpstack/64: Handle faults when printing the 'Stack: ' part of an OOPS (bsc#1170383). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1172049). Important SUSE bug 1162002 SUSE bug 1170383 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171220 SUSE bug 1171732 SUSE bug 1171988 SUSE bug 1172049 SUSE bug 1172453 SUSE bug 1172458 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-actionview-4_2 (Important) SUSE OpenStack Cloud 7 This update for rubygem-actionview-4_2 fixes the following issues: - Fixed a potential remote code execution of user-provided local names (bsc#1173144, CVE-2020-8163). Important SUSE bug 1173144 CVE-2020-8163 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-ipaddress (Important) SUSE OpenStack Cloud 7 This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:suse:suse-openstack-cloud:7 Security update for LibVNCServer (Important) SUSE OpenStack Cloud 7 This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 cpe:/o:suse:suse-openstack-cloud:7 Security update for libX11 (Important) SUSE OpenStack Cloud 7 This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:suse-openstack-cloud:7 Security update for xerces-c (Moderate) SUSE OpenStack Cloud 7 This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Moderate SUSE bug 1083630 CVE-2017-12627 cpe:/o:suse:suse-openstack-cloud:7 Security update for webkit2gtk3 (Important) SUSE OpenStack Cloud 7 This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: Multiple xenoprof issues - bsc#1168142 - CVE-2020-11739: Missing memory barriers in read-write unlock paths Important SUSE bug 1163019 SUSE bug 1168140 SUSE bug 1168142 SUSE bug 1169392 SUSE bug 1174543 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-8608 cpe:/o:suse:suse-openstack-cloud:7 Security update for dovecot22 (Important) SUSE OpenStack Cloud 7 This update for dovecot22 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:suse:suse-openstack-cloud:7 Security update for grub2 (Important) SUSE OpenStack Cloud 7 This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). Important SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Moderate) SUSE OpenStack Cloud 7 This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 SUSE bug 1174120 CVE-2020-10745 cpe:/o:suse:suse-openstack-cloud:7 Security update for xorg-x11-server (Moderate) SUSE OpenStack Cloud 7 This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Moderate SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:suse:suse-openstack-cloud:7 Security update for freeradius-server (Moderate) SUSE OpenStack Cloud 7 This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). Moderate SUSE bug 1144524 SUSE bug 1166847 CVE-2019-13456 CVE-2019-17185 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Moderate) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-17631 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 cpe:/o:suse:suse-openstack-cloud:7 Security update for xorg-x11-server (Important) SUSE OpenStack Cloud 7 This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:suse-openstack-cloud:7 Security update for apache2 (Moderate) SUSE OpenStack Cloud 7 This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Moderate SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175072 CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Moderate) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Important) SUSE OpenStack Cloud 7 This update for nodejs6 to version 6.17.1 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field (bsc#1159352). Important SUSE bug 1159352 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777 cpe:/o:suse:suse-openstack-cloud:7 Security update for squid (Critical) SUSE OpenStack Cloud 7 This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:suse-openstack-cloud:7 Security update for libX11 (Moderate) SUSE OpenStack Cloud 7 This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Moderate) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Moderate) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2019-16746: Fixed an improper check of the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bug was fixed: - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). Important SUSE bug 1152107 SUSE bug 1173798 SUSE bug 1174205 SUSE bug 1174757 SUSE bug 1175691 SUSE bug 1176069 CVE-2019-16746 CVE-2020-14314 CVE-2020-14331 CVE-2020-14386 CVE-2020-16166 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:suse-openstack-cloud:7 Security update for tomcat (Moderate) SUSE OpenStack Cloud 7 This update for tomcat fixes the following issues: - CVE-2020-1935: Fixed an HTTP request smuggling vulnerability (bsc#1164860). - CVE-2020-13935: Fixed a WebSocket DoS (bsc#1174117). Moderate SUSE bug 1164860 SUSE bug 1174117 CVE-2020-13935 CVE-2020-1935 cpe:/o:suse:suse-openstack-cloud:7 Security update for shim (Moderate) SUSE OpenStack Cloud 7 This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Moderate SUSE bug 1168994 SUSE bug 1175626 SUSE bug 1175656 CVE-2020-10713 cpe:/o:suse:suse-openstack-cloud:7 Security update for perl-DBI (Important) SUSE OpenStack Cloud 7 This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-rack (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-rack to version 1.6.13 fixes the following issues: - CVE-2020-8184: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names (bsc#1173351). - CVE-2020-8161: Fixed a directory traversal (bsc#1172037). - CVE-2019-16782: Fixed an information leak / session hijack vulnerability (bsc#1159548). Moderate SUSE bug 1159548 SUSE bug 1172037 SUSE bug 1173351 CVE-2019-16782 CVE-2020-8161 CVE-2020-8184 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-actionview-4_2 (Important) SUSE OpenStack Cloud 7 This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2020-15169: Fix cross-site scripting in translation helpers (bsc#1176421) Important SUSE bug 1176421 CVE-2020-15169 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-pip (Moderate) SUSE OpenStack Cloud 7 This update for python-pip fixes the following issues: - CVE-2019-20916: Fixed a directory traversal in _download_http_url (bsc#1176262) Moderate SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3 (Important) SUSE OpenStack Cloud 7 This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). Important SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1130840 SUSE bug 1141853 SUSE bug 1149955 SUSE bug 1153238 SUSE bug 1162423 SUSE bug 1173274 SUSE bug 1174091 SUSE bug 1174701 CVE-2018-14647 CVE-2018-20852 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-9947 CVE-2020-14422 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Important) SUSE OpenStack Cloud 7 This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). Important SUSE bug 1176579 CVE-2020-1472 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:suse-openstack-cloud:7 Security update for libqt5-qtbase (Important) SUSE OpenStack Cloud 7 This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205,XSA-320) - CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321). - CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE (bsc#1173380,XSA-328) Important SUSE bug 1172205 SUSE bug 1173378 SUSE bug 1173380 SUSE bug 1175534 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176349 SUSE bug 1176350 CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 cpe:/o:suse:suse-openstack-cloud:7 Security update for perl-DBI (Important) SUSE OpenStack Cloud 7 This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). Important SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2019-20919 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_7_0-openjdk fixes the following issues: - java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157) - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c - JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError - JDK-8077982: GIFLIB upgrade - JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions - JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' - JDK-8155691: Update GIFlib library to the latest up-to-date - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - JDK-8203190: SessionId.hashCode generates too many collisions - JDK-8217676: Upgrade libpng to 1.6.37 - JDK-8220495: Update GIFlib library to the 5.1.8 - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - JDK-8229899: Make java.io.File.isInvalid() less racy - JDK-8230597: Update GIFlib library to the 5.2.1 - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result Important SUSE bug 1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:suse-openstack-cloud:7 Security update for tigervnc (Critical) SUSE OpenStack Cloud 7 This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733). Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:suse:suse-openstack-cloud:7 Security update for libproxy (Important) SUSE OpenStack Cloud 7 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:suse:suse-openstack-cloud:7 Security update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client (Critical) SUSE OpenStack Cloud 7 This update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client fixes the following issues: Security fixes included on this update: for ansible: - CVE-2020-1733,CVE-2020-10744: Fixed a race condition and insecure permissions which could have allowed another user on the node to gain control of the become user (bsc#1171823 and bsc#1164140). for grafana: - CVE-2020-11110, CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed XSS vulnerabilities in dashboard due to an incomplete fix for CVE-2018-12099 for openstack-nova: - CVE-2020-17376: Fixed an issue in which live migration failed to update persistent domain XML (bsc#1175484) for python-pillow: - CVE-2016-0775: Fixed a buffer overflow in FliDecode.c (bsc#965582) - CVE-2020-10177: Fix-OOB-reads-in-FLI-decoding (bsc#1173413) - CVE-2020-10994: Fix-bounds-overflow-in-JPEG-2000-decoding (bsc#1173418) - CVE-2020-10378: Fix-bounds-overflow-in-PCX-decoding (bsc#1173416) for rubygem-crowbar-client: - CVE-2018-17954: Fixed an issue where provision leaks admin password to all nodes in cleartext (bsc#1117080) Non-security fixes included on this update: Changes in ansible: - Update CVE-2020-10744_avoid_mkdir_p.patch to include missing parts and rename to CVE-2020-1733_avoid_mkdir_p.patch to make it clear which CVE is fixed there (bsc#1164140) - Add CVE-2020-10744_avoid_mkdir_p.patch (bsc#1171823) to fix insecure temporary directory creation. Changes in crowbar-core: - Update to version 4.0+git.1600767499.0615a418f: * provisioner: check for client_user (SOC-11389) * crowbar: Also add access to /restricted/ in SSL vhost (SOC-11352) * crowbar: Allow hardware-installing -> discovering transition (noref) * crowbar: Add Restricted controller with API for restricted clients (bsc#1117080) * crowbar: Add complete list of states to Crowbar::State (noref) * provisioner: Remove the need for /updates/parse_node_data (noref) * crowbar: Create helper module to validate states (noref) * provisioner: Use new restricted API (bsc#1117080) * provisioner: Do not read /etc/crowbar.install.key from crowbar_joi (bsc#1117080) * provisioner: Remove use of privileged user for Windows machine (bsc#1117080) * provisioner: Use restricted client during provisioning (bsc#1117080) * provisioner: Use restricted client for crowbar_register (bsc#1117080) * provisioner: Drop /etc/crowbar.install.key bits from autoyast prof (bsc#1117080) * Avoid hardcoding machine-install user (bsc#1117080) * crowbar: Restrict admin access (bsc#1117080) - Update to version 4.0+git.1600416364.5a9286e31: * Whitelist fixed CVEs in travis (noref) * Disable cookbook tests (noref) Changes in crowbar-openstack: - Update to version 4.0+git.1599037255.25b759234: * horizon: Update configuration for Grafana 5.x Changes in grafana: - BuildRequire go1.14 explicitly - Add recompress source service - Add go_modules source service to create vendor.tar.gz containing 3rd party go modules. - Adjust spec to work for Grafana-6.7.4 - Adjust Makefile to work for Grafana-6.7.4 - Remove CVE-2019-15043.patch (merged upstream) - Remove CVE-2020-13379.patch (merged upstream) - Remove 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch (merged upstream) - Update to version 6.7.4 (bsc#1172450, CVE-2018-18623, CVE-2018-18624, CVE-2018-18625, bsc#1174583, CVE-2020-11110) * Only allow 32 hexadecimal digits for the avatar hash * 6.7.3 cherry-picks (#23808) * Fix CI for pushing a multi-architecture manifest (#23327) * AzureMonitor: Fix Log Analytics and Application Insights for Azure China (#21803) (#22753) * Revert 'grafana/data: PanelTypeChangedHandler API update to use PanelModel instead of panel options object [BREAKING] (#22754)' * Bumped version * Snapshots: Sanitize orignal url (#23254) * Plugins: Expose promiseToDigest (#23249) * Variables: Do not update variable from url when value is the same (#23220) * DashboardSave: Add new dashboard check (#23104) * Fix: reverted back to `import * as module` instead of using namespaces (#23069) * BackendSrv: Adds config to response to fix external plugins that use this (#23032) * DataLinks: make sure we use the correct datapoint when dataset contains null value. (#22981) * Fix mysterious Babel plugin errors (#22974) * Select: Fixed select text positition (#22952) * grafana/data: PanelTypeChangedHandler API update to use PanelModel instead of panel options object [BREAKING] (#22754) * Docs: Fix Broken Link (#22894) * Panels: Fixed size issue with panels when existing panel edit mode (#22912) * Azure: Fixed dropdowns not showing current value (#22914) * BackendSrv: only add content-type on POST, PUT requests (#22910) * Check if the datasource is of type loki using meta.id instead of name. (#22877) * CircleCI: Pin grabpl to 0.1.0 (#22904) * Design tweaks (#22886) * Rich history UX fixes (#22783) * AzureMonitor: support workspaces function for template variables (#22882) * SQLStore: Add migration for adding index on annotation.alert_id (#22876) * Plugins: Return jsondetails as an json object instead of raw json on datasource healthchecks. (#22859) * Backend plugins: Exclude plugin metrics in Grafana's metrics endpoint (#22857) * Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node (#22856) * Stackdriver: Fix GCE auth bug when creating new data source (#22836) * @grafana/runtime: Add cancellation of queries to DataSourceWithBackend (#22818) * Rich history: Test coverage (#22852) * Datasource config was not mapped for datasource healthcheck (#22848) * upgrades plugin sdk to 0.30.0 (#22846) * Rich History: UX adjustments and fixes (#22729) * TablePanel: Enable new units picker (#22833) * Fix dashboard picker's props (#22815) * Grafana-UI: Add invalid state to Forms.Textarea (#22775) * SaveDashboard: Updated modal design/layout a bit (#22810) * Forms: Fix input suffix position (#22780) * AngularPanels: Fixed inner height calculation (#22796) * Fix: fixes issue with headers property with different casing (#22778) * DataSourceWithBackend: use /health endpoint for test (#22789) * Chore: remove expressions flag and allow (#22764) * Core: Pass the rest of to props to Select (#22776) * Add support for sending health check to datasource plugins. (#22771) * Datasource: making sure we are having the same data field order when using mixed data sources. (#22718) * DashboardSave: Autofocus save dashboard form input (#22748) * @grafana/e2e: cherry picked 4fecf5a7a65f5b7b4c03fefb9a3da15cee938f02 (#22739) * CircleCI: Implement new release pipeline (#22625) * Toolkit: use fs-extra instead of fs (#22723) * What's new docs for 6.7 release (#22721) * Backend Plugins: use sdk v0.26.0 (#22725) * PanelInspector: Add Stats Tab (#22683) * Revert 'Graph: Improve point rendering performance (#22610)' (#22716) * Docs: add rendering configuration in reporting (#22715) * reverting the changes that failed the e2e tests. (#22714) * Remove multiple occurrences of 'before' (#22710) * Datasources: Update dashboards (#22476) * API: Fix redirect issues (#22285) * Explore: adds QueryRowErrors component, moves error display to QueryRow (#22438) * RichHistory: Design Tweaks (#22703) * Modals: Unify angular/react modals backdrop color (#22708) * Graphite: Don't issue empty 'select metric' queries (#22699) * support duplicate field names in arrow format (#22705) * UX: Update new form styles to dark inputs (#22701) * Docs: Grammar corrections * Docs: Overcoming Grammatical errors (#22707) * Pass dashboard via angular directive (#22696) * Docs: Replace 'API' by 'Integration' key for PagerDuty (#22639) * Docs: Edited Enterprise docs (#22602) * CloudWatch: Expand alias variables when query yields no result (#22695) * Dependency: sdk's dataframe package renamed to data (#22700) * @grafana/e2e: include Cypress tsconfig in published package (#22698) * Graphite: Update config editor (#22553) * @grafana/e2e: fix runtime ts-loader errors with Cypress support files (#22688) * Docs: Add version note about Azure AD OAuth2 (#22692) * StatPanel: Return base color when there is no value set (#22690) * Send jsondata for Datasources on DatasourceConfig for backend plugins (#22681) * Explore: Rich History (#22570) * XSS: Fixed history XSS issue (#22680) * Fix caching problem (#22473) * on update for checkbox and switch (#22656) * Notification Channel: Make test button wider (#22653) * Backend plugins: Updates due to changes in SDK (#22649) * Make sure commit hook in FieldPropertiesEditor is invalidated when value changes (#22673) * Docs: Plugin.json: Fix property descriptions, add missing properties, add example (#22281) * Alerting: Fixed bad background color for default notifications in alert tab (#22660) * Webpack: Updated terser plugin (#22669) * Core: DashboardPicker improvements (#22619) * Storybook: Forms.Form docs (#22654) * Templating: Migrates some variable types from Angular to React/Redux (#22434) * Grafana UI: Fix Forms.Select onChangeWithEmpty (#22647) * Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo (#21879) * @grafana/e2e: install necessary dependencies for published package (#22657) * DashboardSave: Correctly overwrite dashboard when saving (#22650) * StatPanel: Fixes base color is being used for null values (#22646) * FieldOverrides: Add value mappings editor to standard config properties registry (#22648) * Docs: Update gauge.md (#22637) * Docs: Create Intro grafana (#22522) * Toolkit: wrap plugin signing stub with error checking (#22626) * @grafana/e2e: fix empty bundle files (#22607) * Toolkit: include a github release utility (#22520) * Rendering: Have phantomjs wait a bit before rendering to give fonts a change to load (#22623) * Cascader: Do not override default width behavior (#22620) * Update documentation-style-guide.md (#22581) * Adds signed in user to backend v2 plugins requests (#22584) * CloudWatch: updated namespaces - Athena, DocDB, and Route53Resolver (#22604) * Graph: Improve point rendering performance (#22610) * Alerting: Fix state age test failures (#22606) * Docs: Update image_rendering.md (#22586) * UI: Segment improvements (#22601) * remove section about alias imports (#22585) * Backend Plugins: Support handling of streaming resource response (#22580) * Stackdriver: Migrate GCE default project (#22593) * Toolkit: plugin ci needs to cooperate better with make/mage (#22588) * surround CloudWatch dimension names with double quotes (#22222) * Fix: when reloading page make sure that time picker history is converted to dateTime. * Core: add active users stat (#22563) * Chore: Modules tidy and vendor (#22578) * Loki: use series API for stream facetting (#21332) * Testing code owners for backend code (#22572) * Azure Monitor: config editor updates, update sameas switch, fix test snaps (#22554) * Grafana-UI: Use value for Radio group id (#22568) * Chore: fix moment import in alerting tests (#22567) * avoid aliased import in cli (#22566) * Chore: Avoid aliasing importing models in api package (#22492) * ShareModal: able to extend tabs (#22537) * Tests: fix alerting reducers tests (#22560) * Logs: Improve log level guess (#22094) * DataSourceWithBackend: apply template variables (#22558) * @grafana/e2e: added support for plugin repositories (#22546) * Add fallback to search_base_dns if group_search_base_dns is undefined. (#21263) * Docs: Added a Markdown Style Guide (#22425) * Old AsyncSelect: Add story (#22536) * Chore: add missing aria-label for rendered panel image (e2e tests) (#22543) * Form migrations: Dashboard- and TimeZonePicker (#22459) * Migration: Share dashboard/panel modal (#22436) * Revert 'Select: scroll into view when navigate with up/down arrows (#22503)' (#22535) * Backend plugins: Prepare and clean request headers before resource calls (#22321) * Cascader: Add size for input (#22517) * ArrowDataFrame: allow empty results (#22524) * Migration: Save dashboard modals (#22395) * Toolkit: don't clean dist folder before build (#22521) * Docs: Add Storybook guidelines (#22465) * Docs: Removed menu links to SDK Reference until we are ready for 7.0 (#22509) * Stackdriver: Project selector (#22447) * Select: scroll into view when navigate with up/down arrows (#22503) * Elastic: To get fields, start with today's index and go backwards (#22318) * API: Include IP address when logging request error (#21596) * chore: avoid aliasing imports in services (#22499) * Grafana-UI: add storysource addon to Storybook (#22490) * canary 404 previous versions (#22495) * Fix Dockerfile lint errors (#22496) * Migration: Invite Signup (#22437) * Core: add hideFromMenu for child items (#22494) * Dashboard: Adds support for a global minimum dashboard refresh interval (#19416) * CI: Deploy enterprise image (#22488) * changelog: adds note about breaking change (#22480) * chore: avoid alias for models in plugins (#22483) * chore: avoid aliasing models in middleware (#22484) * Grafana UI: Add missing argument (#22487) * NewPanelEditor: Angular panel options, and angular component state to redux major change (#22448) * @grafana/ui: Create slider component (#22275) * Icons: add reports icon (#22445) * Panel inspect: Horizontal scrolling in Data table (#22245) * Alerting: Fixed the issue/bug of diff and percent_diff functions *Breaking change* (#21338) * App Plugins: support react pages in nav (#22428) * Optimized package.json files (#22475) * Toolkit: add junit reporting and jest.config.js to plugin build (#22450) * Grafana UI: Add forwardRef (#22466) * Docs: Update Getting started (#22422) * pkg/api/pluginproxy: Access token provider should handle access tokens without ExpiresOn field (#19928) * Documentation: Specify usage of datasource whitelist (#22412) * Form: Allow default values updates (#22435) * NewPanelEditor: Wait a bit before resending query result on panel editor exit (#22421) * Grafana-UI: update date picker (#22414) * grafana-cli: Upgrade to urfave/cli v2 (#22402) * Docs: adding first version of the auto-generated packages API docs. (#22107) * NewPanelEditor: Panel edit tweaks (#22415) * Core: Make application title customizable for WL (#22401) * Fix: making select to return empty list when no values are selected in multivalue mode. * Fix: Added missing 'remove'-icon for light theme. * Docs: adding API reference documentation support for the packages libraries. (#21931) * Accessibility: Makes tag colors more accessible (#22398) * Admin: fix images on license page (#22413) * DataSourceWithBackend: Add a get/post resource standard path (#22408) * Docs: Fix examples, grammar, add links (#22406) * Docs: Add links, fix grammar, formatting, wording (#22381) * Changelog: adds missing enterprise features (#22399) * Docs: Add info on active LDAP sync (#22347) * Docs: Fixed formatting issue in new stat docs (#22390) * @grafana/toolkit: completed support for source maps in plugin builds (#22379) * UX: BackButton left arrow icon (#22369) * Scrollbar: Show scrollbar on only on hover (#22386) * NewPanelEditor: Fixed cleanup that could cause crash (#22384) * Theme: Fixed bug in sass file (#22382) * Alerting: Don't include image_url field with Slack message if empty (#22372) * Docs: New doc pages for panels Stat, Gauge & Bar Gauge (#22335) * Docs: Update front-end style guide (#22197) * Chore: Update latest.json (#22345) * CircleCI: Fix publishing of releases (#22342) * Changelog: v6.6.2 (#22341) * CircleCI: Switch to new master build pipeline (#22158) * Docs: Update white-labeling.md (#22224) * Webpack: Upgrade terser webpack plugin (#22332) * grafana/ui: Export TextArea under Forms namespace (#22328) * Suggesting couple of changes to the document (#22298) * Correcting Line 22 (#22292) * Docs: Fix 'enable' steps formatting (#22324) * [Docs] Improvised instructions for adding data source. (#22305) * DashLinks: Add pull right to dropdown menu (#22233) * Migration: User invite (#22263) * Select: Fix focus issue and remove select container (#22309) * Annotations: Call panel refresh when table transform changes to annotations (#22323) * Docs: Couple of changes to the document (#22291) * Docs: Typo correction in Line 19 (#22297) * Rendering: Store render key in remote cache (#22031) * Backend Plugins: Provide proper plugin config to plugins (#21985) * New panel edit: data links tweaks (#22304) * Metrics: Add gauge for requests currently in flight (#22168) * OAuth: Enforce auto_assign_org_id setting when role mapping enabled using Generic OAuth (#22268) * CircleCI: Upgrade Ubuntu base image to 19.10 also for enterprise (#22315) * CI: check ubuntu and alpine images with trivy (#22314) * Docker: Upgrade Ubuntu to 19.10 (#22306) * grafana/data: runtime dependencies moved from devDependencies (#22283) * PanelInspector: Fixed issue in panel inspector (#22302) * grafana/ui: Add basic horizontal and vertical layout components (#22303) * Field Config Editors: Remove namespacing from standard field config editors (#22296) * CircleCI: Increase nodejs max memory (#22295) * Update rpm.md (#22284) * FieldConfigs: String select type & cell display mode added to table panel (#22274) * LinkSrv: Add newlines so I can read code * Docs: Fix TestData docs (#22279) * API: Improve recovery middleware when response already been written (#22256) * Update mac.md (#22280) * @grafana/toolkit: lint fix option now writes changes to disk (#22278) * Docs: minor fixes (#22223) * Reorder cipher suites for better security (#22101) * Docs: Minor typo fix (#22221) * NewPanelEdit: Add back datalinks and new table panel fix (#22267) * Prometheus: Implement region annotation (#22225) * Table: Fixed header alignment (#22236) * Data proxy: Log proxy errors using Grafana logger (#22174) * TimePicker: fixing weird behavior with calendar when switching between months/years (#22253) * Update timeseries.md (#20795) * Auth: Don't rotate auth token when requests are cancelled by client (#22106) * Elastic: Map level field based on config. (#22182) * Sqlstore: guard against getting a dashboard without specifying identi… (#22246) * Migrations: Signup page (#21514) * Storybook: Add color theme and theme switcher (#22005) * NewPanelEditor: Making angular panels reuse data and render on edit mode enter (#22229) * PanelEdit: Title tweaks (#22237) * NewPanelEdit: Minor changes (#22239) * Chore: Fixed strict null errors (#22238) * NewPanelEditor: Thresholds v2 (#22232) * Toolkit: support sass style for plugins (#22235) * add CloudWatch Usage Metrics (#22179) * FieldOverrides: Fix issue with same series name for every display value (#22234) * Inspector: find the datasource from the refId, not the metadata (#22231) * New panel editor: Persist panel editor ui state (#22210) * Toolkit: don't create declaration files for plugins (by default) (#22228) * Docs: Update windows.md (#22185) * Docs: Add linking topic (#21986) * Docs: Refactored Enterprise side menu (#22189) * CircleCI: Push master Docker images without revision in tag (#22218) * Alerting: Update the types of recipient supported by the Slack notifier (#22205) * docs: change URL occurences to uppercase (#22151) * Docs: Fix link for provisioning data sources (#22159) * DevEnv: update frontend dependencies - tests (#22140) * DevEnv: update frontend dependencies - type definitions (#22141) * Make Explore panel link work when grafana served from sub url (#22202) * DevEnv: update frontend dependencies - node (#22139) * API: Fix redirect issue when configured to use a subpath (#21652) * Inspect: Inspect header design update (#22120) * FieldOverrides: FieldOverrides UI (#22187) * Azure OAuth: enable teamsync (#22160) * Docs: Organize basic concepts and getting started (#21859) * FieldOverides: apply field overrides based on configuration (#22047) * Docs: Suggesting few changes to the doc (#22115) * Docs: Update phrasing line 35 (#22152) * Docs: Correcting Typo in Line131 (#22155) * Dashboard: fixed padding inconsistency * BackendSrv: Fixes a stupid mistake with a missing return (#22177) * PanelEdit: Fixed timing and state related issues (#22131) * Elastic: Replace range as number not string (#22173) * change sync target branch to master (#21930) * e2e: Fixed issue with aria label (#22166) * Fix: Do not remove whitespace in PanelLink url (#22087) * React Migration: Migrates FolderPicker from angular to react (#21088) * Auth: Azure AD OAuth (#20030) * DevEnv: update frontend dependencies - grunt (#22136) * Bugfix: updates cloudwatch query editor test async render to prevent it from throwing error (#22150) * NewPanelEdit: Design tweaks (#22156) * TestData: Update streaming.json (#22132) * DevEnv: update frontend dependencies - babel (#22135) * Docs: Fix port config list formatting (#22113) * Explore: Refactor active buttons css (#22124) * Forms/Switch: Simplifies and adjusts CSS/Markup (#22129) * Datasource/Loki: Fixes issue where live tailing displayed date as invalid (#22128) * NewPanelEditor: Fixed issue going back to dashboard after pull page reload (#22121) * Loki, Prometheus: Fix PromQL and LogQL syntax highlighting (#21944) * NewPanelEdit: Added visualization tab / selection view (#22117) * Increase ts fork check mem limit (#22118) * NewPanelEditor: Panel editor tabs in state (url) (#22102) * Delete report.20200209.125304.14262.0.001.json * Annotation & Alerts: Makes various annotation and alert requests cancelable (#22055) * Select zindex (#22109) * Docs: Add doc templates (#21927) * Fix mentioning Slack users/groups (#21734) * Docs: Update rules.md (#21989) * Docs: Update metrics.md (#21988) * Docs: Update dashboard.md (#21951) * Docs: Added release notes tag (#22012) * Forms/RadioButtonGroup: Improves semantics and simplifies CSS (#22093) * Docs: add LDAP active sync limitation for single bind configuration (#22098) * Docs: Update behind_proxy.md to include HTTPS and URL rewrite example (#21832) * DataLinks: Avoid null exception in new edit mode (#22100) * Docs: Image rendering improvements (#22084) * Fix display of multiline logs in log panel and explore (#22057) * Fix/add width to toggle button group (#21924) * NewPanelEditor: Introduce redux state and reducer (#22070) * Prometheus: make $__range more precise (#21722) * New panel edit: data links edit (#22077) * Docs: fix minor typos in datasources.md (#22092) * Toolkit: add a warning about tslint migration (#22089) * Read `target` prop from the links in the footer (#22074) * CircleCI: Publish enterprise Docker dev image for new master pipeline (#22091) * CircleCI: Include build ID in version for new master pipeline (#22013) * Alerting: Handle NaN in reducers (#22053) * Toolkit: create manifest files for plugins (#22056) * Backend Plugins: make transform work again (#22078) * Docs: Fix broken link (#22010) * Docs: Fix formatting typo (#22067) * CircleCI: Publish enterprise ARM variants from master pipeline (#22011) * Chore: Adds cancellation to backendSrv request function (#22066) * Dashboard: Move some plugin & panel state to redux (#22052) * Docs: Clarify that extraction of zip is required to install plugin (#22061) * Chore: Fixes non utc tests (#22063) * Grafana ui/time of day picker ui improvements (#21950) * Links: Assure base url when single stat, panel and data links are built (#21956) * BackendSrv: Returns correct error when a request is cancelled (#21992) * Make zoom and time shift work after emmitter change (#22051) * New Editor: refresh when time values change (#22049) * New Editor: Add ValuePicker for overrides selection (#22048) * Collapse: add a controlled collapse (#22046) * Cascader: Fix issue where the dropdown wouldn't show (#22045) * New Editor: add display modes to fix ratio with actual display (#22032) * Chore: Use forwardRef in ButtonSelect (#22042) * DashNavTimeControls: remove $injector and rootScope from time picker (#22041) * New panel edit: field overrides ui (#22036) * Select: Portaling for Select (#22040) * New Select: Fix the overflow issue and menu positioning (#22039) * Upgrade: React layout grid upgrade (#22038) * PanelChrome: Use react Panel Header for angular panels. (#21265) * New Editor: add a tabs row for the query section (#22037) * New Editor: use unit picker (#22033) * Dashboard: Refactor dashboard reducer & actions (#22021) * New panel editor: Add title editor (#22030) * UnitPicker: Use the new Cascader implementation (#22029) * FieldEditor: extendable FieldConfig UI (#21882) * Cascader: Add enable custom value (#21812) * New panel edit: support scrolling (#22026) * Thresholds: get theme from context automatically (#22025) * New Panel Edit: works for panels with and without queries (#22024) * PanelEditor: use splitpane for new editor (#22022) * Select: Fixed allow custom value in Select/UnitPicker/Segment/AsyncSegment (#22018) * Chore: export arrow dataframe utilities (#22016) * TSLint → ESLint (#21006) * Docker: Publish enterprise image with master-commit tag (#22008) * Chore: Resolve random failure with golangci-lint (#21970) * New panel edit: don't query when entering edit mode (#21921) * Fix bad grammar in Dashboard Link page (#21984) * Update documentation-style-guide.md (#21736) * Prometheus: Allow sub-second step in the prometheus datasource (#21861) * Update latest.json versions to 6.6.1 (#21972) * Change log for 6.6.1 (#21969) * Datasource: updates PromExploreQueryEditor to prevent it from throwing error on edit (#21605) * Explore: Adds Loki explore query editor (#21497) * @grafana/ui: Fix displaying of bars in React Graph (#21968) * Prometheus: Do not show rate hint when increase function is applied (#21955) * Elastic: Limit the number of datapoints for the counts query (#21937) * Storybook: Update categories (#21898) * Quota: Makes sure we provide the request context to the quota service (#21949) * Docs: Documentation for 6.6 Explore and Logs panel features (#21754) * Annotations: Change indices and rewrites annotation find query to improve database query performance (#21915) * Prometheus: Fixes default step value for annotation query (#21934) * Dashboard edit: Fix 404 when making dashboard editable * Publish from new master pipeline (#21813) * Metrics: Adds back missing summary quantiles (#21858) * delete redundant alias (#21907) * grafana/ui: Fix displaying of bars in React Graph (#21922) * Docs: Added developer-resources.md (#21806) * Fix formatting (#21894) * New Select: Blur input on select (#21876) * Fix/add default props to prom query editor (#21908) * Graph Panel: Fixed typo in thresholds form (#21903) * Disable logging in button (#21900) * DatasourceEditor: Add UI to edit custom HTTP headers (#17846) * Datasource: Show access (Browser/Server) select on the Prometheus datasource (#21833) * Docs: Update dashboard.md (#21896) * Docs: Update dashboard.md (#21200) * Docs: Make upgrading instructions for Docker work (#21836) * deps so can mock in tests (#21827) * Templating: Add new global built-in variables (#21790) * Fix: Reimplement HideFromTabs in Tabs component (#21863) * grafana/data: Remove unused PanelSize interface (#21877) * New Select: Extend creatable select api (#21869) * Backend plugins: Implement support for resources (#21805) * Docker: change plugin path in custom docker (#21837) * Image Rendering: Fix render of graph panel legend aligned to the right using Grafana image renderer plugin/service (#21854) * Docs: Update _index.md (#21700) * grafana/toolkit: Fix failing linter when there were lint issues (#21849) * DatasourceSettings: Fixed issue navigating away from data source settings page (#21841) * AppPageCtrl: Fix digest issue with app page initialisation (#21847) * Explore: adds basic tests to TableContainer checking the render and output on 0 series returned * Explore: adds MetaInfoText tests * Explore: adds export of MetaItem and its props * Explore: updates TableContainer to use MetaInfoText component * Explore: updates Logs component to use MetaInfoText component * Explore: adds MetaInfoText component * Explore: removes unnecessary styles for panel logs * Explore: updates Table container render to avoid rendering table on empty result * Explore: updates explore table container to show a span on 0 series returned * docs/cli: Fix documentation of reset-admin-password with --homepath (#21840) * Replace ts-loader with Babel (#21587) * Docs: Add information about license expiration (#21578) * Fix digest issue with query part editor's actions menu (#21834) * Graphite: Fixed issue with functions with multiple required params and no defaults caused params that could not be edited (groupByNodes groupByTags) (#21814) * TimePicker: Should display in kiosk mode (#21816) * Chore: Upgrade Storybook to 5.3.9 (#21550) * Table: Make the height of the table include header cells (#21824) * StatPanels: Fixed migration from old singlestat and default min & max being copied even when gauge was disbled (#21820) * Docs: Update docker image run and configuration instructions (#21705) * DataFrame: update golden test files (#21808) * Docs: Alphabetize datasource names in sidebar under docs/Features/DataSources (#21740) * Inspect: Add error tab (#21565) * Select: Fix direct usages of react-select to make the scroll great again (#21822) * TablePanel: display multi-line text (#20210) * Fixed strict errors (#21823) * Fix: prevents the BarGauge from exploding when the datasource returns empty result. (#21791) * Select: Fix scroll issue (#21795) * Fix: Fixes user logout for datasourceRequests with 401 from datasource (#21800) * Azure Monitor: Fix Application Insights API key field to allow input (#21738) * Influxdb: Fix cascader when doing log query in explore (#21787) * Devenv: OpenTSDB dashboard (#21797) * MSI: License for Enterprise (#21794) * OpenTSDB: Add back missing ngInject (#21796) * Heatmap: Legend color range is incorrect when using custom min/max (#21748) * Config: add meta feature toggle (#21786) * Logs panel: Rename labels to unique labels (#21783) * Add link guide for installing new renderer (#21702) * Chore: Lowers strict error limit (#21781) * Chore: Removes Cypress record (#21782) * Docs: Document configuration of console, file and syslog log formats (#21768) * Annotations: Fixes this.templateSrv.replace is not a function error for Grafana datasource (#21778) * Fix typos in the communication documentation (#21774) * Chore: Fixes various strict null errors (#21763) * Forms: Allow custom value creation in async select (#21759) * Chore: bump react-select to 3.0.8 (#21638) * grafana/data: Add type for secure json in DataSourceAPI (#21772) * Influxdb: Fix issues with request creation and parsing (#21743) * Explore/Loki: Fix handling of legacy log row context request (#21767) * 6.6.0 latest (#21762) * Docs: Updates Changelog for 6.6.0 (#21753) * Docs: Update image rendering (#21650) * Docs: misc. nitpicks to the HTTP API docs (#21758) * Dashboard: fixes issue with UI not being re-rendered after moving dashboard * Dashboard: fixed issues with re-rendering of UI when importing dashboard (#21723) * Build: Added devenv docker block for testing grafana with traefik. * Update What's new in 6.6 (#21745) * Footer: Display Grafana edition (#21717) * BackendSrv: Fixes POST body for form data (#21714) * Docs: Update CloudWatch and Stackdriver docs for 6.6 (#21679) * BackendSrv: Adds missing props back to response object in datasourceRequest (#21727) * Explore: Fix context view in logs, where some rows may have been filtered out. (#21729) * Toolkit: add canvas-mock to test setup (#21739) * TablePabel: Sanitize column link (#21735) * Docs: Fix getting started links on Windows installation page (#21724) * Docs: Enterprise 6.6 (#21666) * Template vars: Add error message for failed query var (#21731) * Loki: Refactor editor and syntax hooks (#21687) * Devenv: Fixed devenv dashboard template var datasource (#21715) * Footer: added back missing footer to login page (#21720) * Admin: Viewer should not see link to teams in side menu (#21716) * Annotations: Fix issue with annotation queries editors (#21712) * grafana/ui: Remove path import from grafana-data (#21707) * Loki: Fix Loki with repeated panels and interpolation for Explore (#21685) * CircleCI: Add workflow for building with Grafana Build Pipeline (#21449) * StatPanels: Fixed possible migration issue (#21681) * Make importDataSourcePlugin cancelable (#21430) * Docs: Update what's new in 6.6 (#21699) * Docs: Fix broken link in upgrade notes (#21698) * Alerting: Support passing tags to Pagerduty and allow notification on specific event categories (#21335) * PhantomJS: Fix rendering of panels using Prometheus datasource * backendSrv: Only stringifies request body if payload isn't already a string (#21639) * Update changelog generation to ignore not merged pull requests (#21641) * StatPanel: minor height tweak (#21663) * Circle: Introduce es-check to branches & pr workflow (#21677) * Run query when region, namespace and metric changes (#21633) * Explore: Fixes some LogDetailsRow markup (#21671) * SQLStore: Fix PostgreSQL failure to create organisation for first time (#21648) * Migrations: migrate admin user create page (#21506) * Docs: Whats new updates (#21664) * CloudWatch: Auto period snap to next higher period (#21659) * Login: Better auto sizing of login logo (#21645) * Chore: Fixes PhantomJs by adding polyfills for fetch and AbortController (#21655) * Alert: Minor tweak to work with license warnings (#21654) * Toolkit: copyIfNonExistent order swapped (#21653) * Doc: Update configuration.md (#21602) * Explore: Fix log level color and add tests (#21646) * Templating: A way to support object syntax for global vars (#21634) * CloudWatch: Add DynamoDB Accelerator (DAX) metrics & dimensions (#21644) * next version 6.7.0 (#21617) * latest.jso: Update latest beta 6.6.0-beta1 (#21623) * Docs: Update changelog with attribution (#21637) * Docs: Updated what's new article (#21624) * Plugins: Apply adhoc filter in Elasticsearch logs query (#21346) * Changelog: v6.6.0-beta1 (#21619) * Chore: Remove angular dependency from backendSrv (#20999) * Emotion: Add main package with version 10 (#21560) * TestData: allow negative values for random_walk parameters (#21627) * Update musl checksums (#21621) * CloudWatch: Expand dimension value in alias correctly (#21626) * Devenv: InfluxDB logs dashboard (#21620) * Build: adds missing filters required to build oss msi (#21618) * BigValue: Updated test dashboard and made some chart sizing tweaks (#21616) * TestData: Adds important new features to the random walk scenario (#21613) * graphite: does not modify last segment when... (#21588) * grafana/ui: Add synced timepickers styling to TimePicker (#21598) * Explore: Remove destructuring of empty state in LogRowMessage (#21579) * Build: enables deployment of enterprise msi (#21607) * CI: MSI for Enterprise (#21569) * E2E docs: Add guide to debuging PhantomJS (#21606) * Toolkit: fix prettier error reporting (#21599) * Render: Use https as protocol when rendering if HTTP2 enabled (#21600) * Typescript: null check fixes, and news panel fix (#21595) * Inspect: table take full height in drawer (#21580) * OAuth: Fix role mapping from id token (#20300) * ButtonCascader: Fix error in Explore (#21585) * CloudWatch: Fix ordering of map to resolve flaky test take 2 (#21577) * Redux: Fixed function adding a new reducer (#21575) * Minor style changes on upgrade page (#21566) * Revert 'Babel: use babel-loader instead of ts-loader, ng-annotate with babel-plugin-angularjs-annotate (#21554)' (#21570) * Explore: Context tooltip to copy labels and values from graph (#21405) * Config: Use license info instead of build info for feature toggling (#21558) * Fix merge problem (#21574) * CloudWatch: Fix ordering of map to resolve flaky test (#21572) * Docs: What's new in Grafana v6.6 Draft (#21562) * Explore: Create unique ids and deduplicate Loki logs (#21493) * Chore: Fix go vet problem (#21568) * Provisioning: Start provision dashboards after Grafana server have started (#21564) * CloudWatch: Calculate period based on time range (#21471) * Inspect: Download DataFrame to Csv (#21549) * CloudWatch: Multi-valued template variable dimension alias fix (#21541) * Babel: use babel-loader instead of ts-loader, ng-annotate with babel-plugin-angularjs-annotate (#21554) * Stackdriver: Support meta labels (#21373) * CI: Revert msi build (#21561) * Alerting: Fix image rendering and uploading timeout preventing to send alert notifications (#21536) * CI: adds missing files for ee msi (#21559) * CI: Enterprise MSI (#21518) * Add component: Cascader (#21410) * CloudWatch: Display partial result in graph when max DP/call limit is reached (#21533) * Dashboards: Default Home Dashboard Update (#21534) * Docs: Update rpm.md (#21547) * Docs: Update mac.md (#20782) * Templating: update variables on location changed (#21480) * Vendor: grafana-plugin-sdk-go v0.11.0 (#21552) * fix dateMath import in grafana-ui (#21546) * Explore/Loki: Filter expression only treated as regex when regex operator is used (#21538) * Fix TypeScript error (#21545) * Build: Ignore content of /pkg/extensions, not directory (#21540) * Update latest to 6.5.3 (#21509) * Explore: Ensures queries aren't updated when returning to dashboard if browser back is used (#20897) * Inspect: Use AutoSizer for managing width for content in tabs. (#21511) * Changelog generation: Generate grafana/ui changelog (#21531) * Toolkit: support less loader (#21527) * AppPlugin: remove simple app from the core repo (#21526) * @grafana/toolkit: cleanup (#21441) * DataFrames: add arrow test and capture metadata parsing errors (#21524) * DataLinks: allow using values from other fields in the same row (#21478) * grafana/data: Update plugin config page typings (BREAKING) (#21503) * Fix regex in convertCSSToStyle, add test coverage (#21508) * CloudWatch: Annotation Editor rewrite (#20765) * Admin: Add promotional page for Grafana Enterprise (#21422) * Add changelog for 6.5.3 * Backend Plugins: Collect and expose metrics and plugin process health check (#21481) * Auth: Rotate auth tokens at the end of requests (#21347) * Tabs: Hide Tabs on Page header on small screens (#21489) * Fix importing plugin dashboards (#21501) * SideMenu: Fixes issue with logout link opened in new tab (#21488) * DataLinks: Make data links input grow again (#21499) * Templating: use default datasource when missing (#21495) * Explore: Fix timepicker when browsing back after switching datasource (#21454) * Add disabled option for cookie samesite attribute (#21472) * Chore: Adds basic alerting notification service tests (#21467) * ImportDashboardCommand: Validate JSON fields (#21350) * Docs: add test for website build (#21364) * Fix: when clicking a plot on a touch device we won't display the annotation menu (#21479) * Backend Plugins: add a common implementation (#21408) * Alerting: new min_interval_seconds options to enforce a minimum eval frequency (#21188) * Panel: Use Tabs in panel inspector (#21468) * Docs: Update rpm install (#21475) * Alerting: Enable setting of OpsGenie priority via a tag (#21298) * Alerting: fallbackText added to Google Chat notifier (#21464) * Plugins: Move backend plugin manager to service (#21474) * Backend Plugins: Refactor backend plugin registration and start (#21452) * Admin: New Admin User page (#20498) * Docs: Update cli.md (#21470) * Fix: Tab icons not showing (#21465) * Chore: Add react-table typings to Table (#21418) * Login: Refactoring how login background is rendered (#21446) * StatPanel: Refactoring & fixes (#21437) * Chore: Migrates reducers and actions to Redux Toolkit (#21287) * DeleteButton: Button with icon only was not centered correctly. (#21432) * Logos: Refactoring a bit how logos are rendered (#21421) * Docs: Update documentation-style-guide.md (#21322) * More datasource funcs poc (#21047) * Docs: Update plugin installation and CLI (#21179) * Docs: Update debian.md (#21339) * Alerting: Adds support for sending a single email to all recipients in notification channel (#21091) * ThreemaNotifier: Use fully qualified status emoji (#21305) * Settings: Env override support for dynamic settings (#21439) * Security: refactor 'redirect_to' cookie to use 'Secure' flag (#19787) * Logs: Fix parsing for logfmt fields that have parens (#21407) * Improve documentation for the Prometheus data source (#21415) * Heatmap: fix formatting (#21433) * Docs: Fixed broken links of Datasource doc at Grafana plugin page (#21363) * ApiUser: Fix response when enabling, disabling or deleting a nonexistent user (#21391) * grafana/ui: Create Tabs component (#21328) * Inspector: support custom metadata display (#20854) * Table: Added text align option to column styles (#21175) * PluginPage: Add appSubUrl string to config pages url (#21414) * Docs: Remove comment about upcoming alerting for singlestat and table panels (#21416) * Footer: Single footer component for both react & angular pages (#21389) * API: Added alert state validation before changing its state (#21375) * AddDataSource: Added missing phantom plugin (#21406) * Plugins: Use grafana-plugin-sdk-go v0.5.0 (#21116) * UnitPicker: show custom units on load (#21397) * Cloud Watch: Standardize Config Editor Implementation (#20489) * CloudWatch: dimension_values templating fix (#21401) * Docs: explain how to setup the apt repo without helpers (#21194) * Build: prevent changes to pkg/extentions/main.go from throwing error on merge * TimeZones: fix utc test (#21393) * Build: package all binaries for enterprise (#21381) * Datasource: fixes prometheus datasource tests - adds align range * CircleCI: Testing upgrade to CircleCI 2.1 (#21374) * Storybook: Remove reference to jquery.flot.pie file from storybook config (#21378) * Cloudwatch: Fixed crash when switching from cloudwatch data source (#21376) * Docs: Added Squadcast notifications (#21372) * Chore: upgrade d3 (#21368) * Datasource: fix a bug where deleting data source will trigger save and test events (#21300) * Forms: revamped select (#21092) * Toolkit: add git log info to the plugin build report (#21344) * Docs: Use https scheme for Grafana playground links (#21360) * fix docs links (#21359) * AddDatasourcePage: Refactoring & more Phantom plugins (#21261) * Chore: Remove empty flot.pie file (#21356) * Docs: Fix link (#21358) * Docs: Fix InfluxDB templated dashboard link (#21343) * Rendering: Fix panel PNG rendering when using sub url & serve_from_sub_path = true (#21306) * NewsPanel: update default feed url (#21342) * docs: fix influxdb templated dashboard link (#21336) * Docs: Update Windows.md (#21333) * Arrow: don't export arrow... breaking phantomjs e2e test (#21331) * DataFrame: round trip metadata to arrow Table (#21277) * Prometheus: user metrics metadata to inform query hints (#21304) * Panel: disable edit/duplicate/delete entry for repeat panel (#21257) * Prometheus: Disable suggestions at beginning of value (#21302) * grafana/ui: Do not build in strict mode as grafana/ui depends on non-strict libs (#21319) * Docs: Update security.md (#20981) * @grafana/data: use timeZone parameter rather than isUtc (#21276) * Units: support dynamic count and currency units (#21279) * Docs: Added sudo and removed $ where inconsistent. (#21314) * ImgUploader: add support for non-amazon S3 (#20354) * Fix: tooltips value disappear when label has too long word (#21267) * Docs: Update provisioning.md (#21303) * Docs: Update alerting_notification_channels.md (#21245) * Loki: fix filter expression suggestions (#21290) * Prometheus: Fix label value suggestion (#21294) * Prometheus: Fix term completion that contain keywords (#21295) * Docs: Fixed broken links in Basic Concepts (#21035) * Docs: Edited Windows install instructions (#20780) * Docs: Update troubleshooting.md (#21244) * Fix internal links in http_api/dashboard.md (#21255) * Docs: Update README.md (#21274) * Docs: Fix aliases/redirects (#21241) * Docs: Document tracing.jaeger configuration (#21181) * Websockets: upgrade websocket libray to 1.4.1 (#21280) * FieldConfig: add thresholds and color modes (#21273) * Prometheus: improve tooltips (#21247) * Explore: Moves PromContext from query level to DataQueryRequest level (#21260) * BridgeSrv: do not strip base from `state.location.url` (#20161) * Graph: another tooltip fix (#21251) * Alerting: Add configurable severity support for PagerDuty notifier (#19425) * Graph: Fixed no value in graph tooltip (#21246) * Units: support farenheit (existing misspelling) (#21249) * Docs: fix typo (#21190) * Promtheus: Fix hint and error display for query rows (#21242) * Docs: fixed broken doc link for graph and table panels (#21238) * Docs: fix of broken doc link in the dashlist panel's help section (#21230) * Docs: Update the link to docs for singlestat (#21225) * Docks: Update provisioning.md with proper Slack settings (#21227) * Editor: Ignore closing brace when it was added by editor (#21172) * Explore: moves add query row button below query rows (#20522) * Explore: adds PrometheusExploreQueryEditor (#20195) * Simplify adjustInterval (#21226) * Sass: Checked in tmpl files * Table: Component progress & custom FieldConfig options (#21231) * Chore: remove StreamHandler and DataStreamState (#21234) * DashboardGrid: Fixed flickering while resizing (#21221) * docs: rename premium plugins to enterprise plugins (#21222) * NewsPanel: add news as a builtin panel (#21128) * grafana/toolkit: Readme update (#21218) * grafana/toolkit: Resolve modules correctly (#21216) * New bar gauge style: Unfilled (#21201) * Dashboard: new updated time picker (#20931) * Metrictank: fix bundled dashboard (#21209) * Tooltip: preventing xss injections via the colors variable. (#21203) * Livetailing: set table withd to 100% (#21213) * Docs: Fix broken link in debian.md (#21199) * Added back logo file (#21198) * Docs: fix ordering of apt setup (#21192) * Docs: Fix Azure ad generic OAuth code markdown formatting (#21189) * docs: rendering plugin required for reporting (#21162) * Chore: Fixes wrong e2e path in .gitignore (#21186) * e2e: Waits for login before moving forward (#21185) * PanelChrome: Mini refactor (#21171) * Tracing: Support configuring Jaeger client from environment (#21103) * @grafana/toolkit: webpack extend TS→JS (#21176) * [docs] Azure monitor link in templating (#21173) * grafana/toolkit: Add option to override webpack config (#20872) * Docs: Adds best practices after visit and a link back to e2e.md (#21117) * Changelog: Add PagerDuty breaking change (#21170) * DashboardGrid: Change grid margin to 8, to align to 8px grid (#21167) * Alerting: Add more information to webhook notifications (#20420) * Panel: Show inspect panel in Drawer instead of Modal (#21148) * Prometheus: Fix typehead after binary operators (#21152) * docs: always updates docker image before building docs site (#21165) * Table: Matches column names with unescaped regex characters (#21164) * DataLinks: Sanitize data/panel link URLs (#21140) * Dashboard: Only show resize-handle on hover (#21160) * PagerDuty: Fix custom_details to be a JSON object instead of a string (#21150) * grafana/ui: New table component (#20991) * e2e: Migrates query variable CRUD tests to new framework (#21146) * Chore: Upgrade react, react-dom, react-test-renderer versions (#21130) * Fix log row when query is short (#21126) * Prometheus: Display HELP and TYPE of metrics if available (#21124) * e2e: Updates truth image (#21132) * Cloudwatch ECS Container Insights Support (#21125) * FontSize: Change base font size to 14px (#21104) * Explore: Refactor log rows (#21066) * phantomjs: performance.getEntriesByType not supported (#21009) * New panel editor (behind feature toggle) (#21097) * e2e: Adds ScenarioContext and video recordings to e2e (#21110) * DashboardImport: Fixes broken import page in prod builds (#21101) * Dependencies: Bump npm from 6.9.0 to 6.13.4 (#21095) * Docs: Fix broken link in loki.md (#21098) * Dependencies: Upgrade grunt-contrib-compress to resolve issues with iltorb (#21096) * Update CODEOWNERS (#21093) * E2E: Testing recording e2e tests (#21094) * FieldConfig: set min/max automatically for gauge (#21073) * Postgres/MySQL/MSSQL: Adds support for region annotations (#20752) * Azure Monitor: Use default from datasource if not saved on dashboard/query (#20899) * Azure Monitor: Copy AM Creds to Log Analytics When Using Same As (#21032) * Docs: Add minimal hugo build, update docs README (#20905) * CI: Added junit test report (#21084) * UI: ConfirmButton component (#20993) * Angular/React: Migrates team creation form to react (#21058) * Templating: Fixes digest issues in Template Variable Editor (#21079) * OrgSwitcher: Fixed issue rendering org switcher even when it's not open (#21061) * Chore: Remove rejected files (#21072) * e2e: Uses should on first element after visit to prevent flakiness (#21077) * FieldConfig: support overrides model (#20986) * AngularPanels: fixed transparency issue (#21070) * Docs: Update configuration.md for #3349 (#21069) * OAuth: Removes send_client_credentials_via_post setting (#20044) * API: Validate redirect_to cookie has valid (Grafana) url (#21057) * Explore: Refactor log details table (#21044) * Prometheus: Prevents validation of inputs when clicking in them without changing the value (#21059) * Prometheus: Fixes so user can change HTTP Method in config (#21055) * MetricSegment: Fix metric segment UI crash in prod builds (#21053) * OpenTSDB: Adding lookup limit to OpenTSDB datasource settings (#20647) * Templating: Fixes default visibility for submenu to same as dashboard (#21050) * Create CODEOWNERS (#21045) * Elastic: Add data links in datasource config (#20186) * Alerting: Fix panic in dingding notifier (#20378) * Logs: Optional logs label column (#21025) * Chore: updated to latest stable version (#21033) * Docs: change log for release v6.5.2 (#21028) * Chore: Improve rendering logging (#21008) * Modules: Add patched goavro dependency for extensions (#21027) * Explore: Sync timepicker and logs after live-tailing stops (#20979) * Fix: Shows SubMenu when filtering directly from table (#21017) * Alerting: Fix template variable in query check (#20721) * Toolkit: remove unused plugin-ci report types (#21012) * MixedDatasources: Do not filter out all mixed data sources in add mixed query dropdown (#20990) * Docs: Change checkout to check out where necessary (#20926) * Promtheus: Improve tab completion (#20938) * build: adds IANA timezone info to windows build (#21001) * Loki: fix labels fetching when no initial range given (#21000) * Docs: Update datasource API examples (#20951) * UI: Segment fixes (#20947) * Stackdriver: Make service list searchable (#20989) * Remove un-used imports (#20937) * upgrade aws-sdk-go (#20957) * UI: ConfirmModal component (#20965) * Docs: Updates from puppeteer to Cypress (#20962) * e2e: Adds better log information during test runs (#20987) * Alert: If the permission is forbidden, keep the historical alarm data present. (#19007) * Graph: Add fill gradient option to series override line fill (#20941) * use https for fetch gravatar by default (#20964) * Prometheus: disable dynamic label lookup on big datasources (#20936) * Loki: Fix datasource config page test run (#20971) * Devenv: Fix loki block (#20967) * e2e: Replaces truth image (#20966) * Forms: introduce RadioButtonGroup (#20828) * Fix: Adds e2e as a package that needs to be built (#20961) * Make sure datasource variable is being used everywhere (#20917) * Refactor: Navigates directly to add data source page instead (#20959) * Alerting: Improve alert threshold handle dragging behavior (#20922) * DisplayProcessor: Interpret empty strings as NaN instead of 0 to support empty value map texts in Singlestat (#20952) * Prometheus: Refactor labels caching (#20898) * e2e: Uses Cypress instead of Puppeteer (#20753) * Renderer: Add user-agent to rendering plugin requests (#20956) * DataSource: remove delta option (#20949) * Elasticsearch: set default port to 9200 in ConfigEditor (#20948) * Loki: Remove appending of (?i) in Loki query editor if not added by user (#20908) * Datasource/Loki: Loki now goes to Logs mode when importing prom queries (#20890) * Cloudwatch: Defined explore query editor for cloudwatch (#20909) * Datasource/Loki: Empty metric name no longer replaced by query (#20924) * Revert 'Modules: Add goavro dependency for extensions (#20920)' (#20928) * Docs: Update debian.md (#20910) * UI: Segment Input change (#20925) * Modules: Add goavro dependency for extensions (#20920) * UI: Segment Input (#20904) * Remove escaping of \ ( ) characters (#20915) * AngularPanels: Check for digest cycle on root scope (#20919) * InfluxDB: Use new datasource update option funcs (#20907) * Docs: Update debian-ubuntu installation instructions (#20875) * Search: Fixed angular digest issues (#20906) * Remove false positive error message for expression and id field (#20864) * fix notifications page (#20903) * Update documentation-style-guide.md (#20871) * Docs: update content to work with website repo (#20693) * Elastic: Fix multiselect variable interpolation for logs (#20894) * Singlestat: Fixed unit not showing and switched to new unit picker (#20892) * MetaAnalytics: Minor fix for meta analytics event (#20888) * Explore: Cleanup redundant state variables and unused actions (#20837) * Chore/Tech debt: Remove (most) instances of $q angular service use (#20668) * AngularPanels: Fixed loading spinner being stuck in some rare cases (#20878) * TeamPicker: Increase size limit from 10 to 100 (#20882) * Echo: mechanism for collecting custom events lazily (#20365) * StatPanel: change to beta * Azure Monitor: Standardize Config Editor Implementation (#20455) * GraphTooltip: added boundaries so we never render tooltip outside window. (#20874) * Graphite: Use data frames when procesing annotation query in graphite ds (#20857) * Elastic: Fix parsing for millisecond number timestamps (#20290) * Docs: Sync docs with website repo via GitHub Action (#20694) * Gauge/BarGauge: Added support for value mapping of 'no data'-state to text/value (#20842) * UI: Use SelectableValue as Segment value (#20867) * Datasource/Loki: Fixes issue where time range wasn't being supplied with annotation query (#20829) * Server: Return 404 when non-pending invite is requested (#20863) * Explore: Fix reset reducer duplication (#20838) * CLI: Return error and aborts when plugin file extraction fails (#20849) * Datasource/Loki: Simplifies autocompletion (#20840) * Update README.md (#20820) * ValueFormats: dynamically create units (#20763) * @grafana/data: don't export ArrowDataFrame (#20855) * @grafana/data: export ArrowDataFrame (#20832) * Docs: Add section about derived fields for Loki (#20648) * Migration: Migrate org switcher to react (#19607) * Remove screencasts.md (#20845) * Update requirements.md (#20778) * Explore: Log message line wrapping options for logs (#20360) * AlertNotifier: Support alert tags in OpsGenie notifier (#20810) * Fix prettier (#20827) * Loki: Support for template variable queries (#20697) * Explore: Export timezone from redux state (#20812) * Forms: introduce checkbox (#20701) * OpenTsdb: Migrate Config Editor to React (#20808) * TablePanel, GraphPanel: Exclude hidden columns from CSV (#19925) * DataFrame: add utilities to @grafana/data that support apache arrow (#20813) * Panels: Fixed transparency option for angular panels (#20814) * CloudWatch: Upgrade aws-sdk-go (#20510) * Update documentation-style-guide.md (#20777) * Chore: Move Prometheus datasorce tests from specs folder and merge duplicated test files (#20755) * Profile: Remove sign-out tab from profile page (#20802) * Doc: Change inline comment on interface to doc comment (#20794) * Server: Fail when unable to create log directory (#20804) * Update stale.yml * Rename config.yaml to config.yml * GitHub: Add link to forum when adding new issue (#20798) * Datasource/Loki: Fixes regression where enhanceDataFrame was not called (#20660) * Updated changelog * Docs: Updated changelog * SQLStore: Test admins/editors/viewers stats validity (#20751) * Graph-Panel: Center option for bar charts (#19723) * Packages: Fixed rollup issue with grafana-ui (#20790) * Stalebot: update issue config (#20789) * Stalebot: Automatically label PRs with no activity after 14 days as stale, then after 30 days close (#20179) * StatPanel: ColorMode, GraphMode & JustifyMode changes (#20680) * Units: Remove SI prefix symbol from new milli/microSievert(/h) (#20650) * Graphite: Add metrictank dashboard to Graphite datasource (#20776) * Docs: Remove typo from mssql.md (#20748) * Navigation: Fix navigation when new password is chosen (#20747) * Cleanup: use the local variable (#20767) * Prometheus: Fix caching for default labels request (#20718) * Release: Updates latest.json and grafana/packages/*/package.json (#20734) * Release: Updates Changelog for 6.5.1 (#20723) * ReactMigration: Migrate Graphite config page to React (#20444) * SQLStore: Rewrite system statistics query to count users once (#20711) * Docs: Clean up influxdb.md (#20618) * CloudWatch: Region template query fix (#20661) * Units: remove unreachable code (#20684) * Tests: Skipping Template Variable tests for now (#20707) * Datasource/Loki: Fix issue where annotation queries weren't getting their variables interpolated (#20702) * Documentation: Add missing blank in docker run command (#20705) * Server: Defer wg.Done call to ensure it's called (#20700) * Fix: Fixes templateSrv is undefined for plugins that do not use @@ngInject (#20696) * Server: Clean up startup logic/error checking (#20679) * CloudWatch: Annotations query editor loading fix (#20687) * OAuth: Add missing setting from defaults.ini (#20691) * DataLinks: Refactor title state (#20256) * Forms: TextArea component (#20484) * Explore: Adjust the max-width of the tooltip (#20675) * Units: Add currency and energy units (#20428) * transform: update to use sdk with frame.labels moved to frame.[]field.labels (#20670) * dev: fix pre-commit typo in toolkit (#20673) * Docs: Update change user password payload in http api (#20666) * Chore: Sync defaults.ini with sample.ini (#20645) * Loki: Fix query error for step parameter (#20607) * Fix: Disable draggable panels on small devices (#20629) * Chore: Remove several instances of non-strict null usage (#20563) * StatPanel: Rename singlestat2 to stat (#20651) * Panels: Add support for panels with no padding (#20012) * CloudWatch: Docs updates after feedback (#20643) * Explore: Update docs with updated images (#20633) * Build: Update latest.json (#20638) * Forms: Introduce form field (#20632) * docs: update versions (#20635) * Changelog: 6.4.5 (#20625) * Changelog: 6.5.0 (#20620) * Docs: 6.5 update (#20617) * Chore: Improve grafana-server profiling and tracing (#20593) * grafana/toolkit: Update FAQ (#20592) * Forms: Introduce new Switch component (#20470) * E2E: Adds tests for QueryVariable CRUD (#20448) * Toolkit: Do not continue after compile error (#20590) * BarGauge/Gauge: Add back missing title option field display options (#20616) * VizRepeater/BarGauge: Use common font dimensions across repeated visualisations (#19983) * Update services.md (#20604) * Docs: CloudWatch docs fixes (#20609) * Changelog: Add v6.3.7 (#20602) * Cloudwatch: Docs improvements (#20100) * Fix: Wrong path when sending package build time (#20595) * CloudWatch: Fix high CPU load (#20579) * Explore: UI changes for split view and live tailing (#20516) * Explore: Keep logQL filters when selecting labels in log row details (#20570) * Instrumentation: Edition and license info to usage stats (#20589) * Metrics: Add metric for each package build time (#20566) * grafana/toolkit: Smaller output after successful upload (#20580) * Table: Use the configured field formatter if it exists (#20584) * TextPanel: Fixes issue with template variable value not properly html escaped (#20588) * Docs: Update Explore docs for 6.5 (time-sync button & log details) (#20390) * Explore: UI changes for derived fields (#20557) * Docker: Custom dockerfiles, docker and image rendering docs update (#20492) * Tooltip: Fix issue with tooltip throwing an error when retrieving values (#20565) * Changelog: Reference a few more issues that were fixed (#20562) * Enable theme context mocking in tests (#20519) * Chore: Remove angular dependency from prometheus datasource (#20536) * Build: Verify checksums when downloading PhantomJS (#20558) * DevEnv: updates nodejs from 10.x to 12.x and golang to 1.13 in ci-deploy dockerfile. (#20405) * Explore: updates responsive button to pass all the div element props * Explore: fixes explore responsive button ref * Explore: adds a ref to responsive button * Explore: updates responsive button to forward ref * Explore: UI fixes for log details (#20485) * Document required Go version in developer guide (#20546) * UserTableView: Show user name in table view (#18108) * CloudWatch: enable min_interval (#20260) * CI: fix release script remove filtering (#20552) * Update dashboards (#20486) * CI: Build all platforms for Enterprise (#20389) * Alerting: Propagate failures to delete dashboard alerts (#20507) * Cloudwatch: Fix LaunchTime attribute tag bug (#20237) * Fix: Prevents crash when searchFilter is non string (#20526) * docs: what's new fixes (#20535) * What's new in 6.5 - adding CloudWatch topics (#20497) * grafana/ui: Expose Icon component (#20524) * Backend plugins: Log wrapper args formatting fix (#20521) * Build: Clean up scripts/grunt/options/phantomjs.js (#20503) * MySql: Fix tls auth settings in config page (#20501) * Backend plugins: Log wrapper args formatting (#20514) * CloudWatch: Remove HighResolution toggle since it's not being used (#20440) * API: Optionally list expired keys (#20468) * Image-rendering: Cleanup of rendering code (#20496) * Build: Reports times and outcomes from CircleCI jobs (#20474) * Chore: Upgrade prettier for grafana-toolkit (#20476) * TimePicker: Fixed update issue after plugin uses getLocationSrv().update (#20466) * Docs: Add explore images to What's new in v6.5 (#20442) * Chore: Bumps prettier version for new typescript syntax support (#20463) * handle PartialData status (#20459) * CloudWatch: Make sure period variable is being interpreted correctly (#20447) * Forms: New Input component (#20159) * UsersPage: Removed icon in external button (#20441) * Build: Fix RPM verification (#20460) * Dashboard Migrator: persist thresholds param if already set (#20458) * Docs: Fix developer guide link (#20434) * Fix package signing (#20451) * Build: Fix signing (#20450) * transform: changes to support sdk v0.2.0 (#20426) * Reporting: Handle timeouts in rendering (#20415) * Build: Upgrade build-container Docker image version (#20443) * Upgrade build-container image (#20438) * Provisioning: Fix unmarshaling nested jsonData values (#20399) * Fail when server is unable to bind port (#20409) * Devenv: Fix integration of postgres and fake-data-gen containers (#20329) * Util: Modify SplitHostPortDefault not to return an error for empty input (#20351) * InfluxDB: convert config editor to react (#20282) * Packages: stable release tags update (#20417) * Chore/Go-dep: change sdk to use new tag (#20422) * Chore: Log actual error when oauth pass thru fails (#20419) * Grafana/Loki: Adds support for new Loki endpoints and metrics (#20158) * Chore: Fix error caused by typescript upgrade (#20408) * Chore: Upgrade typescript to 3.7 (#20375) * NavLinks: Make ordering in navigation configurable (#20382) * Fix flot overriding onselectstart/ondrag events (#20381) * Docs: Updates docs for redux framework (#20377) * chore: fix 'testing' version is latest.json (#20398) * transform_plugin: stop plugin when grafana stops (#20397) * Chore: Update latest.json (#20393) * Docs: What's new in Grafana v6.5 Draft (#20368) * Update changelog for v6.5.0-beta1 (#20350) * Chore: Move and wrap Cascader component to @grafana/ui (#20246) * MySql: Fix password regression in MySQL datasource (#20376) * CloudWatch: Datasource improvements (#20268) * grafana/toolkit: remove aws-sdk and upload to grafana.com API endpoint (#20372) * LDAP: last org admin can login but wont be removed (#20326) * Devenv: Replace deprecated SQL Server docker image (#20352) * DataFrame processing: Require table rows to be array (#20357) * grafana/ui: Add Icon component (#20353) * Telegram: Check error before adding defer close of image (#20331) * ValueFormats: fix description for dateTimeAsUS (#20355) * Fix alert names in dev dashboard (#20306) * Docs: Getting started edits (#19915) * Bus: Remove unused wildcard handlers and clean up tests (#20327) * Explore: updates breakpoint used to collapse datasource picker * Elastic: Fix Elastic template variables interpolation when redirecting to Explore (#20314) * transform_plugin: pass encoded dataframes through (#20333) * Links: Updated links to grafana.com (#20320) * Avatar: Don't log failure to add existing item to cache (#19947) * Devenv: Enable tracing for loki docker block (#20309) * Build: adds make target run-frontend (#20227) * Devenv: fix kibana in elastic7 docker block (#20308) * Build: Fix Docker builds (#20312) * Devenv: Add nginx_proxy_mac/nginx_login_only.conf (#20310) * Build: Build Ubuntu based Docker images also for ARM (#20267) * Devenv: fix connection in elastic 5 and 6 blocks (#20304) * Prometheus: Adds hint support to dashboard and fixes prometheus link in query editor (#20275) * Explore: Fix always disabled QueryField for InfluxDB (#20299) * Docker blocks: Add loki blocks for loki releases (#20172) * Explore: Fix interpolation of error message (#20301) * PanelLinks: fixed issue with old panel links and grafana behind a subpath (#20298) * ColorPicker: Fixes issue with ColorPicker disappearing too quickly (#20289) * Configuration: Update root_url to reflect the default value (#20278) * Templating: Made default template variable query editor field a text area with dynamic automatic height (#20288) * Transformations: filter results by refId (#20261) * PanelData: Support showing data and errors in angular panels (#20286) * Fix: URL Encode Groupd IDs for external team sync (#20280) * Build: Collect frontend build time metric (#20254) * Datasource: fixes prometheus metrics query query field definition (#20273) * Update version (#20271) * Admin: Adds setting to disable creating initial admin user (#19505) * Tests: We should not click on default button when there is only one ds (#20266) * AuthProxy: additions to ttl config change (#20249) * Graphite: add metrictank meta in response (#20138) * Docker: Add dependencies to support oracle plugin in alpine (#20214) * ReactMigration: Migrate Prometheus config page to React (#20248) * Templating: highlight first item when searching a variable dropdown (#20264) * e2eTests: Adds cleanup of created datasource and dashboard (#20244) * Gauge Panel: fix the default value of thresholds cannot be modified (#20190) * AuthProxy: Can now login with auth proxy and get a login token (#20175) * DataFrame: move labels to field (#19926) * Add Dockerfiles for Ubuntu (#20196) * Graph: Fixed no graph in panel edit mode (#20247) * Explore: Configure explore series colours via field config (#20239) * LDAP: Fixing sync issues (#19446) * Docs: Added alias for old reporting page location (#20238) * ReactPanels: Adds Explore menu item (#20236) * Elasticsearch: Support rendering in logs panel (#20229) * Alerting: Add alert_state to the kafka message Fixes #11401 (#20099) * Graph: introduce Tooltip to React graph (#20046) * @grafana/runtime: Expose datasourceRequest in backendSrv * Auth Proxy: replace ini setting ldap_sync_ttl with sync_ttl (#20191) * DevEnv: updates prometheus random data golang image to 1.13.0 * Provisioning: fix for cannot save provisioned dashboard (#20218) * DisplayProcessor: improve time field support (#20223) * Docs: Adding how to use plugin version, through docker env variable (#19924) * Docs: Add docs abooout time range URL query params (#20215) * MixedQuery: refactor so other components could also batch queries (#20219) * SharedQuery: don't explode when missing logo (#20187) * LDAP: Interpolate env variable expressions in ldap.toml file (#20173) * Chore: Update latest.json (#20216) * build: Ignore Azure test snapshot for msi build (long file name) (#20217) * Explore: fixes toolbars datasource selector and date picker responsiveness (#19718) * Logs Panel: Generate valid logQL for multi-select template variable (#20200) * Fix when only icon is present (#20208) * TablePanel: Prevents crash when data contains mixed data formats (#20202) * OAuth: Make the login button display name of custom OAuth provider (#20209) * Explore: Add custom DataLinks on datasource level for Loki (#20060) * QueryField: Prevent query runs on blur in Explore (#20180) * Azure Monitor: Datasource Config Type (#20183) * PluginLoader: export classes on @grafana/ui (#20188) * Changelog: 6.4.4 release (#20201) * CLI: Reduce memory usage for plugin installation (#19639) * DataLinks: fix syntax highlighting not being applied on first render (#20199) * SafeDynamicImport: Updates so that it does not act as an ErrorBoundary (#20170) * grafana/data: Make display processor work with time fields (#20174) * update triggers to use new deployment_tools location (#20194) * mysql: fix encoding in connection string (#20192) * pkg/util: Replace custom pbkdf2 implementation by maintained version (#19941) * Datasource/Elasticsearch: Fix logs which were displayed with incorrect timestamp in Explore logs tab (#20009) * Error Handling: support errors and data in a response (#20169) * OAuth: Generic OAuth role mapping support (#17149) * sdk: update to latest (#20182) * Docs: Add introduction to time series (#20068) * Docs: Simplify headings and make active (#20163) * Docs: Add 'the' to license reference in README (#20167) * LDAP: All LDAP servers should be tried even if one of them returns a connection error (#20077) * Dashboards: add panel inspector (#20052) * Docker: Reduce layers in build container and modified initialization of PATH env in final container (#20132) * Docs: Display panels alphabetically (#20130) * Docs: Updates getting_started.md for spelling mistake 'configuered' to 'configured' (#20027) * fix: modifying AWS Kafka dimension names to correct ones (#19986) * Templating: Makes so __searchFilter can be used as part of regular expression (#20103) * Dashboard Editor: use chevron icon rather than &gt; (#19588) * Docs: update datasources that support alerting (#20066) * Units: Add milli/microSievert, milli/microSievert/h and pixels (#20144) * Toolkit: copy full directory structure for img,libs,static (#20145) * Heatmap: Insert div to fix layout (#20056) * Build: adds the pkg/errors dependency that was missing from go.mod (#20143) * Explore: Memory leak fix due to dedup selector (#20107) * DataLinks: Fix access to labels when using Prometheus instant queries (#20113) * PluginLoader: fix imports for react-redux (#19780) * LDAP Debug: No longer shows incorrectly matching groups based on role (#20018) * Licensing service (#19903) * Explore: Add titles to query row action buttons (#20128) * Graph: Added series override option to have hidden series be persisted (#20124) * grafana/ui: Drawer component (#20078) * Depedency: Bump crewjam/saml to the latest master (#20126) * grafana/ui: fix button icon styles (#20084) * Explore: UI change for log row details (#20034) * api/dashboard: fix panic on UI save (#20137) * grafana/toolkit: Fixup save artifacts in a zip id in the folder (#20071) (#20139) * Docs: Fix InfluxDB Typos (#20004) * Docs: Data Sources subsection naming (#20127) * Docs: Update basic_concepts.md (#20102) * GEL: include the expression count in the request (#20114) * GEL: wrap arrow utils in async load (#20134) * grafana/toolkit: save artifacts in a zip id in the folder (#20123) * remove editor keys and null coalescing (#20115) * Emails: Update notification templates (#19662) * Docs: Ordering and formatting of datasources in docs (#19485) * Docs: Improve remote image renderer documentation (#20031) * Add devenv block for apache proxy working for Mac (#20119) * Allow saving of provisioned dashboards (#19820) * Update Azure AD instructions in generic-oauth.md (#20091) * Docs: Fixed a broken link to LogQL in the docs (#20106) * Explore: Fix deferred rendering of logs (#20110) * Templating: Adds typings to Variables (#20117) * Chore: Reorg packages (#20111) * Chore: Moves QueryField to @grafana/ui (#19678) * Docs: Consolidate backend guidelines (#19823) * transform: add expressions to query editor (w/ feature flag) (#20072) * DataSource: don't filter hidden queries automatically (#20088) * Docker: makes it possible to parse timezones in the docker image (#20081) * Plugins: Transform plugin support (#20036) * Add data link from panel to cloudwatch console (#20061) * DataLinks: Fix blur issues (#19883) * Explore: Remove datasource testing on selector (#19910) * Grafana/ui: Refactor button and add default type = button (#20042) * Add some typings for react events (#20038) * PanelQuerRunnerrremove logging (#20073) * Enable errcheck for golangci-lint (#19976) * DataLinks: Implement javascript callback (#19851) * Chore: correct typo in word Fahrenheit (#20040) * ReactMigration: Migrate Loki and Elastic config pages to React (#19979) * api: new v2 metrics query endpoint * Forms: Introduce new Primary, Secondary and Destructive buttons (#19973) * grafana/ui: Fix modal component (#19987) * WIP: Spawn backend plugins v2 (#19835) * build: Fix building of Enterprise Docker images (#19992) * Docker: Build and use musl-based binaries in alpine images to resolve glibc incompatibility issues (#19798) * PluginPage: replace plugin absolute url with relative (#19956) * Add info about static files (#19965) * Explore: Change loading state to done after live-tailing stops (#19955) * pkg/util: Check errors (#19832) * Core: Show browser not supported notification (#19904) * grafana/toolkit: Support js plugins (#19952) * Forms: Introduce typographic form elements (#19879) * SingleStat: apply mappings to no data response (#19951) * Docs: Clean up contribute docs (#19716) * pkg/models: Check errors (#19839) * pkg/setting: Check errors (#19838) * pkg/tsdb: Check errors (#19837) * Docs: Document Makefile (#19720) * Explore: Add functionality to show/hide query row results (#19794) * pkg/services: Check errors (#19712) * API: Fix logging of dynamic listening port (#19644) * Cloudwatch: Make it clear that role switching is not supported (#19706) * Update Apache configuration to work with MPMs as shared modules (#19900) * Cloudwatch: Lowercase Redshift Dimension entry for service class and stage (#19897) * Units: Added mega ampere and watt-hour per kg Units (#19922) * Clarify use of custom.ini on deb/rpm platforms (#19939) * Update ISSUE_TRIAGE.md (#19942) * docs: improved setup instructions for reporting (#19935) * grafana/ui: Enable mdx imports in stories (#19937) * Refactor: Suggestion plugin for slate (#19825) * grafana/ui: Enable storybook docs (#19930) * Fix: Correct color on TagItems (#19933) * Dependencies: Update yarn.lock (#19927) * Chore: Updates yarn.lock (#19919) * pkg/plugins: Only warn if plugins fail to load. Fixes #19846 (#19859) * Chore: Bump storybook to 5.2.4 (#19895) * QueryEditor: move QueryEditorRows to its own component (#19756) * ReactMigration: Migrate DataSource HTTP Settings to React (#19452) * TemplateVariables: Introduces $__searchFilter to Query Variables (#19858) * Forms: Introduce new spacing variables to GrafanaTheme (#19875) * Forms: Introduce new color variables to GrafanaTheme (#19874) * Chore: Bump Angularjs 1.6.6 -> 1.6.9 (#19849) * Update documentation.md * Edited Contribute docs * devenv: have bra watch attempt graceful shutdown (#19857) * Release: Update latest (#19866) * DataFrame: guess number field when on NaN (#19833) * Loki: Remove param (#19854) * InputDataSource: Fixed issue with config editor (#19818) * Fix: Unsubscribe from events in dashboards (#19788) * Explore: Add unit test to TimeSyncButton (#19836) * build: update scripts go.(mod|sum) (#19834) * Loki: Return empty result if no valid targets (#19830) * DataLinks: Fix url field not releasing focus (#19804) * Alerting: All notification channels should always send (#19807) * @grafana/toolkit: Check if git user.name config is set (#19821) * pkg/middleware: Check errors (#19749) * Fix: clicking outside of some query editors required 2 clicks (#19822) * pkg/cmd: Check errors (#19700) * grafana/toolkit: Add font file loader (#19781) * Select: Allow custom value for selects (#19775) * Docs: Add database architecture docs (#19800) * Call next in azure editor (#19799) * grafana/toolkit: Use http rather than ssh for git checkout (#19754) * DataLinks: Fix context menu not showing in singlestat-ish visualisations (#19809) * Elasticsearch: Adds support for region annotations (#17602) * Docs: Add additional capitalization rules (#19805) * Docs: Add additional word usage rule (#19812) * Update aws-sdk-go (#19138) * Dashboard: Allows the d-solo route to be used without slug (#19640) * pkg/bus: Check errors (#19748) * Panels: Fixes default tab for visualizations without Queries Tab (#19803) * Chore: Refactor grafana-server (#19796) * Add missing info about stylesFactory * Types: Adds type safety to appEvents (#19418) * Docs: Split up Sharing topic (#19680) * Update README.md (#19457) * Docs: Link to architecture docs from Developer guide (#19778) * toolkit linter line number off by one (#19782) * pkg/plugins: Check errors (#19715) * Explore: updates live button to responsive button * Explore: fixes live button margin * Explore: fixes a responsive fold of live tailing button * updated live tailing text * updated live tail button - responsive fold * updated toolbar - added media query for tail buttons * Docs: Add docs on services (#19741) * fix: export Bus on search service (#19773) * Chore: Refactor GoConvey into stdlib for search service (#19765) * Quick typo fix (#19759) * Docs: Fixes go get command in developer guide (#19766) * Datasource: Add custom headers on alerting queries (#19508) * Docs: Add API style/casing rule (#19627) * Explore: updates clear all button to responsive button (#19719) * pkg/infra: Check errors (#19705) * Docs: Update Prometheus Custom Query Parameters docs. (#19524) * Docs: Fix playlist layout issues (#19739) * Docs: Update instructions and flows in Playlist.md (#19590) * pkg/components: Check errors (#19703) * UX: Fix empty space in select (#19713) * pkg/login: Check errors (#19714) * enforce GO111MODULE=on when running make run (#19724) * Docs: Add Troubleshooting section to Developer guide (#19721) * Update README.md (#19551) * Singlestat: Fixed issue with mapping null to text (#19689) * Don't truncate IPv6 addresses (#19573) * Tests: Fix runRequest test (#19711) * Docs: Update pkg\README.md (#19615) * Feature: Adds connectWithCleanup HOC (#19629) * Docs: Add 'repository' case, and 'open source' to style guide * React group by segment poc (#19436) * Graph: make ContextMenu potitioning aware of the viewport width (#19699) * pkg/api: Check errors (#19657) * Explore: Synchronise time ranges in split mode (#19274) * build: use vendored packages for circle backend tests (#19708) * Docs: Add correct casing for API and ID to style guide (#19625) * API: added dashboardId and slug in response after import (#19692) * Docs: Simplify README (#19702) * Docs: Move dev guide from README (#19707) * Explore: Expand template variables when redirecting from dashboard panel (#19582) * Alerting: Fix dates stored in local time when pausing alerts (#19525) * Explore/UI: Removes unnecessary grafana-info-box wrapper around InfluxCheatSheet (#19701) * Docs: Updating to 6.4.0 (#19698) * Chore: Fixes lines that exceeded 150 chars (#19694) * Chore: Updates latest.json for 6.4.2 (#19697) * Chore: Updates Changelog for 6.4.2 (#19696) * Docs: Update folder.md (#19674) * build: use vendor folder for building (#19677) * Table: Proper handling of json data with dataframes (#19596) * SharedQuery: Fixed issue when using rows (#19610) * SingleStat: Fixes $__name postfix/prefix usage (#19687) * Chore: Upgrade Docker images to Go 1.13.1 (#19576) * Grafana Image Renderer: Fixes plugin page (#19664) * Units: consistent Meter spelling and abbreviations (#19648) * CloudWatch: Changes incorrect dimension wmlid to wlmid (#19679) * Loki: Fix lookup for label key token (#19579) * Documentation: Fix time range controls formatting (#19589) * Docs: Add additional style rules (#19634) * De-duplicate `lint-go` step (#19675) * Docs: Update keyboard shortcuts formatting (#19637) * AzureMonitor: Alerting for Azure Application Insights (#19381) * ci-build: Improve build-deploy script (#19653) * Rename live option in queries (#19658) * Docs: Update README.md (#19456) * Docs: Update typos, make docs more consistent. (#19633) * Docs: Fix operating system names (#19638) * Docs: Move issue triage docs to contribute (#19652) * DataFormats: When transforming TableModel -> DataFrame -> Table preserve the type attribute (#19621) * Graph: Updated auto decimals logic and test dashboard (#19618) * Graph: Switching to series mode should re-render graph (#19623) * Revert 'Feature: Adds connectWithCleanup HOC (#19392)' (#19628) * Feature: Adds connectWithCleanup HOC (#19392) * Panels: Progress on new singlestat / BigValue (#19374) * Units: fixed wrong id for Terabits/sec (#19611) * Docs: General improvements to docs, and a fix in oauth (#19587) * Docs: Replace ampersands with and (#19609) * Profile: Fix issue with user profile not showing more than sessions some times (#19578) * Azure Monitor : Query more than 10 dimensions ( Fixes #17230 ) (#18693) * Login: Show SAML login button if SAML is enabled (#19591) * UI: Adds Modal component (#19369) * Prometheus: Fixes so results in Panel always are sorted by query order (#19597) * Docs: Improve guides for contributing (#19575) * Migration: Migrates Admin settings from angular to react (#19594) * Chore: Converts HelpModal from angular to react (#19474) * Fix typo (#19571) * Chore: Upgrade to Go 1.13 (#19502) * Explore: Move data source loader into the select (#19465) * Release: Fix issue with tag script on osx (#19557) * Release: Update latest (#19559) * Docs: Updates about Loki annotations (#19537) * Theme: follow-up fix for snapshot * UI: Centers the filter tags in input field (#19546) * Update README.md (#19515) * Docs: Updated changelog (#19558) * Theme: fix theme issue * Provisioning: Handle empty nested keys on YAML provisioning datasources (#19547) * Docs: updates to what's new in 6.4 (#19539) * Loki: remove live option for logs panel (#19533) * Chore: Updates to 6.4.0 stable (#19528) * CloudWatch: Add ap-east-1 to hard-coded region lists (#19523) * ChangeLog: Release 6.4.0 Stable (#19526) * Docs: Add notice about plugins that need updating (#19519) * Panels: Skip re-rendering panel/visualisation in loading state (#19518) * Docs: LDAP Debug View documentation (#19513) * Docs: reports feature (#19472) * SeriesOverrides: Fixed issue with color picker * Build: Fix building when $LDFLAGS is set (#19509) * API: Add `createdAt` and `updatedAt` to api/users/lookup (#19496) * Fix logs panel image path * Logs: Publish logs panel (#19504) * Explore: Update broken link to logql docs (#19510) * Chore: Remove console.log (#19412) * Refactor: Split LogRow component (#19471) * Build: Upgrade go to 1.12.10 (#19499) * CLI: Fix version selection for plugin install (#19498) * Upgrade grafana-plugin-model (#19438) * grafana-ui: Moves slate types from devDependencies to dependencies (#19470) * Docs: Improve guide descriptions on docs start page #19109 (#19479) * Explore: Generate log row uid (#18994) * Editor: Brings up suggestions menu after clicking suggestion (#19359) * Docs: Add Live tail section in Explore (#19321) * Docs: Add guide for developing on macOS (#19464) * API: Add createdAt field to /api/users/:id (#19475) * Docs: Updated heading to sentence case (#19450) * grafana/toolkit: Remove hack to expose plugin/e2e exports & types (#19467) * Testdata: Rename package to circumvent convention in go (#19409) * Docs: Update package's manual release guide (#19469) * Users: revert LDAP admin user page (#19463) * Explore: Take root_url setting into account when redirecting from dashboard to explore (#19447) * Refactor: RefreshPicker export things as statics on class (#19443) * grafana/ui: Fix value time zone names to be capitalized (#19417) * Release: Make sure packages are released from clean git state (#19402) * Docs: Add styling.md with guide to Emotion at Grafana (#19411) * Docs: Update SECURITY.md (#19385) * Debt: Simplifies actionCreatorFactory (#19433) * Update PLUGIN_DEV.md (#19387) * Release: Create cherrypick task work for enterprise repo (#19424) * Theme: Generate colors SASS * DisplayFormat: use toLocaleString for infinity * Docs: Update Loki docs with new syntax and features (#19370) * UI: Add orangeDark color to theme (#19407) * grafana/toolkit: Improve contribution readme (#19400) * Docs: Remove hard wrap (#19413) * Tests: Adds throwUnhandledRejections to jest setup (#19398) * DataLinks: suggestions menu improvements (#19396) * Dev: Sets `preserveSymlinks` to `false` in top-level tsconfig (#19395) * Build: fixed signing script issue with circle-ci (#19397) * Docs: Update readme with info about ongoing migration (#19362) * PanelData: Adds timeRange prop to PanelData (#19361) * Docs: Update Playlist.md (#19382) * Update documentation-style-guide.md (#19389) * Build: Fix correct sort order of merged pr's in cherrypick task (#19379) * dependencies: Update yarn.lock (#19377) * ValueFormats: check for inf (#19376) * Update UPGRADING_DEPENDENCIES.md (#19386) * Update ROADMAP.md (#19384) * Update SUPPORT.md (#19383) * Update ISSUE_TRIAGE.md (#19280) * Update datasource_permissions.md (#19336) * MySQL: Limit datasource error details returned from the backend (#19373) * MySQL, Postgres: Update raw sql when query builder updates (#19209) * MySQL, Postgres, MSSQL: Fix validating query with template variables in alert (#19237) * Explore: Do not send explicit maxDataPoints for logs. (#19235) * grafana/ui: Add Timezone picker (#19364) * Heatmap: use DataFrame rather than LegacyResponseData (#19026) * Explore: Refactor mode selection (#19356) * Dashboard: Fix export for sharing when panels use default data source (#19315) * Azure Monitor: Revert support for cross resource queries (#19115)' (#19346) * grafana/ui: Add electrical units mAh and kAh (#19314) * grafana/ui: Add Indian Rupee (INR) to currencies (#19201) * Chore: Bump typescript to version 3.6.3 (#19308) * Explore: Refactor live tail controls (#19328) * Docs: Documentation for return-to-dashboard feature (#19198) * Select: Set placeholder color (#19309) * Keybindings: Improve esc / exit / blur logic (#19320) * Plugins: Skips existence of module.js for renderer plugins (#19318) * Explore: Fix unsubscribing from Loki websocket (#19263) * Release: update latest.json (#19312) * Docs: Uppercase HTTP acronyms (#19317) * Multi-LDAP: Do not fail-fast on invalid credentials (#19261) * DataLinks: Small UX improvements to DataLinksInput (#19313) * Alerting: Prevents creating alerts from unsupported queries (#19250) * Chore: Update Slate to 0.47.8 (#19197) * Chore: Upgrades react-redux to version 7.1.1 (#19272) * Docs: Update documentation-style-guide.md (#19292) * Admin/user: fix textarea postion in 'Pending Invites' to avoid page scrolling (#19288) * Changelog update for 6.3.6 * Revert 'Changelog update for 6.3.6' * Changelog update for 6.3.6 * Build: Split up task in the CI pipeline to ease running outside circleci (#18861) * Build: Scanning grafana master docker image with trivy in ci (#19195) * Dashboard: Hides alpha icon for visualization that is not in alpha/beta stage #19300 * Update changelog task to generate toolkit changelog too (#19262) * QueryEditor: Clean-up interface to only have one PanelData (#19249) * Docs: Add style rule for Git (#19277) * Docs: Update CONTRIBUTING.md (#19273) * Docs: Add glossary (#19148) * Docs: Add style guide for docs (#19190) * Vector: remove toJSON() from interface (#19254) * MySQL, Postgres, MSSQL: Only debug log when in development (#19239) * Graphite: Changed range expansion from 1m to 1s (#19246) * AlertBox: Merged Alertbox into Alert (#19212) * Explore: live tail UI fixes and improvements (#19187) * Docs: Update theming docs (#19248) * grafana/toolkit: Fix toolkit not building @grafana/toolkit (#19253) * CloudWatch: ContainerInsights metrics support (#18971) * Alerting: Truncate PagerDuty summary when greater than 1024 characters (#18730) * grafana/toolkit: Add plugin scaffolding (#19207) * Snapshots: store DataFrameDTO instead of MutableDataFrame in snapshot data (#19247) * Revert 'Graphite: Changed range expansion from 1m to 1s, #11472' * Graphite: Changed range expansion from 1m to 1s, #11472 * Fix docs issues (#19240) * Docs: Minor edits to the README and several md files (#19238) * LDAP: Show non-matched groups returned from LDAP (#19208) * plugins: expose whole rxjs to plugins (#19226) * SQL: Rewrite statistics query (#19178) * CI: Update frontend ci metrics for strict null checks * grafana/ui: Add disabled prop on LinkButton (#19192) * Cloudwatch: Fix autocomplete for Gamelift dimensions (#19145) (#19146) * Backend: Remove redundant condition of `ROLE_VIEWER` (#19211) * FieldDisplay: Update title variable syntax (#19217) * Docs: Note when using For and No Data in alert rule (#19185) * Docker: Upgrade packages to resolve reported vulnerabilities (#19188) * MSSQL: Revert usage of new connectionstring format (#19203) * Prometheus: datasource config with custom parameters string (#19121) * Contributing: Add guidelines for contributing docs (#19108) * LDAP debug page: deduplicate errors (#19168) * Menu: fix menu button in the mobile view (#19191) * Dashboard: Fixes back button styles in kiosk mode (#19165) * API: adds redirect helper to simplify http redirects (#19180) * docs: image rendering (#19183) * Chore: Update latest.json (#19177) * Chore: Update version to next (#19169) * Docs: What's new in 6.4 update (#19175) * Devenv: create slow_proxy_mac (#19174) * Chore: Changelog for v6.4.0-beta1 (#19171) * Revert 'Chore: Update Slate to 0.47.8 (#18412)' (#19167) * Chore: Update Slate to 0.47.8 (#18412) * Changelog: Breaking changes and deprecation notes for v6.4 (#19164) * Docs: What's new 6.4 draft (#19144) * Docs: Add docs around feature toggles config (#19162) * Azure Monitor: Add support for cross resource queries (#19115) * Api: Readonly datasources should not be created via the API (#19006) * Explore: Update live tail buttons (#19143) * LDAP: only show tab if LDAP is enabled (#19156) * TimePicker: Fixes onBlur issue with FireFox on MacOS (#19154) * Feature: Encapsulated dynamic imports with error boundary and suspense (#19128) * Metrics: Adds setting for turning off total stats metrics (#19142) * Add directions for more details provided when not anymore on issue triage (#19116) * grafana/data: Reorganise code (#19136) * Login: fix Footer to be visible (#19147) * Chore: fix prettier error after github suggestions commit (#19150) * Alerts: show a warning/error if transformations are configured (#19027) * Explore: No logs should show an empty graph (#19132) * Ldap: Add LDAP debug page (#18759) * Elasticsearch: allow templating queries to order by doc_count (#18870) * Chore: cross-package security bumps (#19131) * Close the connection only if we establish it. (#18897) * Fix: Fixes crash using back button with zoomed graph (#19122) * Routing: Update routing to require sign in on every route (#19118) * Graph: constant series as override (#19102) * Login: fix login page failing when navigating from reset password views (#19124) * DataFrame: Fixes to dealing with empty results (#19119) * Explore: calculate intervals when building data source request (#19107) * Graph: Adds onHorizontalRegionSelected (#19083) * Loki: Updated cheat sheet with new filter syntax (#18947) * grafana/toolkit: Find module files correctly and add basic error tracing (#19089) * Templating: Clicking Selected should deselect all if 1 or more are already selected (#19104) * NotificationChannels: Add delete button to edit page (#19103) * Dashboard: Fix arrow positioning in button while in panel edit mode (#19084) * Update _index.md (#19045) * CLI: Fix installing plugins on windows (#19061) * LDAP: Allow an user to be synchronised against LDAP (#18976) * Docs: Adds a requirements page (#18917) * DataLinks: enable access to labels & field names (#18918) * Singlestat: fix format messes up on negative values if select duratio… (#19044) * Explore: Move throttling before processing (#19095) * Prometheus: Fix response states (#19092) * Explore: Fix how log bars in graph are stacking (#19015) * Explore: Add throttling when doing live queries (#19085) * Stackdriver: Add extra alignment period options (#18909) * QueryProcessing: Added missing error event for angular editors (#19059) * Explore: Fixes issue with lastResult being null (#19081) * GraphPanel: don't listen to legacy onDataReceived events (#19054) * QueryProcessing: Fixes showing last result in initial loading state (#19057) * toolkit: fix master build, avoid null check (#19055) * Auth: Allow inviting existing users when login form is disabled (#19048) * MSSQL: Fix memory leak when debug enabled (#19049) * Update CONTRIBUTING.md (#19051) * Update README.md (#19047) * toolkit: pipe execa output to console.stdout (#19052) * QueryProcessing: Observable query interface and RxJS for query & stream processing (#18899) * Fix exit live mode icon: change back to Stop. (#19043) * Loki: Fix vertical alignment issue in label selector (#18943) * Fix: Align buttons and label in ToggleButtonGroup (#19036) * toolkit: run make for backend plugins (#19029) * Explore: Fix auto completion on label values for Loki (#18988) * TimeSeries: Replace fieldName with fieldIndex (#19030) * DataLinksInput - change the way enter key is handled (#18985) * TimeSeries: Add data frame index and field name (#19005) * Packages: update versioning and release process (#18195) * API: Add `updatedAt` to api/users/:id (#19004) * PageContent: fix logic in Page.Contents (#19002) * Calcs: Fixed calc reducer (#18998) * AlphaNotice: replaced big popover tooltip with native tooltip (#18997) * grafana/ui: Add Time of day picker (#18894) * QueryOptions: update maxDataPoints text and show any value that is configured (#18761) * Piechart: fix unit selector when scrolling is required (#18932) * Refactor: Move sql_engine to sub package of tsdb (#18991) * Refactor: move ScopedVars to grafana/data (#18992) * Units: Adding T,P,E,Z,and Y bytes (#18706) * Image rendering: Add deprecation warning when PhantomJS is used for rendering images (#18933) * Singlestat: render lines on the panel when sparklines are enabled (#18984) * Explore: Unify background color for fresh logs (#18973) * Annotations: Add annotations support to Loki (#18949) * TimeSeries: datasources with labels should export tags (not labels) (#18977) * Explore: UX/UI improvements for pausing and resuming of live tailing (#18931) * Annotations: Fix query editor rendering on datasource change (#18945) * Bump lodash-es from 4.17.11 to 4.17.15 (#18963) * Bump fstream from 1.0.11 to 1.0.12 (#18962) * Bump mixin-deep from 1.3.1 to 1.3.2 (#18960) * Bump lodash.template from 4.4.0 to 4.5.0 (#18961) * Alerting: fix response popover prompt when add notification channels (#18967) * Build: Fix potential case-insensitive import collision for github.com/Unknwon/com (#18915) * MixedDataSource: refactor, cleanup, and add tests (#18948) * Bump lodash.mergewith from 4.6.1 to 4.6.2 (#18959) * Units: Add electrical charge - ampere-hour unit * Transformers: configure result transformations after query(alpha) (#18740) * grafana/toolkit: Add default mock for stylesheet imports for Jest (#18955) * grafana/toolkit: Improve readme (#18747) * Docs: Add PR review practices link (#18937) * Build: Allow extending of LDFLAGS in build.go (#18954) * Build: Support SOURCE_DATE_EPOCH for reproducible builds (#18953) * LDAP: Fetch teams in debug view (#18951) * Dashboard: Fixes dashboard overwriting behavior (#18944) * Grafana: Create new playlist/dashboard/channel card is not visible when there are no items in the list (#18890) * Storybook: fix type error (#18934) * Sass: changed color in gradient in template files to lower case (#18921) * Notification is sent when state changes from no_data to ok (#18920) * SASS: Add pointer events none to .disabled class (#18919) * Explore: Adds ability to save a panel's query from Explore (#17982) * Loki: support loki with streaming in dashboards (#18709) * UserProfile: convert user organizations section to react (#18707) * Annotations: Check that timeEnd if defined before comparing to avoid false truthiness (#18903) * Sass: Align generated file with tmpl (#18896) * LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * Add South African Rand (ZAR) to currencies (#18893) * Annotations: check if the name exists before creating a new annotation (#18880) * ErrorHandling: Error boundary for every container (#18845) * Precommit: Fixed precommit task issue (#18883) * Docs: Quick typo fix in readme (#18874) * CI: no longer using grafana-master... package. (#18884) * Styles: fixed gradient in logo so it doesn't go outside the logo and get a defined start and end color, changed brand gradient to be the same as in logo, created new variable for vertical gradient (#18882) * Webpack: Fix accidental double typechecking (#18881) * Explore: elastic small fixes (#18879) * Explore: Add typings for queryTransaction.request (#18847) * LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * PanelQueryState: restore comment * grafana/toolkit: fix common webpack config (#18862) * Explore: Use DataFrame to derive graph/table/logs (#18859) * Updated is time series test * Fixed unit test * alerting: add lock on job to prevent a race condition (#18218) * Reworked ResultProcessor tests * Explore: everything seems to be working again * WIP: Use data frames in explore * Explore: Allow pausing and resuming of live tailing (#18836) * CI: stop deployment to s3 (#18831) * Performance/Webpack: Introduces more aggressive code-splitting and other perf improvements (#18544) * Explore: Introduces PanelData to ExploreItemState (#18804) * Core: Adding DashboardPicker component (#18811) * Git: Precomit hook slimmed down * DataSourceSettings: Fixed issue changing data source name, fixes #18660 (#18826) * Prometheus: Fixed Prometheus query editor error (plus new ErrorBoundaryAlert component) (#18838) * Explore: Style panel containers (#18834) * Snapshot: Fix http api (#18830) * Open new window when exploring panel metrics (#18802) * Release: update latest.json * Docs: Update changelog with v6.3.5 issues (#18827) * Build: Update ua-parser/uap-go (#18788) * Build: Use the latest build container which has go 1.12.9 (#18807) * DataFrame: split DataFrameHelper into MutableDataFrame and FieldCache (#18795) * MixedDatasource: don't filter hidden queries before sending to datasources (#18814) * Enterprise: add dependencies for upcoming features (#18793) * Editor: Fixes issue where only entire lines were being copied (#18806) * Explore: Fixed query status issue (#18791) * DashboardMigrator: Fixed issue migrating incomplete panel link models (#18786) * Explore: Fixes query hint issues (#18803) * Build: Optional skipping of typescript checking in dev bundler (#18772) * Docs: Improve API tutorial intro content and readability (#18762) * Panels: Destroy panel model when recreating repeated panels (#18799) * Singlestat: Various fixes to singlestat and DataFrame (#18783) * Explore: Fixed issue in PanelQuery state arround cancellation (#18771) * Going to Explore from a panel with mixed data sources now works (#18784) * Changelog update (#18780) * Explore: Add memoization and remove unused props (#18775) * Prometheus: Changes brace-insertion behavior to be less annoying (#18698) * Datasource: Support min time interval input in ms (#18719) * Explore: Use PanelQueryState to handle querying (#18694) * Chore: Improve err message for notifications (#18757) * @grafana/toolkit: add package versions to the ci report (#18751) * @grafana/data: Matchers and Transforms (#16756) * Docs: Document LDAP config reload in admin http api (#18739) * center NoDataSourceCallToActionCard in Explore (#18752) * DataLinks: enable data links in Gauge, BarGauge and SingleStat2 panel (#18605) * DashboardDatasource: reuse query results within a dashboard (#16660) * Plugins: show a clear error on the plugin page when it failed to load (#18733) * Chore: Use ruleId instead of alertId as log keyword (#18738) * @grafana/data: improve the CircularVector api (#18716) * QueryEditor: check if optional func toggleEditorMode is provided (#18705) * Emails: remove the yarn.lock (#18724) * OAuth: Support JMES path lookup when retrieving user email (#14683) * Emails: resurrect template notification (#18686) * Email: add reply-to and direct attachment (#18715) * Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards (#18641) * Heatmap: Add Cividis and Turbo color schemes (#18710) * Units: add counts/sec (cps) and counts/min (cpm) in Throughput (#18702) * Dev Docker: Use golang:1.12.9-alpine to prevent glibc mismatch. (#18701) * Docs: Fix broken link for the Grafana on RHEL or Ubuntu tutorial (#18697) * Fixes several usability issues with QueryField component (#18681) * convert teams section of user profile to react (#18633) * Singlestat/Gauge/BarGauge: Improvements to decimals logic and added test dashboard (#18676) * Emails: Change text (#18683) * Streaming: improve JSDocs for DataSourceAPI streaming support (#18672) * TimeSrv: Enable value time windowing in TimeSrv (#18636) * Explore: Fixes so Show context shows results again (#18675) * Graph: Updated y-axis ticks test dashboard (#18677) * Add typings to package.json in packages (#18640) * Plugins: better warning when plugins fail to load (#18671) * SingleStat2: save options to defaults not override (#18666) * Packages: Fix path import from grafana/data (#18667) * SingleStat: use DataFrame results rather than TimeSeries/TableData (#18580) * TestData: attach labels to series results (#18653) * Singlestat: Disable new singlestat gauge usage (#18610) * Explore: Fixes query field layout in splitted view for Safari browsers (#18654) * MSI: new long file names are causing error building MSI (#18646) * Auth: change the error HTTP status codes (#18584) * Refactor: EmptyListCTA (#18516) * Build: Upgrade to go 1.12.9 (#18638) * Chore: Revert React 16.9.0 bump (#18634) * Azure Monitor and Log Analytics converted and separated into components (#18259) * Rewrite user profile edit to react (#17917) * Docs: remove codecov badge (#18623) * Prometheus: Prevents panel editor crash when switching to Prometheus datasource (#18616) * Chore: Rename Popper to Popover (#18543) * SingleStat: add a gauge migration call to action button in the editor (#18604) * Build: update revive dependency (#18585) * LDAP: multildap + ldap integration (#18588) * Docker: switch docker image to alpine base with phantomjs support (#18468) * Backend: Adds support for HTTP/2 (#18358) * Explore: Fixes error when switching from prometheus to loki data sources (#18599) * TimePicker: Set time to to 23:59:59 when setting To time using calendar (#18595) * Prometheus: Return labels in query results (#18535) * Docs: Update changelog and docs for annotation region change (#18593) * Refactor: move KeyValue and deprecation warning to @grafana/data (#18582) * Annotations: use a single row to represent a region (#17673) * Docs: Update upgrading guide (#18547) * Docs: Adds tests requirement to bugs checklist (#18576) * DataFrame: convert from row based to a columnar value format (#18391) * Packages: Temporarily skip canary releases if packages build fail (#18577) * Update latest.json to latest stable version (#18575) * Docs: Update changelog for v6.3.3 (#18569) * Graph: Fixed issue clicking on series line icon (#18563) * grafana/toolkit: Unpublish previous 'next' version when releasing a new one (#18552) * Toolkit: write PR report to a folder with the circle build number (#18560) * CI: Fail build if yarn.lock is not up to date (#18555) * Chore: Updates react-dependant packages to address react warnings (#18549) * Prometheus: Fix regression of rerunning query on legend/interval change (#18147) * Explore/Prometheus: More consistently allows for multi-line queries (#18362) * Login: Fixes undefined redirect (#18545) * Plugins: expose react-redux, redux (#18501) * TimeSeries: assume values are all numbers (#18540) * Login: Angular to React (#18116) * InfoTooltip: Info icon with tooltip (#18478) * Annotations: Fix failing annotation query when time series query is cancelled (#18532) * remotecache: support SSL with redis (#18511) * QueryData: Handle that response data must be array (#18504) * React: Rename deprecated UNSAFE_componentWillReceiveProps (#18526) * Explore: Replaces TimeSeries with GraphSeriesXY (#18475) * API: Restrict anonymous user information access (#18422) * Fix: failing build after React bump (#18514) * strictNullChecks: First batch (#18390) * Chore: bump React to 16.9.0 (#18502) * Docs: Adds a new security section (#18508) * Docs: Update issue triage doc with external PRs section (#18464) * Typo: fix typo in processDataFrame.ts comment (#18492) * Explore: Fix loading error for empty queries (#18488) * Fix: Fixes stripping of $d in Explore urls (#18480) * grafana/ui: fix toTimeTicks error (#18448) * Docs: Adds details to Pull Request Checklist (#18471) * DataLinks: respect timezone when displaying datapoint's timestamp in graph context menu (#18461) * Chore: strictNullChecks, ColoringEditor and time_region_manager (#18442) * Backend: Do not set SameSite cookie attribute if cookie_samesite is none (#18462) * DataLinks: Apply scoped variables correctly (#18454) * DataLinks: Use datapoint timestamp correctly when interpolating variables (#18459) * API: Minor fix for team creation endpoint when using API key (#18252) * Login: Adjust space between skip and its icon (#18407) * Docs: Update Auth Proxy documentation (#18444) * Docs: Minor Readme update (#18438) * OAuth: return GitLab groups as a part of user info (enable team sync) (#18388) * Fix: Avoid glob of single-value array variables (#18420) * DataLinks: Enable multiple data links per panel (#18434) * Markdown: Handle undefined/null strings (#18433) * Docs: Update changelog and latest with 6.3.1 and 6.3.2 releases (#18437) * Explore: Fixes Legend overflow in splitted view (#18396) * Docs: changelog for docker 6.3 (#18429) * Panels: Fixed crashing dashboards with panel links (#18430) * DataFrame: remove dateFormat (#18424) * backend: null.Float NaN -> null for json marshal (#18284) * Frontend: adds folder name in home dash choose menu (#18346) * TestData: Query variable support (nested + glob queries) (#18413) * Update latest.json (#18417) * Changelog 6.3.0 (#18414) * PanelLinks: Fix render issue when there is no panel description (#18408) * e2e tests: Make pageObjects mandatory (#18406) * Documentation: document the 'Mixed' Data Source (#18398) * Explore: Moves GraphSeriesXY and DisplayValue to grafana/data (#18400) * Explore: Fixes incorrect handling of utc in timeEpic (#18386) * Postgres: Add support for scram sha 256 authentication (#18397) * Update behind_proxy.md with linkback to nginx.com (#18150) * Do not set SameSite for OAuth cookie if cookie_samesite is None (#18392) * Gauge/BarGauge: Rewrite of how migrations are applied (#18375) * MSSQL: Change connectionstring to URL format to fix using passwords with semicolon (#18384) * CloudWatch: Fix alerting for queries with Id (using GetMetricData) (#17899) * Chore: Update strictNullChecks error limit (#18387) * Chore: Fixes some strict errors (#18381) * Graph: Improved graph tick decimals logic arround significant digits (#18370) * CI: Added metric to track strict null erros (#18379) * Auth: Do not search for the user twice (#18366) * grafana/toolkit: improve CI task (#18189) * Alerting: Also include configured AlertRuleTags in Webhooks (#18233) * Loki: Apply start parameter to speed up test query (#18266) * Docs: Changelog 6.3.0 beta4 (#18359) * Select: Fixes issue where ToggleButtonGroup overlapped DataSourcePicker in Firefox (#18361) * SignIn: Update redirect on reroute (#18360) * Gauge/BarGauge: Support decimals for min/max toFloatOrUndefined (#18368) * FieldDisplay: Return field defaults when there are no data (#18357) * Auth: introduce more tests for middleware module (#18365) * Docs: updated latest.json (#18363) * LDAP: nitpicks (#18309) * Docs: mention unsupported versions of PostgreSQL (#18307) * Navigation: Fixed double settings menus (#18349) * Build: allow bash to expand the wildcard (#18354) * Gauges: Fixes error when mappings array was undefined (#18353) * Frontend: Fixes progress tracker close button to use `$link-hover-color` (#18352) * Frontend: Fixes hard-coded font-weight properties to use variables (#18350) * LDAP: Align ldap example with the devenv testdata (#18343) * Auth: consistently return same basic auth errors (#18310) * cli: fix for recognizing when in dev mode. (#18334) * QueryEditors: Fixes flakey text edit mode toggle (#18335) * Refactor: use data rather than series in stream callback(#18126) * Keybindings: Disable on login url (#18331) * Fix failing end to end tests job for release (#18323) * Fix OAuth error due to SameSite cookie policy (#18332) * Chore: noImplictAny no errors left (#18303) * [Shortcuts] Fixes shortcuts for moving time range backwards and forwards (#18305) * TablePanel: Remove scroll option on TablePanel (#18318) * Keyboard Shortcuts: Sign in to enable them (#18271) * GitHub Templates: Pull Request Template update (#18300) * Auth Proxy: Include additional headers as part of the cache key (#18298) * grafana/toolkit: support windows paths (#18306) * Chore: noImplicitAny Sub 500 errors (#18287) * Plugins: return a promise for loadPluginCss (#18273) * Utils: avoid calling console.warn() too often for deprecation warnings (#18269) * CLI: Allow installing custom binary plugins (#17551) * Docs: Update link to example app (#18253) * GettingStarted: Skip Query for getting started (#18268) * v6.3.0-beta2 is latest testing (#18283) * Release: Changelog update with v6.3.0-beta2 (#18281) * Chore: Upgrades typescript to version 3.5 (#18263) * docs: team sync (#18239) * SAML: Only show SAML login button on Enterprise version (#18270) * Permissions: Show plugins in nav for non admin users but hide plugin configuration (#18234) * CI: Change target branch in CI task trigger-docs-update (#18255) * Plugins: Include build number and PR in metadata (#18260) * Run End-to-End tests for release builds (#18211) * DataLinks: Fixed interpolation of series name, fixes #18250 (#18251) * Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18248) * Loki: Remove prefetching of default label values (#18213) * Build: fix use of env vars in parentheses execs (#18249) * TimePicker: Increase max height of quick range dropdown (#18247) * TimePicker: Fixed css issue casued by CSS Optimizer (#18244) * Revert 'Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18217)' (#18246) * Timerange: Fixes a bug where custom time ranges didn't respect UTC (#18217) * LDAP: improve POSIX support (#18235) * Instrumentation: Add failed notifications metric (#18089) * Docs: update links to sample plugins (#18240) * Build: Removed webpack from default grunt task, fixes #18232 (#18242) * Packages: update package.json files (#18173) * Replaced ubuntu:latest with ubuntu:18.04; specific image version to make grafana build images consistent (#18224) * Build: correct verify script (#18236) * remote_cache: Fix redis connstr parsing (#18204) * Auth: do not expose disabled user disabled status (#18229) * Build: Introduce shellcheck (#18081) * Docs: Update documentation with new SAML features (#18163) * Typo: fix threshodsWithoutKey (#18228) * alerting: more specific error when missing threshold (#18221) * Graph: fix time label description for datalink suggestions (#18214) * Explore: Reduce default time range to last hour (#18212) * alerting: return err when SetAlertState fails to save to sql (#18216) * PhantomJS: Fixes rendering on Debian Buster (#18162) * Docs: sudo is required on the apt-key add not on wget (#18180) * Build: watch and dev mode webpack improvements (#18153) * Plugin: AzureMonitor - Reapply MetricNamespace support (#17282) * Refactor: move end-to-end test infrastructure to @grafana/toolkit (#18012) * SAML: add auth provider label (#18197) * Plugins: avoid app importDashboards() NPE (#18128) * Plugins: fix previous commit, output 'build' property in json * SAML: add metrics (#18194) * Plugins: add build info to plugin metadata (#18164) * datasource: testdata - add predicatable csv wave scenario (#18183) * Docs: SAML idp_metadata_url option (#18181) * Panel: Show error in edit mode (#18175) * E2E: saving a dashboard should wait for success (#18171) * @grafana/toolkit: integrate latest improvements (#18168) * Build: change definition of the vars in makefile (#18151) * noImplicitAny: Down approx 200 errors (#18143) * datasource: testdata - add predictable pulse scenario (#18142) * Minor 6.3.0 beta1 changes (#18048) * Docs: SAML (#18069) * Docs: prioritize use of `make run` to `bra` (#18154) * Fix provision alerts generation script (#18145) * SQLStore: use bool pointer instead of string (#18111) * Registry: add a reusable function registry (#17047) * grafana/toolkit: test improvements and show stats (#18137, #18138) * Metrics: use consistent naming for exported variables (#18134) * Build: copy .browserslistrc to node build container (#18141) * @grafana/toolkit: HtmlWebpackPlugin when in watch mode (#18130) * update yarn.lock (#18125) * grafana/toolkit: prettier and lint fix in dev mode (#18131) * Chore: Fix about 200 noImplicitAny errors (#18067) * Build: allow dynamically change docker image (#18112) * grafana/toolkit: update the way config is being passed to jest cli (#18115) * Build: detect changes to packages based on the git diff (#18118) * Build: Release packages under next tag when changes detected on master (#18062) * SQLStore: allow to look for `is_disabled` flag (#18032) * Metrics: add LDAP active sync summary metric (#18079) * Docs: correct issue_triage.md texts * ValuMapping: start with some values (#18092) * Docs: Simplify download links & instructions and make download link clearer (#18090) * FieldDisplay: move threshold and mapping to Field (#17043) * InfluxDB: Enable interpolation within ad-hoc filter values for InfluxDB data source (#18077) * Docs: Move data links down (#18072) * grafana/toolkit: improve CircleCI integration (#18071) * Build: consistently reference go binary (#18059) * devenv: Fix typo in nginix docker for mac (#18068) * noImplicitAny: 1670 errors (#18035) * Add missing pull requests to Changelog (#18061) * provisioning: escape literal '$' with '$$' to avoid interpolation (#18045) * grafana/toolkit: improve CircleCI stubs (#17995) * Docs: clarify the ttl units (#18039) * Update docs readme for running MySQL/Postgres tests * Auth: Duplicate API Key Name Handle With Useful HTTP Code (#17905) * Chore: upgrade node-sass to 4.12.0 (#18052) * API: Minor fix for nil pointer when trying to log error during creating new dashboard via the API (#18003) * Chore: update lodash (#18055) * Update latest.json (#18043) * Update Changelog (#18042) * Chore: bump master version number to 6.4.0-pre * Explore/Loki: Display live tailed logs in correct order (#18031) * Fix unused variable errors (#18030) * Docs: First draft of whats new in 6.3 (#17962) * Packages: create shared tsconfig.json (#18010) * CLI: Fix encrypt-datasource-passwords fails with sql error (#18014) * LDAP: Adds bind before searching LDAP for non-login cases. (#18023) * Users: show badges for each auth provider (#17869) * Loki: Don't use _ numerical separator (#18016) * grafana-cli: allow installing plugins from a local zip file (#18021) * grafana/toolkit: Copy or extract static files (#18006) * Packages: Use lerna for release orchestration (#17985) * AnnoList: add alpha annotations list plugin (#17187) * grafana/toolkit: Use babel-plugin-angularjs-annotate (#18005) * CSV Export: Timezone based on dashboard setting (#18002) * LDAP: Adds back support for single bind. (#17999) * Reducers: consistent result for first/last reducer shortcut (#17911) * SAML: Show SAML login button even if OAuth is disabled (#17993) * Fix: Break redirect loop if oauth_auto_login = true and OAuth login fails (#17974) * Refactor: fix range util imports (#17988) * Refactor: move dom utils to @grafana/ui (#17976) * Docs: Documents new features available with Loki data source in Explore (#17984) * Prometheus: added time range filter to series labels query (#16851) * Explore: Adds support for new loki 'start' and 'end' params for labels endpoint (#17512) * Chore: Removes custom debounce utility in favor of lodash/debounce (#17977) * Api: Fix auth tokens returning wrong seenAt value (#17980) * Refactor: move more files to @grafana/data (#17972) * @grafana/data: export dateMath and rangeUtil (#17971) * Refactor: move some files to @grafana/data (#17952) * noImplicitAny: Azure Monitor (#17966) * grafana/toolkit: initial CI task and various small improvements (#17914) * First version of prettier checks in toolkit (#17964) * LDAP: finishing touches (#17945) * Graphite: Refactor lexer and parser (#17958) * noImplicitAny: Datasource files, under 2500 (#17959) * Auth: saml enabled check. (#17960) * Auth: SAML login button. (#17932) * grafana/toolkit: Add support for extensions styling (#17938) * Datasource: Refactor Graphite to class (#17942) * SAML: Configuration defaults, examples and dependencies (#17954) * OAuth: deny login for disabled users (#17957) * Build: Adds pre-commit check that fails if node versions are not synced (#17820) * Docs: minor ha-setup edit (#17950) * Docs: Added very basic docs about revoking user sessions (#17931) * Docs: Updates documentation regarding logs integration in Explore (#17896) * noImplicitAnys: Fix InfluxDB type issues #17937) * TimePicker: align position between dashboard and explore (#17940) * AzureMonitor: remove duplicate query logic on the frontend (#17198) * UserProfilePage: Fix team avatar urls #17866 (#17930) * Explore: Introduces storage keys for last used data source on per-orgId basis (#17934) * Docs: added version notice to new ldap feature docs (#17929) * Explore: Restricts query text edit toggle to metrics mode (#17921) * grafana/runtime: Expose SystemJS from @grafana/runtime (#17927) * Templating: Correctly display __text in multi-values variable after refresh (#17918) * grafana/toolkit: bundle plugins with webpack (#17850) * Explore: Adds orgId to URL for sharing purposes (#17895) * grafana/toolkit: copy sass files (#17888) * ChangePassword: Rewrite change password page to react (#17811) * AngularPanels: Fixed loading state indication for angular panels (#17900) * Explore: Adds support for toggling text edit mode in explore (#17870) * LDAP: Divide the requests (#17885) * Build: fixes missing shebang in release tagging script. (#17894) * Teams: show proper label for each auth provider (#17860) * Logging: Login and Logout logging actions (#17760) (#17883) * Loki: Adds comment explaining usage of RFC3339Nano string (#17872) * Explore: Query rows are now reset when changing data sources (#17865) * Codestyle: add guidelines for removing the m alias for models (#17890) * Docs: How to work with themes (#17876) * Docs: Fix developing plugins index page (#17877) * StatsPicker: Fix multiple value input layout etc. (#17827) * Chore: Build grafana-cli when running bra run (#17788) * Build: use golangci-lint as a make command (#17739) * Explore:?Log highlights only update when user stops typing (#17845) * Loki: getHighlighterExpressionsFromQuery Returns null if filter term is not quoted (#17852) * Docs upgrading deps (#17657) * Testing: Include BatchRevoke for all tokens in the fake. (#17728) * Refactor: rename SeriesData to DataFrame (#17854) * devenv: switch OpenTSDB docker block (#17849) * Devenv:LDAP: couple simplifications for LDAP (#17807) * Login: divide login errors by pkg and service (#17835) * Auth Proxy: Respect auto_sign_up setting (#17843) * OAuth: return github teams as a part of user info (enable team sync) (#17797) * noImplicitAny: Sub 3000 errors (#17821) * TimePicker: Style and responsive fixes, restored dashboard settings (#17822) * Templating: Correctly display __text in multi-values variable (#17840) * Elasticsearch: Fix default max concurrent shard requests (#17770) * Explore: Fix filter by series level in logs graph (#17798) * Docs: Add v6.3 version notes and encryption format information (#17825) * Graphite: use POST for /metrics/find requests (#17814) * Dashboard: Force update after dashboard resize (#17808) * Toolkit: moved front end cli scripts to separate package and introduced very early version of plugin tools * Explore: Uses new TimePicker from Grafana/UI (#17793) * Explore: Uses RFC3339Nano string to retrieve LogRow contexts from Loki API (#17813) * noImplicitAny: Lower count to about 3450 (#17799) * Graphite: Fixes issue with seriesByTag & function with variable param (#17795) * noImplicitAny: Reduce errors to 3800-ish (#17781) * Graphite: remove feature that moves alias function last (#17791) * Explore: Adds URL support for select mode (#17755) * TestData: add option to increase the number of test streams (#17789) * Usage Stats: Update known datasource plugins (#17787) * Docs: Adds section on Querying Logs for Elasticsearch (#17730) * Docs: Adds section on Querying Logs for InfluxDB (#17726) * Devenv: makes the grafana users default for saml. (#17782) * Explore: Displays only one Time column as configured in TimeZone settings (#17775) * Markdown: Replace rendering library (#17686) * ApiKeys: Fix check for UTC timezone (#17776) * Prometheus: Minor style fix (#17773) * Docs: fixed notifications table * Auth: Allow expiration of API keys (#17678) * 17278 prometheus step align utc (#17477) * Docs: Update release guide (#17759) * release: update latest.json to v6.2.5 (#17767) * release: 6.2.5 changelog (#17766) * Fix typo s/Applicaiton/Application/ in error messages (#17765) * UserAdmin: UI for disabling users (#17333) * API: get list of users with additional auth info (#17305) * TimePicker: fixed minor issues with new timepicker (#17756) * Explore: Parses and updates TimeSrv in one place in Explore (#17677) * @grafana/ui: release (#17754) * Password: Remove PasswordStrength (#17750) * Devenv:SAML: devenv block with saml test app (#17733) * LDAP:Docs: add information on LDAP sync feature and update LDAP sync default (#17689) * Graph: Add data links feature (click on graph) (#17267) * Explore: Changes LogsContainer from a PureComponent to a Component (#17741) * Chore: Remove tether and tether drop dependency in grafana/ui (#17745) * noImplicitAny: time region manager etc. (#17729) * Panel: Fully escape html in drilldown links (was only sanitized before) (#17731) * Alerting: Improve alert rule testing (#16286) * Elasticsearch: Visualize logs in Explore (#17605) * Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and config/homepath are now global flags (#17695) * Add guidelines for SQL date comparisons (#17732) * Docs: clarified usage of go get and go mod (#17637) * Project: Issue triage doc improvement (#17709) * Improvement: Grafana release process minor improvements (#17661) * TimePicker: New time picker dropdown & custom range UI (#16811) * RemoteCache: redis connection string parsing test (#17702) * Fix link in pkg/README (#17714) * Dashboard: Use Explore's Prometheus editor in dashboard panel edit (#15364) * Settings: Fix typo in defaults.ini (#17707) * Project: Adds a security policy (#17698) * Project: Adds support resource docs (#17699) * Document issue triage process (#17669) * noImplicitAny: slate (#17681) * config: fix connstr for remote_cache (#17675) * Explore: Improves performance of Logs element by limiting re-rendering (#17685) * Docs: Flag serve_from_sub_path as available in 6.3 (#17674) * @grafana/runtime: expose config and loadPluginCss (#17655) * noImplicitAny: Fix basic errors (#17668) * Docs: Update readme to reference correct repo (#17666) * LDAP: small improvements to various LDAP parts (#17662) * Chore: Fix noImplicitAny issues (#17636) * AddPanel: Fix issue when removing moved add panel widget (#17659) * TablePanel: fix annotations display (#17646) * middleware: fix Strict-Transport-Security header (#17644) * Build: add @grafana/data package (#17436) * Update latest.json for 6.2.4 * Update latest.json for 6.2.3 * Update the changelog with v6.2.4 information * Build: Updates node image for e2e job (#17632) * Explore: Prometheus query errors now show (#17470) * Chore: Lowered implicit anys limit to 4599 (#17631) * noImplicitAny: SingleStat panel (#17616) * Build: Update node image for test-frontend job step (#17628) * grafana-cli: Fix receiving flags via command line (#17617) * Typescript: Removes implicit anys (#17625) * Explore: Removes minus button in adhoc query field (#17573) * Correct 6.2.3 release date (#17624) * codestyle: styleguide and arch for grafanas backend (#17545) * JsonTree: fix jsonTree angular binding (#17608) * HTTPServer: Fix X-XSS-Protection header formatting (#17620) * Changelog: Add known issues for v6.2.3 (#17615) * Update the changelog with v6.2.3 information (#17612) * Refactor buttons (#17611) * Tests: Replaces e2e tests truth screenshot (#17609) * cli: grafana-cli should receive flags from the command line (#17606) * AppPlugin: Fix load legacy plugin app (#17574) * Typescript: A batch of implicit any fixes (#17590) * RefreshPicker: Handle empty intervals (#17585) * Docker: Switch base to ubuntu:latest (#17066) * SQLStore: extend `user.SearchUsers` method (#17514) * Explore: Tag and Values for Influx are filtered by the selected measurement (#17539) * ldap: makes mocks available for testing. (#17576) * Devenv: Add nginx proxy for mac (#17572) * Graph: Added new fill gradient option (#17528) * Typescript: Reduce implicit any errors (#17550) * SinglestatPanel: Manages when getColorForValue() function returns null value. Closes #9747 (#17552) * LDAP: refactoring (#17479) * Elasticsearch: Fix empty query request to send properly (#17488) * SinglestatPanel: fix min/max config in singlestat sparklines (#17543) * AuthProxy: Optimistic lock pattern for remote cache Set (#17485) * Explore: Includes context parameter when invoking getExploreState() from Prometheus datasource (#17569) * Tests: Replaces truth image (#17570) * Fix: Fixes merge conflict (#17568) * Build: Fix failing e2e tests and implicit any check (#17567) * Explore: Fixes implicit any error in AdHocFilterField.test.tsx (#17565) * Fix so that correct cache is provided to di registry (#17566) * Build: Upgrades to golang 1.12.6 (#17542) * Explore: Adds ability to remove filter from <AdHocFilterField /> key dropdown (#17553) * codestyle: moves cache to infra (#17519) * Docs feedback: installation/debian.md (#17563) * Chore: Lowered implicit anys limit to 5131 (#17562) * Influx: Reset logs query field on clear all and clear row in explore (#17549) * Devenv: Add telegraf with log parsing to influxdb docker block (#17546) * Explore: Runs query when measurement/field and pairs are selected in logs mode for influx (#17523) * Influx: Adds start page for logs in Explore (#17521) * OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy (#17541) * middleware: add security related HTTP(S) response headers (#17522) * Docs: Clarifies from which version the Patch VERB is available (#17532) * Chore: Hugo upgrade (#17494) * Codestyle: Fix some goconst issues (#17530) * Docs: Adds clarification to the provider name for provisioned dashboards (#17524) * Singlestat: Add y min/max config to singlestat sparklines (#17527) * Explore: Clear queries when switching between metrics and logs (#17505) * 16223 user auth token list and revoke (#17434) * Feature: Parse user agent string in user auth token api response (#16… (#17504) * Tests: Adds better logging to e2e tests (#17511) * Codestyle: Add typecheck and unused linters (#17491) * Docs: Add CircleCI step trigger-docs-update (#17481) * remote_cache: Fix redis (#17483) * auth_proxy: non-negative cache TTL (#17495) * Explore: Adds LogQueryField for InfluxDb (#17450) * sqlstore: clean quota and user_auth_tokens when removing users (#17487) * Prometheus: Preallocate data for Prometheus backend response parsing (#17490) * Docs: Fix a typo in Elasticsearch docs (#17492) * gtime: some code style refactoring (#17369) * Build: make bra a local dependency (#17414) * Add tests for multildap (#17358) * RefreshPicker: SetInterval comments to rxjs code added (#17404) * metrics: expose stats about roles as metrics (#17469) * Explore: Handle newlines in LogRow Highlighter (#17425) * Alerting: Add tags to alert rules (#10989) * Config: Add comment before log_queries in sample ini file (#17462) * CLI: Search perf test data (#17422) * Prometheus: Use overridden panel range as $_range instead of dashboard range (#17352) * Update latest (#17456) * NavModel: Fixed page header ui tabs issues for some admin pages (#17444) * Update changelog for 6.2.2 (#17452) * PluginConfig: Fixed plugin config page navigation when using subpath (#17364) * Tracing: allow propagation with Zipkin headers (#17009) * Perf: Fix slow dashboards ACL query (#17427) * Explore: Fixes crash when parsing date math string with whitespace (#17446) * Cloudwatch: Add AWS DocDB metrics (#17241) * Provisioning: Support folder that doesn't exist yet in dashboard provisioning (#17407) * Codestyle: Fix govet issues (#17178) * @grafana/runtime: expose location update (#17428) * Fix: Adds context to list of keys that are not part of query (#17423) * Prometheus: Correctly escape '|' literals in interpolated PromQL variables (#16932) * Explore: Makes it possible to use a different query field per mode (#17395) * DataSourceApi: remove ExploreDataSourceApi (#17424) * Fix: change angular loader paths (#17421) * Build: specify build flag for `docker-compose up` (#17411) * Add a @grafana/runtime package with backendSrv interface (#16533) * Database: Initialize xorm with an empty schema for postgres (#17357) * docs: configuring custom headers in the dataproxy (#17367) * Explore: Queries the datasource once per run query and uses DataStreamObserver (#17263) * Feature: Adds redux action logging toggle from url params (#17368) * Build: Adds e2e tests back to master workflow with better error messages and with artifacts (#17374) * Explore: Handle datasources with long names better in ds picker (#17393) * Annotations: Improve annotation option tooltips (#17384) * InfluxDB: Fixes single quotes are not escaped (#17398) * Chore: Bump axios to 0.19.0 (#17403) * Alerting: golint fixes for alerting (#17246) * Batch disable users (#17254) * Chore: Remove unused properties in explore (#17359) * MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros (#13086) * Security: Prevent csv formula injection attack (#17363) * LDAP: remove unused function (#17351) * Enterprise: remove gofakeit dep (#17344) * Explore: Update time range before running queries (#17349) * Build(package.json): improve npm commands (#17022) * Chore: upgrade webpack analyser (#17340) * NewDataSourcePage: Add Grafana Cloud link (#17324) * CloudWatch: Avoid exception while accessing results (#17283) * Build: ignore absence of docker-compose (#17331) * Build(makefile): improve error handling (#17281) * adds auth example for the cli cherrypick task (#17307) * docs: remove my email from docs examples (#17325) * 16365 change clashing variable names (#17140) * Frontend/SeriesData: Fix for convert SeriesData to Table format (#17314) * Frontend/utils: Import has only from lodash (#17311) * Frontend/utils: Add missing type (#17312) * update v6.2-beta1 changelog with missing pr (#17308) * explore: don't parse log levels if provided by field or label (#17180) * HTTP Server: Serve Grafana with a custom URL path prefix (#17048) * update latest.json to latest stable version (#17306) * release: v6.2.1 changelog update (#17303) * Build: Removes e2e-tests from Grafana master workflow (#17301) * Build(devenv): correct the context issue (#17291) * Build: Enables end-to-end tests in build-master workflow (#17268) * Gauge/BarGauge: font size improvements (#17292) * Chore: Update jquery to 3.4.1 in grafana ui (#17295) * CLI: Add command to migrate all datasources to use encrypted password fields (#17118) * Auth Proxy: Log any error in middleware (#17275) * devenv: metricbeat and kibana for elasticsearch 7 block (#17262) * LDAP: reduce API and allow its extension (#17209) * database: retry transaction if sqlite returns database is locked error (#17276) * Tech: Update jQuery to 3.4.1 (#17290) * fix typo in basic_concepts.md (#17285) * Feature: do dev environment via makefile (#17136) * devenv: adds auth proxy load test (#17271) * Table: various minor fixes (alpha panel) (#17258) * Singlestat: fixes issue with value placement and line wraps (#17249) * Devenv: Update Graphite port in dev datasources (#17255) * Chore: bump grafana-ui version (#17256) * Release: Updated latest.json * Auth: Logout disabled user (#17166) * docs: fixes typo in provisioning docs (#17248) * CloudWatch: Made region visible for AWS Cloudwatch Expressions (#17243) * Panel: Pass transparency prop down to React panels. (#17235) * Build: Fix filter for building msi during release (#17236) * DataSourcePlugin: Avoid anuglar injector if only one parameter (#17239) * Alerting: Support for configuring content field for Discord alert notifier (#17017) * Explore: Update the way Loki retrieve log context (#17204) * Docs: Fix grammar in docs (#17233) * LDAP: consistently name the LDAP entities (#17203) * Panels: Show Drilldown links in top-left corner of custom React panels (#17142) * Build: Fix final prompt for @grafana/ui npm publish confirmation * Docs: Updated versions selector * Docs: Example for multiple LDAP servers (#17216) * Release: Updated changelog * Release: updated changelog with v6.2 entries (#17201) * Search: removed old not working search shortcuts (#17226) * azuremonitor: revert to clearing chained dropdowns (#17212) * Search: changed how search filter on current folder works (#17219) * AzureMonitor: docs for multiple subscriptions (#17194) * Defer closing of files (#17213) * Docs: Add guidelines for PR/commit messages (#17190) * Users: Disable users removed from LDAP (#16820) * docs: what's new in v6.2 fixes (#17193) * DataSourceMeta: add an option to get hidden queries (#17124) * Panel: Apply option defaults on panel init and on save model retrieval (#17174) * BarGauge: Fix for negative min values (#17192) * Azuremonitor: multiple subscription support for alerting (#17195) * AppPlugin: add types for jsonData (#17177) * MSI: Generate sha256sum during MSI build process in circleci (#17120) * explore: fix null checks (#17191) * Fix: Fixes so new data is pushed during live tailing (#17189) * testdata: logs scenario (#17182) * testdata: scenarios returned are now sorted in a consistent way (#17181) * TablePanel: Check for table using keys (#17185) * Fix gosimple issues (#17179) * AppPlugin: add an init function (#17150) * Fix: Changes WebSocket protocol to wss:// for https (#17173) * alerting: golint fixes for alert notifiers. (#17167) * LDAP: add tests for initialBind (#17132) * Explore: Adds Live option for supported datasources (#17062) * alerting: fix a bunch of lint issues. (#17128) * chore: mocks plugin loader for DataSourceSettingsPage tests (#17157) * Release: Improved cherry pick task (#17087) * Explore: Fix selection/copy of log lines (#17121) * Explore: Fix empty space in toolbar on smaller devices (#17110) * Explore: display log line context (#17097) * Plugins: expose rxjs matching 6.4.0 (#17148) * Chore: fix codespell issue with build (#17144) * Feature: LDAP refactoring (#16950) * explore: fix issues when loading and both graph/table are collapsed (#17113) * explore: make sure datasource is added to target (#17116) * Fix: tighten revive exit code & make it happy (#17127) * GraphPanel: Don't sort series when legend table & sort column is not visible (#17095) * Chore: Update grafana-ui version to 6.2.0-alpha.0 (#17109) * add support for periodically reloading mysql client certs (#14892) * Chore: Deduplicate sqlstore transaction code (#17069) * Alertmanager: Replace illegal chars with underscore in label names (#17002) * Adjusted documentation for gcs to reflect the code (#16947) * fix: Initial url update in Explore should replace existing url history #17030 (#17061) * Explore: Allow switching between metrics and logs (#16959) * Chore: explore possibilities of using makefile (#17039) * Chore: Bump jest to 24.8.0 (#17094) * Chore: Bump ts-node to 8.1.0 (#17093) * Release: Updated changelog * backend: replace /pkg/errors with errutil (#17065) * Explore: Fixes filtering in Prometheus queries when clicking in Table (#17083) * Remotecache: Avoid race condition in Set causing error on insert. (#17082) * Build: Support publishing MSI to grafana.com (#17073) * InputDataSource: better empty value support (#17075) * Panels: Fixed alert icon position in panel header (#17070) * GraphPanel: use SeriesData directly (skip legacy transformation) (#17037) * Streaming: support streaming in MetricsPanelCtrl (#17034) * Gauge: Fix switching orientation issue when switching from BarGauge to Gauge (#17064) * serverlock: run tests async should be more linear time wise (#17059) * InfoPopover: Fixes transclude undefined error (#17063) * Dashboard: Fixes lazy loading & expanding collapsed rows on mobile (#17055) * fix: Azure Monitor adds missing closing div tag to query editor (#17057) * Chore: Use executable dir instead of pwd in CLI for isDev check (#16974) * Search: Set element height to 100% to avoid Chrome 74's overflow (#17054) * Docs: adds note about removing session storage (#17003) * Chore: remove use of `== false` (#17036) * Explore: use @grafana/ui legend (#17027) * tech: avoid alias for importing models in alerting (#17041) * DataSourcePlugin: support custom tabs (#16859) * Dashboard: Fixes scrolling issues for Edge browser (#17033) * SeriesData: remove color from Field (#17044) * chore: remove x character in explore * Dashboard: show refresh button in kiosk mode (#17032) * Devenv: Updated gauge test dashboard * Chore: reintroduce gosec (#17021) * Gauge: tweaks to background color and height usage (#17019) * Feature: provide multildap server configuration (#16914) * (feat/explore): Support for new LogQL filtering syntax (#16674) * fix(explore): Prevent double querying for Prometheus and Loki (#17004) * Chore: No implict any fixes (#17020) * move log package to /infra (#17023) * Chore: Lowered implicit anys limit to 5386 * Chore: Updated snapshot * Select: Fixed isOpen issue * Chore: Typescript no-implicit any fixes progress (#17018) * GraphPanel: show results for all SeriesData (#16966) * Fix: Wrap value of multi variable in array when coming from URL (#16992) * GettingStarted: add key and remove ng-class (#17007) * explore: add some extra time for angular query editors to update query (#16955) * Explore: Align Explore with Dashboards and Panels (#16823) * Explore: Fix empty result from datasource should render logs container (#16999) * Explore: Fixes zoom exception in Loki/Graph (#16991) * PanelEditor: Fix queries tab now showing, wrong skipDataQuery logic (#16994) * DataSourceApi: convert interface to abstract class (#16979) * Panels: Fixed error panel tooltip (#16993) * Docker: Prevent a permission denied error when writing files to the default provisioning directory (#16831) * Notification: attempt to send notifications to all given email addresses (#16881) * GettingStarted: convert to react panel plugin (#16985) * Plugins: Remove dataFormats key and add skipDataQuery (#16984) * AlertList: removed icon * MetricsPanelCtrl: use shared queryRunner to support query execution (#16659) * TableData: support name (#16983) * Changelog: Typo guage -> gauge (#16982) * TestData: stream via fetch (#16963) * plugins: fix how datemath utils are exposed to plugins (#16976) * NewDataSource: Updated page header title * fix(prometheus): issue with click label to filter for recording rules in Explore * Explore: Removes Promise.All from runQueries thunk (#16957) * Chore: Add prometheus basic auth proxy (#16882) * Snapshot: use given key and deleteKey (#16876) * DataSourcePlugins: more generics improvements (#16965) * AddDataSource: Updated page design & categories (#16971) * Templating: Support selecting all filtered values of multi-value variable (#16873) * Chore: Add Input stories (#16897) * FieldDisplay: Don't use group ui elements in field editors (#16953) * GettingStarted: Fixes layout issues, fixes #16926 (#16941) * PanelModel: Fix crash after window resize, fixes #16933 (#16942) * Singlestat: fixed centering issue for very small panels (#16944) * Tests: Adds end-to-end tests skeleton and basic smoke test scenario (#16901) * Chore: Replaces moment with Grafanas DateTime (#16919) * InfluxDB: Fix HTTP method should default to GET (#16949) * Chore: Skip unnecessary checks on pre commit (#16946) * http: remove dualstack since its deprecated (#16940) * devenv: add slow reverse proxy (#16943) * AppPlugin: Menu Edit Url Fix (#16934) * DataSource Plugins: consistent generics order <TQuery,TOptions> (#16936) * Plugins: update beta notice style (#16928) * Chore: update version number for 6.3 (#16927) * Plugins: Support templated urls in routes (#16599) * changelog: add 5.4.4 release * docs: add download link to what's new in v6.2 * update changelog * Update changelog for 6.2.0-beta1 * AzureMonitor: adds support for multiple subscriptions per datasource (#16922) * docs: what's new in v6.2 (#16909) * Chore: ban importing from @grafana/ui in grafana ui files (#16920) * BarGauge: New multi series enabled gauge like panel with horizontal and vertical layouts and 3 display modes (#16918) * alerting: no notification when going from nodata -> pending (#16905) * rpm: start grafana after mysqld process (#16917) * Build: fix failing grafana/ui build (#16913) * BarGauge: Updated test dashboards and threshold fix (#16911) * PanelModel: Clear queryRunner on destroy (#16906) * Panels: No title will no longer make panel header take up space (#16884) * Elasticsearch: Fix pre-v7.0 and alerting error (#16904) * Gauge: Better handling of gauge repeat title (#16886) * Refactor: move datemath to grafana/ui (#16890) * PanelQueryState: check for existing running query (#16894) * devenv: add alert list panel (#16896) * Security: Add new setting allow_embedding (#16853) * build: fix integer overflow in pkg/tsdb tests on 32bit platforms (#16818) * Security: Responses from backend should not be cached (#16848) * Alert: Support variables in Alert List filters (#12583) (#16892) * Chore: Lowered implicit anys limit to 5617 * FieldDisplay: shared options model for singlestat panels (#16703) * Refactor: rename statsCalculator to fieldReducer (#16867) * PanelModel: expose isInView property to PanelModel (#16877) * CSV: escape quotes in toCSV (#16874) * Dashboard: Lazy load out of view panels (#15554) * LDAP: Added reload endpoint for LDAP config (#15470) * PluginsList: Removed icons and updated snapshots (#16872) * Panels: Fixed issue with panel type change and data updates (#16871) * Chore: fix modes for non-executable files (#16864) * DataSourceSettings: Minor fix for uncontrolled input (#16863) * Chore: Lowered implicit anys limit to 5623 * TestData: Add dashboards to testdata (#16855) * Input Datasource: convert from angular config to react ConfigEditor (#16856) * DataSources: minor typescript cleanups and comments (#16860) * TestDataDatasource: Add config editor (#16861) * App Plugins: support react pages and tabs (#16586) * Add Windows MSI generation to build process (#16502) * Datasources: add support for POST HTTP verb for InfluxDB (#16690) * Add pattern validation in configs (#16837) * Search: Enable filtering dashboards in search by current folder (#16790) * FormLabel: allow any rather than just a string for tooltip (#16841) * prometheus: fix regression after adding support for tracing headers (#16829) * area/circleci: Speed up circleci build process for branches and pr (#16778) * DataProxy: Restore Set-Cookie header after proxy request (#16838) * docs: clarify page parameter version support for folder/dashboard search (#16836) * Chore: revise some of the gosec rules (#16713) * Refactor: consistant plugin/meta usage (#16834) * Explore: Use SeriesData format for loki/logs (#16793) * Refactor: move NavModel to @grafana/ui (#16813) * Auth: Enable retries and transaction for some db calls for auth tokens (#16785) * Provisioning: Show file path of provisioning file in save/delete dialogs (#16706) * Add tracing headers for prometheus datasource (#16724) * Config: Fixes bug where timeouts for alerting was not parsed correctly (#16784) * build: removes gopkg files from dev docker file (#16817) * Provisioning: Trying to fix failing test (#16800) * Table: React table fix rotate support in storybook (#16816) * TestData: add log level in dummy message (#16815) * removes gopkg.lock from root folder * Explore: Support user timezone (#16469) * Plugins: rename vizPlugin to panelPlugin (#16802) * Plugins: move app/feature/plugin properties into PluginMeta (#16809) * Plugins: move PanelPluginMeta to grafana/ui (#16804) * Plugins: move datasource specific meta out of the main meta type (#16803) * updates changelog for 6.1.6 * Fix: Fetch histogram series from other api route (#16768) * phantomjs: set web-security to true * Chore: Lowered implicit anys limit to 5668 * build: restore postgres integration tests (#16801) * docs: explain correct access control model of GCS buckets (#16792) * Chore: Fixed no implicit any Typescript errors (#16799) * Feature: introduce LdapActiveSyncEnabled setting (#16787) * Plugins: ReactPanelPlugin to VizPanelPlugin (#16779) * UX: Improve Grafana usage for smaller screens (#16783) * ThresholdEditor: Minor style fix for smaller screens (#16791) * Build: Use isolated modules for ts-jest (#16786) * LDAP Refactoring to support syncronizing more than one user at a time. (#16705) * build: removes unused vendored files * (fix/explore): remove vertical-align looks better for long logs (#16736) * Chore: bump jQuery to 3.4.0 in grafana/ui (#16781) * Devenv: Updated home dashboard and added new influxdb test dashboard * Chore: Lowered implicit anys limit to 5946 * RefreshPicker: minor design update (#16774) * Streaming: support streaming and a javascript test datasource (#16729) * GraphLegendEditor: use stats picker rather than switches (#16759) * Feature: add cron setting for the ldap settings (#16673) * Build: Disables gosec until identified performance problems (#16764) * Chore: bump jQuery to 3.4.0 including prototype pollution vulnerability fix (#16761) * elasticsearch: add 7.x version support (#16646) * Provisioning: Add API endpoint to reload provisioning configs (#16579) * Config: Show user-friendly error message instead of stack trace (#16564) * Chore: Lowered implicit anys limit to 5954 * Feature: Enable React based options editors for Datasource plugins (#16748) * sqlstore: use column name in order by (#16583) * user friendly guide (#16743) * Provisioning: Interpolate env vars in provisioning files (#16499) * admin: add more stats about roles (#16667) * Feature: Migrate Legend components to grafana/ui (#16468) * playlist: fix loading dashboards by tag (#16727) * CloudWatch: Use default alias if there is no alias for metrics (#16732) * Provisioning: Support FolderUid in Dashboard Provisioning Config (#16559) * Refactor: Make SelectOptionItem a generic type to enable select value typing (#16718) * docs: fix upgrade instructions * Chore: Small improvements to grafana-cli (#16670) * Chore: Use x/xerrors instead of pkg/errors (#16668) * Chore: a bit of spring cleaning (#16710) * Fixes #15863 (#16684) * Docs: Update notification services (#16657) * PanelQueryRunner: add datasource name to queries (#16712) * Chore: remove session storage references (#16445) * Dashboard: Minor settings UI Update (#16669) * Templating: Do not copy hide option (#16696) * Docs: Fix advanced variable formatting examples (#16691) * QueryEditors: pass PanelData and filtered PanelData to each editor (#16692) * Chore: remove extra logging (#16688) * DashboardSrv: export getDashboardSrv to react (#16687) * Refactor: split PanelQueryRunner into runner and state (#16685) * Docs: Googlechat provisioning config example (#16682) * TestDataDatasource: add the query refId to each result * AppPlugin: avoid app plugin navigation slowness (#16675) * Refactor: improvements to PanelQueryRunner (#16678) * Refactor: move getQueryRunner() to PanelModel (#16679) * Docs: initial backend plugins development guide (#16631) * build: remove dep config files since they are not used anymore * Fix typo in PULL_REQUEST_TEMPLATE.md * refactor: move timeInfo to DataRequestInfo (#16664) * QueryRunner: Move queryRunner to panelModel (#16656) * PanelQueryRunner: move error handling to QueryRunnerOptions (#16654) * refactor: Merge PanelChrome and DataPanel, do query execution in PanelQueryRunner (#16632) * Search: Fixed search issue introduced in recent PR (#16652) * Cloudwatch: fix for flaky tests (#16649) * UI: Remove old icons (#16335) * Search: Fixes search limits and adds a page parameter (#16458) * Chore: Upgrade lodash to v4.17.11 (#16645) * Chore: Lock dependencies (#16644) * tech: replace bmizerany/assert with stretchr/testify (#16625) * Chore: update yarn.lock (#16637) * Panel Plugins: pass query request/response to react panel plugins (#16577) * Explore: Adds logs highlighting in Explore on keypress (#16596) * Build: adding dependency used by extensions (#16622) * TimePicker: Re-add apply button in time picker (#16619) * Chore: refactor auth proxy (#16504) * Docs: updated help for changelog cli task (#16615) * replace dep with go modules (#16017) * Docs: Updated changelog for 6.1.4 * Heatmap: Fixed auto decimals when bucket name is not number but contains dots, fixes #13019 (#16609) * build: partially replace gometalinter with golangci-lint (#16610) * Explore & Dashboard: New Refresh picker (#16505) * Build: Fix missing icon typing (#16601) * Plugins: added missing prop to type * CloudWatch: GetMetricData refactoring & fix label handling (#16383) * Chore: prepare our SQL for cockroach db (#16471) * AppPlugins: fix app support and add an alpha example (#16528) * Switch: made minor styling tweaks to switch to align to 4px grid (#16593) * Docs: minor docs update for old urls * Chore: Add more explicit typing (#16594) * Chore: Lowered implicit anys limit to 5977 * Chore: Adds typings to lodash (#16590) * PanelEditor: Change Queries heading to Query (#16536) * Security: Store datasource passwords encrypted in secureJsonData (#16175) * More development dashboards (#16550) * build: upgrades to golang 1.12.4 (#16545) * Use package libfontconfig1, instead of libfontconfig (#16548) * Adjust Send on all alerts to default label (#16554) * Chore: Lower limit of implicit anys to 6676 * DirectInput: new alpha datasource that lets you enter data via CSV * Plugins: expose getBackendSrv() to plugins (#15268) * DataPanel: Added built-in interval variables to scopedVars (#16556) * TestData: Add minInterval query option * Chore: Remove implicit anys for DashboardModel and tests (#16553) * Pushover alert, support for different sound for OK (#16525) * Chore: Lowered implicit anys limit to 6816 * CloudWatch: Fix template variable expand bug (#16405) * CloudWatch: fix color order (#16408) * Plugins: Unifying alpha state & options for all plugins (#16530) * Revert 'Build: Upgrades to go 1.12.3 (#16491)' (#16544) * Annotations: Annotation list style improvements (#16541) * QueryInspector: Now shows error responses (#16514) * Build: Upgrades to go 1.12.3 (#16491) * Build: Update master version number (#16532) * Elasticsearch: Format elasticsearch test dashboard json (#16537) * Update jwt regexp to include = (#16521) * Chore: docs fixes underscore formatting (#16516) * Fix: Pass missing maxDataPoints to query in Explore (#16513) * Fix: Recalculate intervals in Explore on run queries (#16510) * devenv: add elasticsearch v6 filebeat integration (#16493) * devenv: add worldmap panel panels for elasticsearch (#16313) * Plugins: Optionally preload some plugins during frontend app boot (#15266) * Panels: Add types for DataList and range (#16500) * Chore: Lowered implicit anys limit to 6818 * PanelData: Rename ColumnStats type to FieldStats (#16494) * DataSourceApi: add getCollapsedText(query) to DataSourceApi (#16482) * Graph: Add some typescript types for data (#16484) * Build: Updates goconvey to work on go1.12 (#16483) * Provisioning: Do not allow deletion of provisioned dashboards (#16211) * Chore: lower limit for implicit anys to 6829 * Singlestat-v2/Gauge: Show title when repeating (#16477) * Docs: fix grammar in query hint, tests, and documentation (#16444) * Heatmap: Fix empty graph if panel is too narrow (#16460) * Release: updated latest.json * Docs: Updated changelog * docs: fixes and update current version * Docs: Updated changelog for v6.1.3 * Graph: fixed png rendering with legend to the right (#16463) * Fix: Disables auto open datasource picker on focus (#16398) * add some mock/stub guidelines to testing guideline (#16466) * Feat: Suggestion list in Explore is virtualized (#16342) * Docs: Updated roadmap issue to link to the pinned roadmap issues * Graph: Fixed auto decimals in legend values (#16455) * Styling: Aligned heading (#16456) * add PromQL keyword for adhoc filter (#16426) * Singlestat: Use decimal override when manually specified (#16451) * Graph: follow-up graph decimals fix, #16414 (#16450) * Chore: use remote cache instead of session storage (#16114) * Docs: Minor changelog tweak * Docs: Updated changelog with v6.1.2 release issues * datasource: fix disable query when using mixed datasource (#16409) * Graph: Fixed series legend color for hidden series (#16438) * Templating: Fixed loading React variable query editor (#16439) * Styles: Fixed left menu highlight (#16431) * Fix: remove test artefact (#16411) * Theme: Reworking button styling (#16362) * Graph: Fixed tooltip highlight on white theme (#16429) * BarGauge: Round sizing to avoid float widths * Graph: Allow override decimals to fully override (#16414) * Units: Correctly use the override decimals (#16413) * Docs: Remove broken youtube link in timerange reference (#16415) * BarGauge: Fixed minor margin issue (#16419) * Docs: Updated GitHub PR Template * Bar Gauge: Show tile (series name) & refactorings & tests (#16397) * Fix: align panel padding between sass & js theme (#16404) * Fix: playlist now preserve the correct url query params (#16403) * Fix: Graphite query rendering fix (#16390) * Fix: Query editor toggle edit mode fix (#16394) * Refactor: Plugin exports & data source / panel types (#16364) * Chore: Update lockfile (#16380) * Alerting: Notification channel http api fixes (#16379) * Chore: Add task to find FocusConvey tests (#16381) * CloudWatch: Update AWS/IoT metric and dimensions (#16337) * Fix: Table Panel fix to re-render panel when options are updated (#16376) * Docs: Fix typo in Prometheus documentation (#16369) * build: Fixed incorrect permissions for repo folders in ci-deploy. (#16360) * Docs: remove embedd info about samesite cookie from app, docs only is better * Chore: Lowered error count limit * build: fixes bug in verification script. * Tech: Bump typescript and jest (#16354) * Automation: Updates to yarn cli cherrypick & changelog tasks (#16357) * Feat: Improve embed panel info text (#16344) * Fix: Cloudwatch fix for dimension value (#16356) * build: Script to check that our repos work and what the latest package version is (#16350) * Fix: Autoprefixer is now working (#16351) * Chore: docs updates to what's new for 6.1 (#16346) * build: Fix for renamed package for armv6. * Chore: bump storybook and add build script (#16340) * Refactor: React Panels to only use SeriesData[] (#16306) * Docs: Suggest add-apt-repository to install APT repos (#16333) * Units: Add angle units, Arc Minutes and Seconds (#16271) * Chore: Lowered implicit any limit to 6850 * Feat: Adds reconnect for failing datasource in Explore (#16226) * docs: improve alert notification channel provisioning (#16262) * Build: Moved the failing appveyor file so we can get green builds in master * Fix: Build report the correct directives before failing (#16312) * Fix: input elements autofill background (#16295) * Fix: Bring back styles on Switch components when checked * Chore: breaks build if certain FrontEnd limits are exceeded (#16301) * Fix: Graphite query ast to string fix (#16297) * Fix: Template query editor this bind exception fix (#16299) * Fix: Alerting Notification channel http api fixes (#16288) * Refactor: Move LogLevel and Labels utils to @grafana/ui (#16285) * Refactor: Rename Tags to Labels in SeriesData (simple) (#16284) * Elasticsearch: Fix view percentiles metric in table without date histogram (#15686) * Configuration: Improve session_lifetime comments (#16238) * Alerting: Makes timeouts and retries configurable (#16259) * Fix: Correct SnapshotData typing (#16279) * Feat: Angular panels & SeriesData to Table/TimeSeries (#16266) * Fix: React Graph & Show message on no data (#16278) * Feature: added actionable message in Explore when no datasource configured (#16252) * Feature: Case insensitive Loki search (#15948) * Feat: Singlestat panel react progress & refactorings (#16039) * Chore: Implement gosec (#16261) * Fix: Updated snapshot unit test that was failing * Refactor: Theme & Removed the last rems (#16245) * Refactor: Theme input padding variables (#16048) * Feat: More robust csv support (#16170) * Docs: Fix rpm dependencies example (#16272) * Fix: HTML meta tags fix for iOS (#16269) * Feature: Introduced CallToActionCard to @grafana/ui (#16237) * Refactor: Rename TimeSeriesVM to GraphSeriesXY (#16216) * Chore: Implement revive (#16200) * InfluxDB: Fix tag names with periods in alerting (#16255) * Fix: Table Panel and string values & numeric formatting (#16249) * Tech: Patch lib updates, update yarn.lock (#16250) * Chore: docs whats new article for the 6.1 release (#16251) * Chore: Storybook improvements (#16239) * Feat: Introduce Button and LinkButton components to @grafana/ui (#16228) * Chore: changelog adds note for #16234 * Fix: Prometheus regex ad-hoc filters w/ wildcards (#16234) * Chore: changelog notes for #13825,#15205,#14877,#16227 * Fix: Alert email variable name typo fixed (#16232) * Fix: scripts changelog cli per page set to 100 * Fix: Dashboard history diff & white theme fix (#16231) * Merge pull request #16241 from grafana/hugoh/no-implicit-any * Chore: Theme consistency, rems => pixels or variables (#16235) * Chore: Theme consistency, rems => pixels (#16145) * changelog: adds notes for #16229 and #16227 * Fix: Elasticsearch fix template variables in the alias field (#16629) * Fix: TablePanel column color style now works even after removeing styles, fixes #16162 (#16227) * Docs: Updated changelog for 6.1 release (#16224) * Alerting: Notification channel http api enhancements (#16219) * Upgrades: Patch updates to yarn lock (#16215) * Fix: DatasourceApi query response typing fix (#16214) * chore(influx): no point of reading response when bad status (#16212) * docs: loki provisioning * docs(dev): Update docs about devenv dir (#16208) * fix(dashboard): time regions spanning across midnight (#16201) * fix(InfluxDB): Reads body and close request body even for error status codes (#16207) * chore: more TableData to SeriesData renaming (#16206) * fix(panels/graph): Default option name for spaceLength was accidentally changed (#16205) * fix(explore): only show split close button when split is active (#16203) * fix(react2angular): Fixed react to angular wrapper watching function expressions causing infinte digest loop, fixes #16194 (#16196) * fix(Alerting): Fixed alert rules with eval in day units, fixes #16174 (#16182) * fix(panel/table): Fix for white text on white background when value is null * refactor(grafana/ui): Replace <input />with Input component from grafana/ui (#16085) * fix(loki): Hide empty labels column * build: fixes publishing version. * refactor(data models): Renamed TableData to SeriesData (#16185) * chore(core/utils): Add typings to datemath.ts (#16195) * only call onPanelMigration when the version actually changes (#16186) * feat(explore): make it possible to close left pane of split view (#16155) * feat(Explore): make sure Loki labels are up to date (#16131) * build: makes sure grafana.version is available when deploying. * fix: added missing event to function signature Fixes: #16055 * build: refactoring * build: updated build container with support for rpi1. * build: support for publishing armv6. * build: builds armv6 with rpi1 compat gcc. * fix: added target and datasource as isMetric property Fixes: #15862 * chore: Removed implicit anys in react container and test helpers * Pamels: Options are always there * Panels: Support angular -> react migration via PanelMigrationHandler * Panels: Added more tests for change panel plugin * Panels: Refactoring how panel plugins sets hooks and components, #16166 * clarify notifications API docs * remove processTimeSeries * merge master * don't use process timeseries * rename stat to show in UI * use display value in pie chart * keep plugin versions * remove panel plugin setters * renamed float to flot * prevOptions should be optional * moved migration hook to its own function * Minor refactoring of stats picker / shared singlestat code * Makes it possible to navigate back/forward with browser buttons in Explore (#16150) * Moved DisplayValueOptions type back, #16134 * adding check for decimals * add one more test * Graphite: fixed variable quoting when variable value is nummeric, fixes #2078 * Minor refactoring of #16127 * Update provisioning.md * Graphite: Fixed issue with using series ref and series by tag, fixes #15237 * move typings to types, * Link license corrections * remove logging * add stat picker to single stat * removed option to not check strings * drop one level of nesting * cleanup and guess all columns * Small license correction * update cloudwatch metrics/dimensions list * Enable sass theme change in Storybook * replaced rems with pixels or variables * adding test * updating usages in singlestat * Sorting imports * adding function * Use grafana's logger implementation * another change that didn't come with earlier commit * change that didn't come with in last commit * reversed dashboard-padding * Update CloudWatch metrics/dimension list (#16102) * brought back dashboard-padding and panel-padding variables, made dashboard-padding more specific * replaced rem with pixels or variables * fix(prometheus): Change aligment of range queries (#16110) * fix, assign by event.time * Minor refactoring of testdata query order PR #16122 * simplify * deduplicate same value annotation * cleaner version * maintain query order * Remove sleeps in test code by overriding time.Now() * Update PLUGIN_DEV.md * Abstract encrypt/encode and decode/decrypt into their own functions * Rename dispatched commands to make them easy to grok * show all colums in graph * Use structured logging instead of printf * Make all http auth setting labels the same width * Merge with master, and updated logo and name * Rewrote creation of images tag * Added missing commas * Don't include non-existing image in MS Teams alert * cast to column * update table data model * show all columns in singlestats * fix(graphite): nonNegativeDerivative argument hidden if 0, fixes #12488 * Correct table names of sql storage for remotecache * more fixes to snapshot * more fixes to snapshot * Fixed gofmt issue in PR #16093 * removed empty space in snapshot * fix: Update snapshot related to new jest version * fixed snapshot for test * Regenerate lockfile due to the amount of merge conflicts. * removed dashboard variables, removed headings-font-family variable, created theme variables for links and z-index, removed unused class in _panel_editor and _dashboard * Remove commented code * flot pairs * add more functions and tests * Update org_user.go * Minor progress on fixing no-implicit any issues * refactor: merged types and updated references * Remove leftover from first iteration * Only keep certain query params when going to next playlist * Snapshot update * fix: ts issue on SelectOption test * chore: Bump react and react-dom to 16.8.4 * Update latest.json * Update templating.md * chore: cleaning up noimplicit anys in search_srv and tests progress: #14714 * Fix threshold editor color picker not working for custom colors * Updated comments * Updated threshold editor test * Re-render gauge / singlestat panels when changing options * fix: refactored so members are loaded by TeamPages and use hideFromTabs instead of filtering out children in navModel * teams: explains the external property of a team membership. * fix: fixed snapshots and permission select not beeing able to click * fix: new team link goes nowhere for viewers * teams: refactor so that you can only delete teams if you are team admin * permissions: removes global access to bus from MakeUserAdmin. * teams: local access to bus, moving away from dep on global. * teams: better names for api permissions. * teams: refactor. * permissions: refactor. * teams: refactor. * teams: hide tabs settings and groupsync for non team admins * teams: refactored db code. * teams: disable new team button if user is viewer * refactor: moved test from TeamMembers to TeamMemberRow * refactor: splitted TeamMembers to TeamMemberRow * teams: comment explaining input validation * teams: cleanup. * teams: cleanup. * dashboards: simplified code. * teams: disable buttons for team members * teams: moved logic for searchteams to backend * teams: viewers and editors can view teams * teams: editor/viewer team admin cant remove the last admin. * teams: changed permission to permission type instead of int * teams: defaulting invalid permission level to member permission level * team: uses PermissionType instead of int64 for permissions. * teams: editors can't remove the last admin from a team. * teams: tests use the new message for modifying team members. * team: renames teams.CanUpdate teamguardian.CanAdmin * teams: remov permission select for non admin users * docs: First take on describing feature toggle * config: updated feature toggle name * teams: cleanup. * dashboard: only admin permission added to dashboard in folder. * dashboards: better error handling * teams: team listing shows only your teams (editors). * teams: teams guard on all teams update methods. * teams: added delete team guard * teams: removed feature toggle as it is already in middleware * teams: added feature toggle and refactor tests * teams: cleanup. * teams: test refactorings. * teams: bugfix, user pointer. * teams: start of team update guardian for editors * teams: team update test * teams: change back to permissionlevel for Member to 0 * teams: make sure we use TeamPermissionLevel enum * teams: update only the selected user * teams: only write error message if error * teams: enabled so that user can update permission for team members * teams: feature toggle component * teams: test for update team member. * teams: can update team members permission. * teams: basic ui for permission in team members view * teams: editor added as admin for created teams. * teams: editors can work with teams. * teams: show teams and plugins for editors that can own * teams: make test cases pass again * folder: uses service to make user admin of created folder. * permissions: broken out func for making creator admin. * folders: admin for created folders * dashboards: user automatically becomes admin for created dashboards * fix(ci): frontend tests was accidentially commented out * Use SecretFormField in MSSql and Postgres datasources * Add SecretFormField component * Add possibility to pass custom input component to FormField * Allow angular react bridge to use kebab case attribute names * adding story and fixing tests * build: migrates the build container into the main repo. * build: updated deploy container with crcmod. * build: crcmod speedups rsync to gcp for deploy. * Update style_guides/backend.md * remove the error collector * Copied from new timepicker and unified component branch * docs: renamed file and added redux framework file * docs: moved examples to frontend.md * docs: intial draft for frontend review doc * Use ora#fail instead of console.log * reorder imports * test * rename to char * sorting imports * moving * Remove .only function * Add more patterns to no-only-test task * chore: Cleaning up implicit anys in DashboardExporter and tests progress: #14714 * rename reducer to statsCalculator * Great progress on bar gauge look * Explore: Fix log stats for long labels * calculate the column width * disable react table cell measure * dont test exists in the test... it will fail if not found * add random_walk_table scenario * adds backend code style guide * add test file * add startAt to random walk scenario * get values from base options * use singlestat base where appropriate * feature(explore/table): Add tooltips to explore table (#16007) * Update changelog * Bar gauge gradient mode * Bar gauge auto lcd cell count * Add check for Env before log * Update index.md * chore: Cleaning up implicit anys in manage_dashboard.ts and manage_dashboard.test.ts progress: #14714 * chore: Cleaning up implicit anys in app.ts progress: #14714 * panels: fix loading panels with non-array targets (add tests) * changelog: adds note about closing #15836 * set correct return type * panels: fix loading panels with non-array targets (refactor) * Bar gauge styling tweaks * panels: fix loading panels with non-array targets * changelog: adds note about closing #6359 and #15931 * add partial * no inheratance * improve single stat display * revert most options sharing * Refactoring the bar gauge and the orientation modes * add migration tests * renaming function * using refId from panel model * Tooltip: show percent instead of value * Add check so that header is not sent for anonymous users * Update config docs * Add custom header with grafana user and a config switch for it * changelog: adds note about closing #10816 * Right tooltip position * Add 'No data points' message * use constants for cache type * makes variables template prettier complient * Make recently used auth_module test more robust by adding another 'log in' * changelog: adds note about #15744 * updates old distcache names * dont allow inifinite expiration * chore: Upgrade all babel related packages that is lagging behind * return error if cache type is invalid * Add more info to victorOps alert notifications * fix: papaparse must have gone missing during rebase * chore: Bump jest to 24 * fix: describe() should not be async * fix: Use proper syntax for plugin-syntax-dynamic-import * fix: Downgrade ts-node to 8.0.2 due to broken theme generation * chore: Bump ora * chore: Bump tslint (again) * chore: Bump axios * chore: Bump npm * chore: Bump glob * fix: Invalid css * chore: Bump clean-webpack-plugin, html-webpack-harddisk-plugin, postcss-reporter * chore: Bump file-loader and css optimizer webpack plugin * chore: Bump css-loader and remove minimize option since its removed in css-loader * chore: Bump npm packages and lock down some versions * chore: Bump mini-css-extract-plugin * chore: Lock down versions of expose-loader and html-loader * chore: Bump fork-ts-checker-webpack-plugin * chore: Prod builds should not cache * chore: Replace Uglify with Terser * chore: Bump webpack, webpack-bundle-analyzer, webpack-cli and webpack-dev-server to latest * reuse more gauge settings in bargauge * set the unit on time data * add error when not found * Added metric math docs * check types better * check types better * docs: Change type of 'tags' in annotationQuery result example to list * single hook * Change import path for social in the tests * Change import path for social since it has moved * generic repeater * generic repeater * Remove todo about index on user_id in user_auth because it exists * Add function in ds_proxy to handle oauthPassThru headers * Remove auth_module settings from oauthPassThru ui * Remove auth module from ds_proxy oauth test * Get most recent oauth token from db, rather than lookup by auth_module * Improve tooltip look * explore/logs: Hide empty duplicates column * merge master * fix for firefox checkboxes not appearing properly, added appearance as none * Always return most recently used auth_module from GetAuthInfo * used regex instead of string replacing * Fixed issue with alert links in alert list panel causing panel not found errors, fixes #15680 * Add comments * Add simple test for the ColorPicker * Use render props pattern in color picker * Move ColorPicker trigger to separate component and cleanup css * Improved error handling when rendering dashboard panels, fixes #15913 * fix return type * Only send ci metrics to hosted metrics instance * adding types * Added back branch guard * moved delete button from sidebar to general tab and renamed it * Refactoring the ci metrics a bit more making it easier to re-use * removed unused and very specific variables, also variables with same value as general variable * reduce loglevel to debug * Updated bar gauge snapshot * added some comments about state of components things * better comments * comment cleanup * force circleci to try again * format * touch * touch * make sure the validator is called before setState * API to fix/update properties before load * more tests * more options in storybook * adding simple widget to pick the reducer * heatmap: fix for negative values * Fixed more typescript no implicit any issues * Also push to ci metrics to new shared HM instance * move sort to table processing * Fixed type issues introduced by adding angular types * Typescript noAny fixes, start of a long journey * Updated code stats collection * Updated path to new script * POC on collecting metrics in ci process * changelog: add notes about heatmap issues #15683 #14019 * added two new variables in default theme for panel padding, replaced panelhorizontalpadding and variables.panelverticalpadding with new variables * renamed default variables: s -> sm, m -> md, l -> lg * removed gf-form-margin variable and replaced with space- variables where it was used * add table reducer * heatmap: able to hide buckets with zero value #12080 * s -> sm, m -> md, l -> lg * heatmap: fix prometheus buckets sorting, closes #15637 * s -> sm, m -> md, l -> lg * removed headings-margin-bottom variable * rename to displayValues * remove kbn test * more tests * use new settings * fix tests * make value processing reusable * Call ora instead of instantiating it * Added scopedVars argument in datasourceSrv.get in DataPanel * MutableColumn * cleanup after review * rename handleXXX to onXX events * torkel feedback * onCellClick * heatmap: able to reverse Y buckets order, #15683 * fix(explore/logs) not collapsing whitespace (#15737) * Refactoring of multi-value datasource PR #15812 * fixed minor misstake with dashboard padding * removed -margin, replaced with new general variables * Move oauth token migrations in user_auth_mig * heatmap: fix middle bucket bound for prometheus * Refactoring / fixing password hint PR #15868 * chore: Move sidemenu out of context service and use the logic we have in the router already for hiding the sidemenu * Fix deduplication results displaying wrong data (#15755) * added new space variables to margins in AddPanelWidget, add_data_source, dashboard_settings and sidemenu * use `Get` instead of `Find` * avoid exposing cache client directly * add docs about remote cache settings * renames distcache -> remotecache * renames key to cache_key * build steps for cache servers * code layouts and comments * rename put -> set * reverts package.json I made during the flight >.> * `memcache` -> `memcached` * removes memory as distcache option * test redis and memcached during integration tests * adds config to default settings * avoid exporting test helpers * uses set instead of add for memcache * adds memory as dist storage alt * extract tests into seperate files * avoid exposing internal structs and functions * heatmap: don't display cut cards * heatmap: fix error when series empty * heatmap: middle bucket bound option, #15683 * rotate! * added new variables for spacing, set margins in _cards with new variables * better css * Revert 'Fix Datasource Update to no User/Password' * rotate! * fix imageurl in notification test * add comment * attach themes to table story * reuse deprecationWarning * move to string.ts * move stringToJsRegex * get field mapping to actually work * add variable size storybook * cell builder cleanup * minor storybook cleanup * fix typos * autofill space rather than force with/height values * return table directly, not the debug info * Minor fix in values to histogram conversion * Fix histogram x-axis min/max * moved utillities to util * Change xaxis min and max form input types to number * Fix histogram xaxis min/max tests * Optionally set histogram x-axis min/max * table using MultiGrid * cleanup * cleanup * adding toolbar * adding stub table input CSV * docs: Fix indentation level for OAuth2 config * docs: update CONTRIBUTING.md * merge master * docs: update slack alert notification settings * docs: update admin and user http api documentation * feat(api): support list/revoke auth token in admin/current user api * support get user tokens/revoke all user tokens in UserTokenService * @grafana/ui - release docs v1 (#15835) * Minor refactoring of copy tags when saving feature, #15446 * Simple implementation for preserve tags, closes #11627 * Updated prettierignore * Refactoring of PR #14772 * Simple storybook * fix typo in pr template * add nil/length check when delete old login attempts * Minor refactoring of new react text panel * Improve rendering * fix allow anonymous server bind for ldap search * changed all rems to pixels in defaults and template, changed back root font size * piechart -> pieChart * Rename: Piechart -> PieChart * Import only what is used from d3 * less nesting and add test * remove type field and add helper functions to check if data isTableData * add storybook * fixes typo in redis devenv * add support for memcached * add support for redis storage * add garbage collector for database cache * test at interface level instead impl * cache: initial version of db cache * don't include stuff from app/... * fix scss * rename to Table * rename to Table * fix type errors * move to grafana/ui * better sort function * use TableData, not interface * Make password hint configurable from settings/defaults.ini * move toTableData to grafana/ui * don't require x & y columns for timeSeries * use TableData for timeseries in react * Update README.md * heatmap: reduce number of legend segments to reasonable value and round x values to prevent gaps * heatmap: fix legend padding * heatmap: fix legend for small values, #14019 #15683 * status: alpha * changed root font to 100%(default 16px), changed font-size from px to rem, updated rem sizes in template and default.ts files, removed display classes and variables since not used, removed lead class and variables since not usedremoved serif font since not used and probably never should be used * Update core:start cli command to watch theme changes again (#15856) * Updated pull request template * Updated pull request rtemplate * Removed title case from issue template title * Updated issue template titles * Updated issue templates * Updated templates * fix: Update error message and replace npm with yarn #15851 * fix: Make sure we dont add &autofitpanels to the url if it already exists #15849 * fix: Update test snapshot * fix: Logo goes Home instead of toggling side menu #15482 * Update upgrading.md for wrong spell * remove _ * cleanup * use pure component * return the same panelData unless it changes * sortable class * Map dataSourceTypeSearchQuery state from redux to search input. * move rendering to its own file * try virtualized * Initial tooltip * Minor refactoring of PR #15770 * Revert 'Fix for leaving playlist mode' * Alternative fix to detecting when to stop a playlist, fixes #15701 and #15702 * fix discord notifier so it doesn't crash when there are no image generated * fix: Consistency in unit labels #15709 * Update latest.json * Run prettier * position from add panel, dimensions from copied panel * Fix donut rendering * Run prettier * Fix pieType change * changelog: add notes about closing #14509 #15179 * Render svg instead of canvas * fix: Add class for input fields with help icon to avoid icon hiding the text #15771 * restore to current folder when restoring old dashboard version * fix(renderer): Vendor ansicolor as typescript * log phantomjs output even if it timeout and include orgId when render alert * keep size from copied panel and not from add panel widget * Added basic cherry pick helping task * Prevent search in VizPicker from stealing focus (#15802) * fix only users that can edit a dashboard should be able to update panel json * Updated changelog task * Fixed image rendering issue for dashboards with auto refresh, casued by missing reloadOnSearch flag on route, fixes #15631 * use props.replaceVariables rather than templateSrv * Updated to add PR author, skip PR issue references * Added first iteration/poc of changelog task * Enable @grafana/ui version bump based on package.json contents * Fixed styling of gicon's in dropdown menus * cleanup plugin versions * use explore icon * fix comments * typescript functions on replace * remove console.log * add ScopedVars to replace function * Make datasource variables multiselect and dashboard repeatable * set height * add test file (ignored) * fix variable name * use typescrit in angular table * use react-table * add a basic alpha react table * Ensure clean master only when publishing package to npm * Remove log * Ensuring master branch when performing release * upgrade xorm packages to latest versions * Expose onQueryChange to angular plugins * docker: update prometheus2 block to version 2.7.2 * use replaceVariables * Add a keybinding that toggles all legends in a dashboard * fix allow anonymous initial bind for ldap search * changelog: adds note for #8253 * prettier * Aftermerge fixes * use default min interval of 1m for sql datasources * changelog: adds note about closing #15608 * Fixed scrollbar not visible due to content being added a bit after mount, fixes #15711 * Added comment to Docker file * moving * style: add gicon-shield to sidemenu class Closes #15591 * remove `UseBool` since we use `AllCols` * fix: Move chunk splitting from prod to common so we get the same files in dev as prod * fix: update datasource in componentDidUpdate Closes #15751 * changelog: add notes about closing #15739 * Moved Server Admin and children to separate menu item on Side Menu (#15592) * update version to 6.1.0-pre * Viewers with viewers_can_edit should be able to access /explore (#15787) * Fixed scrolling issue that caused scroll to be locked to the bottom of a long dashboard, fixes #15712 * reordered import * Wrapperd playlist controls in clickoutsidewrapper * Turn off verbose output from tar extraction when building docker files, fixes #15528 * Hide time info switch when no time options are specified * Made sure that DataSourceOption displays value and fires onChange/onBlur events (#15757) * Updated react select fork to 2.4.1 * utils: show string errors. Fixes #15782 * Update frontend.md * Update frontend.md * Minor refactor of cli tasks (core start, gui publishing) * Fixed url of back button in datasource edit page, when root_url configured (#15759) * use onOptionsChange * use replaceVariables rather than onInterpolate * use updateOptions rather than onChange * changelog: add notes about closing #15650 * changelog: add notes about closing #15765 * fix: Kiosk mode should have &kiosk appended to the url #15765 * changelog: add notes about closing #15077 * org admins should only be able to access org admin pages * only editor/admin should have access to alert list/notifications pages * Added MaximumUsedTransactionIDs metric to list of AWS RDS metrics. * fix: When in tv-mode, autofitpanel should not take space from the navbar #15650 * devenv: fixes incorrect influxdb config. * Fixes #15739 * Don't mutate seriesList parameter in mergeSeriesByTime (#15619) * new stable docs version * Fix: #14706 Incorrect index pattern padding in alerting queries * fix * changelog: adds note about closing #14239 * fix: prevent datasource json data stored as nil (#15508) * changelog: adds note about closing #10506 * changelog: adds note about closing #15651 * Return 404 on user not found (#15606) * Catch bad regex exception at controller level * Prettier fix * Add PiechartOptionsBox * docs: missing field added to example * 11780: invalid reg value can cause unexpected behaviour * Fixed right side scrollbar margin on dashboard page * fix: Return url when query dashboards by tag * Fix prettier * Initial rendering * Add PiechartType enum * Install d3 * Remove extra props * Removed commented code * Fixed alias in Cloudwatch Expressions * Explore: Enable click on name label * Bumping grafana ui version (#15669) * Style and grammar fixes * big text option * Need this to be available for plugins * service: fix for disabled internal metrics. * docs: 6.0 whats new * Toggle stack should trigger a render, not a refresh * Updated latest.json with 6.0 * docs: grafana 6.0 has been released. * moves social package to /login * moves tracing packge into /infra * changelog: adds notes for #14509 and #15179 * graph: fixes click after scroll in series override menu * moves metric package to /infra * Explore: Make sure line graphs get different colors * stackdriver: change reducer mapping for distribution metrics * stackdriver: fix for float64 bounds for distribution metrics * update * style tweaks * Refactoring orientation stuff * Refactoring bar gauge * Refactoring bar gauge * Added missing file * refactoring repeater and code in gauge and bar gauge to reuse more code * docs: link to azure monitor from what's new in v6.0 * Fixed value dropdown not updating when it's current value updates, fixes #15566 * docs: tweaks to AzureMonitor docs * Added feature toggle to defaults.ini and sample.ini after PR comments * Moved variable to config struct after PR comments * Added feature toggle editors_can_own * updates all cols except created so user and password of the database can be chaned to no user and password * Fixed bug with getting teams for user * Improve Loki logs render with ANSI colors (#15558) * grafana/ui 6.0.0-alpha.0 release version bump * removed color in color variables names * changelog: add notes about closing #15303 * changelog: add notes about closing #1441 * update changelog * grafana/ui 1.0.0-alpha.0 release * Update grafana/ui readme * docs: landing page update * Bring back plugins page styles * docs: layout fixes * prettier fix * Make published package public by default * docs: fix link * docs: fix order of datasources in menu/index and update alert support * Fixed prettier issue in color picker * Update docs to match current npm scripts * Added keywords and description go grafana/ui package * Fixed failing tests because of circular dependency * Fix version and name in grafana/ui package.json * Imports updates * Implemented scripts for building and releasing grafana/ui * changed some more color variables to use variables * fixed tests * panel: defensive coding that fixes #15563 * Minor fix/polish to gauge panel and threshold editor * copying options between visualizations * fixed issue in dark sass template * Updated body & page variables to use variables from code theme * updated building from source docs * fixed snapshots failing in master * Synced variable template files * fix: mysql query using __interval_ms variable throws error * Fixed scrollbar issue introduced in theme changes * Fix build * minor touch ups * Fix heading levels in generic-oauth.md * updated colors in light, dark and theme files, in template file basic colors uses variables from dark/light files, also changed to -basic in some files * ValueOptions -> PiechartValueEditor * Make it build * fixes * added orientation option * export PiechartDataPoint from @grafana/ui * change valueOptions * get label and color from series * prettier fix * PieChartDataPoint -> PiechartDataPoint * Rename PieChartPanelEditor to PiechartPanelEditor * docs: adds Azure Monitor docs * Fix blue in dark theme * Readme update * Minor fixes * Review fixes * Fixes after merging #15468 * Pass dashboardModel to PanelCtrl class. Fixes #15541 * Add piechart to builtInPlugins * logo: svg -> png * Remove old overwritten sass vars * first draft of repeater component * docs: howto for recreating our debian repositories. * fix: Filter out values not supported by Explore yet #15281 * Bump Prettier version (#15532) * updated theme variables to master * updated theme template files variables to master * add new issue templates * Fixes #15506 * chore: graph2 panel plugin should use the new ReactPanelPlugin from @grafana/ui * fix: Have the tab param removed from the url when leaving edit mode #15485 * reduce loglevel to debug * Fixes #15505 * fix native annotation filtered by template variable with pipe * Fixed navbar backbutton padding * Updated explore icon and style tweaks Lowered icon size and improved paddings, tried to align placement between dashboard and explore * Display graphite function name editor in a tooltip * Fixing array direction, adding simple render test, fixes #15478 Fixed unit test and updated gauge Added migration for threshold order * changelog: adds note for #15500 * fixed page-header-bg * cli: chmod 755 for backend plugin binaries * reversed most of grays in dark theme * Fixes #15477 * Changed how react panels store their options (#15468) * Remove maxDataPoints and interval props from props to remember in panel model * Fix typo in view mode cykle button * Variables regenerated * Make clear that variable scss files are generated from templates * Fixed spelling issue in templating docs * Removed primary class from Add Query button, and changed name of Panel Options tab o General Options * improved formatting of variable docs * Datasource docs for Loki * Replace require with import in start task * Added enable_gzip documentation (#15322) * Add Lux to units * Fixed issue with PanelHeader and grid-drag-handle class still being applied in fullscreen, fixes #15480 * Began work on handling panel type switching and keep setting * Fixed unit tests * Fixed gauge issue that will require migration later and also value options editor did not handle null decimals or 0 decimals * Added missing Gauge props * Bar gauge icon updated * Added bar gauge icon * Began work on adding options * Added basic tests * bar-gauge storybook * Began experimenting with a bar gauge * Also remove nested options prop that was there due to bug * Moved gauge value options into a sub oject and made editor more generic, will be moved out of gauge pane later and shared between singlestat, gauge, bargauge, honecomb * Added a ReactPanelPlugin as the interface that react panels export, this way react panels have clearer api, and gives us hooks to handle migrations and a way for panel to handle panel changes in the future * Changed how react panels store their options * Fixed prettier issue (#15471) * Initial commit * Added bar gauge icon * Began work on adding options * Added basic tests * run db tests in all packages * bar-gauge storybook * new dark-3 became new dark-2, created new lighter dark-3, changed panel-bg, empty-cta etc to dark-2 * Began experimenting with a bar gauge * docs: suggested changes * docs: fix header * fixed handling of alert urls with true flags, fixes #15454 * Fixed dashboard navbar buttons being visible in fullscreen, fixes #15450 * Added missing strict type checking options to grafana/ui and fixed type errors * Extracted common code for diff calculation * fix spelling error * whats new: rename security section * Fix percent_diff calculation when points are nulls * Restored loading spinner to DataPanel * rearrange bullet points in PR template * added another error message scenario * link to contributing guidelines in pr template * Fixes to error handling and clearing, also publishing of legacy events so old query editors work with react panels fully * contributing: adds link to help wanted label * contributing: adds link to our CLA * removes testing instruction from contributing doc * docs: move alerting above session * docs: mention samesite setting * increased blue in dark-1-5, dark-3 and dark-4 * docs: adds note about new login cookie name * changed color for blue light in light theme + small changes in naming etc * Add missing nodemon dependency * make bug/feature titles more verbose * mentioned closes/fixes for new features * docs: improve removal of session storage for what's new in v6.0 * docs: add upgrade notes for v6.0 * docs: add note regarding auth proxy and user session requirement * docs: fix typo * removed more unused variables, restyled scrollbar * allow 90 percent of alertTimeout for rendering to complete vs 50 percent * Fixed issue with sass variables used from typescript, the prettier lowercases export variables * using error callback from datapanel instead * docs: add availability note regarding non-compliant providers * Fixed sass vars template files * Added deprecation warning to npm watch script - use start script instead * added new dark variable to dark theme(the color used for page-bg), changed some backgroud colors that doesn't use variables to use variables, made some slight tweaks to dark variables, fixed so item hover is the same as card hover * Simple CLI for running grafana in dev env * Added common theme variabless generation, created GrafanaThemeCommons interface * contributing: improve guide for bug fixes * Changed devenv default data source to testdata * added support for influxdb non_negative_difference function in tsdb * added support for influxdb non_negative_difference function in tsdb for alerting * Remove precommit from npm scrips * More files that has fixed with prettier * Added prettierignore and check script * devenv: use grafana:dev image in ha test per default * devenv: send nginx logs to loki in ha test * devenv: proper fluentd conf for grafana and loki * devenv: use grafana/fluent-plugin-loki * devenv: trying to make fluentd with inoffical fluent-plugin-loki work * fixed issue with updatePopperPosition * Prettier had not been running as a precommit hook for some time so had to run in on all files again * removed _plugins.scss and _settings_permissions.scc, removed unused classes in _login.scss, reduced dark variabels in light theme and alignied light theme a bit with dark theme, turned blue-gray, dark-3 and panel-bg variables into one variable and removed gray-7 in dark theme * feat: Add EmptySearchResult ui component and use it in VizTypePicker * Revert 'feat: Add css-support for invalid form input elements' * Revert 'feat: Highlight vizpicker input when there are no panels matching the search query' * Regenerating variabless sas on theme edit v1 * Fixed a minor plugin json lingering issue * Removed some icons in action button Trying to align some title case issues * implement show error in panelcorner * Forgot about the snapshots * Renamed to FilterInput and added label and search icon * feat: Highlight vizpicker input when there are no panels matching the search query * Updated a few plugin json files with dataFormats * feat: Add css-support for invalid form input elements * remove comments * bubble error from datapanel to panelchrome * Changed noQueries to a dataFormats array that will allow a panel to define supported formats and prefered (first in array) * use authtoken for session quota restrictions * Fixed issues with double page body and husky pre-commit hook * fix: No need to have edit permissions to be able to 'Save as' a dashboard * Revert 'chore: wip: Replace brace with ace-builds to get latest version of ace' * chore: wip: Replace brace with ace-builds to get latest version of ace * fix: Error tooltip should have white text on red background. Not red text on red background * Move explore selectors to a separate file * removes unused session code * chore: Rename renderPanel to renderPanelBody * chore: Rename renderDataPanel to renderPanel * chore: Rename renderHelper > renderDataPanel and move logic to smaller functions * chore: PR feedback, shorten boolean check * chore: Rename isDataPanel to noQueries * chore: Only show Queries tab for panel plugins with isDataPanel set to true * feat: Only use the DataPanel component when panel plugin has isDataPanel set to true in plugin.json. And fix PanelData when using snapshots * feat: Add util to convert snapshotData to PanelData * feat: Introduce IsDataPanel attribute to plugin.json * fix: Add missing typing * Fixes #15372 with number input and parseFloat * Revert 'hard move' * chore: PR feedback, shorten boolean check * chore: Rename isDataPanel to noQueries * Merge with master * Found another input that was tied to a regexp * Fixes bug #12972 with a new type of input that escapes and unescapes special regexp characters * enable testing provsioned datasources * Fixed elastic5 docker compose block * Added one more test case for color resolving helper * Fix error caused by named colors that are not part of named colors palette * Fixed issue with gauge requests being cancelled * Update package.json * changelog: adds note for #15363 * Move deduplication calculation from Logs component to redux selector * style tweak to alert * Removed plus icons * hard move * restoring green CTA * Removed double page container * chore: Only show Queries tab for panel plugins with isDataPanel set to true * Removing default thresholds values. * adds edition to build_info metric * Updated lint-staged * changelog: adds note for #14623 * Fixed double page class on api keys and org details page * Color tweaks * azuremonitor: don't use make for maps and array * changed back to old green in light theme * changelog: add notes about closing #15258 * changelog: add notes about closing #15223 * changelog: add notes about closing #15222 * changelog: add notes about closing #15122 * changelog: add notes about closing #15219 * changelog: add notes about closing #14432 * update changelog * changelog: adds note for #15131 * changelog: add notes about closing #15284 * Fixed issue with light theme introduced by #15333 * devenv test dashboard * minor style update * revert ds_proxy timeout and implement dataproxy timeout correctly * changelog: adds note about closing #15295 * azuremonitor: fix auto interval calculation on backend * Minor style fixes * Remove not related code * make sure opentsdb takes dashboard timezone into consideration * make sure influx takes dashboard timezone into consideration * Do not read store state from toggle panelaction creator * make sure graphite takes dashboard timezone into consideration * Review changes * return series label if selected stat is name * Fix plugin loading failure message not being displayed * fixes invalid folder check * extract notifiers folder creation to new if statement * interval: make the FormatDuration function public * Fixed missing time axis on graph due to width not being passed * make sure notifiers dir exists for provisioning in docker * should be able to navigate to folder with only uid * renames usage state name for auth token * Clear visualization picker search on picker close * Update README.md * changelog: adds note about closing #15288 * v1 * removed extra semi-colon * Commented out the Loki dashboard query editor * added old green to dark-theme * Fixed issue with logs graph not showing level names * set secondary to new blue * removed unused directive * Fixed issue where double clicking on back button closes sidemenu * changelog: add notes about closing #8570 * update changelog * changelog: add notes about closing #14233 * changelog: add notes about closing #15189 * changelog: add notes about closing #13324 * azuremonitor: small refactoring * azuremonitor: handles timegrain set to auto on backend * Navbar back button, no title edit this time * provide time range to angular query controllers * azuremonitor: add test for dimension filter * azuremonitor: refactor azure monitor api code into own file * azuremonitor: handle multi-dimensions on backend * use timeSrv in metricFindQuery as timeRange * remove unnecessary spy * azuremonitor: add support for aggregations on backend * Fix formatting * Add aws ec2 api metrics for cloudwatch * Improve usability showing disabled lines in forms * Fixed issues with plus button in threshold and panel option header, and current state in viz picker, fixes #15329 * support three letter hex color strings * azuremonitor: simple alerting for Azure Monitor API * use unique datasource id when registering mysql tls config * azuremonitor: builds a query and sends it to Azure on the backend * mark packages as Apache license * Minor refactoring around theme access * Use TS instead of JS to store theme variables@next * Do not use js theme variables in sass (poor dev experience for now) * Update config mock in metrics panel controller test * ldap: refactoring. * ldap: fixes #14432. Fix for IPA v4.6.4 * ldap: adds docker block for freeipa * feat: Only use the DataPanel component when panel plugin has isDataPanel set to true in plugin.json. And fix PanelData when using snapshots * feat: Add util to convert snapshotData to PanelData * feat: Introduce IsDataPanel attribute to plugin.json * fix: Add missing typing * slight tweaks * fixed explore width-0 issue, fixes #15304 * Persis deduplication strategy in url * Support ANSI colors codes in Loki logs * adds usage stats for sessions * Panel edit navbar poc * make sure to create provisioning/notifiers directory for deb and rpm packages * log root cause error when reading from provisioning directories * moves usage stats sender to new package * changelog: add notes about closing #15291 * Removed unnecessary code from ColorPicker and extended theme type * Selecting theme variable variant helper function * added reducers tests * update docs * added way to test action called from react component * Added annother initDashboard test * removes cleanup setting from docs * make hourly cleanup the default behavior * fix single gauge * removed direction and series mode options, cleaned up the code somewhat * Simplified condition * support json format templating * support /api/v1/labels * devenv: update ha test and load test * run token cleanup job when grafana starts, then each hour * Added another error object message detection * Fixed some remaining issues * Improved dashboard page test * Improved dashboard page test * Big refactoring for dashboard init redux actions * Fix SemVersion.isGtOrEq * making changes suggested in review and improving typings * fix * show timeseries label under gauge * Minor cleanup * Added test for SASS variable retrieval function from JS definition * Updated stories to use new theming * move authtoken package into auth package * vertical and horizontal, removed mode option * move UserToken and UserTokenService to models package * Add failing test * Rename version_test to version.test * change UserToken from interface to struct * replaced some hex values with variables * some changes i forgot to save in first push in variables.dark * removed trailing whitespace * removed unused theme variables, removed empty sections, aligned the order of sections in the files * combine mode with avg value * Fix issue with graph legend color picker disapearing on color selection * changelog: add notes about closing #12546 * Added a basic test for initDashboard thunk * docs: update annotaions http api * azuremonitor: improve autocomplete UX * Added DashboardPage tests that tests view mode transition logic * azuremonitor: fix autocomplete menu height * Revert 'chore: Replace sizeMe with AutoSizer in DashboardGrid' * Revert 'chore: Remove react-sizeme' * fix spelling * wip: tests * middleware fix * enhanced expiration logic for lookup token * changelog: add notes about closing #15265 * Address review comments * auth token clean up job now runs on schedule and deletes all expired tokens * changes needed for api/middleware due to configuration settings * change configuration settings in auth package * document login, short-lived tokens and secure cookie configurations * refactor login/auth token configuration settings * remove unused code * Added ServerlessDatabaseCapacity metric to list of AWS RDS metrics. * changelog: add notes about closing #8207 * Minor code simplification * Delete template.html * cloudwatch: Add tests for resource_arn template query * cloudwatch: Add resource_arns template query function Implements feature request #8207 * update to aws-sdk-go v1.16.15 * Updated add panel related flows * Update types and themes usage in components * Implemented theme context and renamed/moved theme related types * refactor panel * changelog: adds note for #15182 * Breaking init dashboard up in to fetch & init * stackdriver: fixes #15182 * Closing timepicker when clicking outside the picker * Optimized so we only do checks when dropdown is opened * stackdriver: add some more typings * Fixed so that we close angular TimePicker when user clicks outside the dropdown * Moved remove panel logic to dashboard srv * first working draft * Removed unused controllers and services * Improved error handling * fix: Update snapshot * chore: Explore: Remove inner AutoSizer, spread the size-object to width/height, change height type to number * chore: Remove react-sizeme * fix: Calculation issue with AutoSizer in explore * chore: Replace withSize with AutoSizer in explore/Graph.tsx * chore: Replace sizeMe with AutoSizer in DashboardGrid * Prevent viewers from going into edit mode * Expand rows for panels in collapsed rows * Basic loading state for slow dashboards * Fixes #15223 by handling onPaste event because of bug in Slate * Fixed add panel should scroll to top * minor layout change, simple render test * azuremonitor: improve autocomplete experence * docs: fixes #14940 * Added custom scrollbar and remember scroll pos to jump back to same scroll pos when going back to dashboard from edit mode * created new color variables, changed primary to blue, changed success-btns to primary-btns. * azuremonitor: more autocomplete suggestions for built-in functions * Updated playlist test * added missing typing to explore props * added comment to initDashboard * improve the stackdriver logo * Fixed so onBlur event trigger an QueryChange and QueryExecute if values differ * Renamed initialQueries to queries * Added PATCH verb end point for annotation op * move auth token middleware/hooks to middleware package * auth package refactoring * render after leaving fullscreen * added flags to vizpicker from query param * Added playlist controls to new react DashNav * Fixed lots of loading flow issues and updated solo route page * Set page title on dashboard load * now /api/login/ping returns Response * Added handling of kiosk mode * WIP Enable js defined theme to be used in SASS * fix: Explore: Query wrapping on long queries #15222 * azuremonitor: fix where suggestions * prepping go to visualization * azuremonitor: use kusto editor for App Insights * basic layout * fixed unit test * Made dashboard view state srv panel view state obsolete * fix: Set ace editor min height to avoid problem with scrollbar overlapping ace content #15122 * Missed to save * fix: Data source picker in panel queries options should overlap content below, including ace scrollbar #15122 * Fixed handling of orgId * Fixed template variable value changed handling * Fixed bug with removing a QueryRow thats not part of nextQueries * Now handles all dashbord routes * Replaced intialQueris with queryKeys * fix util for splitting host and port * azuremonitor: where clause autocomplete * azuremonitor: don't go back to dashboard if escape pressed in the editor * azuremonitor: suggest tables initially * azuremonitor: add more builtin functions and operators * Reverted redux-logger * Added more typings * added submenu, made sure submenu visibility is always up to date * changelog: add notes about closing #14231 * Removed modifiedQueries from state * fixing logging action * devenv: switching back using loki master plus various fixes * Fix save provisioned dashboard modal * Merge with master * Refactor of action, actionTypes and reducer * More types and some refactoring * Alignment of interfaces and components * Removed the on every key change event * Add AWS/Neptune to metricsMap and dimensionsMap * added time picker * refactorings and cleanup * mssql: pass timerange for template variable queries * improving dash nav react comp * fixed panel removal * Added more buttons in dashboard nav * wip: progress * Url state -> dashboard model state sync starting to work * Dashboard settings starting to work * wip: dashboard in react starting to work * wip: minor progress * wip: dashboard react * base64 encode encrypted oauth token fields * Add string quote func * Remove option used to control within browser * Remove length from text columns * Add oauth pass-thru option for datasources * did not add file, removing centerered * Legend toggle should only trigger a re-render, not a refresh * first stuff * updated snapshot * Adding pointer to colorpicker * Minor post review changes * More style tweaks to panel option group add button * Made some style tweaks * setting margin on label * Make runQueries action independent from datasource loading * fixing test * add button in header * minor fix * Made really good progress on loki support in dashboards * Temporarily run queries independently from UI state of explore panels * Remove extra newline * Clearify the Run from master instructions * Use slate-plugins from app/features/explore * Remove newline && runner plugins * Move prism to app/features/explore * Restoring explore panels state from URL * Remove version.ts * introduce samesite setting for login cookie * sending paneldata to component, gauge can handle table data * always delete session cookie even if db delete fails * New solo panel route working in all scenarios I can test * Removed unused factory and fixed index based mapper lookup * Fixed dashboard row title not updating when variable changed, fixes #15133 * Removed comment from panel editor * signout user if /api/login/ping returns 401 unauthorized * must return json response from /api/login/ping * adds more tests signing out session * changes some info logging to debug * wip * tailing grafana logs and temporaily using an older build * add missing ngInject annotation * renames signout function * delete auth token on signout * typing data * changelog: adds note about closing #10780 * Do not render time region line or fill if colors not provided * Fixed row options html template location, fixes #15157 * creating table data type * wip: New react container route for solo panels that supports both angular and react panels * build: enterprise release co project. * Fixed another type of fluent reducerFactory * Moved dashboard state components to state folder * Moved time_srv to services folder, this should not belong to dashboard feature but it is too dependant on dashboard to move it out now, needs a bigger refactoring to isolate from dashboard * Moved a few things around * Removed then clauses, no need to test the test within the test * Updated what's new article * Added reducerTester, reducer tests and tests * Removed ActionTypes and fixed a noPayloadActionCreatorFactory * Replace usages of kbn.valueFormats with ui/getValueFormat * Refactored Datasources as POC * Fix anchor * Added download links to docs * Updated docs * Updated version again * Updated version and made some changes to changelog and what's new article * docs: Added version notice for time range variables * Added loki video * spell fixes * chore: Add typings for react-grid-layout and react-virtualized * fix: Don't open panel menu when dragging (react-)panel in dashboard #14946 * chore: Add missing typings in PanelResizer * chore: Fix typings and remove bindings for arrow functions in DashboardGrid * Updated explore section again * Updated explore section * fixe merge issue * updated what's new article * adjusting types to match * Add storybook script to run it from root dir * Minor change to Action interfaces * Simplified inteface for reducerFactory * Fixed a small bug and added case sensitivity * docs: whats new tweaks * Added reducerFactory and tests * Minor updates to text and image placements * docs: add video link to what's new * whats new: note about session storage * first implementation * Added actionCreatorFactory and tests * whats new: provisioning for alert notifiers * Rename SetInitialQueries action to QueriesImported * Add missing code * changelog: adds note for #15129 * docs: update to what's new * docs: wip - what's new for 6.0 * Minor style fix to button group * Fixed failing unit test * Added basic docs * Minor refactoring and adding some typing * changelog: add notes about closing #14709 * fixed sqlite issue introduced by #14709 * Change primaryAggregation to crossSeriesReducer in Stackdriver * update changelog * changelog: add notes about closing #12764 * fix: Remove legacy title-prop and update document.title when navModel is changed #15108 * Explore: query field should not propagate non-text change * Wait for queries to be imported before proceeding with datasource change * removing alpha * Remove commented code * Tweaked panel option group styles * Import queries before datasource is changed * fixed prettier on switch component * adding from and to built in variables * azuremonitor: adds macros to slate intellisense * Fixed issue with explore changeTime redux action not being hooked up, fixes #15115 * Fixed explore query editor styling issues * azuremonitor: remove wrong completions * azuremonitor: autocomplete on enter * Progress on tooltip style update * azuremonitor: fix tests * devenv: loki provisioned datasource * azuremonitor: revert 'memory for webpack build' * Azure Monitor: replace monaco by slate with initial Kusto syntax * docker: block for loki * Make language provider cancelable in Loki and Prometheus QueryField, to avoid setting state on unmounted component * Add util for handling promise cancelation to avoid setting state on unmounted components * stackdriver: remove beta notice from config page * increasing font size on longer strings * magic number solution * Propagate event to onChange prop in Switch component * two minor bug fixes introduced in recent refactorings * Minor progress on react query editor support, solving updating query persisted state * did some styling changes * Updated Explore query styles to align them to other query editor to make them fit in better * chore: Fix typings and add Page-component to FolderPermissions #14762 * chore: Fix typings and add Page-component to ServerStats #14762 * chore: Fix typings and add Page-component to AlertRuleList #14762 * chore: Fix typings and add Page-component to DataSourceDashboards #14762 * fix: Add plugins to StoreState interface * chore: Fix typings and add Page-component to NewDataSourcePage #14762 * chore: Fix typings and add Page-component to DataSourceSettingsPage #14762 * chore: Fix typings and add Page-component to FolderSettingsPage #14762 * test: Updated snapshot * chore: Fix typings and add Page-component to TeamPages #14762 * fix: Add pageName default to avoid 'Loading undefined...' * changelog: adds note about closing #10487 * pkg/util/{filepath.go,shortid_generator.go}: Fix golint issues * pkg/util/{ip.go,url.go}: Fix some golint issues * pkg/util/*: Add missing function comments. * docs: updates docs to refer to using uid * azuremonitor: increase memory for webpack build * gofmt issue * moves test files into testdata folder * renames alert_notifications -> notifiers * changelog: add notes about closing #14711 * update inline documentation * extract parsing of datasource tls config to method * extract tls auth settings directive from datasource http settings directive * changelog: add notes about closing #13711 * changelog: add notes about closing #5699 * Fix for annotations not clearing when switching dashboards, fixes #15063 * Import fix * build: ignore latest * Spelling/grammar fixes in top level markdown files * build: publishes armv6 to grafana.com. * Removed the initial data source as I could not see it being used anywhere * Initialize named colors palete lazily * Fix thresholds default colors not being applied * removes unnessecary db request * Making sure we do not pass a long invalid queries and save to state * single import for types from @grafana/ui * tab/spaces formatting * Revert 'Updated home dashboard, removed home dashboard header' * Fixed wrong line in test * Made sure we only resetTypeahead if mounted * Delayed explore query loading indicator and implemented minor ux improvements to it * fixing test * support both uid and id for showing/removing notifiers * Revert 'Use the same panel loading indicator in explore as on dashboard's panel' * Firing off an action instead of listening to location changes * Handle undefined graph and table results * enable explore by default * Use the same panel loading indicator in explore as on dashboard's panel * Prevents query result cleaning when new query trransaction starts * Changes after PR Comments * Made ExplorerToolbar connected and refactored away responsabilities from Explore * Removed some split complexity * Fixed some more styling * Fixed close split look and feel * Fixed position of Closesplit * Fixed small issue with TimePicker dropdown position * Simplified some styles and dom elements * Fixed some more with the sidemenu open and smaller screens * Fixed so heading looks good with closed sidemenu * Restructure of component and styling * Refactored out ExploreToolbar from Explore * updating state if no panel * updated the color palette * Fixed reinitialise of Explore * changelog: add notes about closing #13929 * changelog: add notes about closing #14558 * changelog: add notes about closing #14484 * changelog: add notes about closing #13765 * changelog: add notes about closing #11503 * changelog: add notes about closing #4075 * changelog: add notes about closing #14722 * update changelog * changelog: add notes about closing #10322 * changelog: add notes about closing #12991 * update changelog * Update datasource before the loading has started * Add cursor pointer to color swatches * Fixed import path * changelog: adds note about closing #14701 * upgrade golang to 1.11.5 * moves timeout tests to an integration test * Moving a few things from dashboard folder * Correct formatting of sqlstore_test.go * pkg/services/dashboards/dashboard_service.go: simplify return * Updated url query param encoding to exctly match angular encoding * Updated snapshot * Added missing props not being passed to scrollbar component, fixes #15058 * Parse database host correctly when using IPv6 * Document /api/health * some working solution, needs refactor * changelog: adds note for #15062 * Do not update color picker popover position on tab change * change default rotate_token_minutes to 10 minutes * Rename deprecation warning helper * Implemented tests for ColorPickerPopover and NamedColorsPalette * fix * load test/ha fixes * set low login cookie rotate time in ha mode * Fix light theme issues with named colors disabled * Stories cleanup * fix multiple piechart instances bug * scripts/build/*: Fix some golint issues * scripts/build/*: Fix golint issues Url => URL * build: fixes building grafana completely within docker. * dont specify domain for auth cookies * monaco-kusto: fix imports * use @alexanderzobnin/monaco-kusto package for kusto syntax highlight * New snapshot reflecting changes * Makes the clickable side menu header look great in light theme again * org id fix for load test * user auth token load tests using k6.io * add global datasource proxy timeout setting * moves cookie https setting to [security] * Azure Monitor: build monaco with webpack WIP * Use Switch to control y-axis in series color picker * Move Switch component to grafana-ui * improves readability of loginping handler * Bug Fix #14961 * minor styling changes to gaps, font-size and width * makes sure rotation is always higher than urgent rotation * use defer to make sure we always release session data * Enable custom picers on color color picker popovers (for y-axis support in legend picker) * feat: Use CustomScrollbar in explore #14752 * chore: Better comment * chore: Remove comment and unneeded export * fix: Enable -webkit-scrollbar related css when there's no overlay scrollbar #14807 * fixes broken test * Make series overrides color picker display correctly * removes unused/commented code * removes old cookie auth configuration * makes auth token rotation time configurable * Update story for NamedColorsPalette * Update imports of NamedColorsPalette * Restore missing styles * Fixed issue with color name retrieval not being aware of current theme * Fixed dashboard import issue after move * Moved add panel panel and renamed it to add panel widget * Fixed react key warning for loki start page * Moved row options to it's own component folder * Removed old query inspector (that was opened by clickin error in panel title) think the new query insector from Queries tab can replace this old one. * Moving files to better locations * Disable query should trigger refresh * added docs entry for check_for_updates config flag, fixes ##14940 * Loki query editor is starting to work, had to make changes to explore query field in order to update query from the outside without unmount between * store oauth login error messages in an encrypted cookie * Removed sass import of spectrum.scss * replaced palette colors with current palette adjusted for dark and light theme * Remove spectrum.js vendor dependency from grafana/ui * changed light-theme tool-tip to be a bit lighter, trying different paddings * Fix hide timeout for color picker * Rename colorsPalette util to namedColorsPalette * Make small swatches react to theme changes * redirect logged in users from /login to home * Explore: Fix scanning for logs * Update styles of selected named color swatch * restrict session usage to auth_proxy * Implement pointer component for spectrum palette sliders * minor updates * Make default color picker close on trigger mouse leave * Moved ad hoc filters and upload directive * Added deprecation warning to old color picker API props. Moved named color support handling to color popovers * changed color for label tooltips from blue/red-yellow gradient to black/white * Moved dashboard srv and snapshot ctrl * Moved share modal * Moved dashboard save modals to components folder * Moved unsaved changes service and modal * Removed unused alertingSrv * Moved view state srv to services * Moved timepicker to components * Moved submenu into components dir * Moved dashboard settings to components * Moved dashboard permissions into components dir * Moved history component, added start draft of frontend code style guide * fix: Use custom whitelist for XSS sanitizer to allow class and style attributes * Reduce padding in color picker popover * Began work on improving structure and organization of components under features/dashboard, #14062 * Fix a typo in changelog * Implemented new spectrum palette * Update ROADMAP.md * use resetfolder instead so it shows current folder * Updated home dashboard, removed home dashboard header * fixes nil ref in tests * add setting for how to long we should keep expired tokens * stores hashed state code in cookie * creates new config section for login settings * based on encodeURIComponent() using strict RFC 3986 sub-delims * fix: Dispatch the correct action (#14985) * passing middleware tests * Stories update for color picker * Make named colors optional in color picker, enable named colors in graph legend series picker * Storybook - add actions addon * fixes:#14282 - Do not change folder for persisted dashboards * extract auth token interface and remove auth token from context * Fixed issues with the sanitizie input in text panels, added docs, renamed config option * build: removes arm32v6 docker image. * Updated version in package.json to 6.0.0-pre1 * build: armv6 docker image. * build: skips building rpm for armv6. * build: builds for armv6. * CustomScrollbar - expose underlying's react-custom-scrollbars API to allow scroll tracks config. * Explore: mini styling fix for angular query editors * Removed unused props & state in PromQueryField * chore: Remove logging and use the updated config param * chore: Reverse sanitize variable so it defaults to false * feat: wip: Sanitize user input on text panel * fix: Text panel should re-render when panel mode is changed #14922 * Minor rename of LogsProps and LogsState * Splitted up LogLabels into LogLabelStats and LogLabel * Make popover hide delay configurable to enable better UX * Stories - fix import * Enable new color picker in Gauge and Thresholds editor, use ThemeProvider instead of ContextSrv * Updated table tests to new behavior for colors (values are always rendered as hex/rgb) * Make named colors usable in angular code pt 1 * Story updates * Update grafana/ui exports * Refactor color picker to remove code duplicartion (introduced colorPickerFactory). Allow popver position update on content change * Fix lint * Updated stories * Rendering arrows for color picker, applying color changes to time series * Fix TS errors * Stories updates * Unified color picker API, allowed for color specified for theme selection, updated code to changes in PopperController API * Get rid of unused renderContent prop on PopperController * Enabled knobs for storybook and implemented some stories * Lint fix * Render series color picker with correct theme * Added config provider to be able to access config easily from react components * Migrating color pickers to Popper from drop.js pt1 * Updates to Popper to be positions correctly within window * Move tooltip themes to Tooltip component making Popper/PopperController theme agnostic * WIP Basics of named color picker * Refactored out LogRow to a separate file * Removed strange edit * Added link to side menu header and fixed styling * Moved ValueMapping logic and tests to separate files * more auth token tests * Fixed data source selection in explore * Added refId to missing queries on panel model init * adds cleanup job for old session tokens * Fixed loading of default query editor * Changed null logic for range value mappings after PR comments * fix tests after renaming now * Added check for null value in ValueMappings and added tests * s/print/log * avoid calling now() multiple times * passing auth token tests * fixed trailing whitespace * handle expired tokens * fixed circleci script run path for gometalinter * Fixed circleci name for gometalinter exec step * moved script and added exit_if_fail * Moved gometalinter to a script instead of seperate commands in circleci file, removed megacheck and added staticcheck * set userToken on request when logging in * moves initWithToken to auth package * set cookie name from configuration * Added function hasAccessToExplore in ContextSrv and refactored tests * change rotate time * mixor fixes * dead code * fix ip address parsing of loopback address * removes commented code * moves rotation into auth since both happens before c.Next() * fix: Viewers can edit means that viewers have acces to Explore #14281 * Add loop counter for full refresh in playlist * decreased panel height in edit mode * toggle collapse when clicking on collapse state text * Query editor row style update & sass cleanup * Delete .all.ts@neomake_22624_74.ts * Further refinements of typings * more typings work around data query and data source * wip: progress on adding query types * wip: more typings * wip: typings * Revert 'Specify expected encoding for access/secret key' * Moved add query button to the right * Updated removing notification channel by uid * Check that alert notification with id already exists in notification settings * change enabled to true * Fixed scrollbar issue where it jumped to the top * Added test case dashboard * fix: Hack for getting the same height in splitted view, view could use refactor IMHO #14853 * Minor refactoring and name changes * Fixed issue with explore angular query editor support introduced by recent angular query editor changes * Redid logic for fontcolor and thresholds in Gauge and added tests * Make sure we do not change -Infinity * Passed the theme to Gauge * Added tests for formatted value * Small refactor of Gauge and tests * Added typings and refactored valuemappings code * Moved Gauge to ui/components * Preparing move to ui/viz * Fixed getFontColor, added tests and fixed thresholds logic * Removed baseColor * add timeout test for alert handling. * remove maxage from session token * fix broken code * fix cannot set cookie when response is written * began work on react query editor props and integration * Added data source type to explore state * updated snapshot * renaming DataSource type to DataSourceSettings and moved to grafana ui * Fixed issue with team and user picker, fixes #14935 * Moved data source and data query types * Moved plugin types to @grafana/ui * log fix * inital code for rotate * wip: moved plugin exports * build: usage instruction for repo test. * build: comments * Minor fix scrollpos when duplicating * build: updates ci deploy. * build: fixes the path for gsutil and gcloud. * build: fixes permissions issue. * removed unused props from angular query component interface * Additional query editor row tweaks * Query editor row in react is working * shortening callback functions * Explore: Fix datasource selector being empty with single datasource * Scroll to top when visualization picker is opened * Made scrollbar have scrollTop and setScrollTop props so we can control scroll position * build: only build amd64 for enterprise. * azuremonitor: guard for when switching from monaco editor * azuremonitor: move files into grafana * Query editor row react progress, buttons working * build: test script for rpm repo. * chore: Replace the deprecated SFC with FC * chore: Wrap footer with React's memo hoc * chore: Reduce code duplication by letting the page component adding the header and taking care of the page title * mini stylefix to select component * cloudwatch.md - quick typo fix * removing Label and going with FormLabel * Use light theme in storybook * Toggle edit mode works * login users based on token cookie * test: Update snapshots and mocks * build: deb repo update test usage instructions. * fix: Use Page component on 'Api Keys' and 'Preferences' under Configuration * build: uploads binaries before metadata in deb repo. * feat: Generate page titles from navModel * test: Updated snapshots * chore: Better way of getting the body node * chore: Reactify footer * fix: Add Pages component to Plugins and TeamList * fix: Configuration: Users should also use the Page component * feat: Possibility to change document title on pages using the Page component * fix: Add CustomScroller on DataSources page * fix: Proper types for linter * test: Snapshot update * fix: Fix import path after Scrollbar move to @grafana/ui * POC of page layout component * Added uid to AlertNotification json * Converted notification id to uid via fmt for old alert notification settings * Returned id for alert notifications which were created without uid * Formatted errors to err * Using func InitNotifier for verifying notification settings * Added uid for alert notifications * Renamed validation funcs for alert notification * Commented alert_notifications sample config * Instantiating notifiers from config before using * Added parameter org_name of alert notification to documentation * Added orgName parameter for alert_notifications * Added alert_notification configuration * redoing input props * another minor style change * More style tweaks to thresholds * fix: Manually trigger a change-event when autofill is used in webkit-browsers #12133 * move styling * renaming after pr feedback * minor style change * wip: testing new query editor row design * Removed snapshot * Refactored ValueMappings * Moved ValueMappings to grafana/ui/component and renamed it ValueMappingsEditor * Moved Label to grafana/ui/components * build: repo update testable and more robus. * Experimenting with generating doc for ui component * Move action properties to payload * Fixed small bug with entries outside the min max values * Fixed NaN issue when parsing * Remove BasicGaugeColor from state * Fixed so that we can not change base threshold * Fixed so added threshold colors are always unique * Fixed issue with changing value not changing index * Fixed styling for small screens * Reordered the input row * Fixed the circle * Fixed styling * Refactored logic in ThresholdEditor * File organization, action naming, comments * Fix reducer issues * Connect Explore child components to store * Update comments * Move types to types/explore * Save state in URL and fix tests * Allow multiple Explore items for split * WIP Explore redux migration * Fixed a bug with prefix and suffix not showing when using value mappings * fixing imports, minor fix on mapping row * test and minor fix on mapping row * updated snapshot * Added suffix interpolation * Scrollbar select fix * Remove duplicated import * Initial commit * changelog: adds note for #14795 * Move ColorPicker leftovers to @grafana/ui * inject login/logout hooks * begin user auth token implementation * utils * fix: It should be possible to scroll in the unit picker before selecting a value #14871 * fix go fmt * [Feature request] MySQL SSL CA in datasource connector https://github.com/grafana/grafana/issues/8570 * removes debug2 logging * removes error2 logger * WIP: good progress on react query editor support * Updates to latest checking. * 5.4.3 changelog * changelog: adds ntoe about closing #12864 * fix that alert context and result handle context do not use the same derived context. * docs: add a title to the Explore docs * stackdriver: converts some variables from any to types * FormGroup component and implements * Restored http settings directive that was hidden in an unused angular controller page * stackdriver: small fixes after reactifying * changelog * stackdriver: add help text for bucket alias * Prometheus: Fix annotation step calculation * stackdriver: fixes space before caret icon in query editor * Fixed Syntax for folder permission's JSON * avoid infinite loop in the dashboard provisioner * build: fixes release problems. * changelog: add notes about closing #5968 * wip: another wip commit * Moved panel editing components to it's own folder * removed old unused angular stuff, rename * wip: react query editors * Move panel width/height calculation to PanelChrome * Updated singlestat to use new value format function syntax and capitalized unit categories, fixes #12871 * build: build specific enterprise version when releasing. * Fixed Gauge being cropped when resizing panel * units: adds back velocity units. Fixes #14851 * Fix bug tls renegociation problem in Notification channel (webhook) #14800 * Fix Error 500 on unexisting /api/alert-notification/<id> * updated snapshot * Minor renames and other fixes * pushover: add support for attaching images (closes #10780) * panel option section moved to grafana-ui and new panel option grid component * Simplified folder structure in grafana-ui lib * Addedd assertions about raw time range when panel time overriden * Panel time override tests * add feedback to what interval is being used (calculated in the backend) * use typings for ds and template srv * value formats: another rename and updates code to use new valueFormats func * value formats: renamed folder * Reverted move of defaults for GaugePanelOptions * refactoring alias by * Move Select styles to grafana/ui * Moved defaultProps to ui/components * Moved the rest of Threshold dependencies to ui/components * Renamed Threshold files * Renamed Thresholds to ThresholdsEditor * Moved Thresholds and styles to grafana/ui/components * Removed default export for colors * Fixed typings * Small change in SeriesColorPickerPopoverProps * Moved colorpicker to ui/components * Fixing test and small refactor * Moving to grafana ui, fix issue with TestRuleResult * Fix panel time overrides not being applied fully * access scope directly from this. update tests * build: makes sure all builds use the latest container. * changelog: docker images for arm. * Renamed Select related components: Picker* to Select*, Option* to SelectOption* * build: removes curl install from build. * build: tags arm as well as amd64 as latest. * Docker image for ARM * Fixing TS and updating snapshot * make sure frequency cannot be zero * refactoring. fix broken test * Migrate Select components to @grafana/ui * provide angular directive scope props correctly * docker: enable flux in influxdb docker block * Moved Thresholds and styles to grafana/ui/components * Update README.md * 11503: escape measurement filter regex value * 4075: Interpolate tempvar on alias * rename * fixing unitpicker * removing tests * React graph panel options component rename * Minor refactor of Gauge panel * Revert 'Docker image for ARM' * Revert 'build: fixes docker push.' * build: fixes docker push. * feat: Add brand as tooltip theme and use it on panel edit tabs #14271 * Docker image for ARM * fix broken test * chore: Remove ScrollBar component, superseded by CustomScrollbar * Update storybook static files option to load statics correctly * unregister event listener correctly * Changes after PR comments * Removed unused refClassNameprops from Propper * Fixed a small bug when toggling items in toolbar * build: deploys enterprise to its own repo. * build: inline docs * build: publishes beta releases to separate repos. * refactoring * build: makes repo update enterprise compatible. * build: uses official deployment image. * build: adds aptly and createrepo to deploy tools. * build: handles unexpected cases. * build: only adds the correct packages to the repo. * build: rpm repo deploy. * build: repo update input error. * build: release of debs to our debian repo. * Added tests for TestRuleButton * Removed Test Rule button from Angular and view * Added TestRuleButton * Hint for user on when the repeat is applied * Removes unnecessary warnings from webpack output about missing exports * Use factors for max repeated panels per row * Fixing TS errors and updating snapshot * Move Portal to @grafana/ui * chore: Move sass code related to custom scrollbar into @grafana/ui #14759 * Post merge updates * chore: Move CustomScrollbar to @grafana/ui #14759 * changed light theme page background gradient * WIP * Max number of repeated panels per row * wip * Make tooltips persistent when hovered * docs: rpm/deb beta repo. * update snapshot * add form grow * fix: Clean up per PR feedback. Thanks @dprokop * removing duplicated things * minor code refactor * splitting into more files * Moved AlertTab and StateHistory to app/features/alerting * fix: When loki is default data source, datasource is passed as undefined to QueryOptions #14667 * remove redundant max-width. it's already declared in gf-form-select-box__menu-list * add typing for metric descriptor * Removed unused Popover component * Update components to fit updated PopperController API * make templateSrv a prop * Refactored withPoper HOC to PopperController using render prop * use correct event handler name convention. register directive on startup * fix: Remove the onRenderError prop and add an ErrorBoundary component * replace fragment with empty jsx tags * refactoring tests * ugly fix. will be removed later on * adds note for #13914 and #14581 * moved all units * fix: GraphPanel should be a PureComponent * fix more broken tests * feat: Display error when plot fail to render * wip: fix broken tests * adding more units and functions * Remove the jump effect on run query button * ugly temporary fix for scope issue. will be removed later on * refactoring * fix filter bug * fix: Light theme corner bg color update * set max width on the whole menu list instead * bind array instead of function * feat: Add 'theme' to Tooltip * Notify user on query error * Revert 'Revert 'add max width to group header description'' * Revert 'add max width to group header description' * remove not used property * fix broken tests * use correct type for select option * set issearchable default value to true * make variable type more slim * remove group name from select component. let the parent set group name instead * move component to components dir. also move directive registration out from datasource * add template variable type * rename template variables prop * rename selected prop * rename searchable prop * improve component performance * add max width to group header description * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * updated scrollbar snapshot * remove not used files * Fixed new gometalinter issues * fix JSON in responses for Admin API documentation * 14722 - removing unnecessary arn check that breaks assume role feature in other AWS partitions * Fixed issue with cut legend in firefox & mobile devices, fixes #14744 and #14489 * Some cleanup * EqualFold() * forgot go fmt * pull connection string args from url instead * Add mean on distribution as well * docs: updated debian and centos repo. * Fix stackdriver aggregation series merge * first stuff * Updated documentation for new macros * Minor refactoring of EditorTabBody * Fixed timepicker css issue introduced by PR #14700 and remove hotfix from 297241c * AlertTab style fixes * Updated alert tab layout & markup * Changed datasource list page default layout mode * Fixed timepicker css issue introduced by PR #14700 * Added macros to mysql * FIxed syntaxis mistake unixEpochNanoFrom and unixEpochNanoTo * Added previous macros to mssql * Added unixEpochNanoTo and unixEpochNanoFrom macros to postgresql * Renamed unixEpochFilterNano to unixEpochNanoFilter * cleanup * add aggregation tests * add tests * Fix issue with value disappearing when selecting stat * Fixing issue with value color being wrong * initial design for way to build value formats lazily and a backward compatability layer via Proxy * fix template variable bug * Don't cut off subsecond precision for postgres macros * Nanosecond timestamp support postgresql * remove not used file * Fixed new gotmetalinter warning * add support for defining additonal database connection string args via extra_connection_string_args * clear history * cleanup. remove comments, not used files etc * state history tab * fix broken tests * use correct type for select option * set issearchable default value to true * make variable type more slim * remove group name from select component. let the parent set group name instead * move component to components dir. also move directive registration out from datasource * add template variable type * rename template variables prop * rename selected prop * rename searchable prop * improve component performance * add max width to group header description * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * s/initialDatasourceId/initialDatasource/ * add alert in react instead of angular * Fixed issues with panel size in edit mode, fixes #14703 * hide protip if not defined * fix filter bug * add help text component * Tweak datetime picker layout for mobile * Explore: Remember last use datasource * Update yarn.lock * Logs data model: add more log levels * Review feedback * Explore: fix loading indicator z-index on panel container * Loki: change query row to be single field again * Explore: logging UI style fixes * Loki: query limit configurable in datasource * Removed rxjs compat * ldap: adds extra debug logging * reactify annotation query editor * adds orgId to user dto for provisioned dashboards * Update rxjs * closes the body properly on successful webhooks * makes cache mode configurable * Fix general tab typos * added node-sass as dev dependency, needed after I removed grunt-sass * Husky and sasslint fixes, fixes #14638 * Added a form component to @grafana/ui * created visualizations folder * Fixed JQuery typing issues * Typings issues * wip: moving react graph component to grafana/ui * Don't do a full frontend release build in test-frontend job, added typescheck (tsc noEmit) instead, fixes #14639 * Moved sass for component to @grafana/ui lib * Moving a couple of types to @grafana/ui * Testing moving out one type to grafana/ui * Increased margin between controls in logs panel, fixes #14637 * Fixed dashboard links not updating after variable or time range change, fixes #14493 * Fixed group button tooltip placement from auto to bottom, fixes #14634 * Removing erroneous backtick in docs * Updating docs for auth_proxy whitelist CIDR support * Add timestamp back to log entry type * Update public/app/plugins/datasource/loki/result_transformer.ts * Loki: fix timestamp field * Fixed panel height & scroll issue with flexbox in firefox, fixes #14620 * remove segment srv prop * use ds template srv reference * remove not used stuff * add event handler * add help component * Add support for InfluxDB's time zone clause (backend) * note to future me * delete works * grunt test task update * Add support for InfluxDB's time zone clause * @grafana/ui lib now contains one components, seperate lint & tsc steps * changelog: add notes about closing #14519 * Grafana ui lib is starting to work * typings and renamings * breaking up grafana into multiple packages poc * add project and help component * add alias by component * add alignment periods component * cleanup aggregation picker * move alignment population code to parent component. make alignment a stateless component instead. * flatten target obj * Grafana ui library poc * elasticsearch: support bucket script pipeline aggregations * Add units for blood sugar concentration 💉 * on deselect when reducer is set to none * add alignment component * Fixes undefined issue with angular panels and editorTabs * changelog: adds note about closing #14562 * refactor aggregation picker * use render props pattern * Update field name * Add documentation * use template variable prop * cleanup * Rename the setting and add description * export init notifier func * render editor toolbar buttons * Increase recent and starred limit in search and home dashboard, closes #13950 * changelog: adds note about closing #14486 * Panel help view fixes * rewrite angular view * Add min/max height when resizing and replace debounce with throttle * changelog: adds note about closing #14546 * Adding tests for auth proxy CIDR support * fix only add column if not exists for mysql * changelog: adds note about closing #14109 * fix handling of indices with multiple columns (mysql) * fix only create/drop database indices if not exists/exists * fix signed in user for orgId=0 result should return active org id * Another take on resizing the panel, now using react-draggable * only update session in mysql database when required * Raise datasources number to 5000 * improve component performance * add max width to group header description * copy props to state to make it visible in the view * remove debug logging * rollback test state to before template variables were added * cleanup * move template variable logic to component * remove extra arrow div * refactor to not crash when no links * updating snaps * renaming component * panel help working * snapshots: Close response body after error check * fix condition that expands group if it has a selected child. also make it possible to pass expanded as a prop * align input widths * Update sample and default configs * Add OAuth provider flag to indicate if it's broken * Register BrokenAuthHeaderProviders if needed * Add units for Floating Point Operations per Second * remove console log * rename directive * remove linebreak * remove old group heading * use new generic picker * remove on metric type change * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * update failing tests * remove redundant default value * use new option group in aggregation directive * remove redundant default value * wip: add option group component * wip: add basic option header * Wrap react select component in angular directive * Minor update * Make sure panel id is unique since some datasources (Graphite) will cancel ongoing requests with the same panel id * changelog: adds note about closing #14548 * Adding CIDR capability to auth_proxy whitelist * Minor cleanup now that angular panel edit is no longer * Gauge option form markup fixes * toolbaritems viztab * filter out table responses that don't have columns and rows * enable goto explore from query panel editor for all datasources * started with component for generic panel help * moves migrations to /sqlstore/migrations * adds integration tests to ci build * renames main lock function * clean up integration tests * change from db_text to nvarchar * adds server lock package * initial verison of server lock * Minor react graph panel refactorings and fixes * sorting tests for change value * Fixes issues with user and team picker * fixing coloring * upgrade to golang 1.11.4 * remove printed index * updating test * adding threshold * Refactoring react graph * updated dropdown typeahead to place down instead of up, works better when inside scrollable area * minor style tweak * propagate initial state back to explore query runner * Update gitlab.md * Update github.md * minor style fixes * Updated snapshot * Switched to react-select fork * ldap: upgrades go-ldap to v3 * table: fixes #14484. Renders epoch string if date column style * changelog: adds note for #14483 * Fix for no metrics panels, now goes to viz tab and does not show queries tab * minor style fix * minor change to table panel edit options * minor tweaks to text panel * Fixes and cleanup * Show predefined time ranges as first in timepicker on small screens * code cleanup in add panel, and switched off grid css transforms to fix z-index issuse * minor tweaks to alert tab * fixed name of alert tab * removed unnessary test * updated add panel a bit * minor style fix * updated snapshot * fixes to unit picker * updates on thresholds component * remove check on axis.used in flot #13765 * Added custom scrollbar to select component * removed a test that isn't neccessery any more * replaced content in addpanelpanel with three buttons that can create new panel, paste copied panel, and add a new row, to paste panel one must copy one first, code is still quite rough * fixed cloudwatch issue * select refactor fixes * gauge working without thresholds * changin colors * explore using data source picker * fixing issue with copy invite link * getting closer with no thresholds * renamed folder to select * User picker using common select componnet * wip: unifying select components * fixing input unit test failure * fixed issue with switching panels * refactored panel-option-section into react component * removed console log * updated styles * starting with threshold refactor * wip: convert angular directives to react components * wip: style change progress * Update latest.json * wip: styles are starting to come together * wip: styles * wip: testing new styles * wip: style changes * fixed ordering changing panel types, fixes issues with loading panel options * moving min/max to gauge options * log error when resolvePath * wip: minor style changes * wip: changes * break out metric picker and filter * migration: renames logging ds to loki ds in data_source table * loki: updates the logo * fixing tests * mixing color when * wip * wip * remove on metric type change * things are working * fix remove filter bug * use same color for label as in explore dropdown * cleanup query filter * changelog: add notes about closing #8843 #11175 * fixed unit tests * update failing tests * remove redundant default value * wip * wip * redone state * display value map or range map * add oauth_auto_login setting to defaults file * use new option group in aggregation directive * wip * remove redundant default value * Adding mixed query * Check with lowercase * wip metrics tab changes * changelog: adds note about closing #13754 * wip: making things work again * React-select refactorings * wip: add option group component * wip: add basic option header * wip: react select css refactoring * docs: fix broken link on explore page * wip * changing type and started on Gauge * fix threshold test * Adding label * styling on dropdowns * Using drop down instead * Filter tags select box on text input #14437 * fixed id bug * Using an id to identify mappings * Change KeyboardNavigation from hoc to render prop component * Clean up hoc and extend component props automatically * Let VizTypePicker use the keyboard navigation hoc * Moved more metrics tab to react * Wrap react select component in angular directive * Don't show heading for first tab * snapshots: Add support for deleting external snapshots * docs: explore * snapshots: Move external snapshot creation to backend * snapshots: Add external_delete_url column * Add keyboard navigation to datasource picker via a hoc. * Use react's onKeyDown event on the input instead of event listener on document * Explore: Improved line parsing for logging * fixed typings and remove * updated publish script * Unmount component when fading out to reset its state, such as search.. * Variable rename. Did not make sense at all. * Fix styling for vizPicker keyboard nav and change so only arrow up/down is OK to use * fixed styling * Start adding keyboard navigation to VizPicker * use links instead of bridge network * fix time regions bugs * fixed issue with colorpicker position above window, fixes #14412 * fixed issue with singlestat and repeated scopedVars, was only working for time series data sources, and only if there was any series, now scoped vars is always set, fixes #14367 * fix search tag issues, fixes #14391 * Clear query models when changing data source type, fixes #14394 * fixed issue with grid responsive mode * fixed max height issue not being respected by react select dropdown * removed side menu for column styles, added small header to column styles with a border * Use correct variable name in fail text * Fix search field styles * Enable search also after editing * Explore: Split logging query into selector and search * Fix logs panel meta wrap * Explore: dont pass all rows to all rows, fixes profiler * Explore: Logging dedup tooltips * Explore: Hide scanning again after result was found * Explore: Fix timepicker inputs for absolute dates * Switch to global match for full browser support of escaped custom vars * Allow backslash escaping in custom variables * Fixed issue with logs graph and stacking * align yellow collor with graph in logs table * minor style change * Add the AWS/SES Cloudwatch metrics of BounceRate and ComplaintRate. Pull request #14399 * logs style polish * allow sidemenu sections without children still have a hover menu/header * explore logs options styling * transparent toggle style and new button group style * Toggle buttons * render a value mapping row * removed side menu from display options, kept overrides in display options, moved thresholds and time regions to its own section in visualization * changelog: adds note about closing #11221 * removes unused code * fixes merge error * remove result format. might add this later * filter out build in datasources. add unit test * click on dashboard title moves you back to dashboard instead of search * graphInterval needs to update after query execution, fixes #14364 * Explore: Parse initial dates * Aligned styling of stats popover/box with rest of grafana & minor css refactoring * Remove Explore > 'New tab' from sidebar * initialize empty variables array in constructor so that datasources can use the array in explore * Prometheus: Make result transformer more robust for empty responses * add table support flag in influx config * add scoped vars to query options * Rebase fixes * Explore: Logging line parsing and field stats * fixed unit tests * made unknown color theme aware and sync with graph color, some minor cleanup * initial stuff * Explore: improve error handling * use render props instead of cloneElement * sort of a hacky way to figure if the small variation should be used for the label * add basic button group component, using the the same label style as is * Restore PluginEditCtrl accidently removed * explore logs styling * wip: alternative level styling & hover effect * wip: explore logs styling * more detailed error message for loki * If user login equals user email, only show the email once #14341 * UserPicker and TeamPicker should use min-width instead of fixed widths to avoid overflowing form buttons. #14341 * wip: explore logs styling * restoring monospace & making sure width are correct when hiding columns * fixed logs to time series calculation issue, increased bucket size, fixes #14248 * Always open panel links in new window if user asked for it #14333 * Changing from PureComponent to Component to re-render on link updates made in Angular #14333 * minor tweaks, now table renders faster and changes less on second stage rendering * explore logs css refactoring, step1 * explore logs styling poc, WIP * Fix transparent option #14333 * Add prop key to panelPropsString to avoid a bug when changing another value and the render doesnt trigger * loki: adds proper error handling for config page * renames Grafana Logging ds to Loki * Pass some panel props down as strings to trigger render #14333 * Trigger panel.render on title, description, links change #14333 * Put issue number to test code * Fix bug what updating user quota doesn't work * Fix bug what updating org quota doesn't work * public/app/plugins/*: Fix some misspell issues * public/sass/*: Fix misspell issue * public/app/features/*: Fix some misspell issues * public/app/core/*: Fix some misspell issues * README.md: Fix small typo * fix snapshots * Added isDefault switch on settings * fix to switch component * Rename BodyPortal to Portal and accept prop 'root' which is where the portal should be placed * Create a portal and use it with our popper component (tooltip and popover) to avoid potential overflow-/zindex-bugs * add icon * explore data source selector fix * Update css to use the border-radius variable and add a new variable for the popper's distance to its ref * Update README.md * fix for panel-initialized event not being called * refactored and added tests for panel model remember properties * redact value for plugin proxy routes * pkg/*: Fix misspell issues * fix for panel embedding. Solo panel height was not correctly set. Made panel--solo into panel-solo class. in develop branch we have remove the need for the panel class * added support for influxdb cumulative_sum function in tsdb * Use buildTableConstraint instead of buildSchemaConstraint to find the datatype of a column if using a table from a different database schema * Readme: We should write Node.js the same way in all places in the readme * Small tooltip css-adjustments and add css for position 'bottom-start' used by the panel header corner * Explore: Display duplicate row count as number * Adapt styles * Explore: Logging query live preview of matches * added max-widths to explore start pages boxes * Alert tab fails when datasource method targetContainsTemplate doesnt exist #14274 * improve comments * fixed promql and loggging syntax so all punctuation chars are treated the same, remove hover move * remove all query empty related code. root cause of the problem was to fix hasNonEmptyQuery * Let the cached props from previous visualization be the masters, unless specified in keepLatestProps const * POC on how to save away settings from a viztype and restore when switching back to it #14274 * remove redudant spread * Set query empty condition in render function. Also clear query transactions when no valid query is present * Remove query empty from model * fixed logging start page * Use popover styles for stats popover * Fine tune stats styles * Tests for label stats calculation * Explore: Logging label stats * stop scanning when clear all button is clicked * build: update latest when pushing docker. * Use origin meta * only display scan button if there is at least one existing selector that returned an empty result * minor refactoring * Explore: return to grid layout for logs table * Add VizPicker search #14274 * changelog: add notes about closing #11067 * fixed grabage in markup * fix: align input backgrounds for code editors * fixedUnit for Flow:l/min and mL/min * feat: #11067 prevent removing last grafana admin permissions * another style fix for broken dark theme word highlight * fix time regions using zero hours * Misc styling fixes to explore: start page, slate code editor colors, text highlight in auto completeter suggestion * Revert commit * only make it possible to scan for older logs if there is at least one non failing selector * update package.json to next version * Stick to .tsx? for babel file test * changelog: add notes about closing #13815 * changelog: add notes about closing #14246 * arrow function * changelog: add notes about closing #12653 * fix for add/remove labels * Hid 'Forgot your password' link from login menu when reset is disabled * Prevent password reset when login form is disabled or either LDAP or Auth Proxy is enabled * fix for initial options * minor css fixes * update changelog * update latest.json to latest stable version * new stable docs version * minor css fix * redid props for gauge options * dataproxy: Override incoming Authorization header * changelog: add notes about closing #14228 * Explore: Show logging errors from backend * change obj order when merging so that correct format is being used * Explore: Fix logging query parser for regex with quantifiers * Update README.md * Fixed typo in function name * Explore: Fix label and history suggestions * tidy import * let each sql datasource handle timeFrom and timeTo macros * style changes for panel placeholder (move and resize) effect * never load fallback query field. remove commented code * add an error alert component that will be displayed when there was an error loading ds in explore * fix: minor style changes, removed hover scale increase * react-panel: Add nullcheck to prevent error on datasources without meta options * react-panel: Options button should always be enabled now when Time Range-options are there * react-panel: Move time range options to its own component and render it under the options button instead * created color enum * make sure target obj is not destructured so that angular copy of objected can be mutated * Review feedback * react-panel: Add test for Input with validation on blur * react-panel: Input validation should be optional * react-panel: Clean up input validation and increase code readability * react-panel: Time range options moved to 'Queries' tab * react-panel: Remove mock response button for now * react-panel: Remove comments and improve readability in render() * react-panel: Use correct type for children prop to avoid the use of fragments <></> * react-panel: Remove json-formatter-js since we will continue with the 'patched' version * react-panel: Move all query inspector logic into QueryInspector component and start with the 'Mock response' * react-panel: Toggle Expand/Collapse json nodes in Query Inspector * react-panel: Add CopyToClipboard-component and separate QueryInspector to its own component from QueriesTab * react-panel: Trigger panel refresh when opening inspector. Add loading-message * react-panel: Replace JSONFormatter npm package with the current monkey patched JsonExplorer * react-panel: Clean up the JSONFormatter and make sure it updates both on mount and when props update * react-panel: Get real datasource query for query inspector * react-panel: Create component for JSON formatting and use it on query inspector * changelog: add notes about closing #14167 * make getAll return array instead of object * remove obsolete test * Update README.md * Add AWS/CodeBuild namespace for CloudWatch datasource * Fixed styling issues with new checkbox style * Fix other misspell issues * docs/*: Fix misspell issues * CHANGELOG.md: Fix misspell issues * Explore: Logging render performance * remove log * min and max value * update gauge on remove threshold * user added thresholds state * console logs and code layout * pass data correctly to event handler * revert Label change * update color on gauge when changing * remove explore check - make it possible to load all datasources * add table support flag for stackdriver * add table support flag for prometheus * add table support flag for postgres * add table support flag for opentsdb * add table support flag for mysql * add table support flag for mssql * add table support flag for logging * add table support flag for graphite * added google_tag_manager_id from defaults.ini * removed extra whitespace * Update export_import.md * added new icons, fixed so different icons in different themes, added animation to hover on icons, styled choose visualization and datasource for both themes, made som styling adjustments to whole panel editor * sorting tests * remove border * color indicator * add new flag in order to be able to indicate whether the datasource has native support for tables * prevent explore from crashing when table is not present in response * Explore: Logging label filtering * Logging: fix query parsing for selectors with multiple labels * using percentage to not hide search when smaller screen * build: explaining the linux build. * check for null with toLocalString (#14208) * Fix elastic ng-inject (build issue) (#14195) * add current editor to panel targets * Added stop scan button * Explore: Scan for older logs * color picker * remove time srv initialization * restructure imports * get intervals from explore function * unregister all query editor event listeners * remove comments * temp remove until stackdriver implements explore * sort on value * use default range from time picker * Requested Backend changes, removed link in popover description for the offset field * Remove confusing <> from variable intro * includes ranges correctly in the options object * docker: Upgrades base packages in the images. * small fixes * logic for adding rows, styling * chore: correct pause-all-alerts auth in docs * Requested Backend changes, added details to popover description for the offset field * Explore: Fix JS error when switching between 2 prometheus datasources * color touches * Add support for Offset in elasticsearch datasource, date_histogram aggregation, fixes grafana #12653 * Fix tests to account for sortText * build: always test publisher. * build: packages linked to dl.grafana.com. * Fix tests to account for loglevel long names * Explore: Filter logs by log level * styling * created test for some functions * update changelog * mock interval data * fix handle of elasticsearch 6.0+ version * rename variable * hide row specific buttons when query editor is rendered from explore * add support for explore events * minor style fix * minor fixes * docs: various fixes of what's new in v5.4 * use plugin_loader directly instead of using the wrapper * docs: fix old ldap url redirect * fixed issue with babel plugin proposal class properties that initiated properties to void 0. This breaks angularjs preAssignBinding which applies bindings to this before constructor is called. Fixed by using fork of babel plugin. * Explore: make query field suggestions more robust * Fix abbreviations of Litre/min and milliLitre/min (#14114) * Sort Prometheus range suggestions by length * docs: what's new in v5.4 * Explore: swtiching to logging should keep prometheus labels in case of error * tweaks to gf-inline-form style PR #14154 change * adding back button * styling tweaks * initial commit * docs: signout_redirect_url description in auth overview * minor style changes * Sticky footer for all pages * edit mode styling * edit mode styling * edit mode styling * Added comments * style tweaks * render and sort * return actual error if failing to update alert data * Fix issue with deleting a query (empty string not updating) * Fix history rendering for DataQuery * margin when listing multiple gf-form should be right * styling progress * Fix a typo * panel edit ux experiments * changelog: add notes about closing #14150 * temporary fix for starting grafana not running systemd * cloudwatch: handle invalid time ranges * cloudwatch: recover/handle panics when executing queries * Combine query functions * Renamed targets to queries * added icons for panel-edit side menu * updates time range options for alert queries * format: remove </input> and align tabs * updating state * Explore: Introduce DataQuery interface for query handling * Fix set utilities for explore section * typos in docs/sources/alerting/rules.md * typos in docs/sources/alerting/rules.md * fixed failing graph tests * gfdev: fixes unparseable for duration * fixed issue with new legend not checking if panel.legend.show * gfdev: adds alert always in pending state * docs: adds example timeline for alerting for * build: docker build for ge. * react-panel: Avoid duplicate keys * added alert tab to new react panel editor * update path to alerting for image * started on thresholds * react-panel: Add data source 'options'. Needs UX, WIP. * update release publish script links * fixes to view mode for panels, can now go back as before * Add visibility toggle for explore graph series * what's new in v5.4 placeholder * fix label and default threshold * react-panel: Add data source 'help' * fix for issue with error view in production builds * changelog: adds note for #13561 * update changelog * stackdriver: remove not used variable * fixed menu to go to panel view mode * stackdriver: use angular dropdown so that we can restrict user input * stackdriver: make sure object type queries are also checked for vtemplate variables * minor style update * changelog: adds note about closing #13577 * adds basic auth configuration to default.ini * added header section to legacy tabs * stackdriver: reset defaults.ini * changelog: add notes about closing #14120 * changelog: add notes about closing #14129 * switch slider changes * linters. * build: correct filters for ge build artifacts. * build: releaser supports releasing only some artifacts. * Revert 'docs: building Grafana on arm.' * Add doc for api 'GET /api/users/:id/teams' * Re-organize packages and add basic auth test * Revert 'Update google analytics code to submit full URL not just path' * Add Cloudwatch/CloudHSM Metrics and dimensionMaps * remove react warning * added chekbox and other tweaks * refactor options, show labels and markers * docs: building Grafana on arm. * stackdriver: add query keyword to service, metric and project since these were the only fields in the editor that was missing it in the whole editor * Explore: POC dedup logging rows * stackdriver: add query keyword style to query fields * stackdriver: fix failing test * stackdriver: reimplementing service variable query type * Revert 'typo fix' * typo fix * prefix and suffix * decimals * update snapshot * stackdriver: fix failing tests * changelog: add notes about closing #13352 * changelog: add notes about closing #13810 * changelog: add notes about closing #13605 * changelog: add notes about closing #13876 * changelog: add notes about closing #13946 * changelog: add notes about closing #13555 * changelog: add notes about closing #13425 * changelog: add notes about closing #13655 * stackdriver: update docs * stackdriver: add support for template variables * react-panel: Finish the data source search on query tab and start moving switch-data-source-logic from angular * linter. * fixed issue switching back from mixed data source, introduced by react panels changes * build: minor refactor. * build: fixes a bug where nightly rpm builds would be handled as stable. * some touch ups on unit * go meta lint errors * update changelog * builds: introduces enum for relase type. * fix group sync cta link * picker and functionaliy * fixed issue with panel size when going into edit mode * stackdriver: join resource and metric labels. split them in values and keys * changelog: add notes about closing #13924 * build: table-driven tests for publisher. * fix id returned from google is a string * changelog: adds note about closing #7886 & #6202 * changelog: adds note about closing #11893 * Fix param * Add GET /api/users/:id/teams for orgAdmin * Tooltip should be able to take up space when used on an absolute positioned element * minor fixes * panel-header: Move the corner information in the panel header to its own component * changelog: add notes about closing #12550 * fix selected home dashboard should show as selected even though its not starred * panel-header: Move the panel description/links/error container outside of panel header to not interfere with the react-grid stuff * reload browser after preferences been updated * panel-header: Unmount popper when not needed. * fix snapshot tests * panel-header: Updated snapshots for popper * panel-header: Add fade in transition to tooltip * Trying to reduce the amount of duplication with preferences * panel-header: Make it possible to style the reference element and fix so panel description looks good * filter out alpha plugins in api call, fixes #14030 * panel-header: Simplify condition * panel-header: Avoid undefined classNames and use the real panel description * panel-header: Updates for the new react-popper api and make it possible to hover the tooltip popper without it closing * panel-header: Bump @types/react, @types/react-dom, react, react-dom, react-popper to latest versions * panel-header: Display description in modal * update changelog * changelog: add notes about closing #11977 * changelog: add notes about closing #6367 * docs: team http api update * [elasticsearch] Do not set a placeholder to index name, if it's already specified. * changelog: adds note about closing #14043 * fixed issue with save. * fixed mutability issue in dashboard dropdowns * Explore: Fix table pagination styles * team preferences ui * feat: team preferences * Explore: Dont set datasource in state if navigated away * fix switching from es raw document metric breaks query editor * alerting: reduce the length of range queries * Mitigate XSS vulnerabilities in Singlestat panel * Retain decimal precision when exporting CSV * Added Id to BasicUserInfo returns * Added google oauth account id * switch style tweaks * Explore: collapsible result panels * removing test page * format value * default value * created classes for new checkbox and variables * Prometheus: fix rules expansion * handle default value * various fixes to angular loading * Explore: POC for datasource query importers * build: enabled darwin build. * expand groups when searching * build: darwin compatible build env. * maxHeight and style overrides * moved slider into label to make it clickable, styled slider in dark and light theme, created variables for slider * fix: dont setViewMode when nothing has changed * fix redirect issue, caused by timing of events between angular location change and redux state changes * fix datasource testing * panel options now load even when changing type * fixed issues when changing type, need to remove event listeners and cleanup props * build: refactoring. * React edit mode for angular panels progress * minor fixes * fixed order of time range tab * Update ReadMe. * Update google analytics code to submit full URL not just path * devenv: elasticsearch datasources and dashboards * fix pipeline aggregations on doc count * changelog: add notes about closing #5930 * fixed alert tab order and fixed some console logging issues * Add tooltip * some progress on groups and options * changed time region color modes * panel-header: Move the corner information in the panel header to its own component * changelog: add notes about closing #12550 * fix pending alert annotation tooltip icon * alert rule have to be pending before alerting is for is specified * fix selected home dashboard should show as selected even though its not starred * build: internal metrics for packaging. * panel-header: Move the panel description/links/error container outside of panel header to not interfere with the react-grid stuff * alerting: improve annotations for pending state * reload browser after preferences been updated * panel-header: Unmount popper when not needed. * fix snapshot tests * panel-header: Updated snapshots for popper * panel-header: Add fade in transition to tooltip * Trying to reduce the amount of duplication with preferences * stackdriver: revert project test stuff * stackdriver: revert test code * panel-header: Make it possible to style the reference element and fix so panel description looks good * adds pending filter for alert list page * adds pending state to alert list panel * alertmanager: adds tests for should notify * Extracted language provider variables for readibility * devenv: graph time regions test dashboard * fix time regions mutable bug * set default color mode * filter out alpha plugins in api call, fixes #14030 * alerting: support `for` on execution errors and notdata * poc: handling panel edit mode in react even for angular panels poc * panel-header: Simplify condition * wip: minor update * minor fix * css update to switch slider * tests for supporting for with all alerting scenarios * should not notify when going from unknown to pending * Fix formatting and remove enabled toggle * panel-header: Avoid undefined classNames and use the real panel description * wip: switch slider test * panel-header: Updates for the new react-popper api and make it possible to hover the tooltip popper without it closing * panel-header: Bump @types/react, @types/react-dom, react, react-dom, react-popper to latest versions * Add basic authentication support to metrics endpoint * panel-header: Display description in modal * minor panel options type fix * docs: description about graph panel time regions feature * update changelog * changelog: add notes about closing #11977 * changelog: add notes about closing #6367 * docs: team http api update * wip: adding general tab for react panel edit mode * [elasticsearch] Do not set a placeholder to index name, if it's already specified. * devenv: graph time regions test dashboard * create time regions solely based on utc time * started on options and groups * fix: added events to MetricsTabCtrl to closer mimic MetricsPanelCtrl * minor css change * Moved query manipulations from metrics controller to metrics tab so they are more easily shared between angular and react panels * fixed panel focus for react panels * minor changes to react panels * changed how size is calcualted and propagated and added proper interval calc to DataPanel * changelog: adds note about closing #14043 * first stuff * pkg/cmd/grafana-server/server.go: Check sendSystemdNotification return value. * pkg/cmd/grafana-server/server.go: check serviceGraph.Provide() errors * pkg/cmd/grafana-server/main.go: Fix error value not checked * wip panel size handling * fixed issue with save. * fixed mutability issue in dashboard dropdowns * adced clickoutside wrapper * fixed singlestat guage ceneterd dot rendering issue * refactoring back the interval calculation, needs to be different for react panels * fix case where timeshift and time override is used * wip: refactoring interval and time override handling * updates latest to 5.3.4 * changelod: add release date for 5.3.3 and 5.3.4 * devenv: graph time regions test dashboard * graph: Time region support * Explore: Fix table pagination styles * devenv: update alerting with testdata dashboard * stackdriver: use arrow functions * stackdriver: use new naming convention for query editor all over * adds redis devenv block * restore user profile preferences * changelog: add notes about closing #13328 #13949 * updates macaron session package * minor react panels refafactor * removed console.log * some cleanup of unused stuff and type fixes * completed work on panel not found view * Clarify wording of playlist protip * team preferences ui * feat: team preferences * Explore: Dont set datasource in state if navigated away * Explore: Don't suggest term items when text follows * wip: panel plugin not found * fixed scrollbar autohide prop * wip: panel-header: On panel refresh, get new timeRange from timeSrv, not the old one from the state * wip: panel-header: Avoid null returning to get better code readability. High five @ peterholmberg * wip: panel-header: Remove the TimeData type * wip: panel-header: Add proper typings to maxDataPoints and interval + remove code in comment * wip: panel-header: Move getResolution and calculateInterval into utils-functions and use the same code from react and angular * wip: panel-header: Start implementing the applyPanelTimeOverrides in the react panels by moving it to a util, make it pure and call it from angular and react. * import changes * updated text styling when switching views * Add `gofmt -s` to CircleCI * minor fixes based on code review * Fix gofmt issues * Add pic into actionCard message * minor style fixes & polish * minor update * disable custom webkit scrollbar styles * refactoring & cleaning up css * Minor progress on edit mode * improve dropdown pane connetion to tab toolbar * Add megacheck to gometalinter CircleCI target * pkg/tsdb/influxdb/influxdb.go: Fix surrounding loop is unconditionally terminated. * scripts/build/release_publisher/publisher_test.go: Fix trivial megacheck warning. * draw gauge * data source picker demo state * stackdriver: remove service query tyhpe * stackdriver: correct aligner name * fix in to not render multiple labels * stackdriver: typescriptifying props * stackdriver: remove redundant try catch * Update stackdriver.md * Adjust UI depth of query statistics * stackdriver: rename query function * stackdriver: rename query variable * stackdriver: remove debug log * stackdriver: add documentation for the template query editor * stackdriver: test saved variable * stackdriver: fix failing tests * stackdriver: remove services query type * stackdriver: update tests * stackdriver: add tests for render snapshop and default query type * stackdriver: remove lodash since object assign will do the trick * stackdriver: make sure we don't crash when selected service doesnt have a value * stackdriver: add simple render test * stackdriver: rename params * stackdriver: remove not used prop * stackdriver: persist template variable definition * stackdriver: add default value for query type * stackdriver: pass query definition from react, making it possible to use another definition than the query string only * stackdriver: make it possible to use alignment period template variable * stackdriver: make it possible to use aligner template variable * stackdriver: make it possible to use aggregation template variable * stackdriver: make it possible to use aggregation template variable * stackdriver: make it possible to use metric type template variable * stackdriver: set currentdatasource when editview is enabled * stackdriver: return correct value * stackdriver: reset query value on datasource changed * stackdriver: fix default value bug * stackdriver: extend label width * stackdriver: revert refactoring * stackdriver: extract variables for pickers * stackdriver: cleanup * stackriver: rename interface * stackriver: use type for state * stackdriver: rename state vars * stackdriver: extract common function * stackdriver: streamline the way labels are refreshed when a new value is picked in the dropdowns above * stackdriver: handle default state * stackdriver: refactor dropdown component * stackdriver: replace components with basic stateless select * stackdriver: remove not used func. wrap query in exception * stackdriver: reload all child dropdown and update selected accordingly * stackdriver: improve default state handling * stackdriver: use standard naming convention for selects * stackdriver: streamline label change * stackdriver: refactor TemplateQueryComponent * stackdriver: use enum for query type * stackdriver: add aggregation query * stackdriver: add alignment periods * stackdriver: add aligner query * stackdriver: add resource types query * stackdriver: add support for resource label queries * stackdriver: return friendly display name * stackdriver: add metric labels query * stackdriver: move response parsing to datasource file * stackdriver: return values for services and metric types * stackdriver: rename default component * stackdriver: more renaming * stackdriver: refactoring - rename react components and file structure changes * stackdriver: remove not used code * stackdriver: add selector components for service and metric type * stackdriver: refactor stackdriver query ctrl * stackdriver: make sure default template query editor state is propagted to parent angular scope * stackdriver: conditional template component rendering * stackdriver: add react component for template query editor * stackdriver: make it possible to load react plugin components from template query page * stackdriver: add basic directive for loading react plugin components * Preserve suffix text when applying function suggestion * wip: progress on edit mode ux with tabs * can render something * don't drop the value when it equals to None * changelog: adds note about closing #13993 * Remove Origin and Referer headers while proxying requests * Refactored log stream merging, added types, tests, comments * docs: improve helper test for `For` * alerting: adds docs about the for setting * panel-edit-ux-tabs on top alternative * Add new option to set where to open the message url * added loading state * Fixes #13993 - adds more options for Slack notifications * fix switching from es raw document metric breaks query editor * add auth.proxy headers to sample.ini * add auth.proxy headers to default.ini * refactored how testing state was handled, using redux for this felt way to require way to much code * adds debounce duration for alert dashboards in ha_test * fixed issue with reducer sharing url query instance with angular router * fixed exporter bug missing adding requires for datasources only used via data source variable, fixes #13891 * minor text change in export modal * build: removes unused. * clear test box if success * Fixed issues introduced by changing to PureComponent * Added testing state in reducer * further refactoring of #13984 * minor fix * refactorings and some clean-up / removal of things not used * Update docs/sources/permissions/dashboard_folder_permissions.md * Fix typo in docs/sources/reference/scripting.md * experimental option boxes * ux: changed panel selection ux * move enterprise down in menu * wip: panel-header: Fix shareModal compatibility with react and angular * wip: panel-header: Remove custom menu items from panels completely * wip: panel-header: Reverted a lot of code to pause the 'custom menu options' for now * wip: panel-header: More merge conflicts during cherry pick * wip: panel-header: More merge conflicts during cherry pick * Update docs/sources/permissions/datasource_permissions.md * Update docs/sources/permissions/datasource_permissions.md * Update docs/sources/permissions/dashboard_folder_permissions.md * Update docs/sources/http_api/datasource_permissions.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * Update docs/sources/enterprise/index.md * minor change * wip: panel-header: More merge conflicts * Fix loglevel tests for Explore loggging * wip: panel-header: Merge conflicts * wip: panel-header: Fragment not needed anymore * wip: panel-header: Add possibility to add custom actions to the menu by passing them in as props * wip: panel-header: Separate all panel actions to its own file so we decouple them from react * wip: panel-header: Start implementing the Toggle legend, but its not taken all the way * wip: panel-header: Change DashboardPanel to a PureComponent to avoid unwanted rerenders * wip: panel-header: Refactor so 'Share' use the same code in angular+react * wip: panel-header: Add 'Edit JSON' functionality + make sure everyone using the json editor pass in the model property instead of the scope property when triggering the json modal * wip: panel-header: Add 'Copy' functionality * wip: panel-header: Add 'Duplicate' * wip: Add 'Share' to the react panels * wip: panel-header: Move code existing in both angular+react to utility functions * wip: panel-header: Remove panel * Mobx is now Redux * wip: Initial commit for PanelHeaderMenu * changelog: add notes about closing #13903 * changelog: add notes about closing #13932 * unify log level colors between rows and graph * Graph log entries by log level * fix selecting datasource using enter key * Adaptive bar widths for log graph * changelog: add notes about closing #13970 * build: fixes * build: publisher handles nightly builds. * rename and mark functions as private * drag handle css * moved drag handle * fixed options * Time selection via graph * minor code style change * basic panel options working * Adding Cloudwatch AWS/Connect metrics and dimensions * wip: react panel options architecture * export: provide more help regarding export format * build: minor publisher fixes. * extract store from configurestore * added actions * build: publishes grafana enterprise to grafana.com * changelog: adds note about closing #13322 * build: publisher uses local time. * build: publisher supports both local and remote. * build: publisher can find artifacts from local sources. * build: refactor releaser. * build: prepares release tool for finding local releases. * build: improved release publisher dry-run. * build: use build workflow id instead of build number. (#13965) * alerting: delete alerts when parent folder is deleted * refactor dashboard alert extractor * for: use 0m as default for existing alerts and 5m for new * panel options wip * Exposing digest from angular component * adds tests for extracting for property * minor fix * changelog: add notes about closing #13606 * devenv: table panel links * renames `debouceduration` to `for` * introduce state `unknown` for rules that have not been evaluated yet * fixes go meta lint issue * wire up debounce setting in the ui * adds db migration for debounce_duration * introduces hard coded deboucing for alerting * always execute the user teams query * handle error before populating cache * build: fixes gcp push path. * alerting: adds tests for the median reducer * add minimal permission * typo fix for 'has' * Gitlab -> GitLab * changelog: adds note about closing #13945 * Add tests covering alternate syntax for aggregation contexts * Handle suggestions for alternate syntax aggregation contexts * fix terms agg order deprecation warning on es 6+ * fix failing tests * removed file I added accidentally * fixed to template PR issues, #13938 * alerting: increase default duration for queries * Explore: Logging graph overview and view options * Load hash based styles in error.html, too * Add [hash] to filename of grafana.{light,dark}.css * minor tweak to back to dashboard buttons * Fix minor JSON typo in HTTP API docs * remove replaced components * reverting babel change * remove this * removed these unused components * reverting script change * updated snap * tests * minor doc tweaks * updated enterprise page * Added new backend setting for license file * updating state and save * make permission sub items in sidemenu cleaner * changelog: add notes about closing #13925 * Explore: fix metric selector for additional rows * fix for responsive rule for footer * Updated login page logo & wordmark and responsive behavior * added new workmarks * fixed react whitespace warning on teams page * renamed org files to match new naming guide * moved profile pages to it's own feature folder * moved new teams page * reload page after preferences update * Add delta window function to postgres query builder * Increase Telegram captions length limit. * docs: enhanced ldap * Explore: async starts of language provider * listen for changes in angular land and propagate that back to react * docs: fix datasource permissions keywords * build: grafana enterprise docker image. * added caching of signed in user DB calls * added actions * IE11 fix for legend tables below graph * cleaned up render * renders angular component * updated api keys snapshot * restored transition * removed logging call * add table column date format * fixed memory leaks and minor refactoring * build: gpc credentials added to deploy. * changelog: add notes about closing #13762 * update changelog * build: deploys to gcp. * build: deploys to gcp. (#13911) * datasource permission http api * restructure administration/permissions page into a section with sub pages * Fix TimePicker test by enforcing UTC on date string * updated view to use angular loader * Explore: repair logging after code restructuring * docs: schema -> database * build: deployment ci container. (#13902) * docs: mysql * minor progress * Make Explore plugin exports explicit * add functionality to override service in registry * moved state * register datasource cache service with proper name * revert application lifecycle event support * changelog: adds note about closing #13876 * Add new build info metrics that contains more info (#13876) * JS tooling: run TS grunt tasks only when files changed * revert file name change * remove unused code * log error on datasource access denied * include teams on signed in user * application lifecycle event support * refactor datasource caching * Fix cell coloring * Fix bug with background color in table cell with link * add dashnav responsive rule to hide tv button on smaller screens * Implement oauth_auto_login setting * Explore: fix copy/paste on table cells * rename type * using label component * Pluggable components from datasource plugins * fixed type * removed angular code * test and some refactoring * build: adds branch info to binary build * now that css is loaded sync again I can remove some styles from index html body css * WIP babel 7 * Revert to sync loading of css, sometimes js loaded before css which caused issues * Update grafana_stats.json * Makefile: dependency-driven target to build node_modules * removes old invalid release guide * added missing alpha state prop to graph2 panel * minor update * added switch form component * updated graph tests dashboard * fixed width of panel edit mode * Fix query hint tests after refactor * Fixing issue 13855 * Add tests to cover PlaceholdersBuffer and sum hint * Add sum aggregation query suggestion * fixes to angular panel edit mode * Reduce re-renderings when changing view modes * updated singlestat logo * more ux progress * Add tests to cover aggregation context cases * Fix label suggestions for multi-line aggregation queries * panel edit mode changes * Update snapshots. * Use jest.fn instead of string. * Explore: error handling and time fixes * ux experiments * build: builds grafana docker for enterprise at release. * Add code to flot that plots any datapoints which to not have neighbors as 0.5 radius points - fixes https://github.com/grafana/grafana/issues/13605 * adding default value and update actions * build: ge build fix. * build: grafana enterprise docker. (#13839) * moved state to redux, renamed entities * testing panel edit ux idea * changelog: add notes about closing #13769 * add test * cache region result * use default region to call DescribeRegions * fix: updated backend srv to use appEvents and removed parts of alertsSrv * simple select * build: correctly adds enterprise to the filename. (#13831) * docs: improve ES provisioning examples * changelog: adds note about closing #13723 * stackdriver: don't set project name in query response since default project is now loaded in its own query * Optimize the Dingding match values format * Add Dingding message type to support mass text notification * graph legend: fix table padding * Moved prom language features to datasource language provider * Split text template into variable * Add match values into Dingding notification message * graph legend: fix phantomjs rendering when legend is on the right * fix for annotation promise clearing, bug introduced last week when merging react panels step1 * fix panel solo size * mysql: fix timeFilter macro should respect local time zone * load preferences * support template variable in stat field * only look in current database in findMetricTable * graph legend: fix table alignment * fix dingding doc error * fixed routes and page * graph legend: minor refactor * Added types to query rows * update latest.json to latest stable version * changelog: update * cleaned up the flow * changelog: add notes about closing #13280 * delete provisioning meta data when deleting folder * Update the regex-matching in templateSrv to work with the new variable-syntax and be more flexible to regex-changes #13804 * changelog: add notes about closing #13600 * changelog: update * Move the variable regex to constants to make sure we use the same reg… (#13801) * docs: fix tutorials index page. Fixes #13799 * graph panel: fix legend alignment * Explore: fix graph resize on window resize * changelog: adds note for #13691 * docs: fix tutorials index page. Fixes #13799 * Resource type filter (#13784) * Fix race condition on add/remove query row * moving things * typing changes * changelog: add notes about closing #13764 * pkg/tsdb/stackdriver/stackdriver.go: Fix regular expression does not contain any meta characters. * pkg/tsdb/graphite/graphite.go: Fix regular expression does not contain any meta characters. * pkg/login/ldap.go: Fix warning comparison to bool constant * Added margin and correct border radius * Fix rebase, fix empty field still issuing query problem * Changelog: Adds curl to docker image in 5.3.2 * fix: another fix for #13764 , #13793 * Submit query when enabling result viewer * Get query hints per query transaction * docker: adds curl back into the docker image for utility. (#13794) * Explore: query transactions * connected to store, self remove logic * fix: kiosk url fix, fixes #13764 * changelog: add notes about closing #13633 * changelog: add notes about closing #13666 * fix: Text box variables with empty values should not be considered fa… (#13791) * renaming things * graph legend: review fixes * add debug logging of folder/dashbord permission checks * sync mysql query editor template with postgres * add char as datatype for metric and group columns * build: indentation mistake. * build: fixes filename issues. * fix injecting dependencies to graph legend directive * changelog: adds note for #13669 * docs: update debian installation instructions * stackdriver: some tweaks to the text on the config page and in docs * stackdriver: refactoring request builder * stackdriver: remove not used struct * stackdriver: remove not needed scope * stackdriver: add provisioning example for gce authentication * stackdriver: add documentation for gce default account authentication * stackdriver: change name of authentication type * stackdriver: improve config page info box documentation * stackdriver: prevent backend query from being made when there are not yet any defined targets * stackdriver: fix failing tests * stackdriver: improve error handling * graph legend: fix legend when series are having the same alias * stackdriver: remove not used query file * stackdriver: remove test datasource query. use ensuredefaultproject instead * stackdriver: remove debug comments * stackdriver: improve error handling in the datasource * stackdriver: fix typo * stackdriver: add debug logging * stackdriver: fix broken braces * stackdriver: fix broken condition after rebase * stackdriver: use constant instead of variable * stackdriver: remove debug log * stackdriver: fix failing test * stackdriver: use gce variable * stackdriver: add variable for gce authentication type * stackdriver: get default project from backend. also ensure default project could be retrieved when authentication type is gce * stackdriver: only load default project from backend if it's not available on the target. this might happen when using gce authentication and provisioning * stackdriver: display error message if project name is not present in jwt file * stackdriver: only load project name if it's not already stored in the ds info json * stackdriver: add default value for authentication type * stackdriver: wip - remove debug code * stackdriver: improve ui for toggling authentication type * stackdriver: only get default token from metadata server when applying route * stackdriver: only get default token from metadata server when applying route * stackdriver: make backend query a pure test datasource function * stackdriver: add status code * stackdriver: wip - return metric descriptors in the format of tablew * stackdriver: wip - get metric descriptors in the backend * stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider * stackdriver: wip - add very basic checkbox for gce auto authentication * stackdriver: break out project name resolving into its own function in the stackdriver.go file * stackdriver: wip - temp remove jwt token auth * stackdriver: wip - always use gce default account for stackdriver * stackdriver: wip - add scope and remove debug code * stackdriver: WIP - test retrieving project id from gce metadata * skip jwt token auth if privateKey is empty * fetch token from GCE metadata server * Revert 'for development' * for development * graph legend: fix quotes displaying * graph legend: minor refactor * Enterprise crosscompilation (#13783) * component working * graph legend: fix rendering after legend changes * graph legend: refactor, fix another review issues * fix: DataPanel isFirstLoad state fix * Fix click-based selection of typeahead suggestion * ux: remove duplicate placeholder attribute * initial work to add shortcut to toggle legend - generic * scripts/build/publish.go: Fix warning on err variable. * pkg/services/alerting/reader.go: Fix should use for range instead of for { select {} }. * pkg/middleware/middleware.go: Fix empty branch warning. * pkg/plugins/plugins.go: remove ineffective break statement. * fix order for mysql, remove postgres specific code * using react component * Explore: reuse table merge from table panel * graph legend: refactor, move behaviour logic into component * stackdriver: add default project to provisioning documentation * adjust meta data queries for mysql * fix references to postgres datatypes * graph legend: review fixes * changelog: add notes about closing #13667 * changelog: add notes about closing #13718 * fixed gofmt issue after go update * fix cannot receive dingding alert bug * fix: fixed variable srv tests * stackdriver: only add unit to resonse obj if it has a value * make interpolateVariable arrow function * fix: another set of fixes for refresh * fixed issue with template refresh * Fix tslint errors * stackdriver: fix failing tests * stackdriver: make sure unit is not returned to the panel if mapping from stackdriver unit to grafana unit can't be made * Fix variable highlighting * Fixed yarn.lock (previous merge took out integrity) * changelog: add notes about closing #13710 * wip: enterprise docs * allow unit override if cloudwatch response unit is none * Revert 'don't overwrite unit if user set' * don't overwrite unit if user set * changelog: add notes about closing #13674 * fix LDAP Grafana admin logic * graph legend: remove unused code * graph legend: refactor * docs: cleanup of how to build for docker. * Review feedback, increased height * changelog: add notes about closing #12342 * update changelog * remove not used file * simplify code * Explore: fix render issues in split view * A list of where to make changes when upgrading Go and Node.js (#13693) * tests * Update PromQueryField tests to address fixed bug * Fix typeahead behaviour for QueryField * permissions: cleanup. * hooked up actions * Explore: Use react-table as table component * created view * docs: installing custom plugins in docker. * Document oauth_auto_login setting * changelog: add notes about closing #13692 * postgres: use arrow function declaration of interpolateVariable * Use closure for calling interpolateVariable * changelog: add notes about closing #12308 * Add socket support for mysql data source * changelog: adds note about closing #12330 and #6696 * remove addpermissions component * cloudwatch: return a distinct list of regions * docs: update cloudwatch iam policy description * removes d in disableResolvedMessage * removed snaps * alerting: tests default value for disable resolve message * re-add hard coded region list * update doc due to client layout change * clean up tests * fix gofmt, add test, correct noted concerns with default value * fix gofmt, add test, correct noted concerns with default value * changelog: add notes about closing #13629 * add encrypt connstr param conditionally on the value chosen via GUI. * graph legend: add color picker (react) * removing datasource permissions states from grafana * update latest.json to latest stable version * update changelog * build: Upgraded nodejs to 8 on appveyor * codestyle * rename UI Option, align with control, update tests * pausing for now * Remove unwanted char * Fix incorrect alt text on logo * return default region list from backend * don't merge hard coded region list * add error message * get regions from after datasource save * show all CloudWatch regions * get region list from ec2:DescribeRegions * fix concurrent map writes * update, don't remove 'Known Issues' docs section. * update provisioning docs. * fix new setting default value handling. * rename new JSON data attrbute. * changelog: add notes about closing #13464 * changelog: add notes about closing #13553 * update changelog * doc(documentation) license * doc(documenation) * add channel option to disable the resolved alert (OK Message) that is sent when condition returns to normal. * Can render graph * Add 'encrypt' setting to MSSQL data source. * rendering settings * build: makes sure publisher.sh is available when deploying. * Fix grammar in log message * changelog: add notes about closing #13641 #13650 * Escape typeahead values in query_part * Escape values in metric segment and sql part * changelog: add notes about closing #13628 * update .bra.toml for using latest bra version * progress on react time series infra * wip: began first steps for a react graph component * various fixes to to queries tab (in react mode) * react panels query processing * react panels: got data * working on react data / query exectution * changed DataPanel from HOC to use render props * fixing unit tests * Removed reference to plugin_api.md (SDK Readme) on the development page as the file that it points to no longer exists. This addresses an open issue on the grafana.org repo * Adding tests * Adding time clockms and clocks * pkg/cmd/grafana-server/main.go: remove os.Kill as it cannot be trapped * changed to plain errors further down the alerting validation model so error did not get double wrapping in ValidationError * alerting: propagate alert validation issues to the user instead of just 'invalid alert data' message * updated gitignore * fix for graph time formating for Last 24h ranges, fixes #13650 * pkg/services/sqlstore/user_auth_test.go: comment unused users slice * fixed a typo * fixed a typo * fix: label values regex for single letter labels * created component for http settings * removes debug log. * make sure to add all variable nodes to dag before linking variables * changelog: adds note for #13607 * updated jest to 23.10 * Adds backend hooks service so extensions can modify index data * fix route issue * removed unused setting variable * minor setting refactorings * renamed extension point in the frontend * updated circleci build-container version * minor change to cloudwatch code formatting * minor ux fix for new select * fmt * grafana/grafana#13340 complete oauth doc * changed property name to UserWasDeleted and added an assert for it * Update check for invalid percentile statistics * pkg/services/alerting/notifiers/telegram.go: check error before close. * pkg/tsdb/*: Fix do not pass a nil Context * devenv: fix influxdb block * docs: refer to v5.3 instead of v5.2 * removed unsused function * docs: stackdriver fixes after review * fix mutability bug, removed unused constructor * stackdriver: check if array is empty to prevent filter from crashing. This closes #13607 * Handle DescriptionPicker's initial state #13425 * stackdriver docs: metric query editor and annotations * Update snapshots after merge * Requests for ds via backend blocked for users without permissions. * Removes unused code. * Remove CTA when CTA-action is clicked instead of a /new route #13471 * Add fancy delete button for ApiKeys. * Add form to both the CTA page and the regular list. * Add onClick handler to CTA. * Updated tests for new protip. * Updated protip, not sure what to write there. * Update tests for ApiKeys CTA screen. * changelog: add notes about closing #13616 * Show CTA if there are no ApiKeys, otherwise show table. * Extract ApiKeyCount from state. * made it possible to have frontend code in symlinked folders that can add routes * Added Loading state on org pages * fix phantomjs render of graph panel when legend as table to the right * changelog: add notes about closing #13172 * add test for es alert when group by has no limit * poc: frontend extensions * added the UserWasRemoved flag to make api aware of what happened to return correct message to UI * Remove user form org now completely removes the user from the system if the user is orphaned * remove tab * bug fix * Update time_series_query.go * changelog: add notes about closing #11711 * add admin page to show enterprise license status * docs: add version notes * tests * Css fix for selected option * User without permission to a datasource won't see it. * Updated test snapshot #13425 * Initialize Explore datasource correctly * Refactors ds permissions to a filter. * Remove the fixed widths and make it possible to pass it in as a prop instead #13425 * User filtering now works properly at the backend #13425 * Removed old code #13425 * Rename css class 'gf-form-select2' to 'gf-form-select-box' #13425 * Use new class names #13425 * Fixes for the tag filtering in the search #13425 * Start implementing the upgraded react-select in the tag filter box #13425 * fix /api/org/users so that query and limit querystrings works * Bump grafana/build-container to 1.2.0 * Revert 'Lock down node version to see if we get rid of the circleci build issue' * Revert 'Try to remove circleci cache to see if that solves the build issue' * Try to remove circleci cache to see if that solves the build issue * Generate yarn.lock from older yarn * Revert 'Add node version output for debugging' * Add node version output for debugging * Lock down node version to see if we get rid of the circleci build issue * Lock down webpack to 4.19.1 to avoid issue with webpack-cli (https://github.com/webpack/webpack/issues/8082) * Bump react-select to 2.1.0 #13425 * Updated lockfile to get rid of build error #13425 * Add frontend filtering of users in user picker #13425 * Replace $white with a color working in both themes #13425 * Replace System.import() with import() to get rid of warning * Clean up css for react-select v2 #13425 * Upgrade Datasources-picker on Explore page #13425 * Enable trailing on the debounce in the TeamPicker (same as in UserPicker) #13425 * Update typescript notifications #13425 * Update (js-) tests and snapshots for react-select 2 #13425 * Remove variables not used #13425 * wip: Remove code for old react-select component #13425 * wip: The pickers are stateful nowadays, no need to pass in the current value #13425 * wip: Upgrade react-select #13425 * set v5.3 as root docs * disable permissions * whatsnew: adds image for Stackdriver * fixing weird arrow in select * update latest.json to 5.3.0 * changelog: set date for 5.3.0 release * fixing permission rows * changelog: add notes about closing #13575 * enable permissions for data source * Use correct naming convention * Fix typo * Provide more information about what's included in the Stackdriver plugin * changelog: add notes about closing #13575 * cloudwatch: return early if execute query returns error * fix tab switching * add test for automatically unit set * fix crach bug * fix id validation * refactoring after review comments * changelog: adds note for #13559 * added setting top hide plugins in alpha state * wip: fixed issues now things are starting to work as before for angular panels * pausing permissions list * Block graph queries from being queued until annotation datasource promises resolve * Redone with DataSourcePermissions * remove datasource permission admin for now * reverted AddPermissions * Explore: highlight typed text in suggestions * Update provisioning.md (#13572) * stackdriver: update docs, showing how to escape private key and use yaml multiline strings * modified AddPermissions component * set unit for CloudWatch GetMetricStatistics result * Remove duplicate labels in the datasource query * render drag handle only in edit mode * ux: minor update to look of stackdriver query help * changelog: adds note for #13495 * add gopkg.in/square/go-jose.v2 to dependencies, update github.com/hashicorp/yamux * adding permissions component * reverted back and using angular for settings and dashboards * stackdriver: improve filter docs for wildcards and regular expressions * stackdriver: always use regex full match for =~ and !=~operator * stackdriver: add tests from regex matching * stackdriver: always use regex full match for =~ and !=~operator * stackdriver: test build filter string * stackdriver: test that no interpolation is done when there are no wildcards * stackdriver: remove debug logging * stackdriver: add more tests * stackdriver: fix broken substring. also adds tests * stackdriver: remove not necessary helper functions * stackdriver: interpolate stackdriver filter wildcards when asterix is used in filter * stackdriver metric name fix. Fixes #13562 * Fixed nav model * fix for influxdb annotation issue that caused text to be shown twice, fixes #13553 * wip: restoring old angular panel tabs / edit mode * ux: final fixes to new datasource page * Fix text overflow on playlist search #13464 * docs: fix minor typos * ux: more minor ds setting tweaks * ux: more minor ds setting tweaks * ux: tweaks to add datasource page and datasource settings page * Fixed typo in query editor placeholder text. * Explore: do not show default suggestions after expressions * Explore: trigger a query field render to fix highlighting * Explore: compact state URLs * fix gofmt tests output * removed duplicate route * Use size-me to resize explore Graph, added types * algorithm to find new name if it exists * ux: misc react migration fixes and info box style improvement * docs: new variable type text box that allows free text input * docs: annotations tag filter with template variable support * docs: whats new in 5.3 - a few tweaks * mysql: note about connection max lifetime and wait_timeout * Explore: reset typeahead on cursor move * Explore: resize graph on window resize * Fix rate function hint for series with nulls * Extract query hints * Prevent Explore from updating when typing query * Avoid new metrics options being passed selector, made PromField pure * Perf on query field and typeahead * Dont rebuild datasource options on each render * contributing.md * changelog: add notes about closing #13326 * react-2-angular: added generic angular directive loader util that can be used from react * search data source types * mini fix * css: minor fix to search * bump master version to 5.4.0-pre1 * provisioning: adds more logging about failed to deletion of provisioned dashboards * various fixes and improvements * changelog: set date for 5.3.0-beta3 release * build: fix for invalid pathing for release publisher * changlog: adds note about closing #13551 and #13507 * new grid layout add data source * test: updated react snapshot * ux: minor tweak to link * stackdriver: adds missing nginject attribute * docs: better wording and docs links. * Fix issue with updating role permissions #13507 * fixed toggle buttons * dataproxy should forward a trailing slash to proxy * add datasource proxy test to verify trailing slashes are forwarded * centered dashboard icon in search with flexbox * mssql: fix tests * build: automatically publish releases to grafana.com. * updated after pr feedback * pkg/tsdb/postgres/postgres_test.go: pass context.Background() instead of nil * pkg/tsdb/mysql/mysql_test.go: pass context.Background() instead of nil * pkg/tsdb/mssql/mssql_test.go: pass context.Background() instead of nil * adjust mssql tests * pkg/tsdb/elasticsearch/client/client_test.go: pass context.Background() instead of nil * added data source type type * pkg/services/alerting/notifiers/telegram_test.go: pass context.Background() instead of nil * remove generic macros from macros_test and add integration test for generic macros * Revert 'Revert 'Org users to react'' * Revert 'Org users to react' * add postgres test for global macros * add test * stackdriver heatmap support * added slow queries scenario to test data source, added new panel test dashboard with slow queries * Fix 'appropriate'-typo * Update configuration doc to include socket@server * move timeFrom, timeTo, unixEpochFrom and unixEpochTo macros to sql_engine * wip: began work on support for testdata tables & annotations support * docs: connection limits for sql datasources * ux: put connection limits under own section * fiddling with validation * changelog: adds note about closing #13492 * view and route * wip: made sqlstore dialect accessable from outside * better comment about state changes * get or create alert notification should use transaction * use notification state id instead of notifier id * merges defaultShouldNotify and ShouldNotify * move version conflict logging for mark as complete to sqlstore package * removed duplicate route * improve local variable name * avoid exporting notificationState and notificationStateSlice * avoid sending full notification state to pending/complete * deleting obsolete things * Make max open, max idle connections and connection max life time configurable * snap * fix after merge from master * rename GetNotificationStateQuery to GetOrCreateNotificationStateQuery * reminder: uses UpdatedAt to track state changes. * snaps * invitees * changed from RFC to PureComponent * devenv: add postgres ha test config example * wip: going in circles * typo in sample.ini * pkg/tsdb/cloudwatch/credentials.go: Remove unnecessary variable assignment * pkg/cmd/grafana-server/main.go: '_ = <-ch' simplified to '<-ch' * pkg/tsdb/stackdriver/stackdriver_test.go: return simplified * Fix megacheck issue unused code. * invites table * Update ldap.md * use alert state changes counter as secondary version * wip: data source permissions hooks * docs: stackdriver version notice. * tests * added default prop instead of specifying prop * filter users in selector based on search * Moved explore helpers to utils/explore * Explore: jump to explore from panels with mixed datasources * functions and tests * cleanup alert_notification_state when deleting alert rules and channels * don't notify if notification state pending * remove unused code * stackdriver: set default view parameter to FULL * stackdriver: no tags for annotations (yet) * stackdriver: add help section for annotations * devenv: enable some debug logging for ha test setup * alert -> ok with reminders enabled should send * stackdriver: revert an accidental commit for text template variable * Added test for url state in Explore * Make Explore a pure component * first crude display * stackdriver: remove metric.category alias pattern * stackdriver: remove commented code * stackdriver: unit test group by and aggregation dropdown changes * stackdriver: make it impossible to select no aggregation when a group by is selected * Explore: Store UI state in URL * stackdriver: add relevant error message for when a user tries to create a template variable * stackdriver: make sure labels are loaded when service is changed in dropdown * stackdriver: change info logging to debug logging * stackdriver: change pattern for annotation to metric.value * stackdriver: add support for bool values * stackdriver: add support for int64 values * stackdriver: use correct default value for alignment period * stackdriver: fix reducer names * fix set sent_at on complete * snaps * noop services poc * implemented general actionbar * handle pending and completed state for alert notifications * stackdriver: fix froamt annotation text for value * stackdriver: make it possible to use point values of type string * No need to get alert notification state in ShouldNotify * using constant * added no datasources added * stackdriver: broadcasting through $scope doesnt work anymore since query_filter_ctrl is now a sibling directive to query_aggregation_ctrl, so broadcasting is now done using $rootScope * wip: test get alert notification state * wip: send and mark as complete * components, test, removed old not used files * wip: impl so that get alertstate also creates it if it does not exist * fix: preloader element issue * Adding AWS Isolated Regions * wip * stackdriver: pattern formatting for annotations * stackdriver: fix alignment period bug * stackdriver: set first metric as selected if no metric could be retrieved from the target * stackdriver: wip annotation support * Compile TS of the whole project to detect type errors * stackdriver: update tests * stackdriver: es6 style directive, avoid using scope * deletez * refactoring: slight changes to PR #13247 * revert rename * stackdriver: fix typescript error * stackdriver: remove not needed alignment option * using constant * stackdriver: extract out filter, metric type directive * stackdriver: add unit tests to resolve unit function * rename to pluginlistitem * fixing types * stackdriver: convert most common stackdriver units to grafana units if possible * sqlstore: add support for checking if error is constraint validation error * rewrote to use react.sfc * explore: fixes to dark theme, fixes #13349 * Remove angular code related to API Keys and point the route to the React component #13411 * Open modal with API key information after key is added #13411 * Add tests for the reducers & selectors for API keys #13411 * Update test-snapshot, remove dead code #13411 * Add tests for ApiKeysPage #13411 * Add 'search box' and a 'add new' box to the new API Keys page #13411 * Pick up the type from app/types * Pick up the type from app/types * Move User type out of UserPicker and into app/types * wip: Reactify the api keys page #13411 * add support for mysql and postgres unique index error codes * implement sql queries for transactional alert reminders * stackdriver: fix typescript errors * stackdriver: pass interval from panel to backend * stackdriver: remove debug logging * stackdriver: update docs so that they align with alignment period rules in stackdriver gui * stackdriver: update alignment period rules according to stackdriver * stackdriver: set target to be raw query * stackdriver: publish docs to v5.3 (not root) * initial rename refactoring * changelog: adds note about closing #12534 * devenv: grafana high availability (ha) test setup * stackdriver: use more appropriate test data * Add goconst to CircleCI * fix: also set dashboard refresh to false * simplified fix for 12030 * prevent refresh on fixed time window * using more variables * stackdriver: fix broken test * stackdriver: workaround for the fact the jest definitions does not include not * stackdriver: docs update * stackdriver: WIP - implement stackdriver style auto alignment period. also return the used alignment period and display it in the query editor * stackdriver: distinct grafana auto from stackdriver auto in alignment period * stackdriver: use correct name for variable * stackdriver: remove montly from alignment periods * Added constant * tests * stackdriver: add alignemnt period * stackdriver: make sure service and metric display name is used instead of value when loading a saved query editor * alerting: move all notification conditions to defaultShouldNotify * stackdriver: use correct event name * stackdriver: fix broken tests * stackdriver: update aggregation and alignment before refreshing when changing metric * stackdriver: use correct naming convention * stackdriver: get value type and metric kind from metric descriptor instead of from latest metric result * filter NULL values for column value suggestions * changed to first and last child * imguploader: Add support for ECS credential provider for S3 * stackdriver: adds on-change with debounce for alias by field * cli: fix init of bus * Remove .dropdown-menu-open on body click fixes #13409 * stackdriver: improve aggregation logic * stackdriver: fix failing test * stackdriver: wip: split metric dropdown into two parts - resource and metric * first test * stackdriver: remove console.log * filter plugins and layout mode * stackdriver: typescriptifying controller * render list * stackdriver: break out aggretation logic into its own directive and controller. also adds tests for new dropdown population logic * Remove option r from ln command since its not working everywhere * fix: updated tests * using variable * Fix spelling of your and you're * Changed setting to be an alerting setting * created test for graph disclaimer * Remove non-existing css prop * fix: Legend to the right, as table, should follow the width prop. Removing css conflicting with baron's width calculation. #13312 * stackdriver: populate alignment and aggregation dropdowns based on metric type and value type * docs: postgres gif. * limit number of time series show in explore graph * docs: whats new for 5.3 * rendering: Added concurrent rendering limits * stackdriver: fix test after parameter added to constructor * stackdriver: skeleton for more query types on the backend * stackdriver: better error handling for getLabels * stackdriver: move getLabels from query_ctrl to datasource * Run all sql data source queries for one panel concurrently * removed border, cleaned up css and fixed class naming * devenv: fix uid for bulk alert dashboards * Explore: moved code to app/features/explore * target gfdev-prometheus datasource * stackdriver: fix bug when multiple projects connected to service account * devenv: adds script for creating many dashboards with alerts * stackdriver: refactoring - extract out filtersegments component * stackdriver: alias patterns WIP * Fix goconst issues * When stacking graphs, always include the y-offset so that tooltips can render proper values for individual points * provisioning: changed provisioning default update interval from 3 to 10 seconds * Update render.js * Update render.js * Fix https://github.com/grafana/grafana/issues/13387 metric segment options displays after blur * docs: improve oauth generic azure ad instructions * invalidate access token cache after datasource is updated * Fix datbase > database * Fix changed want md5 hash * Revert Fahrenheit to Farenheit * Fix some typos found by codespell * Fix misspell issues * fix: use same User-Agent header as in other places in grafana when making external requests * docs: changed Json Web Token wording to be just JSON key file * added beta notice * created switch button for org users that can toggle between users and invites * pkg/tracing/tracing.go: replace deprecated cfg.New function * stackdriver: remove WIP tests * pkg/services/sqlstore/user.go: empty branch * pkg/tsdb/elasticsearch/response_parser.go: simplify redundant code * pkg/tsdb/elasticsearch/client/search_request.go: simplify loop with append. * Explore: remove closing brace with opening brace * Explore: show series title in tooltip of legend item * Explore: dont rate-hint on rate queries * Explore: Fix metric suggestions when first letters have been typed * Fix misspelled authentication in Auth overview doc * fix reader linux test * resolve symlink on each run * stackdriver: add templating support for metric, filter and group by * wip: panel options idea2 * stackdriver: use group by fields to create default alias * make sure we don't add the slash twice * Update render.js * devenv: fix docker blocks paths * Updated phantomjs render script to take full height screenshots * devenv: re-add missing docker-compose files * Explore: Fix label suggestions for recording rules * Explore: Fix click to filter for recording rule expressions * Don't use unnest in queries for redshift compatibility * pkg/tsdb/elasticsearch/client/client.go: use time.Since instead of time.Now().Sub * pkg/plugins/dashboards_updater.go: Simplify err check * pkg/services/sqlstore/alert_notification.go: Simplify err check * remove the test that does not do anything * add the trailing slash * stackdriver: add custom User-Agent header * stackdriver: remove hardcoding of test project name * updated * set maxworkers 2 for frontend tests * removes codedov refs * disable codecov * add a test * Fix setting test * stackdriver: improve query look * moves /tests to /pkg/plugins * stackdriver: add alignment period to query controller * stackdriver: making sure we dont pass too big alignmentPeriods to the stackdriver api * stackdriver: fix broken tests * stackdriver: adds default value for alignment period * stackdriver: use alignment period that is passed from frontend. if set to auto, use value provided from the panel. also added tests for alignment period * stackdriver: use alignment that is passed from frontend in the query * stackdriver: adds advanced options collapse to query editor with the possibility to select secondary aggregation and alignment * removes testdata from getting started * stackdriver: fix init labels bug * moves benchmark script to devenv * moves docker/ to devenv/docker * changelog: adds note about closing #9735 * docs: add version disclaimer for postgres query editor * moves files from /tests to more appropriate folders * docs: template variable support for annotations * Update getting_started.md * pkg/services/sqlstore: Fix sess.Id is deprecated: use ID instead. (megacheck) * pkg/services/sqlstore: Fix x.Sql is deprecated: use SQL instead. (megacheck) * fix: increased team picker limit to 50, closes #13294 * rename folder * Add documentation for PostgreSQL query builder * stackdriver: improve query editor to handle no data better * stackdriver: fixes in query editor * stackdriver: type rename * display team member labels * new column for team_member table * fix hipchat color code used 'no data' notifications * stackdriver: makes sure filter dropdown doesnt crash if clicked before values are loaded * fixes strange gofmt formatting * stackdriver: adds null check to query * gdev: added test dashboard for polystat panel * Explore: Add multiline syntax highlighting to query field * stackdriver: add support for filtering to backend * Hotfix for Explore (empty page after running query) * stackdriver: add filters to query editor * ldap: made minor change to group search, and to docs * stackdriver: fixes remove option in filter * dsproxy: add mutex protection to the token caches * metrics: starts some counters at zero * tech: remove all mobx stuff * stackdriver: wip - filters for query editor * stackdriver: adds remove group by option * stackdriver: improve segments for group bys in query editor * stackdriver: load time series meta data for group by dropdown * stackdriver: make sure distinct labels are returned. also added test * stackdriver: fix failing test * stackdriver: test get metric types * stackdriver: wip - group bys * stackdriver: update logo * stackdriver: ux for config page, docs updated * upload: make the button text configurable * stackdriver: add simple readme * stackdriver: reverse points array to be in ascending order * stackdriver: adds support for primary aggregations * stackdriver: better error handling and show query metadata * stackdriver: tests for parsing api response * stackdriver: add first test for parsing frontend queries * Stackdriver: Fix weird assignment * Stackdriver: Use metric type from query controller state * Stackdriver: Set target correctly * Stackdriver: Break out parse response to its own func * Stackdriver: Use ds_auth_provider in stackdriver. This will make sure the token is renewed when it has exporired * Stackdriver: Restructured ds proxy tests * stackdriver: fix test * Stackdriver: Add new file * Stackdriver: Start breaking out apply route to its own file * Stackdriver: Parsed url params * Stackdriver: Parse datapoints correctly * Stackdriver: Add backed query using * Stackdriver: Prettify json * Stackdriver: Move data to target * Stackdriver: Load example metric and start parsing response * Stackdriver: Exposing stackdriver backend api * Stackdriver: Use new access token API * Stackdriver: Temporary exporting token lookup * Stackdriver: Loads project name and metrics descriptions into the query controller * Stackdriver: Corrected field title and removed debug logging * Stackdriver: Removed debug logging * Stackdriver: Improved feedback for when a JWT is already uploaded in the ds config page * docs: first draft for stackdriver datasource * dsproxy: implements support for plugin routes with jwt file * Stackdriver: Added test for getProjects * Stackdriver: Refactored api call to google resource manager * Stackdriver: Add scope for google resource manager * Stackdriver: Fixed error message from google resource manager * Removes comment * Adds skeleton for loading projects from google resource manager * Adds unit tests to test datasource * Implemented datasource test * Fixed broken if statement * Adds jwt token signing google auth * Improved user experience * Upload: Fixing link function in directive * Adds poc code for retrieving google auth accesstoken * Build new stackdriver frontend script * Add stackdriver backend skeleton * Adds stackdriver frontend skeleton * Use datasource cache for backend tsdb/query endpoint (#13266) * added underline to links in table * fix: add permission fixes * test: added simple dashboard reducer test * feat: dashboard permissions are working * Fix gauge display accuracy for 'percent (0.0-1.0)' * use pluginName consistently when upgrading plugins * removes old unused examples (#13260) * fix: added loading screen error scenario (#13256) * changelog: add notes about closing #11555 * Interpolate $__interval in backend for alerting with sql datasources (#13156) * anonymous usage stats for authentication types * disabling internal metrics disables /metric endpoint * wip: dashboard permissions to redux * renames PartialMatch to MatchAny * fix: add folder permission fix * fix: fixed tslint issue introduced in recent prometheus PR merge * Folder pages to redux (#13235) * folder permissions in redux * minor fix * fix test * add annotation option to treat series value as timestamp * wip: first couple of things starting to work * fix: added reducer test * Adhoc-filtering for prometheus dashboards (#13212) * docs: include active directory ldap example and restructure * First pass at a text based template var, getting feedback from devs * fix: url update loop fix (#13243) * wip: working on reducer test * fix: gofmt issues * fix: added loading nav states * redux: moved folders to it's own features folder * fix theme parameter not working problem while prefer theme set to light (#13232) * fix: added type export to fix failing test * fix: fixed typescript test error * mobx -> redux: major progress on folder migration * another circleci fix * Another circleci fix * changed gometalinter to use github master * commented out metalinter as gopkg is having issues * wip: folder settings page to redux progress * Fix prometheus label filtering for comparison queries (#13213) * Upgrade react and enzyme (#13224) * enable partial tag matches for annotations * put folder name under dashboard name, tweaked aliginments in search results * support template variables with multiple values * Teams page replace mobx (#13219) * renames jest files to match new convention * upgrade of typescript and tslint and jest (#13223) * fix nil pointer dereference (#13221) * removes protoc from makefile * wip: folder to redux * changelog: note about closing #11681 * Adding Centrify configuration for Oauth * wip: progress on redux folder store * wip: moving option tabs into viz tab * fix: changing edit / view fullscreen modes now work * actions for group sync * initial render/refresh timing issues * team settings * wip: began folder to redux migration * test for team member selector * flattened team state, tests for TeamMembers * refactor: moved stuff into new features dir manage-dashboards * move: moved styleguide to admin * fix: fixed singlestat test broken due to file move * moved folders from features into the main feature folder they belong to * Add jsonnet with grafonnet-lib to provisioning docs * fix: Dashboard permissions now shows correctly, fixes #13201 * redux: do not use redux logger middleware in production builds * Allow oauth email attribute name to be configurable (#13006) * Document required order for time series queries (#13204) * refactor: changed AlertRuleItem pause action to callback * Fix query builder queries for interval start * team members, bug in fetching team * renaming things in admin * graph legend: use refactored version of scrollbar, #13175 * Teampages page * refactoring: custom scrollbars PR updated, #13175 * scrollbar: use enzyme for tests instead of react-test-renderer * changelog: add notes about closing #13121 * fix code formatting * Fix quoting to handle non-string values * scrollbar refactor: replace HOC by component with children * graph legend: scroll component refactor * scrollbar refactor: replace HOC by component with children * adds usage stats for alert notifiers (#13173) * changelog: typo * docs: what's new in v5.3 placeholder * tests for withScrollBar() wrapper * tests for withScrollBar() wrapper * changelog: restructure and add 5.3.0-beta1 header * changelog: add notes about closing #13157 * wrapper for react-custom-scrollbars component * graph legend: use 'react-custom-scrollbars' for legend scroll * wrapper for react-custom-scrollbars component * docs: sql datasources min time interval * changelog: note about closing #10424 * docs: minor fixes * docs: Updated auth docs * docs: updated * spelling errors * make default values for alerting configurable * Adding Action to view the graph by its public URL. * changelog: order changes by group (ocd) * changelog: add notes about closing #13030 * added radix rule and changed files to follow rule (#13153) * set search query action and tests * docs: default paths in the docker container. * delete team * added only-arrow-functions rule and changed files to follow new rule (#13154) * load teams and store in redux * build: uses 1.1.0 of the build container. * creating types, actions, reducer * Only authenticate logins when password is set (#13147) * refatoring: minor changes to PR #13149 * Add min time interval to mysql and mssql * build: updated build-container with go1.11. * added no-conditional-assignment rule and changed files to follow new rule * fix test failures for timeInterval * document postgres min time interval * Add min time interval to postgres datasource * Changed functions to arrow functions for only-arrow-functions rule. (#13131) * mobx: removed unused SearchStore * fix: Updated test * redux: minor changes to redux thunk actions and use of typings * Reactify sidebar (#13091) * Changed functions to arrow functions for only-arrow-functions rule. * removed unused mobx state * changed functions to arrowfunctions for only-arrow-functions rule (#13127) * fix: fixed home dashboard redirect issue when behind reverse proxy, fixes #12429 (#13135) * tests * Changed functions to arrow functions for only-arrow-functions rule. * improve remote image rendering (#13102) * handle new variables created not yet added * changelog: add notes about closing #10095 * graph legend: implement series toggling and sorting * docs: postgres provisioning * changelog: adds note about closing #13125 * fixed title prefix, fixes #13123 (#13128) * Reopen log files after receiving a SIGHUP signal (#13112) * Fixed a bug in the test and added test for filter alert rules * graph legend: react component refactor * added Bitcoin as a currency option * added new-parens rule (#13119) * cli: avoid rely on response.ContentLength (#13120) * some basic selector tests * fixed testcase * pausing alert * docs: v5.2 upgrade notice, ref #13084 * changelog: add notes about closing #7330 * extend from purecomponent * remove log * actions and reducers for search filter * added rule use-isnan and and updated file to follow new rule (#13117) * added no-namespace and no-reference rules (#13116) * added no-angle-bracket-type-assertion rule and updatet files to follow rule (#13115) * Updated rules for variable name (#13106) * update wording and punctuation (#13113) * redux: improved state handling * redux: progress * wip: load alert rules via redux * refactor: changed nav store to use nav index and selector instead of initNav action * moving things around * Fix array display from url * wip: solid progress on redux -> angular location bridge update * wip: moving things around * wip: moveing things around * wip: redux refactor * pass timerange in meta data queries * ignore information_schema tables * added jsdoc-format rule and fixed files that didn't follow new rule (#13107) * set member-access and no-var-keyword to true, removed public in two files (#13104) * fix: for text flickering in animation on chrome on windows * graph legend: minor refactor * use quoting functions from MysqlQuery in datasource * render query from query builder * graph: make table markup corresponding to standards * graph: legend as React component * wip: redux * redux: wip progress for using redux * fixed so preloader is removed when app is loaded * removed console.log * separated fade-ins for logo and text, tweaked delays and timing for fade-in animations * docs: minor updates, more work to do * ux: minor fixes to loading screen * start implementing mysql query editor as a copy of postgres query editor * reset metric column when changing table * fix timeFilter resetting when changing table * when changing table, refresh panel once after columns have been changed * added pro-tip text, removed pro-tip link * fixed styling for background and text, added intro animation, added fade in to text * fix timecolumn handling when table changes * set default for timeGroup in query builder to $__interval * when changing table reset columns * fix metric column suggestions * fix suggestions for metric column * Return correct path for OpenBSD in cli's returnOsDefault (#13089) * updated changelog * New TV Mode, dashboard toolbar update (layout change & new cycle view mode button) (#13025) * added this:any to functions and changed functions to arrowfunctions * feat: loading css async & inline svg * Explore: keep query when changing datasources (#13042) * changed var to let in 50 files (#13075) * changed var to let in last files (#13087) * tsconfig: started on setting noImplicitThis to true * tsconfig: format file * document postgres version and TimescaleDB option * tslint: added 1 more rule, #12918 * tslint: added 2 more rules and removed unused component, #12918 * tslint: added a new tslint rule * added rule prefer const to tslint (#13071) * dep ensure (#13074) * hide Query Builder button for table panels * check for correct quoting of multiple singlequotes * changed var to const 2 (#13068) * changed var to const (#13061) * update latest.json to latest stable version * docs: corrected docs description for setting * remove min time interval from datasource config * remove unneeded queryOptions * changelog: add notes about 4.6.4 and 5.2.3 releases * fix quoting * strip quotes when auto adding alias * handle quoting properly for table suggestion * link to github instead * recheck timecolumn when changing table * update filter macro on time column change * string formating fixes * go fmt fixes * Moved tooltip icon from input to label #12945 (#13059) * added empty cta to playlist page + hid playlist table when empty (#12841) * changed from rotating to bouncing, maybe to much squash and stretch * Update provisioning.md * make default mode for table panels raw editor * improve description for timescaledb option * Review feedback. * use series matchers to get label name/value * changelog: add notes about closing #12865 * fixed so validation of empty fields works again * added a loading view with a spining grafana logo * fix handling of variable interpolation for IN expresions * tslint: tslint to const fixes part3 (#13036) * tslint: more const fixes (#13035) * tslint: changing vars -> const (#13034) * tslint: autofix of let -> const (#13033) * fix: minor fix to changing type * upgrades to golang 1.11 * wip: angular panels now have similar edit mode and panel type selection enabling quick changing between panel react and angular panel types * add min interval to postgres datasource * wip: major change for refresh and render events flow * fix: going from fullscreen fix * wip: minor fixes * copy and docs update for alert notification reminders * change/add tests for alerting notification reminders * wip: trying to align react & angular edit modes * WIP Update tslint (#12922) * changelog: add notes about closing #12952 #12965 * build: fixes rpm build when using defaults. * docs: reminder notifications update * changelog: add notes about closing #12486 * docs: changes * created a section under administration for authentication, moved ldap guide here, created pages for auth-proxy, oauth, anonymous auth, ldap sync with grafana ee, and overview, moved authentication guides from configuration to, added linksin configuration page to guides * fixed so animation starts as soon as one pushes the button and animation stops if login failed * added link to getting started to all, changed wording * tests: fix missing tests (with .jest suffix) * docs: alerting notification reminders * update copy/ux for configuring alerting notification reminders * heatmap: fix tooltip bug in firefox * fix tableSegment and timeColumnSegment after table suggestion * Update notifications.md * sql: added code migration type * changelog: add notes about closing #11890 * Explore: Apply tab completion suggestion on Enter (#12904) * Show min-width option only for horizontal repeat (#12981) * Fix bulk-dashboards path (#12978) * add suggestions for reminder frequency and change copy * don't write to notification journal when testing notifier/rule * remove unnecessary conversion (metalinter) * fix after merge with master * Refresh query variable when another variable is used in regex field (#12961) * Webpack tapable plugin deprecation (#12960) * unify quoting * dsproxy: interpolate route url * prefill editor with first metric table * only allow 1 filter macro in where clause * fix timeColumnType assignment * make suggested filter macro depend on type * use unixEpochGroup macro for unix timestamp * alerting: inline docs for the slack channel. * Replacing variable interpolation in 'All value' value * changelog: add notes about closing #12229 * cleaning up test data * changelog: add notes about closing #12892 * docs: es versions supported * devenv: update sql dashboards * when value in variable changes, identify which variable(s) to update * removed inverse btn styling and added bgColor to generic oauth and grafana.com login buttons, added styling so log in button uses dark theme inverse btn styling both for dark and light theme * suggest operators depending on datatype * Doc - fix title level * Update doc about repeating panels * Doc - fix broken link * build: beta versions no longer tagged as latest. * docs: cleanup. * docs: docker and restarts. * update persisted parts on param change * persist datatype information * Don't do value suggestions for numeric and timestamp * created a class for loading buttons, added a button for when login slow on login page * rename postgres_query.jest.ts to .test.ts * fix variable escaping * autodetect timescaledb when version >= 9.6 * build: duplicate docker run-script removed. * detect postgres version for saved datasources * Set User-Agent header in all proxied datasource requests * use pointer cursor for buttons in query editor * docs: cloudwatch dimensions reference link. * require postgres 9.4+ for ordered set aggregate functions * add postgres version to datasource config * only show first/last aggregate when timescaledb is enabled * keep jsonData in PostgresDatasource * docs: remove message property in response from get alerts http api * changelog: add notes about closing #5623 * build: cleanup * should allow one default datasource per organisation using provisioning * build: fixes rpm verification. * docs: add grafana version note for gitlab oauth * docs: gitlab: add note about more restrictive API scope * social: gitlab_oauth: set user ID in case email changes * docs: document GitLab authentication backend * social: add GitLab authentication backend * build: verifies the rpm packages signatures. * changelog: add notes about closing #12224 * added guide for logging in to grafana for the first and how to add a datasource * docs: update * feat: add auto fit panels to shortcut modal, closes #12768 * changelog: add notes about closing #12680 * docs: update postgres provisioning * Remove dependencies * Rename test files * changelog: add notes about closing #12598 * add version disclaimer for TimescaleDB * document TimescaleDB datasource option * Use variable in newPostgresMacroEngine * Remove Karma scripts and docs * changelog: add notes about closing #10705 * fix: ds_proxy test not initiating header * Don't pass datasource to newPostgresMacroEngine * Remove tests and logs * Fix for Graphite function parameter quoting (#12907) * don't render hidden columns in table panel (#12911) * fix: added missing ini default keys, fixes #12800 (#12912) * refactor timescaledb handling in MacroEngine * change: Set User-Agent to Grafana/%Version% Proxied-DS-Request %DS-Type% in all proxied ds requests * Remove comment * Cleanup * All tests passing * Class to function. Half tests passing * Karma to Jest: graph (refactor) (#12860) * tech: removed js related stuff now that 99% is typescript (#12905) * Add React container * changelog: add notes about closing #12805 * fix redirect to panel when using an outdated dashboard slug (#12901) * Add commit to external stylesheet url (#12902) * build: increase frontend tests timeout without no output * fix: Alerting rendering timeout was 30 seconds, same as alert rule eval timeout, this should be much lower so the rendering timeout does not timeout the rule context, fixes #12151 (#12903) * changelog: add notes about closing #12476 * now hides team header when no teams + fix for list hidden when only one team * Rename to HeatmapRenderer * Mock things * Explore: Fix label filtering for rate queries * add $__unixEpochGroup to mssql datasource * add $__unixEpochGroup to mysql datasource * Add $__unixEpochGroup macro to postgres datasource * changed const members to filteredMembers to trigger get filtered members, changed input value to team.search (#12885) * get timecolumn datatype on timecolumn change * changelog: add notes about closing #12882 * Removes link to deprecated docker image build * Add mocks * fix datatype query * Changelog update * docker: makes it possible to set a specific plugin url. * Add support for $__range_s (#12883) * Refactor setting fillmode * Update dashboard.md * Fix typo * Explore: label selector for logging * Replace element * Rewrite heatmap to class * Explore: still show rate hint if query is complex * Explore: Filter out existing labels in label suggestions * Add note for #12843 * Fix initial state in split explore * replaced with EmptyListCta * Begin conversion * changed messaging * mention time_bucket in timescaledb tooltip * keep legend scroll position when series are toggled (#12845) * replaced confirm delete modal with deleteButton component in teams members list * [wip]added empty list cta to team list, if statement toggles view for when the list is empty or not * Update NOTICE.md * Fix padding for metrics chooser in explore * fix rebase error * revert passing ctrl to testDatasource * change timescaledb to checkbox instead of select * add timescaledb option to postgres datasource * build: fixes png rendering in the docker based docker-image build. * remove duplicated /tmp entry in .dockerignore * move run script, update README * produce an image compatible with grafana-docker * More efficient builds and some fixes to the Go binaries * Simple Docker-based build option * Add example OR search_filter to docs * Explore: expand recording rules for queries * Explore: Query hints for prometheus (#12833) * Convert URL-like text to links in plugins readme * skip target _self to remove full page reload * use uid when linking to dashboards internally in a dashboard * add previous fill mode to query builder * added more info about the teams * removed mock-teams, now gets teams from backend * changelog: add notes about closing #12756 * add api route for retrieving teams of signed in user * devenv: update sql dashboards * team list for profile page + mock teams * changelog: add notes about closing #11270 * Fixing bug in url query reader and added test cases * fix missing * * rename last fillmode to previous * change fillmode from last to previous * return proper payload from api when updating datasource * Review feedback * changelog: update #12768 * Remove window * Fix url param errors * Explore: Metrics chooser for prometheus * Add clear row button * Add clear button to Explore * Explore: show message if queries did not return data * Fix closing parens completion for prometheus queries in Explore (#12810) * Update ROADMAP.md * Update ROADMAP.md * Update ROADMAP.md * switched to lowercase * replaced escape() call, renamed formatter to be more expressive * Smaller docker image (#12824) * build: failing to push to docker hub fails the build. * Reversed history direction for explore * Explore: Add history to query fields * unix socket docs * Explore: facetting for label completion (#12786) * docs: how to build a docker image. * Remove Karma test * All tests passing * Add mock constructor * Begin conversion * Convert query control * Convert datasource * refactor: take submenu into account PR #12796 * refactor: renaming variables, refactoring PR #12796 * refactor: moving code around a bit, refactoring PR #12796 * Remove weird import * Disable submenu when autopanels is enabled * Extract to own method * Use and add keybard shortcut * Add temporary url parameter * Replace floor with round * Go with just single margin compensation * Add margin and padding compensation * Remove weird import * Fit panels to screen height * dont break default parameters for functions * fix suggestion query * renamed slate unit tests to .jest.ts * Remove simple tests * Support client certificates for LDAP servers * Begin conversion * Add click on explore table cell to add filter to query (#12729) * dont order for aggregate * build: makes it easier to build a local docker container. * add moving average to query builder * adjust frontend test * use $__timeGroupAlias macro * specify grafana version for last fill mode * add fillmode 'last' to sql datasource * build: disables external docker build for master and release. * build: complete docker build for master and releases. * build: removes unused args to docker build. * build: imported latest changes from grafana-docker. * build: attach built resources. * build: builds docker image from local grafna tgz. * build: new workflow for PR:s and branches. * docker: inital copy of the grafana-docker files. * changelog: add notes about closing #1823 #12801 * Add auto_assign_org_id to defaults.ini * changelog: add notes about closing #12749 * changelog: add notes about closing #12766 * adjust test dashboards * remove info logging * added two new classes for color, fixed so link has value color * changelog: add notes about closing #12063 * Add new Redshift metrics and dimensions for Cloudwatch datasource * changelog: add notes about closing #12752 * changelog: update * Improve iOS and Windows 10 experience (#12769) * add series override option to hide tooltip (#12378) * changelog: add notes about closing #12785 * removed table-panel-link class * removed table-panel-link class and add a class white to modify table-panel-cell-link class * add warning when switching from raw sql mode * add more prominent button for switching edit mode * document $__timeGroupAlias * add $__timeGroupAlias to mysql and mssql * fix custom variable quoting in sql* query interpolations * add compatibility code to handle pre 5.3 usage * Change to arrow functions * Add all tests to one file * changelog: add notes about closing #12561 * Remove angularMocks * All tests passing * replaced style with class for links * Add $__timeGroupAlias to postgres macros * adjust test dashboards * remove alias from postgres $__timeGroup macro * changelog: add notes about closing #12762 * fix: team email tooltip was not showing * fix: test data api route used old name for test data datasource, fixes #12773 * removed a blank space in div * fixed color for links in colored cells by adding a new variable that sets color: white when cell or row has background-color * changelog: add notes about closing #12300 * Weird execution order for the tests... * fixed test result * added urlescape formatting option * changelog: add notes about closing #12744 * changelog: add notes about closing #12727 * add aws_dx to cloudwatch datasource * also fixed 'Watt per square metre' * fixed that missing one * add version note to metric prefix and fix typo * devenv: update sql dashboards * mssql: update tests * fix usage of metric column types so that you don't need to specify metric alias * Begin conversion * changelog: update * changelog: add notes about closing #12747 * Add missing tls_skip_verify_insecure (#12748) * rename special to windows * add first and last support * refactor function handling in query builder * refactor column function handling * consistent nameing fro group and select * mssql: add logo * add tests for metric column prefix to mssql * add metric column prefix test for mysql * document metric column prefix in query editor * document metric column prefix for mysql and mssql * Remove extra mock * Karm to Jest * correct volume unit * Remove lo * Test passing. Remove Karma * adjust metric prefix code to sql engine refactor * add testcase for metric column as prefix * Use metric column as prefix * Fix emit errors * Fix test * Add async/await * refactor schema query generation * removed unused class from the deletebutton pr * frontend part with mock-team-list * Update test for local time * update devenv datasources and dashboards for sql datasources * Begin conversion * use const for rowlimit in sql engine * Cleanup * Remove Karma file * All tests passing * All except one passing * remove tableschema from query builder ui * changelog: add notes about closing #12731 * elasticsearch: support reversed index patterns * update devenv datasources and dashboards for sql datasources * mssql: use new sql engine * mysql: use new sql engine * postgres: use new sql engine * refactor sql engine to make it hold all common code for sql datasources * Pass more tests * Refactor Explore query field (#12643) * Begin conversion * All tests passing. Remove Karma test. * Almost all tests passing * Add tslib to TS compiler * docs: using interval and range variables in prometheus * Two passing tests * Update Configuration.md * Start conversion * changelog: add notes about closing #12533 * changelog: add notes about closing #12668 * changelog: update * changelog: add notes about closing #12668 * fix for typeahead background, increased lighten * added position absolute and some flexbox so I could remov changes in display and setTimeout, added tests and types, did some renaming * fix invalid reference * minor fixes * fix failing test due to time diff issues * Remove comments * remove unneeded comment * Remove old influx stuff * changelog: add notes about closing #12489 * changelog: add notes about closing #12551 * changelog: add notes about closing #12533 * Karma to Jest * Begin conversion * changelog: add notes about closing #12589 * changelog: add notes about closing #12636 #9827 * Remove influx qeury_ctrl jest, as it is already completed * Test fail depending on test order * Karma to Jest: begin influx query_ctrl * Make beautiful * Karma to Jest: completer * Remove comments and Karm test * Karma to Jest * Pass more tests * changelog: add notes about closing #12644 * fix code style * docs: mentation that config changes requires restart. * return 400 if user input error * changing callback fn into arrow functions for correct usage of this (#12673) * Fix requested changes * Add templating docs for * Add docs about global variables in query template variables * Figuring out why it doesn't initialize * Add support for interval in query variable * Add jest file * Change to arrow functions * Add graph_ctrl jest * changelog: add notes about closing #12691 * Update kbn.ts * Add jest test file * Id validation of CloudWatch GetMetricData * Fix timezone issues in test * fix window function query without group by * changelog: adds note for #11487 * add order by to metadata queries * set explicit order for rate and increase * escaping ssl mode on postgres param * fix pre gui queries shortcircuit * Add unit test for InfluxDB datasource * Support timeFilter in templating for InfluxDB * Datasource for Grafana logging platform * removed blue-dark variable with blue-light in light-theme, blue variable now has same value as blue-dark had before, should fix issue with any low contrast issues with blue in light-theme, this made query-blue variable unnecessery removed it, added variable for variable dropdown highlight background * removed import appEvents * built a component for delete button in tables, instead of using a modal to confirm it now does it in the row of the table, created a sass file for the component, the component uses css transitions for animation * fix: postgres/mysql engine cache was not being used, fixes #12636 (#12642) * added: replaces added to grafana * fix: datasource search was not working properly * add groupby when adding first aggregate * docs: minor docs fix * Fix label suggestions in Explore query field * pluginloader: expose flot gauge plugin * alert: add missing test after refactor * Handle query string in storage public_url (#9351) (#12555) * HTTP API documentation +fix when updating a playlist (#12612) * Explore: calculate query interval based on available width * Use url params for explore state * Dont parse empty explore state from url * Fix default browser th font-weight * Adding eval_data to alerts query results * ldap: Make it possible to define Grafana admins via ldap setup, closes #2469 * nginx: update to docker block * minor fix for legacy panels * Remove string casting for template variables in prometheus * ldap: docker block readme update * Make prometheus value formatting more robust * Update README.md * Devenv testdata dashboards (#12615) * fix test for query generation * dont run queries if target has no table set * add query to find metric table * add popover for metric column * rename PostgresQueryBuilder to PostgresMetaQuery * dont expand variables in rawSql * filter datatype for groupby suggestions * fix rate special function when using group by * remove unused import * refactor adding sqlPart * remove render code from sql_part * fix bug in query generation with metricColumn * refactor PostgresQuery * refactor PostgresQueryCtrl * refactor PostgresQueryCtrl and PostgresQuery * refactor addGroupBy and removeGroupByPart * use let for variable declaration * Add templateSrv to PostgresQuery tests * add tests for query generation * Reverted $q to Promise migration in datasource_srv * Allow settting of default org id to auto-assign to (#12401) * Remove unused SASS variables (#12603) * fix: panel embedd scrolbar fix, fixes #12589 (#12595) * fix tests for postgres datasource * Set datasource in deep links to Explore * send timerange with metricFindQuery * Explore Datasource selector * changed you to your (#12590) * indent generated SQL * Add comments * Fix freezing browser when loading plugin * handle counter overflow and resets in rate * partition by metricColumn when using increase * add rate and increase special functions * wip: another baby step, another million to go * skip backend request if extended statistics is invalid. (#12495) * Refactor team pages to react & design change (#12574) * (prometheus) prevent error to use $__interval_ms in query (#12533) * fix: folder picker did not notify parent that the initial folder had been changed, fixes #12543 (#12554) * Add support for skipping variable value in URL, fixes #12174 (#12541) * Update mac.md * Update windows.md * Update rpm.md * Update debian.md * Don't build-all for PRs * Refactor value column SQL generation * Refactor metric column sql generation * fix: requests/sec instead of requets (#12557) * Add folder name to dashboard title (#12545) * Fix css loading in plugins (#12573) * Refactor group by query generation * Refactor where clause generation * refactor SQL generation for value columns * Refactor time column sql generation * Refactor render function on PostgresQuery * prepare sql part for special functions * set query gui as default handle old panels gracefully * Added BurstBalance metric to list of AWS RDS metrics. * dont throw exception for unknown types * Prevent scroll on focus for iframe * add alias when adding group by * Add new sequential color scales * add aggregates when adding group by * add column alias when add aggregate function * move go vet out of scripts and fixing warning (#12552) * fix enter in sql_part_editor * fix editing expression parts * wip: you can now change panel type in edit mode * rename inputBlur to switchToLink * react panels: working on changing type * Cleanup and remove some jest.fn() * fix spelling * add current value to dropdown if its not in resultset * Revert 'show current value in dropdown when its not part of list' * Remove irrelevant tests and templateSrv stub * show current value in dropdown when its not part of list * redid redux poc, old branch was to old and caused to many conflicts * wip: redux poc * fix diff and percent_diff (#12515) * improve error message * generate unique id when variable is multi * support GetMetricData * dep ensure * update aws-sdk-go * Update lodash/moment version (#12532) * fix: minor css change * wip: minopr progress on react panel edit infra * Tabs to spaces in tslint (#12529) * wip: minor progres on react panels edit mode * add None to metric column suggestions * handle pre query gui queries gracefully * dont break on panels that dont have rawQuery set * refactor transformToSegments * devenv: updated devenv provision scripts * wip: viz editor started * ux: minor fix/tweak to inactive view mode, think logo should be visible & fixes dashboard title alignment * changelog: add notes about closing #12379 * Fix datasource sorting with template variables * another baby step * changelog: add notes about closing #12484 * changelog: add notes about closing #12506 * rename quoteLiteral to quoteIdentAsLiteral * changelog: add notes about closing #12506 * fix links not updating after changing variables * remove unused function removeSelect * put updateParam back in * fix where clause generation * remove hardcoded $__timeFilter, make macros functional in where clause * remove dead code, make label more flexible * fix constraint removal * react-panels: minor progress on data flow * dont autoquote, suggest quoted values if requried * prometheus heatmap: fix unhandled error when some points are missing * fix caret for help button is ds http settings * do not autoquote identifiers * fix group by ui * changelog: add notes about closing #11618 #11619 * fix where constraint handling * remove dead code from sql_part fix where clause query generation * Add mock to test files * Create new instance in beforeEach * Remove comments * Karma to Jest: Cloudwatch datasource * Karma to Jest: MySQL datasource * Karma to Jest: postgres datasource * Basic cleanup * Add mocks in test file * Remove q and stub * Add Jest stubs * Remove async * Remove logs and comments * Start elastic ds test conversion * run enterprise build only on master for now * refix the settings indentation * update stats admin doc * fix json indentation * include where constraints in query generation * remove unnecessary conversions * rearrange elements of query builder * mv query_part to sql_part * changelog: update * changelog: add notes about closing #11818 * changelog: add notes about closing #12460 * changelog: add notes about closing #8186 * changelog: add notes about closing #12379 * changelog: add notes about closing #12362 * devenv: open ldap docker block now prepopulating data with correct member groups * ci: Only publish grafana enterprise packages tagged with enterprise. * Make table sorting stable when null values exist (#12362) * Fix bar width issue in aligned prometheus queries (#12483) * correct example (#12481) * ldap: improved ldap test env with more structured users and groups * test: fixed usage of wrap in tests. * ci: typo * ci: publishes grafana enterprise to s3. * refactoring: making api wrap public * refactoring: enterprise build/hooks refactorings (#12478) * Karma to Jest: datasource_srv (#12456) * fix: #12461 introduced issues with route registration ordering, adding plugin static routes before plugins package had been initiated (#12474) * omit extra template refresh (#12454) * wip: minor progress on DataPanel * Improve extensions build. (#12461) * [mysql] fix $__timeGroup rounding (#12469) * [mssql] fix $__timeGroup rounding (#12470) * [postgres] fix timeGroup macro rounding (#12468) * pkg/social/github: Allow changing of userinfo data (#12471) * notifications: dont return error if one notifer failed * use sqlPart for ui parts * avoid calling os.Exit outside main.go (#12459) * update mysql/mssql query/annotation help sections * docs: update folders api * Changed documentation for MSSQL and MySQL to reflect macro changes * docs: update scripted dashboard for v5 * docs: update scripted dashboard for v5 * docs: update organisation http api * docs: upd windows installation * notifications: send notifications synchronous * notifications: read without tran, write with tran * registry: adds more comments * registry: adds comments to interfaces * changelog: update * changelog: update * changelog: add notes about closing #12438 * alerting: only log when screenshot been uploaded * fixes typos * Reverted yarn.lock to master * Used PostgreSQL TSDB as a model the set up the __timeFilter, __timeFrom, and __timeTo macros for Microsoft SQL and MySQL * changelog: add notes about closing #12444 * Revert 'auth proxy: use real ip when validating white listed ip's' * changelog: adds note for #11892 * changelog: add notes about closing #12430 * fix footer css issue * Karma to Jest: 3 test files (#12414) * fix: log close/flush was done too early, before server shutdown log message was called, fixes #12438 * react panels wip * Karma to Jest: value_select_dropdown (#12435) * support passing api token in Basic auth password (#12416) * Add disabled styles for checked checkbox (#12422) * changelog: add notes about closing #11920 * changelog: add notes about closing #11920 * changelog: update * docs: upd what's new in v5.2 * docs: update index with link to what's new in 5.2 instead of 5.0 * wip: react panels editor mode, tabs working * changelog: add notes about closing #12385 * react panels wip * feat: panels v2, metrics-tab loading * docs: upd what's new in v5.2 * docs: upd what's new in v5.2 * login: fix layout issues * build: yarn should be included out of the box on circle ci * notifier: handle known error first * ensure that if the dasboardID is negative, it will not bypass the checking of the right (#12398) * changelog: add notes about closing #11968 * Webpack 4 (WIP) (#12098) * Make pre/postfix coloring checkboxes inactive when gauge is active * removes unused return object * handle 'dn' ldap attribute more gracefully (#12385) * Update ROADMAP.md * Fix typo * Switched MySQL and MSSQL macros for timeFilter and related to use BETWEEN and calculate UNIX time server side instead of database side. Fixes #11618 #11619 * docs: update installation instructions * routing: raise panic if duplicate routes are added * routing: allows routes to be added to existing groups * changelog: add notes about closing #11868 * enhance error message if phantomjs executable is not found * fix: annnotation api & sql issue * changelog: add notes about closing #12248 * set correct text in drop down when variable is present in url using key/values * Light improve of massive delete annotation api (#12390) * Fix 12248 * Fixing wrong /public path, relative to the webpack.dev script, that would avoid webpack from cleaning previous builds. (#12351) * changelog: add notes about closing #12383 * changelog: adds note about closing #12313 * Return a 404 when deleting a datasource through the API if it doesn't exist and add a test for it to confirm #12313 * Set $rootScope in DatasourceSrv * Add options to colorize prefix and postfix in singlestat * devenv: adds dashboard with multiple rows * changelog: adds note about closing #10971 * Pass configured/auth headers to a Datasource. * Karma to Jest: history_ctrl. .gitingore: .vs/ * changelog: add notes about closing #12359 * build: fix signing of multiple rpm packages * docs: what's new in v5.2 and docker installation updates * tech: adds comments about route register code * changelog: add notes about closing issue * Karma to Jest: history_ctrl. Update version: ts-jest * changelog: add notes about 5.2.0-beta2 * changelog: add notes about closing #12240 * changelog: add notes about closing #12256 * changelog: add notes about closing #11792 * changelog: add notes about closing #12315 * dashboard: fix drop down links * wip: react panels, query editor loading from react PanelEditor view * fix regressions after save modal changes of not storing time and variables per default * wip: react panel minor progrss * updated * Karma to Jest: history_srv (#12341) * react panels minor progress * make sure to process panels in collapsed rows when exporting dashboard * changelog: add notes about closing #3132 * docs: update installation instructions * react panel minor progress * ldap: add note about config in Grafana * ldap: add note to dockerfile * changelog: add notes about closing #12343 * docs: Plugin review guidelines and datasource auth pages * remove unused argument in default scenario of guardian test * fix: fixed permission issue with api key with viewer role in dashboards with default permissions * wip: react panel makeover mini progress * Karma to Jest: time_srv (#12303) * Karma to Jest: team_details_ctrl (#12321) * Fix error in InfluxDB query * expose functions to use sessions * changelog: adds note about closing #11607 * test commit for checking github permissions * changelog: add notes about closing #12278 * changelog: add notes about closing #11076 * snapshot: copy correct props when creating a snapshot * added comment to reason the id tag * set current org when adding/removing user to org * changelog: add notes about closing #10707 * Include the vendor directory when copying source in to Docker (#12305) * changelog: adds note about closing #12199 * adds tests for journaling sql operations * use epoch to compare timestamp * adds inTransactionCtx that calls inTransactionWithRetryCtx * merge create user handlers * transactions: start sessions and transactions at the same place * adds info about eval/reminder interval * tests for defaultShouldNotify * cloudwatch: handle invalid time range * notifications: make journaling ctx aware * make sure to use real ip when validating white listed ip's * Adding Cloudwatch AWS/AppSync metrics and dimensions * notifications: gather actions in one transaction * changelog: adds note about closing #12286 * sql: adds tests for InTransaction * bus: noop should still execute fn * removes unused code * bus: Dispatch now passes empty ctx if handler require it * bus: dont start transaction when creating session * bus: dont mix ctx/classic handlers * bus: DispatchCtx can now invoke any handler * refactoring: renamed AddCtxHandler to AddHandlerCtx PR #12203 * refactoring: transaction manager PR #12203 * fixes typo in code * check if admin exists or create one in one transaction * replace begin/end with wrapper function * bus: support multiple dispatch in one transaction * docs: adds info about grafana-dev container * changelog: add notes about closing #12282 * Added Litre/min and milliLitre/min in Flow (#12282) * remove papaparse dependency * list name is deleteDatasources, not delete_datasources * remove internal influx ifql datasource * Document the endpoint for deleting an org * tests: rewrite into table tests * influxdb: adds mode func to backend * Fix queryfield wrapper css * Fix Queryfield metrics field missing * batch DOM reads from query field typeahead * hint support for typeahead * Make suggestions an object * Trigger typeahead on Ctrl-Space * refactor Explore query field * changelog: add notes about closing #11484 * changelog: add notes about closing #11233 * Remove import * Fix PR feedback * Removed papaparse from external plugin exports * Karma to Jest: query_builder * dsproxy: move http client variable back * Karma to Jest: threshold_mapper * Expose react and slate to external plugins * Karma to Jest: threshold_manager * Karma to Jest: query_def, index_pattern * Remove import * Karma to Jest: elastic_response * changelog: notes about closing #12189 * #11607 corrected file cleanup test * #11607 removed unnecessary conversion (from gometalinter) * Improve test readability * #11607 fixed formatting * #11607 Cleanup time of temporary files is now configurable * moved link icon in panel header * Karma to Jest: playlist_edit_ctrl * Karma to Jest: exporter * Update graphite.md * changelog: add notes about closing #10796 * added id tag to Panels for html bookmarking on longer Dashboards * dashboard import to folder: minor fixes * Docs: output location from build script * Correct Provisioning documentation link * dsproxy: allow multiple access tokens per datasource * Mock core in jest-setup * Docs: Update Build from Source * Convert tests from Karma to Jest * changelog: add notes about closing #11963 * save-modal save button (#12047) * Karma to Jest: graph-tooltip * removed QueryOptionsCtrl references * update latest.json to 5.1.3 * use ng-if * hot-fix ifql testdatasource() * triggers grafana-docker master build * changed som variables to values so it's the same for dark and light theme, added special styling for login text, link and input (#12196) * mattn/go-sqlite3 v1.6.0 to v1.7.0 * changelog: add notes about closing #11074 * fixed so panel title doesn't wrap and (#12142) * graph: fix legend decimals precision calculation * Use Passive eventListener for 'wheel' (#12106) * removes more unused code * removes unused code * nicer collapsed row behaviour (#12186) * remove DashboardRowCtrl (#12187) * add panel on enter * autoFocus the search filter * adds missing return statement * Fix typo: eleasticsearch -> elasticsearch (#12184) * Annotations support for ifql datasource * dashboard: improve import UX for non-editor users * Template variable support for ifql datasource * Use cut to trim down the SHA1. * show import menu in sidenav, dashboard search and manage dashboards page * Fix metrics panel test by adding config mock * Respect explore settings in config ini * Add .html to webpack.hot resolve extensions * Version the tarball uploaded to s3 and tell the next step about it. * dashboard: import into current folder from manage folder page * dashboard: add Import button to manage page * dashboard: import to folder * Query helpers for IFQL datasource * alerting: fixes broken table rename * docs: docker secrets available in v5.2.0 * Remove round-robin urls in ifql DS * IFQL range variable expansion * alerting: renames journal table to alert_notification_journal * alerting: move queries from evalcontext to notifier base * alerting: invert sendOnce to sendReminder * changelog: add notes about closing #11657 * alerting: remove zero units from duration * alerting: only check frequency when not send once * always show server admin link in sidenav if grafana admin * update google auth config docs * changelog: add notes about closing #11525 * fix: fixed problem with expanding access mode help in ds settings * dep: use master branch for plugin model * alerting: fixes invalid error handling * fixed so default is all and general only show dashboards * changelog: add notes about closing #11882 * added s to folderId in params * renamed variable in tests * added comment, variableChange -> variableValueChange * added a test * added if to check if new variable has been added * Gravatar fallback does not respect 'AppSubUrl'-setting (#12149) * change admin password after first login * changelog: adds note about closing #11958 * revert: reverted singlestat panel position change PR #12004 * Revert 'provisioning: turn relative symlinked path into absolut paths' * provisioning: turn relative symlinked path into absolut paths * changelog: adds note about closing #11670 * elasticsearch: sort bucket keys to fix issue wth response parser tests * docs: what's new in v5.2 * made folder text smaller * Implement code review changes * Bug fix for repeated alerting even on OK state and add notification_journal cleanup when alert resolves * Fix tests * Fix multiple bugs * Revert changes post code review and move them to notification page * Feature for repeated alerting in grafana * InfluxDB IFQL datasource * changelog: add notes about closing #11167 * docs: docker secrets support. (#12141) * alerting: show alerts for user with Viewer role * datasource: added option no-direct-access to ds-http-settings diretive, closes #12138 * provisioning: adds fallback if evalsymlink/abs fails * tests: uses different paths depending on os * renames intervalSeconds to updateIntervalSeconds * changelog: add notes about closing #5893 * removed italic * changelog: add notes about closing #11500, #8168, #6541 * Alert panel filters (#11712) * docs: update alerting docs with alerting support for elasticsearch * added span with folder title that is shown for recently and starred, created a new class for folder title * provisioning: makes the interval for polling for changes configurable * provisioning: only update dashboard if hash of json changed * remove dead code * elasticsearch: minor refactor * changelog: update * changelog: add notes about closing #10748, #8805 * save modal ux improvements (#11822) * changelog: add notes about closing #11515 * provisioning: only provision if json file is newer then db * Guard /explore by editor role on the backend * make path absolute before following symlink * provisioning: follow symlinked folders * test: fixes broken test on windows * changelog: add notes about closing #11771 * changelog: add notes about closing #11971 * Fix singlestat threshold tooltip (#12109) * build: only runs db related tests on db. * build: integration testing postegres on ci. * build: mysql integration testing on ci. * Fix karma tests that rely on MetricsPanelCtrl * changelog: Second epochs are now correctly converted to ms. * Fix panel menu test * Restrict Explore UI to Editor and Admin roles * Fix CSS to hide grid controls in fullscreen/low-activity views * changelog: add notes about closing #11645 * Support InfluxDB count distinct aggregation (#11658) * provisioning: enable relative path's * changelog: note about closing #11858 * devenv: improve readme * provisioning: place testfiles within testdata folder * changelog: add notes about closing #11494 * Add new regions to handleGetRegions function (#12082) * PR: minor change to PR #12004 before merge * fix: refactoring PR #11996 and fixing issue #11551 16706hashkey in json editors * devenv: script for setting up default datasources * tech: updated react-grid-layout to latest official release, closes #12100 * Fix cache busting for systemjs imports for plugins * devenv: scripts for generating many unique dashboards * docker: new block for elasticsearch6 * changelog: add notes about closing #12087 * sql: seconds epochs are now correctly converted to ms. * add validation of uid when importing dashboards * fix: add track by name in annotation list to avoid $$hashKey in json * changelog: adds note about closing #9703 * go fmt fixes * configure proxy environments for Transport property * Show create dashboard link if at least editor in one folder * graphite: avoid dtracing headers in direct mode * Fix sourcemaps for webpack hot config * return better error message when err is ErrSmtpNotEnabled * elasticsearch: handle if alert query contains template variable * changelog: adds note about closing #9847 * Sparklines should scale to the data range (#12010) * Split webpack dev config into dev and hot * Upgrade webpack loaders (#12081) * pin versions of xorm to resolve sql tests * build: fixes broken path for bra run * use sql builder for the get system stats sql query * fix directly specified variable rendering * remove unused function renderAdhocFilters * send param in callback for get-param-options * Fix #9847 Add a generic signout_redirect_url to enable oauth logout * make separator configurable * fix error message * Changed Prometheus interval-alignment to cover whole panel range * alerting: refactor tests * add usage stats for datasource access mode * Review feedback (heading, typos) * add additional usage stats metrics * add tests for sending usage stats * Integrated dark theme for explore UI * elasticsearch: adds some more/better debug logging to client * changelog: fix broken link to contributor * changelog: adds note about closing #11788 * The old code for centering removed * Backend image rendering as plugin (#11966) * Fix typo in README.md * build: updates publisher to support arm archs for deb and rpm. * Explore split view * Fixed custom dates for react timepicker * Explore: Design integration * Explore: time selector * Fix dashboard snapshot deletion (#12025) * fix names of foreign arch packages * elasticsearch: handle NaN values * elasticsearch: metric and pipeline agg setting json encoding fix * elasticsearch: query interval override fix * elasticsearch: default interval fix * Document table row merge for multiple queries * elasticsearch: pipeline aggregation fix for json encoding * build: always build for all platforms. * fix: remove deadcode to make gometalinter happy * elasticsearch: refactor query handling and use new es simple client * elasticsearch: new simple client for communicating with elasticsearch * elasticsearch: refactor and cleanup * build: removes deploy from nightly while testing it. * update provisioning.md * Fix ResponseParser for InfluxDB to return only string values * Conditionally select a field to return in ResponseParser for InfluxDB * build: clean up the workflow filters. * Revert 'Conditionally select a field to return in ResponseParser for InfluxDB' * Revert 'Fix ResponseParser for InfluxDB to return only string values' * Revert 'move queryTimeout option to common setting' * move queryTimeout option to common setting * add query timeout option for Prometheus * build: crosscompilation for nightlies and releases. * set style for registered query components * make param wrapper configurable * fix metric column when using group by * separate label in template from type * use sql part component * use sql part component * add sql_part component * Singlestat value: vertical alignment fix * Added Swiss franc currency * quote column name in buildValueQuery * return values quotes for suggestions in where expression * test: moves test files to testdata folder * build: downloads and bundles phantomjs for darwin and windows. * build: publisher updated to support more architectures and OSs. * build: saves artifacts with the build * build: crossplatform build with packages. * build: script for tagging and pushing a release * codespell: fixes * fix: fixed some minor startup logging issues * Sqlstore refactor (#11908) * Adds constant description for units * test: increase expire time to avoid tz issues in tests * explore: fixes #11953 * migrated files to ts, removed unused functions from lodash_extended * docs: installation pages for 5.1.3 * changelog: add note for #11830 * legend: fixes Firefox/baron scroll bug * wrote classes * migrated jquery.flot.events to ts * use canMakeEditable * allow to add annotation for non editable dashboard * scroll: temporary fix for double scrollbar issue * backend plugins: log an error if parsing meta field failed * backend plugins: expose meta field * fixes following first code review * add useful note to alerting api docs * improve alerting api docs sample responses * Prometheus step alignment: shift interval only on jitter * Use babel and hot loader only in yarn start * docs: removes notes about beeing introduced in 5.0 * lock caniuse-db version to resolve phantomjs rendering issue * Update dashboard_permissions.md * move database-specific code into dialects (#11884) * refactor: tracing service refactoring (#11907) * fix typo in getLdapAttrN (#11898) * docs: update installation instructions targeting v5.1.2 stable * changelog: add notes about closing #11862, #11656 * Fix dependencies on Node v10 * Update dashboard.md * changelog: add notes about closing #10338 * Phantom render.js is incorrectly retrieving number of active panels (#11100) * singlestat: render time of last point based on dashboard timezone (#11425) * Fix for #10078: symbol '&' is not escaped (#10137) * Add alpha color channel support for graph bars (#10956) * interpolate 'field' again in Elasticsearch terms queries (#10026) * Templating : return __empty__ value when all value return nothing to prevent elasticsearch syntaxe error (#9701) * http_server: All files in public/build have now a huge max-age (#11536) * fix: ldap unit test * only error log when err is not nil * rename alerting engine to service * case-insensitive LDAP group comparison (#9926) * changelog: add notes about closing #11813 * docs: updated changelog * fix XSS vulnerabilities in dashboard links (#11813) * PR: ux changes to #11528 * renames alerting engine to match other services * allow analytics.js to be cached, enable anonymizeIP setting (#11656) * Revert 'Add baron scrollbar to a node managed by gafana (#11850)' * decrease length of auth_id column in user_auth table * fixed svg background (#11848) * Add baron scrollbar to a node managed by gafana (#11850) * Fix CSS asset loading for yarn start (HMR) (#11855) * fix: fixed gometalinter issues with Discord PR * docs: update installation instructions targeting v5.1.1 stable * fix root_url in docs & comments (#11819) * changelog: 5.1.1 update * fix: loading of css url (images/fonts) * Support for local Docker builds * Update ROADMAP.md * support additional fields in authproxy (#11661) * better handling for special chars in db config (#11662) * Fix/improved csv output (#11740) * Update ROADMAP.md * Update ROADMAP.md * Update ROADMAP.md * Remove preceding `/` from public JS path (#11804) * Add panel scrolling docs (#11826) * escape pipe symbol same way as in templating docs * changelog: add notes about closing #11616 * added left:unset to counter left:0 in recent react-select release * fixed text color in light theme * changelog: add notes about closing #11800 * test if default variable interpolation is effective when no specific format is specified * changelog: notes about closing #11690 * changelog: add notes for ##11754, #11758, #11710 * scroll: remove firefox scrollbars * Add missing items to Gopkg.lock * pipe escape try #3 * use ascii code for pipe symbol to not mess up markdown table * try to fix table * dont shadow format passed in as function parameter * fix: removed manully added http server from inject graph as it is now a self registered service * fix: removed unused channel * fix: comment spell fix * fix: fixed race condition between http.Server ListenAndServe & Shutdown, now service crash during startup correctly closes http server every time * refactoring: lots of refactoring around server shutdown flows, making sure process is terminated when background service has crashed * refactor: provisioning service refactoring * Metrics package now follows new service interface & registration (#11787) * Revert 'Opportunities to unindent code (unindent)' * scroll: fix scrolling on mobile Chrome (#11710) * changelog: add notes about closing #11625 * remove jest it.only to not skip important tests * fixed so all buttons are styled not just small ones, fixes #11616 * --amend * fix: improved handling of http server shutdown * add test for prometheus table column title * Fix url encoding, expand template vars, fix TS hacks * Explore: Add entry to panel menu to jump to Explore * changelog: notes about closing #11498 * Initial Baby Step to refactoring settings from global vars to instance (#11777) * table: fix for padding * graph histogram: fix invisible highest value bucket * dashboard: show save as button if can edit and has edit permission to folders * new property for current user indicating if edit permissions in folders * increase length of auth_id column in user_auth table * fix dropdown typeahead issue * Use opportunities to unindent code (unindent) * Outdent code after if block that ends with return (golint) * Remove redundancy in variable declarations (golint) * fix: minor fix to plugin service shut down flow * appveyor: uppercase the C drive in go path * docs: further documents changes to the docker image. (#11763) * disable ent build to avoid slowing down build speed * Explore: add support for multiple queries * Fixed settings default and explore path * Refactoring PluginManager to be a self registering service (#11755) * fix: removed log calls used while troubleshooting * refactor: refactoring notification service to use new service registry hooks * Enable Grafana extensions at build time. (#11752) * revert renaming of unit key ppm * fix to match table column name and order * Import and typescript fixups * Settings to enable Explore UI * tech: removes unused code * Explore WIP * add deadcode linter to circleci * pkg: fix deadcode issues * build.go: fix deadcode issues * docs: update current version to 5.1 * docs: update installation instructions targeting v5.1.0 stable * changelog: update for v5.1.0 * fix so that google analytics script are cached * prometheus: convert metric find query tests to jest * prometheus: fix variable query to fallback correctly to series query * removed height 100% from panel-container to fix ie11 panel edit mode * replaced border hack carot with fontawesome carot fixes #11677 * dev: Mac compatible prometheus block. (#11718) * mssql: fix value columns conversion to float when using timeseries query * postgres: fix value columns conversion to float when using timeseries query * mysql: fix value columns conversion to float when using timeseries query * sql datasource: extract common logic for converting value column to float * added pointer to show more, reset values on new query * docs: add known issues section for mssql documentation * force GET for metadataRequests, w/ test * Renamed helperRequest and removed positional args * Move function calls w/ side-effects to componentDidMount * changed test name and dashboardMock code * fixed test * add ineffassign to circleci gometalinter check * pkg/components: fix ineffassign issues * pkg/cmd: fix ineffassign issues * pkg/log: fix ineffassign issues * pkg/services: fix ineffassign issues * removed import config * fixed so user who can edit dashboard can edit row, fixes #11466 * Fixes signing of packages. * db: fix failing user auth tests for postgres * changed rps to reqps * bump version * added button to show more preview values for variables, button runs a function that increases options limit, fixes #11508 * Added requests/sec(throughput) * use inherited property from api when rendering permissions * return inherited property for permissions * pkg/tsdb: fix ineffassign isues * fix circleci gometalinter test * Sort results from GetDashboardTags * Add silent option to backend requests * docs: escape asterisk in Graphite docs * docs: disable quoting option for MSSQL * docs: fix example for graphite tag query * docs: spelling * docs: add missing backtick for mysql/postgres * docs: fixes for table in variable docs * build: fixes release deploy * changelog: adds releaste date for 5.1.0-beta1 * graphite: convert ds test to jest * build: removes gometalinter * cli: adds os and arch headers * slightly better example * adjust timeFilter, timeFrom and timeTo macro examples * docs: what's new improvements * docs: what's new improvements * docs: what's new * docs: fix typos * docs: what's new * docs: whats new * docs: more info prometheus heapmap to whats new * docs: improve what's new in v5.1 * docs: what's new in v5.1 draft * Add weback-dev-server with hot/hmr support * build: only lint the pkg folder * changelog: adds note about closing #11476 * dev: only build server with bra run * add gometalinter to circleci * comment unused struct fields * remove unused variables detected by varcheck * fix typo * docs: describes variable formatting options * docs: graphite template variables for tag queries * docs: describes new variable formatting syntax * changelog: notes about closing #10427 * move jest test file to specs * make add panel panel scrollbar adjust when panel/dashboard grid are resized * style: code simplifications * build: introduce -dev flag optimal for building in development mode * changed copied message and added forced render for width change * removed padding and moved carrot * changelog: adds note about closing #11613 and #11602 * cleanup, make sure users are always synced with ldap * Specify expected encoding for access/secret key * make sure user's default org is kept up to date * fix: sign in link should have target self to trigger full page reload, fixes #11626 * codespell: exclude by words instead of files * remove old comment * org role sync tests * refactor authproxy & ldap integration, address comments * pass DN in ldap test * tests for user auth module * fix ldap test * restructure GetUserByAuthInfo * error handling * use Result in GetAuthInfoQuery * switch to passing ReqContext as a property * cleanup * switch to Result * update auth proxy * fixes * fix tests * shared library for managing external user accounts * fix: Label font weight should be semi bold, fixes #11629 * docs: typos * graphite: adds tests for tags and tag_values functions * docs: update provisioning documentation * changelog: notes about closing #10883 * changelog: adds note for #11553 * dev: only build server with bra run * changelog: adds note for #11173 * added forceupdate to grid item so addpanel items rezie instantly, renamed function to copyPanel, fixed panel items height issue * revert changes of add panel button to require save permission * changelog: fix typo * changelog: notes about closing #11572 * Fix issues with metric reporting (#11518) * changelog: notes about closing #10747 * fix: Row state is now ignored when looking for dashboard changes (#11608) * disable codecov comments * add some more sort order asserts for permissions store tests * Revert 'build: remove code cov' * Revert 'removes codecov from frontend tests' * docs: update postgres macro functions documentation * tsdb: update query and annotation editor help texts for postgres * changelog: notes about closing #11578 * calculate datetime for timeFrom and timeTo macro in go * set default for sslmode to verify-full in postgres datasource editor (#11615) * add some more sort order asserts for permissions store tests * Use sort.Strings() (gosimple) * Remove unused return value assignment (gosimple) * Remove unnecessary fmt.Sprintf() calls (gosimple) * Merge variable declaration with assignment (gosimple) * Use fmt.Errorf() (gosimple) * Simplify make() (gosimple) * Use raw strings to avoid double escapes (gosimple) * Simplify if expression (gosimple) * Simplify comparison to bool constant (gosimple) * Simplify error returns (gosimple) * Remove redundant break statements (gosimple) * fix unconvert issues * variable: fix binding bug after ts conversion * add GetFromAsTimeUTC and GetToAsTimeUTC and use them in timeFilter macro * fix merge conflict * remove changes to module.ts from this branch * migrated dropdown-typeahead to ts (#11499) * changelog: adds note for #11556 * changelog: adds note for #11133 * dashboard: better size and alignment of settings icons * bra should use the proper build script * moved version in help menu to top * docs: elasticsearch and influxdb docs for group by time interval option (#11609) * changelog: improved docker image * docs: new docker image in Grafana 5.1.0. * added fix for test * addeds test for sort order * Show Grafana version and build in Help menu * changlelog: notes about closing issues/pr's * sqlds: fix text in comments for tests * add codespell to circleci * removes codecov from front-end tests * wip: writing tests for permission sorting * changelog: adds note about closing #11228 * remove postgresversion and convert unix timestamp in go * Support deleting empty playlist * Grafana-CLI: mention the plugins directory is not writable on failure * make timefilter macro aware of pg version * add postgresVersion to postgres settings * changelog: adds note for #11530 * Documentation spelling fix * docs: fix codespell issues * public: fix codespell issues * conf: fix codespell issues * blocks: fix codespell issues * CHANGELOG.md: fix codespell issues * scripts: fix codespell issues * pkg: fix codespell issues * provisioned dashboard validation should be made when importing a dashboard * provisioned dashboard validation should not be made from provisioning service * remove comment/unused variable * docs: improves provisoning example for postgres * docs: add mssql provisioning example * docs: improves provisoning example for each datasource * ordered user orgs alphabeticaly fixes #11556 * permissions sorting fixed + icon same size as avatrs * docs: update mssql with azure sql database support * changelog: adds note for #11569 * docs: update default annotation limit when querying api * Mention the ?inactive parameter in the docs * Add another URL param ?inactive? which works like ?kiosk? but with title * tsdb: remove unnecessary type casts in sql data sources macro engines * tsdb: sql data sources should handle time ranges before epoch start correctly * change annotation limit from 10 to 100 * remove mistakenly added styles * fix right side legend rendering in phantomjs * scrollbar: fix so no overflow for legend under graph * build: remove code cov * scrollbar: fixes continuation scrolling for iOS * added styling to fontawesome icons so they have same size as the other icons * Improve wording * Add minimal IAM policy example for CloudWatch data source * PR comments * docs: fix typo of default port for mssql * minor scrollbar fixes * scrollbar: remove unused div * dashboard: show baron scrollbar in dashboard panel when mouse is over * fix so that page scrollbars can be scrolled by keyboard on page load * fix so that dash list panel are rendered correctly * panel: add baron scroller to correct element * Windows build updated to go1.10. * scrollbar: use native scroll for page * converted functions to arrow functions * folders: fix permissions in folder picker component * permission: fix user with org viewer save/move permissions * alerting: handle invalid json format * docker: change mysql container so that it uses utc * mysql: use a datetime column with microsecond precision in test * tsdb: improved floating point support when converting sql time column to epoch (ms) * added @ngInject * provisioning: dont override permissions * provisioning: simplify db query * mssql: fix precision for time columns in time series query mode * postgres: support running multiple postgres integration tests * postgres: fix precision for time columns in time series query mode * mysql: fix precision for time columns in time series query mode * mysql: mysql tests should use a db server with UTC * provisioning: fixes broken tests * tsdb: add support for more data types when converting sql time column to epoch (ms) * provisioning: check provisiong before saveCmd * provisioning: fixes typo * provisioning: adds error handling * added @ngInject * playlist: add missing nginject attribute * Update annotations.md to contain correct annotations api path * removed console.log * docs: update after #11531 * docs: improves provisoning example text * fix test * convert graphite epoch to ms * skip mssql fix * add mssql and mysql * don't convert to uint64 * scrollbar: fix phantomjs rendering error * prevent angular from evaluating {{hostname}} in tooltip (#11514) * using millis for annotations too * data source: rename direct/proxy access mode in data source settings * Fix ResponseParser for InfluxDB to return only string values * Conditionally select a field to return in ResponseParser for InfluxDB * docs: fixes typo * docs: updated debian distro in install docs to stretch, closes #11527 * Revert files * Fix after merge * Make dashboard JSON editable * guardian: when updating permissions should verify existing permissions * api: allow authenticated users to search current org users and teams * css: quick fix after IE11 changes * scrollbar: fix add panel height bug * scrollbar: styles cleanup * migrating to ts * fixed sidemenu icon issue created by earlier pr * added icons for viewer and editor, fixed add permission team avatar * singlestat: Fix optimization in setTableColumnToSensibleDefault * influxdb: Check before assuming first column to be 'time' * provisioning: fix tests for save provisioned dashboard modal * provisioning: ux fixes when saving provisioned dashboards * graphite: use a query when testing data source * migrated metric_segment to ts * scrollbar: fix search scroller in mobile view * scrollbar: fix graph legend height * changelog: adds note for #11165 * migrated dash_class to ts * migrated segment_srv to ts * removed indent for manage dashboards * scrollbar: fix potential memory leaks in event handlers * skip migration if it is a big number * Use curly brackets around hyperlink help text #11478 (#11479) * scrollbar: fix dashboard width updating for different modes * scrollbar: remove perfect-scrollbar and add baron to package list * scrollbar: fix dashboard width bug * scrollbar: fix 'legendScrollbar.destroy is not a function' error * Alerting: Fixing mobile notifications in Microsoft Teams * created closeDropdown function, renamed appevent, added second appevent for open timepicker * permissions: return user and team avatar in folder permissions api * permission: generate team avatar url with default * migrated playlist-routes to ts * migrated last all.js to ts * scrollbar: fix Firefox scroll position restore * Notes for closing #7119 * changelog: adds note for #11128 * variables: adds test for variable sorting * Add case-insensitive sort for variables. * graphite: fixes #11434 * settings: fixes test * changed from margin to padding * fixes for avatar on adding permission and size for gicon * scrollbar: fix side menu on mobile devices * changed variable for tabbed close btn hover, and changed text-strong variable for lighttheme, removed commented out variable * mssql: typos in help sections * docs: spelling * added if to onAppevent, renamed appevent, add appevent to applyCustom and setRelativeFilter * Webpack Grafana plugin template project to links (#11457) * scrollbar: fix Firefox issue (white stripe on the right of scrollbar) * scrollbar: fix legend rendering issues * Initially move to baron scrollbar * rm panel.type constrain from threshold_mapper.ts (#11448) * No need for node_modules/bin in npm run-script (#11449) * changelog: adds note about closing #11555 * add article * fix some typos * docker: add users and groups to ldap block * timepicker now closes without exiting edit/view mode, close order: modal, timepicker, view * migrated graph_tooltip to ts * started migration to ts * Fix #10555 #6888 Better escape for Prometheus variables * bounnd the esc key to exit timepicker * print to stderr since logger might not exist * settings: return error instead of ignoring it * docs: adds provisioning examples for all datasources * Fixed typo in upgrading.md * docs: rpm install page - update to centos 7 * docs: install pages for v5.0.4 * removed padding for icons and added margin * changelog: another update for v5.0.4 * changelog: update for v5.0.4 * changelog: adds note about closing issues * fixed graphpanel editmode and custom width for right side legend for IE11 * alerting: bad default state for notifiers * Clarified formatting multiple values doc * Add Google Hangouts Chat notifier. * dashboard: allow alerts to be saved for new/provisioned dashboards * add response_parser test * add fallback for gravatar in org/admin view * tech: migrates to none deprecated mail lib * docs: not about email notifications and local img store * alert: fixes broken link back to grafana * docs: update table plugin documentation with value/range to text mapping * cleanup and add more test * table panel: additional fixes for value to text mapping * add value to text mapping * provisioning: better description for provisioned save modal * dashboards: reject updates of provisioned dashboards * notes about closing #9210 * fixed alignment in search + fixed issue ie popup * changelog: adds note about closing #11102 * sidemenu fix for internet explorer 11, changed icon width/height to pixels and added height to logo * docs: prometheus ds, remove 'new in v4.3' note * remove categories from queryPart * fix a terms bug and add test * remove unused import * handle aggregate functions more generic * Add new currency - Czech koruna * docs: update heatmap and prometheus docs, #10009 * provisioning: improve UX when saving provisioned dashboards * styled login page for ie11 * - pipeline aggs support - add some test * support non-nested menu entries * provisioning: removes id from dashboard.json * Handle Interval Date Format similar to the JS variant https://github.com/grafana/grafana/pull/10343/commits/7e14e272fa37df5b4d412c16845d1e525711f726 * Use net.SplitHostPort to support IPv6 * add missing word to graphite docs * set right series name * Missed the 'p d' hint in the popup-menu * Add hints for the 'pd' Duplicate Panel command from PR #11264 * remove README changes * finished CODING PHASE 1 * wip * notes about closing #11306 * cleanup * changelog: unix socket permissions * Adjust permissions of unix socket * docs: fix typos * docs: update postgres, mysql and mssql documentation * docs: update graph panel documentation * docs: tweaks * changelog: adds note about closing #5855 * remove dashboardId check... i can't figure out how the tests work * get circle to run tests again * add dashboardId to test * remove api tests * fix operator * remove constraint from sqlstore * move dashboard error to API (not sql) * legend: small refactoring * changelog: adds note about closing #11278 * docs: spelling * docs: add intro paragraph to provisioning page * Cleanup CircleCI V2 Conversion * Make golint happier * dooh * update the updated column! * using circle as my tester * using circle as my tester * adding tests, but they arent running locally * changelog: notes for #1271 and #2740 * graph: minor fixes to y-axes alignment feature * added save icon to save buttons * removed trash can icon from save buttons * mysql: skip tests by default * Return actual user ID in UserProfileDTO * convert epoch to milliseconds * adding updated column * mssql: update query editor help * mysql: fix precision for the time column in table/annotation query mode * postgres: fix precision for the time column in table/annotation query mode * mssql: fix precision for the time column in table/annotation query mode * mssql: remove UTC conversion in macro functions * mssql: fix timeGroup macro so that it properly creates correct groups * small screen legend right also work like legend under in render + set scrollbar to undefined in destroyScrollbar so it doesnt become disabled when toggeling between right and under * dashboard version cleanup: more tests and refactor * Make golint happier * fixed so legend right works like legend under on small screens * adding created column * Alerting: move getNewState to EvalContext * minor refactor of dashboard version cleanup * refactor: dashboard version cleanup * limit number of rows deleted by dashboard version cleanup * fix dashboard version cleanup on large datasets * docs: add variable regex examples (#11327) * graphite: adds more traces for alerting * sql datasource: extract common logic for converting time column to epoch time in ms * docs: details about provisioning elastic * update email default year and name * dataproxy: adds dashboardid and panelid as tags * Alerting: Add retry mechanism and its unitests * docs: spelling * snapshot: fix legend rendering bug * session: update defaults for ConnMaxLifetime * snapshots: removes errors for empty values in ViewStore * Allocated to a separate alignment block. Replaced the attribute of the second axis by the attribute of the axes. * Expose option to disable snippets * changed var to const, changed to string interpolation * mssql: adds test for time should be ms in table mode * Remove unused kibana images * changed var to const * changelog: adds note about closing #11114 & #11086 * mssql: convert tests to jest * mssql: fix precision for time column in table mode * converted file to ts * changelog: notes about #10093 and #11298 * dashboard: fix phantomjs panel rendering in collapsed row * Fixed unit test. * Changed the way this feature was activated. And changed tolltip. * Added validation of input parameters. * converted file to ts * docs: update using mssql in grafana * fix: only run gofmt on pkg directory omitting vendor directory * fix: dep ensure. now without gofmt on ventor directory * mssql: add integration test to verify stored procedure usage * mssql: encrypt password in database * mssql: remove dynamic construction of metric column and other columns * docker: pin microsoft/mssql-server-linux to 2017-CU4 tag * docs: improve guide for high availability * fix: only run gofmt on pkg directory omitting vendor directory * test * mssql: cleanup and minor refactor * mssql: allow host without port and fallback to default port 1433 * docker: update test dashboard for mssql tests * mssql: cleanup and minor changes * Missed thanks in changelog * Adds pagerduty api update to changelog. * mssql: update readme * mssql: update test dashboard * docs: Using Microsoft SQL Server in Grafana * mssql: remove logos for now * docs: mssql documentation will go into another branch targeting next minor version * Updated roadmap for 5.1 * Minor format changes * Changed Swedish and Icelandic currency * fix failed tests for dashboard view state * dashboard: fix rendering link to panel in collapsed row * docs: update install docs for 5.0.3 * changelog: 5.0.3 * mssql: add alternative logo without text * mssql: strip inkscape from logo * mssql: minor improvements of query editor help * mssql: skip rendering of mssql logos until we have a valid logo * docker: add test dashboard for mssql tests based on test data generated by integration test * mssql: additional integration tests * mssql: support money, smallmoney and decimal data types * mssql: update plugin.json, added description and name MSSQL -> Microsft SQL Server * added indent to dashboards inside folder in search dropdown, and added indent to dashboard icon in search item * session: fork Macaron mysql session middleware * database: expose SetConnMaxLifetime as config setting * database: fixes after xorm update * database: update xorm to v0.6.4 and xorm core to v0.5.7 * prometheus editor: variable autocomplete support (PR #9988) * made a keyboard shortcut to duplicate panel * docs: update mssql documentation * mssql: disable mssql integration tests per default * mssql: timeGroup fill support added. * mssql: add timeGroup integration test * alertmanager: /Creating/Sending/ * mssql: adds fill to timeGroup macro. * allow any database for influx proxy * remove * alertmanager: handle resolved alerts, nodata, and execution errors * add regex search of username and password in urls, which are replaced by strings.Replace * notitfiers: avoid ShouldNotify duplication * fix merge error * alertmanager: if there are no alerts to send, do nothing * docker: change port for prom random data scrape target * mssql datasource: wip * docker: mssql and mssql tests blocks with common build context * fix lint problems * fix lint problems * fix lint problems * read aggregate functions from database * add buildAggregateQuery * Update README.md * docker: fake-data-gen:latest updates * Resolved conflict * docs: more details about slack notifier * properly handle IN queries * docs: updates latest release for docs * changelog: improve description of closed issues * renderer: avoid redirect render requests * changelog: adds notes about 5.0.2 * dashboard: fix import dashboard with alert rule * middleware: recover and retry on session start * alerting: supports extracting alerts from collapsed panels * join multivalue variables with , * revert special handling for IN * put values for IN in parens * dont quote where constraints * docker: add test dashboard for mssql for visualizing data generated by fake-data-gen * add regex operators * mssql datasource: support for timeGroup macro function * Added Kilopascals(kPa) under pressure * Added W/m2(energy) and l/h(flow) * folders: should be possible to browse folder using only uid * remove unused setting * dashboards: should be possible to browse dashboard using only uid * mssql datasource: additional data type tests * docker: add mssql block * Added icon for iOS web app * changelog: add note about closing #8151 * alerting: adds back the link to grafana. * Fix CI * Modify Grafana Pagerduty notifier to use Pagerduty API V2 * graph: minor refactor of histogram mode PR #8613 * changelog: adds note about closing #11220 * style: dont expose func outside package * teams: removes quota on route * changelog: adds note about closing #11143 * changelog: adds note about closing #11107 * Second to HH:mm:ss formatter (#11105) * changelog: adds note about closing #10009 * docs: fix an outdated link to Prometheus's doc * Added concentration units and 'Normal cubic metre' * Corrected work for graphs created before this feature. * Replaced array values to variables yLeft and yRight for easy reading code. * Rename test file according module name. * prometheus: fix bug introduced by #9859 (httpMethod is undefined) * prometheus: add tests for heatmap mode * prometheus: datasource refactor * Fix urls in plugin update_checker logs * changelog: adds note about closing #10029 * docs: add team api link from http api reference page * added test for sorting and filtering * changelog: adds note about closing #9859 * Refactoring * set default value of httpMethod * support POST for query and query_range * cleanup where segment handling * remove limit * handle variables in where constraints * Adding Timeticks unit * properly quote where constraint parts * quote schema and table * docs: minor fix for dashboard http api documentation * build: cleanup * build: removes custom work dir in deploy. * build: upgrades build pipeline from CircleCI 1.0 -> 2.0 (#11162) * github: test new issue tempalte * dev: update dev prometheus2 to 2.2.0 * changelog: adds note about closing #10925 * docs: update latest to 5.0.1 * push 5.0.1 to package cloud * changelog: adds release date for 5.0.1 * bump master build to 5.1.0-pre1 * move quota to dedicated service * Fix indent * docker: add prometheus/example-golang-random to docker-compose blocks * Fix the code to match the documentation. * rename Context to ReqContext * fix, set default highResolution setting * changelog: note about closing #11145 and #11127 * docs: adds note about closing #10632 * removes commented code * removes unused variables * upgrade to go 1.10 * alerting: fixes validation error when saving alerts in dash * add csv templating format * docs: note about closing #11046 * docs: adds note about #10942 * heatmap: add explanation of Time series buckets mode * Add color to prefix and postfix in singlestat * replaced if with classNames * heatmap: able to set upper/lower bucket bound manually * heatmap: refactor * added media breakpoint to legend-right * Documentation: path '~/go' to '$GOPATH' * Update ROADMAP.md * add panel to list now copy, started on jest * docs: improves docs for alert rules * heatmap: fix Y axis and tooltip decimals and units issues * Append test to check not zero level. * Add bs-tooltip to Y-Align element. * move Context and session out of middleware * only use jwt token if it contains an email address * scrolling: faster wheelspeed * docs: improves provisioning description * changelog: adds note about closing #10975. * changelog: adds note about closing #7107 * changelog: adds note about closing #11103 * changed background for mobile menu background on light theme, increased font size in and added border-right in menu * heatmap: fix tooltip count and bucket bound format * alerting: Limits telegram captions to 200 chars. * changelog: note about closing #11097 * hide row actions for viewers * fixes invalid link to profile pic when gravatar is disabled * changelog: adds note about closing #11016 * fix: restores white resize handle for panels, fixes #11103 * changelog: adds note about closing #11063 * fix typo in heatmap rendering.ts (#11101) * docs: add v5.1 to versions * docs: fill for mysql/postgres * ignore iteration property when checking for unsaved changes * changelog: notes for #11055 and #9487 * use net/url to generate postgres connection url * made drop-menu into link * heatmap: sort series before converting to heatmap. * use metricColumn in query builder * set rawSQL when rendering query builder query * fix group by column * clean up aggregation functions * fix variable interpolation * rename field to column * Fix Prometheus 2.0 stats (#11048) * docs: removed beta notice in whats new article * remove spaces around arguments of macros * remove spaces around arguments before calling macro expansion * docs: update current version to 5.0 * docs: update install pages for v5.0.0 * update version to 5.0.1-pre1 * changelog update for 5.0.0 stable * Add metrics that triggered alert to description * build: updated version * heatmap: hide unused Y axis controls for tsbuckets mode * heatmap: format numeric tick labels in tsbuckets mode * heatmap: add rendering tests for tsbuckets mode * Fix Github OAuth not working with private Organizations (#11028) * login: hide sign up if configured so. Fixes #11041 * permissions: fix validation of permissions before update * dashboard: add permission check for diff api route * permissions: remove client validation and handle server validation * dashboards: change dashboard/folder permission error messages * dashboards: handle new guardian error responses and update tests * folders: handle new guardian error responses and add tests * dashboards: don't allow override of permissions with a lower precedence * Alerting: Fix OK state doesn't show up in Microsoft Teams (#11032) * grammar fix, add dir, and remove redundant info * heatmap: use series names as top or bottom bounds, depends of datasource * heatmap: refactor * heatmap: add few tests for histogram converter * fix: changed react-grid-layout to use grafana fork to a commit before https://github.com/STRML/react-grid-layout/commit/15503084fb7b0af826427c8c0706901e5745a39f, this fixes all the panel movement bugs, fixes #10831 * heatmap: fix Y bucket size calculation for 'tsbuckets' mode * gave scroll-canvas-dashboard 100% height in kiosk-mode, fixes #11010 (#11017) * docs: update to install pages for beta5 * changelog: update for v5.0.0-beta5 * added admin icon and permission member definitions(role,team,user) * build: update to version 5.0.0-beta5 * [doc] Fix extra alerting options in installation->configuration * yarn: update lock file with tarball change * build: use tarball instead of git commit for tether drop * improve maintainability * docs: fix type in datasource http api * docs: adds accesskey and secret to securejsonfields * support [[variable:type]] syntax * offer template variables for tags * feature for issue #9911 * Added radiation units * docs: update shortcut docs * dashboards: remove non-supported keyboard shortcuts for delete/collapse row * dashboards: fix keyboard shortcut for expand/collapse rows * dashboards: fix keyboard shortcut for remove panel * snapshots: fixes cleanup of old snapshots * docs: minor folder http api changes * Update ROADMAP.md * Update ROADMAP.md * heatmap: fix bucket labels shift * heatmap tooltip: fix bucket bounds for 'tsbuckets' mode * heatmap tooltip: fix count decimals * heatmap: fix tooltip histogram for 'tsbuckets' mode * heatmap: use buckets from histogram with 'tsbuckets' mode * dashboards: created/updated and createdby/updatedby should be set before save * Add unit tests. * Refactoring code * Fix save as dashboard from folder to General folder (#10988) * changed name of copy tab to paste * added no copies div * prometheus: tests for heatmap format * dashboards: cleanup * folders: use folder api for retrieving folder * dashboards: fix batch dashboard/folder delete response * fix: elasticsearch terms size now allows custom values again, fixes #10124 * added highlighter, fixed setState and changed back flex to spacea around * folders: fix create folder in folder picker * added tabs and searchfilter to addpanel, fixes#10427 * snapshots: change to snapshot list query * prometheus: initial heatmap support * docs: update http api index * docs: dashboard and folder permissions http api * docs: folder http api * permissions: use updated api endpoint for dashboard permissions * fix typos in api, acl to permissions * folders: rename folder_acl in api to folder_permission * dashboards: change api route for dashboard permissions * folders: fix typo * folders: extend folder service tests * dev: docker-compose setup for prom2. * folders: folder api tests * fix: scrollbar position now to max right pos, fixes #10982 * Fixes for heatmap panel in Grafana 5 (#10973) * docs: updated cloudwatch docs add dimension filter as a option for dimension_values query. * folders: folder permissions api tests * dashboards: make fake dashboard guardian available to other packages * fix: added new known data source plugins, and minor migration fix for v1 dashboards * folders: folder permission api routes * folders: fix api error mapping * folders: basic integration tests for folders * folders: use new folder service in folder api routes * folders: new folder service for managing folders * dashboards: created date should be set when creating a folder/dashboard * fix: fixes to signup flow, fixes #9816 * Refactoring code. Change Y-Zero to Y-Level. * fix: fixed github oauth login with allowed orgs filter, fixes #10964, reverts #10851 * fix: plugin dashboard did not get plugin id after import * feat(ldap): Allow use of DN in user attribute filter (#3132) * added scroll to org list modal (#10960) * added an if to check for null to sort null as 0 (#10961) * fix: alert history list now shows on graphs with manually added annotation events, fixes #10968 * provisioning: dont ignore sample yaml files * docs: updated for changelog and docs with beta4 * Correct typo in DashboardInputMissingError * build: updated build version to v5.0-beta4 * graph: added 0.5 point radius option * Shouldn't be able to overwrite a dashboard if you don't have permissions (#10900) * influxdb: escape backslashes in tag values (for alerting) * [elasticsearch] Allow nested fields for annotation source (#10936) * changed m3 and dm3 to fixedUnit, fixes #10920 (#10944) * migrate panels in collapsed rows (#10948) * Share zero between Y axis. * Add hook processRange to flot plugin. * login: migration fix. * login: uses epochs for login throtting. * fix: fixed redirect after save, fixes #10946 * fix: esc key now closes panel edit/view mode as usual, fixes #10945 * docs: updated to beta3 * alerts: refactoring tests * alerting: pausing alerts modifies updated. * test: added integration test for #10941 * refactoring: alert rule query refactoring (#10941) * updated version to v5-beta3 * db: reduce name column size in dashboard_provisoning * teams: adds some validation to the API * docs: status code changes for Team API * docker: add test dashboards for mysql and postgres for visualizing data generated by fake-data-gen * cli: download latest dependency by default * Revert 'removes dependencies install for plugins' * migrate minSpan (#10924) * Close modal with esc (#10929) * repeat row: fix panels placement bug (#10932) * docs: team API. Closes #10832 * Update sample.ini * Update ldap.toml * Update ldap.md * Minor typo fix * plugins: update meta data for all core plugins * alert notifiers: better error messages. * support cloudwatch high resolution query * chore: adds comment for exported function * updated download links * docs: Updated changelog * updated package.json version * fix: more phantomjs fixes * fix: refactoring #10922 * Fix phantomjs legend rendering issue, #10526 * mark redirect_to cookie as http only * dashboard: whitelist allowed chars for uid * updates readmes for mysql and postgres (#10913) * Set default threshold axis to 'left' for panels created before this feature. * provisioning: adds setting to disable dashboard deletes * tech: dont print error message on 500 page * removes dependencies install for plugins * tests: makes sure we all migrations are working * provisioning: uses unix epoch timestamps. (#10907) * improve error message for invalid/unknown datatypes (#10834) * add AWS/States Rekognition (#10890) * Dashboard acl query fixes (#10909) * wip: dashboard acl ux2, #10747 * permissions: refactoring of acl api and query * bug: return correct err message * initial fixes for dashboard permission acl list query, fixes #10864 * provisioing: always skip sample.yaml files * provisioning: handle nil configs * sql: removes locale from test to mirror prod. * adds tests that validate that updated is correct * provisioning: code formating * provisioning: adds logs about deprecated config format * provisioning: support camelcase for dashboards configs * provisioning: support camcelCase provisioning files * API Integration Tests via jest (#10899) * ux: refactoring #10884 * Invalid url in docs * Duplicate typo fixed * add 13-24 for min width (#10891) * sass/base: import from current dir in _fonts.scss (#10894) * fix: removed logging * fix: sql search permissions filter fix * provisioning: Warns the user when uid or title is re-used. (#10892) * Minor typo fix * new dashboard is now hidden from viewer, fixes #10815 (#10854) * fixed bg gradient, fixes #10869 (#10875) * login: fix broken reset password form (#10881) * moved div in code * added buttons and text to empty dashboard list * docs: spelling. * docs: update dashboard permissions http api docs * Cloudwatch dimension_values add dimension filter. * dashboard: always make sure dashboard exist in dashboard acl http api (#10856) * Fix #10823 (#10851) * provisioning: better variable naming * ux: minor tweak to grid resize handle color * teams: use orgId in all team and team member operations (#10862) * permissions: might have a solution for search * Fixes for graphite tags editor (#10861) * fix: clear items list before fetching permissions list * provisioning: dont return error unless you want to cancel all operations * provisioning: createWalkFn doesnt have to be attached to the filereader anymore * provisioning: update sample config to use path * provisioning: avoid caching and use updated field from db * update README.md regarding running tests * update README.md regarding running tests * docs: minor docs update * docs: updated docs landing page * provisioning: delete dashboards before insert/update * user picker should only include users from current org (#10845) * Correct code style. * db test: allow use of env variable for database engine to run tests for * dashboard and folder search with permissions * provisioning: fixed bug in saving dashboards. * dashboard: fix delete of folder from folder settings tab. * append test to thresholds on right axis * Update logic for create/update dashboard, validation and plugin dashboard links (#10809) * added width class to add member choose (#10835) * add where constraint handling * add query_builder * docs: adds uid to dashboard.json reference docs * Fix #7107 * fix: initial fix for #10822 * fix: folder redirect after creation * dashfolders: fixes #10820 * fix: fixed bug with redirect after new dashboard saved, related to buggy angularjs location path/url and base href, fixes #10817 * docs: describe uid for dashboard provisioning * fix: removed old shortcut that does not exist, fixes #10802 * build: fixed recovery test * fix: css fix, found a better way to fix #10772 * fix: minor build fix * fix: error handling now displays page correctly, fixes #10777 * heatmap tooltip: minor refactor * fix: changed dashboard title length to match slug length, will fix mysql index size issue, fixes #10779 * docs: added graphite section * docs: minor update * graph panel: fix csv export (series as col) (#10769) * org-switcher: should redirect to home page (#10782) * embedded panel: hide side menu during init (#10788) * docs: update http api for api index, dashboard, folder and dashboard search * scroll: css for #10722 * dashlist: scroll fix when no header * docs: video fix * Update changelog with deprecation notes of http api * redirect 'permission denied' requests to '/' (#10773) * docs: fix * scroll: use wheelpropagation. Ref #10772 * docs: update dashboard model, persistent urls and api changes in what's new in v5 * docs: fix download link * docs: minor update * docs: adds http api dashboard permissions * docs: updated whats new * docs: update dashboard model, new url structure and api changes in what's new in v5 * build: updated publish script * docs: update docs with download links * build: increased version to beta1 * fix: fixed permission list caching issue, fixes #10750 * Stale permissions (#10768) * adds unique index for org_id+folder_id+title on dashboards (#10766) * docs: fix links in HTTP API Reference page * dashboards: render correct link for folder when searching for dashboards (#10763) * fix panel menu caret placement (#10759) * permissions: fix link to folder from permissions list * dashboard: fix loading of snapshot and scripted dashboard (#10755) * changes to new urlformat for home dashboard (#10738) * fix: alert list links did not work, changed dashboardUri to Url, this is breaking api change in alert api (#10756) * docs: typos and wording. * ux: hide sidemenu in kiosk mode, and while playlist is playing, fixes #107402 * dashboard: fix redirect of legacy dashboard url's * make metricColumn functional * add metric column selector * docs: add spaces to timeseries example * fix: restored tags to search * fix frontend validation for creating new folder and import dashboard (#10737) * #10724 Fix whitespace * poc: merge sync * #10724 Fix finding the x bucket * docs: dashboard provisioning * handle new error message * removes uid when using 'save as' * dashfolders: rename Root folder to General. Closes #10692 * Light theme icon color (#10730) * folders: use new folder api in frontend * folders: changes and updated tests after merging permissions and new url structure * folders: rename api files * dashboards: revert logic of returning 404 in dashboard api if it's a folder for now * db: fix failing integration tests for mysql and postgresql * docs: add examples for dashboard permissions * Update search datasource by name API path * fix for dashboard/folder url's when having a sub path in root_url config * ux: added max width to dashboard settings views * add gofmt as precommit hook * dashfolders: adds test for permission store * dashfolders: adds permission modal to dashboard settings * register handler for get dashboards by slug * make it easier for dashboards to generate ur; * changes dashboard url in alertlist * alert: use new url format * Improve logging in the phantomjs renderer (#10697) * route params from angular to view store should be updated on routeChangeSuccess * repeat panel: process repeats when row is expanding (#10712) * folders: changes needed due to merge * docs: removed section with session table sql, that is not needed anymore * ux: fix for responsive breakpoints and solo mode showing sidemenu * support multiple histogram series * docs: moved whats new article to master * ux: fixed issue with zoom on graph caused scroll, fixes #10696 * dashboard: refactor logic for retrieving url for folder/dashboard * update text, fix a few typos * dashboards: update dashboard/folder url if browser url is not the same as from backend * dashboards: when restoring a dashboard to an older version, set current uid * dashboards: fix updating folder so that correct url is returned * dashboards: remove slug property in dashboard search responses * folders: change the front end route for browsing folders * dashboards: add validation to delete dashboard by slug * dashboards: new route for deleting dashboards by uid * plugins: return table with empty rows array insteaf of nil * retry uid generation * fix: use replace when redirecting to new url * ux: Change input width of UserPicker and TeamPicker in AddPermissions component #10676 * viewstore: fix test after merge * tests: Add TeamPicker test and update TeamPicker/UserPicker snapshots so they match the latest classNames update #10676 * dashfolders: fix for folder picker * ux: Add an optional className to the UserPicker and TeamPicker #10676 * dashfolders: fixes #10671. Allow Editors default access to Root. * docs: added redirect from old provision page, #10691 * tests: Move tests from Permissions to AddPermissions #10676 * tests: Update tests in PermissionsStore and rem out the Permissions-tests for now #10676 * docs: added permissions page and updated folder docs * dashfolders: text change * dashfolders: special case for folders in root * add groupby to querybuilder remove unused aggregations * gofmt... * spelling * Verifies requirement of id in dashboards. * ux: POC - Update 'Add permissions' design and add a fancy animation #10676 * ensure dashboard title is unique in folder * docs: Remove obsolete Ansible rule (#10689) * docs: Fix outdated provisioning link (#10690) * Renamed 'Period' to 'Min period' in CloudWatch query editor (#10665) * created cta-bg variable and changed bg color on light theme (#10693) * Repeat panels when row is expanding (#10679) * dashboards: make scripted dashboards work using the old legacy urls * dashboards: redirect from old url used to load dashboard to new url * docs: updated whats new * playlist: fixes #10254 * dashboards: add new default frontend route for rendering a dashboard panel * alerting: small refactoring * dashfolders: POC - Use separate component for 'Add permission' #10676 * removes uniqnes check on slug when saving dashboards * Drops unique index orgid_slug from dashboards. * plugins: return empty tables array insteaf of nil * url: fix for boolean querystring parameters * moved icon (#10681) * docs: updated whatsnew * docs: progress on whats new article * docs: updated version * docs: fixed order of sidemenu * test: fixes failing test in go1.10 * dashboards: fix links to recently viewed and starred dashboards * dashboards: use new *url* prop from dashboard search for linking to dashboards * dashboards: when saving dashboard redirect if url changes * dashboards: add new default frontend route for loading a dashboard * dashboards: return url in response to save dashboard. #7883 * dashboards: ensure that uid is returned from getSaveModelClone * alertlist: disable pause button when user does not have permission * dashboards: revert adding api for retrieving uid by slug * util: remove retry logic in shortid_generator * dashboards: add url property to dashboard meta and search api responses * dashboards: api for retrieving uid by slug. #7883 * dashboards: add support for retrieving a dashboard by uid * dashboard: change unique index for uid to include org_id * dashboards: return uid in response to creating/updating a dashboard. #7883 * dashboards: extract short uid generator to util package. #7883 * dashboard: fix failing test. #7883 * dashboard: generate and include uid in dashboard model. #7883 * db: add migrations for creating a unique index for uid. #7883 * db: add migrations for generating uid for existing dashboards. #7883 * db: add new column uid to the dashboard table. #7883 * enhance render function * add postgres_query.ts * moved icon (#10681) * dashfolders: remove inline styles * fixed width of images and removed gifs and fixed text a bit in search * docs: fixed order of sidemenu * test: fixes failing test in go1.10 * new gifs for search * docs: adds more info about whats new in v5 * docs: updated versions.json * alerting: add permission check in api for pausing alerts * query builder changes * dashfolders: adds comment for dashboard api tests * more query builder components * docs: added versions file * dashfolders: adds comment for dashboard acl test * api: extract api test code to common_test.go * repeat panel: minor refactor * WIP: folder api. #10630 * changed img for shortcuts * replaced img in export_import and sharing * Fix horizontal panel repeat. Fix #10672. * dashfolders: Add min-width to align icons in permissions list and some margin between icon and text #10275 * ui: Fix Firefox align issue in dropdowns #10527 (#10662) * fix: InfluxDB Query Editor and selecting template variable in where clause caused issue, fixes #10402, fixes #10663 * dashfolders: link to folder for inherited permissions * test: Update Tooltip test to check for className support * changed img-link for timerange imgs and some text * fix: remove repeated rows when repeat was disabled. (#10653) * test: Update Popover test to check for className support * dashfolders: Get rid of unused import #10275 * dashfolders: Use grafana's question mark instead of FA's and use the react tooltip instead of angular's #10275 * dashfolders: Add className to Tooltip component * fix: don't show manually hidden sidemenu after view mode toggle (#10659) * dashfolders: css class as parameter for Picker * dashfolders: select with description for permissions * fix: show sidebar after mouse wheel scrolling (#10657) * fix: tweak of PR #10635 * ux: minor tweak of #10634 * plugins: only set error if errorstring is not empty * Revert 'Fix typeahead to avoid generating new backend request on each keypress. (#10596)' * call render in query * dashfolders: add help popover. Add folder title for inherited permissions * dashfolders: use react component for dashboard permissions * added hash rate units for monitoring mining processes * replaced input with gf-form-dropdown * reverted media queries * graphite: fix nested alerting queries (#10633) * fix for sm * added media break for md and sm * dashfolders: add disabled Admin permission to list * tech: upgrade to golang 1.9.3 * Locks down prometheus1 to v1.8.2 in live-test. * fix typo in parameter. (#10613) * dashfolders: autosave permissions on change (remove update button) * changelog: move all 4.7 changes into 5.0 * changed some img-links, updated text for annotated img, more work on whats new in v5.0 * changelog: be more explicit about backwards compatibility * WIP: Protect against brute force (frequent) login attempts (#10031) * dashfolders: fix tests for ViewStore after merge * Fix typeahead to avoid generating new backend request on each keypress. (#10596) * fix vertical panel repeat (#10619) * graph: fix series sorting issue (#10617) * dashfolders: New snapshot since we changed from defaultValue to value per latest React documentation #10275 * refactor: Replace _.find with Array.prototype.find() * dashfolders: Convert mobx observable to js objects and remove the observer() since we want to use the component outside the react/mobx world #10275 * dashfolders: Clean up more variables and move newType, aclTypes and permissionOptions to the store #10275 * dashfolders: Remove variables not used and pass in the real dashboardId #10275 * dashfolders: Remove those 2-line-components from PageHeader to make it easier to read and make sure components listening to the mobx state are wrapped with observer() #10275 * dashfolders: Add support for breadcrumbs in NavStore #10275 * dashfolders: Rename UserPicker folder => Picker. Inject the permission-store in the FolderPermissions-container instead of the Permissions component, add the PermissionsStore to the RootStore and and the error-message to the Permissions-store #10275 * dashfolders: Add Permissions information box #10275 * dashfolders: Fix page max width #10275 * dashfolders: Update jest tests with backendSrv #10275 * dashfolders: Add a Team Picker component and use it on the dashboard permissions page #10275 * dashfolders: Working user picker on the dashboard permissions page #10275 * dashfolders: Send down backendSrv to the react components #10275 * dashfolders: Re-use the API of the angular user picker instead, which is reusable #10275 * provisioning: delete dashboards from db when file is missing * dashfolders: Remove the PermissionsInner-strategy since we have a container for this route now #10275 * dashfolders: Permissions are injected via MST so it needs to be defined as optional #10275 * dashfolders: Add FolderPermissions container and make sure isFolder is passed to PermissionsStore #10275 * dashfolders: Always get dashboardid and backendsrv from props #10275 * dashfolders: Rem code to avoid tests to fail #10275 * wip: More on the permissions. Left are team picker and user picker, tests and error messages #10275 * fix: mobx-react-devtools is a dev dependancy #10275 * dashfolder: wip: More wip on acl.html2permissions.tsx #10275 * dashfolders: wip - Move Permissions into React #10275 * variables: lint fix * variables: fix when datasource returns error * fixes broken phantomjs rendering * added varibale to table hover, lightend colors for table light theme, fixes #10609 (#10611) * added whats new v5, changed link in notifications, removed row from getting started * fixes minor typo * provsioning: dont stop grafana due to missing * Disable prefix and postfix font size when gauge mode is enabled (#10573) * docs: improve docs for image uploaders * cfg: remove local as default image uploader * docs: Add haproxy example for running behind reverse-proxy * provisioning: enables title changes for dashboards * Cloudwatch: add support for multi instances (#10570) * ux: minor change, added import dashboard link to dashboard search side view * tech: adds/removes in vendor folder according to dep 0.4.0. * docker: sync local time and timezone to mysql_tests block * dashfolder: fix for sqlite test * dashfolder: fix for mysql test * mysql: pin the mysql dependency * tech: ignore /public and /node_modules * tech: ignore /data folder for dep * docs: first draft of dashboard folders docs * plugins: map error property on query result * stats: send amount of stars as stats * tech: avoid using deprecated functions * style: minor code style changes * dashboards: save provisioning meta data * provisioing: add lookup table provisioned dashboards * refactor: minor css class naming change of #10505 * refactor: minor refactoring of PR #10560 * cloudwatch: fix ebs_volume_ids by create a client-session before call ec2:DescribeInstances. (#10566) * docker: use mysql and postgres from latest fake-data-gen * Update OpsGenie Notifier to support different api domains. * 10583 panel resize icon fix (#10585) * dashboards: Fix issue with first click when expanding folder in search * cfg: adds info about local img uploader to docs * docs: adds info about local img uploader * changelog: adds note about closing #6922 * changelog: note about closing #9664 * changelog: adds note about closing #9770 * start query builder ui * Disable instead of hide mode options when line/points is unchecked * dashfolders: show folders use can save to in picker * dashfolders: fix bug in save as modal * Add lumens unit * add docs for configuring OAuth with Auth0 and Azure AD * install dep instead of govendor on setup * remove unused code from vendor * migrate from govendor to dep * fix: cloudwatch corrected error handling so original error is not thrown away * go fmt * support for decoding JWT id tokens * ds: updated ds nav * feat: ds edit fix * feat: ds edit nav * Generic Oauth Support for ADFS (#9242) * Recommend a limit on database query * Adjusted the border color on the buttons in dashboard nav, fixed alert email text area width, fixed padding-top issue on dashboard settings aside * dashfolders: stop user locking themselves out of a folder * dashfolders: add breadcrumbs to NavStore * codestyle: extract code into methods * mysql: convert numbers to text for annotation tooltip * mysql: update to use ColumnTypes interface in new version * mysql: update mysql driver to latest master * gofmt my dear friend * ux: updated react-layout-grid * plugins: send secureJsonData unencrypted * Make file_reader follow symlinks * dashboards as cfg: property path replaces folder * moves datasource plugin model to grafana/grafana_plugin_model * Update package.json * fix: fixed build issue * fix: multi valued query variables did not work correctly, fixes #10539 * move graphite /functions parsing into gfunc.ts * remove duplicate sass rules * fix tests & some display issues * fix: graphite func editor fixes, this component is messy and ugly as hell * fix: minor fixes * fix: restored previous behavior of form_dropdown, this fixes all my observerd bugs with the dropdown behavior * fix: query editor needs to wait for function definitions to load * fix issue with metric find & functions being loaded multiple times * interpolate variables in tags & values during autocomplete * fix typo * update rst2html * fix line length, run jscs & jshint in precommit * function description formatting * tooltips for function definitions * support specifying tag_values('<tag>') as graphite template query * use typeahead value in graphite find requests * send prefix when auto-completing tags * add button to trigger evaluation of tag queries * sync function categories with graphite-web * work on tag dropdown behavior * support for loading function definitions from graphite * Update building_from_source.md * Update README.md * Update default_task.js * Clearer naming for dashboard provisioning config. * ux: dashboard nav and settings tweaks * Tag filters in search (#10521) * fix: save as enter key now works and folder selection also works, fixes #10464 * use context over golang.org/x/net/context * docs: small update to IIS proxy docs * added a variable for grid color and if statment to switch colors, fixes #10509 (#10517) * dashboards as cfg: logs error when trying to import dashboard with id * code style fixes * dashfolders: bugfix after rename * dashfolders: bugfix after rename * Adds Table in backend datasource contract. * fix: share snapshot controller was missing ngInject comment, fixes #10511 * Use URLEncoding instead of StdEncoding to be sure state value will be corectly decoded (#10512) * Optimize metrics and notifications docs * Optimize cli and provisioning docs * imguploader: Add support for new internal image store (#6922) * docs: Guide for IIS reverse proxy * changelog: adds note about closing #9645 * telegram: Send notifications with an inline image * telegram: Switch to using multipart form rather than JSON as a body * telegram: Fix a typo in variable name * dashfolder: refactor breadcrumbs in PageHeader * dashfolders: convert folder settings to React * Adds Tables types to protobuf * fix: alert list pause/start toggle was not working properly * fix template variable selector overlap by the panel (#10493) * Review tsdb protobuf contract * dashboard: Close/hide 'Add Panel' before saving a dashboard (#10482) * supports windows compatible plugin binaries * fix: removed unused param * Fix variables values passing when both repeat rows and panels is used (#10488) * moved angular-mocks out of dependencies * ux: minor change to alert list page * ux: minor word change to alert list * fix: updated snapshot test * moves plugin proxy to plugin package * Add eu-west-3 in cloudwatch datasource default's region (#10477) * fix: Make sure orig files are not added to git again #10289 * improves name for plugin logger * fix: Remove conflict file #10289 * text panel: fix $apply already in progress error (#10486) * uses pluginmanagers log instead of global * 10389 react tooltip components (#10473) * test: Updated snapshot for UserPicker jest test #10289 * ux: When adding a new panel we should scroll to top until we figure o… (#10417) * removes commented code * naming fixes and added test file * makes datasource handshake more explicit * backend plugins: improves logging * dashfolders: show/hide create folder or dashboard buttons * dashfolders: fix mergeconflict error * dashfolders: prettify * dashfolders: check permissions for new dashboard * dashfolders: allow any signed in user to get list of teams * fix gofmt warning * dashfolders: permissions for saving annotations * dashfolders: disable save button after save of acl * dashfolders: on folder page, hide tabs if not has admin permission * dashfolders: remove role requirements on dashboard routes * dashfolders: must have admin permission to save/see dash acl * dashfolders: prettify on tests file * dashfolders: permissions tab in dashboard settings * dashfolders: permissions tab for dashboard folders * fix for unsaved changes popup on tab close/refresh * fix: Clean up logging and remove unused css #10289 * fix: Rename directive user-pickerr (yes two r's) to select-user-picker * fix: Accidently added the conflict files (#10289) * test: Add snapshot tests for UserPicker and UserPickerOption (#10289) * fix: Add interface for props to UserPickerOption (#10289) * ux: POC on new select box for the user picker (#10289) * dashboard: fix opening links in new tab (#10465) * alert list: fix rendering timeout when share panel (#10467) * fix missing profile icon (#10469) * More fixes for relative urls when running Grafana under a different sub path (#10470) * put this.props.search in the Highlighter * moved state handling for search to store * Delete CopyQuery.png * Delete tgr288gear_line6.pdf * fix: added back colors to rootScope, fixes #10462 * fixed the subUrl bugs from https://community.grafana.com/t/suburl-not-work-at-some-links-and-buttons/4701 with folder/settings/teams etc. * added /** @nginject */ * Fix typo in error message * updated snapshot * styling fix * added highlight to search * Updates go-stack to v1.7.0. * docs: adds note about tlsSkipVerify to docs * fixed regex issue * made a view of filtered list * updated jest file and snapshot * Remove silly noise * Update tests to match new reality, and rejig the implementation a bit to truly work as desired * Align queries to prometheus with the step to ensure 'rate' type expressions get consistent results * plugin: fix path for app plugins on windows * added search function * new styling and markup * cleanup: removed unused typescript typings import * new add alert notification channel icon * mobx: poc in using each store as individual prop on the react containers (#10414) * fix: Change max size of panel JSON editor so button is shown on smaller screens, #10346 (#10415) * poc: began react panel experiments, step2 * poc: began react panel experiments, step2 * Add AWS/AmazonMQ namespace metrics to CloudWatch tsdb (#10407) * add docs for using oauth login with OneLogin (#10385) * Update built_in_plugins.ts * poc: began react panel experiments * added empty list cta to notification channels, fixes 10393 (#10400) * mobx: fixed issue with view store, and added missing snapshot * tech: enzyme container test working * tech: enzyme container test working * react: trying to get enzyme and mobx tests working * tech: url and query mobx store so now react components and containers can read and modify url path and query via mobx store * tech: alert list react migration progress * fix info popover, #10302 (#10377) * fix move dashboard variables, #10347 (#10375) * dashfolders: relative links should work when root_path is specified (#10363) * fix mixed datasource add query button, #10316 (#10361) * tech: react mobx progress * Doc version and schemaVersion properties of dashboards * tech: began reworking alerting list to mobx * tech: progress on react pages * prom: fixes broken test * prom: make $__$interval the first suggested range vector * fixes log typo * imguploader: log if the configuration is invalid * changelog: adds note about closing #8955 * renderer: avoid calling Handle twice * migrated file to ts * dashboards as cfg: moves dashcash into its own file * dashboards as cfg: create dashboard folders if missing * fixed error * migrated files to ts * tests: for skipping with hidden folders * Implement Azure Blob external image uploader * migrated datasource to ts * tech: minor progress on mobx state tree & react containers, working on unit testing * Fix tooltip unit when legend isn't shown (#10348) * refactor: minor refactoring of PR #10236 * don't save dashboard on make editable, #10236 * fix scripted dashboard loader, #10350 (#10351) * new aws region cn-northwest-1 (#10353) * Dashboard: View JSON improvements (#10327) * refactor: tried to simplify and also minimize scope a bit for #10323 * ignore trailing whitespace (#10344) * (prometheus) show label name in paren after by/without/on/ignoring/group_left/group_right * dont spawn new subprocess while shutting down * Fix small singlestat value display * fix: fixed issue with optimized build, fixes #10333 * migrated file to ts (#10328) * plugins: restart killed plugins * query result should be a map * prom: removes limitation of one query per tsdb call * changelog: adds note about closing #10222 * pagerduty: fixes invalid default value * fix: remove unused code * dashboard: copy panel to clipboard * pagerduty: adds test for reading auto resolve setting * code formatting fix * migrated files to ts + fixed specfile * tech: cleaned up unused stuff * ux: removed unused stuff form style guide * prettier: ran on all files again, sorry. now settings are defined in package.json * tech: mobx tests * Add avatar to team and team members page (#10305) * Various dashboard folders improvements (#10309) * mobx: progress on poc * test for plugin path builder * merge backend datasources and datasources * use int64 for timestamps * fixes invalid valud/timestamp order * fix: unit test fixed * prettier: change to single quoting * ux: minor name change to search sections * db: fix postgres regression when comparing boolean columns/values (#10303) * dashboard: delete row improvements * poc: mobx test * fix missing comma in documentation output example * fix broken link (#10291) * minor fixes and formatting after review * dashfolders: use validation service for folder creation and dashboard import. #10197 * dashfolders: support creating new folder when moving dashboards. #10197 * dashfolders: support creating new folder when saving a dashboard. #10197 * dashfolders: support creating new folder in dashboard settings. #10197 * dashfolders: support creating new folder from the folder picker. #10197 * poc: mobx poc * tech: ran prettier on all scss files * tech: ran pretttier on all typescript files * search: closes dash search when selecting current dashboard (#10285) * fix: Original dashboard link from snapshot should be an a-tag, not a button (#10269) (#10283) * dashboard: fixes #10262 * added new to new dahsboard and folder * test: Update test with new component signature * pushover: update default message * delete unused icon files * fix: The /logout route should always full page reload (#10277) * tech: added prettier to precommit * ux: Add icon to selected option in PageHeader navigation on small screens, update select boxes for Firefox so the arrow to the right is aligned with the other select boxes (#10190) * ux: Fix color picker positioning when scrolled down to the bottom of a page (#10258) (#10271) * test: remove unused code * alerting: make alert extractor backwards compatible * alerting: move test json into files * Use strings.TrimPrefix to make sure relative url doesn't start with forward slash * Update README.md * fix: Navigation on small screens when Grafana is installed in a sub directory (#10252) (#10261) * cloudwatch: fixed optimized build issue, fixes #10174 * fix text panel rows limit (#10246) * use ace editor in panel edit (#10245) * docs: mysql example with macro * docs: mysql macros update * fix: reduced team name column length, fixes #10244 * ux: Add missing icon for login with grafana-com, fixes #10238 (#10249) * Kinesis Metric Capitalization * merge backend-datasource and datasource type * dashfolder: nginject fix * teams: missing nginject attribute * grid: disable resize and drag on non editable dashboards, closes #10235 * logging: removed logging from panel loader * menu: fixed create default url * fix: dont show settings for viewers * prometheus: change default resolution to 1/1 * fix: viewers can edit now works correctly * fix: fixed minor ux and firefox issues, fixes #10228 * ux: minor fixes * profile: use name or fallback for profile page * fix: sidemenu profile main text is now username instead of name * build: update master version to 5.0.0-pre1 * dashfolder: change to migration text * ux:s sidemenu icon rules * teams: add team count when searching for team * changed background color for infobox and new blues in light theme, light theme now uses blue-dark in panel query (#10211) * ux: fixed navbar issue when sidemenu closes * ux: minor position change for layout selector, fixes #10217 * fix: view json from share modal now works, #10217 * ux: used new add data sources icon * dashfolders: styling of selected filters * dashfolders: styling of selected filters * dashfolders: fix moving plugin dashboard to folder * changelog: adds note about closing #9170 * dashfolders: fix folder selection dropdown in dashboard settings * fix for merge conflict * add links for large cta * resolve merge conflict * dashfolders: bulk move/delete improvements * snapshots: fixed snapshot issues, fixes #10214 * docs: include all notifiers type * replaced old table with filter-table, removed edit button, made whole rows to links * playlist: fixed playlist buttons in dashboard header, fixes #10213 * docs: update latest version to 4.6.3 * ux: minor changes to search input * Magnifying glass on search fields #10188 (#10206) * templating: made templateSrv globally accessable as ES6 module, DashboardRow can not interpolate row title * fix: ignore row clones in schema migration * proxyds: delete cookies except those listed in keepCookies * dshttpsettings: Move whitelisted cookies to end of config page * proxyds: failing test for keepCookies * dshttpsettings: add field for cookies that should be kept * dashfolders: /dashboards should render index page with a 200 OK * update version for packagecloud * dashfolders: bulk move/delete improvements * add release date for 4.6.3 * fix: after removed file * dashfolder: fix after backendSrv change * dashboard: fix test after merge conflict * orgswitcher: update test * Avoid ID validation before provisioning dashboards * annotation icon fix * udpate dark json icon * dashboard settings icons * replace icon on dashboard list (fa-th-large - looked squished) with a smaller version of dashbord icon. This may not be the best way to do the css, so it's a separate commit * new icons created and added to nav * changelog: adds note about closing #7481 * fixes broken unit test * alertmanager: endAt should only be used if we have the correct value * alertmanager: code style * alerting: reduce log level for notifiers * Alertmanager notifier: add 'metric' labels if no tags * Alertmanager notifier: make it match the new notifier interface * support alertmanager * Replace Read Only Editor role with ViewersCanEdit setting (#10166) * dashfolders: bulk move dashboards synchronously * dashfolders: remove error message when moving to the same folder. #10135 * teams: Fixes to edit team page * ux: minor text change to #10177 * made template link look like input (#10198) * minor tweaks * execute process directly instead of creating sub shell * Dashboard grid fixes (#10194) * refactor: minor change to #10199 * fix broken 'd r' shortcut (refresh dashboard) (#10199) * ux: updated login page * fixes switching org when url contains orgId querystring param * build: fixed build issue * ux: refactoring login page change * navmodel: fix for signout link on pref page * change protip to go to manage dashboards * search: worked on search results * added select-wrapper to where it was missing for unified look * changelog: adds note about closing #10151 * ux: wip - Login animation POC (#9879) * changelog: adds note about closing #9318 * ux: Move 'Sign up' and 'Reset password' to its own pages - and remove all inline styling (#9879) * fixes broken alert eval when first condition is using OR * ux: org user management changes * removes unused property * fixed edit team header, fixes #10172 * changed width to input fields (#10184) * ux: added search box to ds list page, closes #10106 * ux: change members to users * plugins: fixed plugin edit page and plugin page * dashfolders: Minor css fixes for bulk edit * dashfolders: Minor css fixes for bulk edit * docs: SSL Mode config settings for Postgres * dashfolder: settings page for folder * removes verbose logging * fix: FolderId and IsFolder when saving dashboard * ux: fixed inactive view mode and removed animation * removed unused declaration * updated dashlink editor, now has list * fix: Handle state when no password is entered on registration page (#9879) * adding support for sgl native time datatypes * added missing cases for DATETIME datatype * ux: move add member into its own page (#10167) * Add a per-notifier ShouldNotify() * minor fix for #10136 * Fix graph legend scroll (#10169) * fix colorpicker colors order (width issue) (#10170) * graphite: remove check so that query is sent even for possible non leaf nodes * fix: fixed build failure * ux: Use the previously renamed classes (#9879) * fix: fixed dashboard api tests * fix: don't detect graphite version before it's saved * updated new dashboard folder * ux: style tweaks * ux: Update ui of login buttons via third parties and add link to sign up page (#9879) * redesigning links editor * ux: search look update * tech: updated version for react-grid item * build: fixed unit test failure * Extracted row matching function and added comments * allow overriding dashboards from api * redesigning links editor * graphite: minor fix for PR #10142 the query was being sent for every segmen t you selected before you completed the metric path * build: fixed broken test * refactor: minor change to panel json fix PR #10156 * Move panel JSON editor to modal dialog (#10156) * ux: minor updates to dashboard settings * ux: dashboard settings updated * new dashboard and folder in search (#10152) * avatar: avoid concurrent map writes * redesign dashlinks * fix: fixed issue with optimized build grid directive missing ngInject comment, fixes #10161 * annotations: allows template variables to be used in tag filter * Add default message for Pushover notifications * refactor: format files by gofmt * ux: Adjust margins when external auth providers are enabled (#9879) * ux: dashboard settings progress * ux: dashboard settings work progress * dashfolders: new dashboard with folder selected * ux: wip - Push pixels for new login, remove inline styling, change so we use media queries using min-width instead of max-width and make sure it looks ok across all screen sizes (#9879) * ux: dashboard settings work progress * backend plugins: manage plugins lifecycle with context * ux: dashboard settings progress * ux: dashboard settings progress * ux: dashboard settings progress * backend plugins: dont swallow errors * fix: fixed failing test * backend plugins: cleanup protobuf files * ux: dashboard settings progress * backend plugins: add more datasource params * Type-agnostic row merge in table transform for multiple queries * ux: dashboard settings progress * ux: fixed navbar and sidemenu z-index issue and improved responsive rules * code style * implement upstream changes * fix: fixed build failure * changelog: adds note about closing #10131 * Explicitly specify default region in CloudWatch datasource (#9440) * add encoding param * wait for all sub routines to finish * fix function re-ordering broken in #9436 * add missing value fill code to mysql datasource * hyphenhyphen * support metric trees of varying depth, never send '.select metric' to graphite * simplify function parameter addition * ux: dashboard settings progress * fix typo * ux: minor changes * implement missing value fill functionality for postgres * allow optional 3rd argument to timeGroup to control filling missing values * ux: navbar progress * improve handling of query references * build: fix for tslint * ux: form styles polish, improvement but can be better * pass tsdbQuery to transformToTimeSeries and transformToTable to get access to selected frontend timerange * demonstrate parseTarget issue * fix: fixed panel size rerendering issues * pass Query to MacroEngine Interpolate * ux: work on dashboard settings views * dashfolders: Do not allow loading a folder as a dashboard * fix: Remove console.log * dashfolders: Folder picker should set correct default values. Fixes #10135 * refactor: user groups to teams, replace rest mentions * refactor: user groups to teams, rename backend files * refactor: user groups to teams, rename frontend files * refactor: rename User Groups to Teams * changelog: adds ntoe about closing #10111 * ux: forms style font size change * ux: dashboard settings progress * postgres: change $__timeGroup macro to include 'AS time' column alias (#10119) * new timepicker is working * dashfolders: Create nav model for folder page client side #10083 * ux: minor change to new folder page * fix for search dropdown on small screen + icon overlapping fix (#10091) * ux: added react scrollbar component and added it to add panel panel * tech: updated ngreact and with custom PR applied * refactoring: #10130 * Revert 'Don't animate panels on initial render (#10130)' * Don't animate panels on initial render (#10130) * refactoring: fixing bug when all values are null * fixes broken test * dashfolders: Hide search input area when showing CTA. #10083 * ux: graph legend refactoring * improve error handling for datasources as cfg * improve sample datasource.yaml * make gitignore more generic * grid css transforms: minor refactor (#10128) * dashboard grid: enable CSS transforms (#10125) * fixes issue with datasource/dash as cfg and gitignore * refactoring: changing how graph height and legend height is calculated, using flex box seems to actually work, #10079 * dashfolders: create folder page * refactor: removed graph height from legend decimal calc * dashfolders: css fix * fixes failing tests * dashfolders: New Dashboard Folder page * fix: move components tests to specs folder * Fix go fmt * kill plugin processes when grafana shuts down * fix: v5 sidemenu & link to shortcuts now works, fixes #10087 * separate plugin impl and proto files * correct comments * add hclog wrapper for grafanas logger in plugins * add go-plugin deps to vendor * initial version of proto files * changelog: breaking regardless what your running * changelog: better styling * removes last pieces of dashboard.json * refactor: sidemenu toggle & hiding logic * changelog: note about closing #5269 and #9654 * dashboards as cfg: update docs to use /provisioning * dashboards as cfg: move dash/ds config files to /provisioning/* * dashboards as cfg: copy dash/ds files if missing * dashboards as cfg: include cfg files in dist packages * dashboards as cfg: avoid walking fs in parallel * dashboards as cfg: type * dashboards as cfg: disable loading dashboards from disk by default * dashboards as cfg: wire up dashboard repo * dashboards as cfg: use gocache for caching * dashboards as cfg: expose dashboard service as interface * dashboards as cfg: move saving logic for dashboards into its own service * dashboards as cfg: revert minor changes * dashboards as cfg: move dashboard saving into its own service * dashboards as cfg: minor tweaks * dashboards as cfg: make dashboard none editable by default * dashboards as cfg: more tests * dashboards as cfg: code cleanup * dashboards as cfg: read first cfg version * removed row to center footer (#10115) * ux: minor cleanup * mysql: pass timerange for template variable queries (#10071) * dashboard: fix edge case with keyboard nav in dashboard search. #10100 * Solves problem with Github authentication restriction by organization membership when the organization's access policy is set to 'Access restricted'. 'Access restricted' policy should not stop user to authenticate. * graph: fix legend height calculation * postgres: pass timerange for template variable queries (#10069) * graph: move auto decimals calc to ticks.ts and use it for legend values format. * Resolves grafana/grafana:#9309 * dashboard: fix linting and formating - #10100 * dashboard: keyboard nav in dashboard search - closes #10100 * graph: refactor (don't render twice) * handle native postgres datetime types in annotation queries (#9986) * treat any text column in timeseries query as metric name unless column (#9985) * Fixing tabs for Grafana 5 - #10082 (#10103) * other panels now hidden, fixes 10088 (#10102) * fixed 404 for grafana5 + now responsive (#10101) * dashboard: fix search results tests #10083 * dashboard: Show CTA for empty lists/folders #10083 * dashboard: Dashboard folder page wip #10083 * prom: enable min interval per panel * Fix merge issue on multi-query table transforms * graph: fix karma tests * graph: render legend before graph * added tooltip, fixes #10092 (#10097) * graph: refactor * graph: convert legend.js to typescript * fixing a few fromattings * adding mssql docs * docs: link from cfg page to provisioning * reduce app icon by 3px on home dashboard - wasn't lining up properly with starred/recently viewed dasboard list properly * ux: minor style tweaks to cards and sidemenu icons for white theme * ux: tweaked light theme and made page container more fluid * dashboard: dashboard search results component. closes #10080 * docs: added utm_source for link from ds list page to docs page * updating the query editor's syntax highlighting mode to sqlserver * fixed grey colors in light-theme, added new variables, played a bit with blue * v5: removed permissions from dashboard cog dropdown, closes #10068 * nav: updated nav item id for manage dashboards * refactoring PR #10068 * dashboard: migrations for repeat rows (#10070) * Backwards-compat for multi-query table transform * graph: make legend scrollable * removes unused properties * Making the multi-query table transform the default table transform * ux: updated padding * ux: Add CTA for empty lists * move import menu item to the original place * move DashboardImportCtrl tests to jest * Move import dashboard from modal to the page * refactor: minor refactoring of #10027 * new grays for light theme * sidemenu: responsive sidemenu view for smallest breakpoint * add _tests for mssql data source * ux: tabs update * Tests for multi-query table transform * ux: updated modal header design * ux: progress on time picker dropdown version * fix templating undefined error (#10004) * tweaks to add panel panels * ux: updated dashboard nav * MSSQL Data Source * add server only build target 'build-srv' * ux: dashboard setings progres * add Cloud Alchemy Ansible role * started on dashboard settings refactor * ux: add new panel and dash nav improvements * Added basic table transformer test * typo :boom: * influxdb: pass tags to alerting from influxdb client * ux: dashboard nav update * ux: new dashnav design * ignore /conf/**/custom.yaml files * repeat row: refactor * Fix dashboard menu overlapping (#10044) * Add multiquery_table table transform * typo :boom: * move systemd ready notification to server.go * changelog: adds note about closing #10024 * page header now on 99% of pages * navigation: more progress on new page header * ux: new page-header design, most pages beside admin done * fixed sass warnings * ux: made plugins page work * Use systemd notification where applicable * progress on page header * tweaked color on heatmap. still not there, but more vibrant * ux: new page header progress * added bundled dashboards * ux: progress on new page header * dashboard: when changing route, scroll to top * grafana-10039: fix query time range ends in the past * ux: work on page header * Revert 'prometheus nested query support' * ux: updating header design for pages * fix: when navigating, scroll to top * repeat row: add more tests * ux: new page header design * tweak background size * new test svg background, minor form tweaks * ux: search filter box * ux: changed body default font size to 13px * test: fix failing postgres test * Added border radius and tightened up the folder boxes. Still needs to have the bottom margin expanded to 8px when in opened state (this needs @torkelo) * test: speedup mysql and postgres integration tests by 10-20x * repeat row: expose scopedVars to row panels * ux: search design update * repeat row: handle collapsed rows * notifier: Fixes path for uploaded image for Slack notifier * formatting in build file * dashboard: initial repeat row implementation * prometheus nested query support * fix render http[get] params error * test: close file before deleting * Restore Page Footer after migration to new scrollbar #9652 * export view json now templatized, fixes #10001 * dashfolders: Add a helper for creating a dashboard folder * dashfolders: revert automatic creation of folders for plugins * styling changes for light theme * grid: use single column layout for mobile devices (#9999) * fix panel solo mode (#10002) * dashlist: handle recent dashboards removed from backend * dashfolders: don't create app folder on dashboard import if already exists * dashfolders: create app folder on dashboard import * datasource: fix merge conflict - restore dashboards tab * search fix and update buttons on dashboard list page * fix: removed table background * build: fixed lint issue * fixed link i specs-file * Improve dashboard grid layout migration WIP (#9943) * test fix * updated libs and fixed new typescript errors * dashlist: Support for clear all filters * migrated viewstatesrv to ts * added yarn.lock file back * ux: table design work * panel: open panel menu by click on header * ux: search progress * worked on search * migrated four files from js to ts * migrated four files to ts, addd some code to config to make it work (#9980) * Update NOTICE.md * Update LICENSE.md * ux breadcrumb work * ux: sass fixes and polish * dashlist: Support for check/uncheck all * Migrate gfunc to ts (#9973) * migrated admin files to ts (#9975) * migration of org files from js to ts (#9974) * sass tweaks * dashlist: When searching should reset checked state to false * More js to ts (#9966) * dashlist: change scrollbar to new perfect scroll directive * docs: Improve delete snapshot documentation * ux: fixed sass issue * sass refactoring and updating styles for list item elements * dashlist: style list to be same as dash search * css tweaks and cleanup * removing gemini scrollbar and replacing with perfect scrollbar, muuuch better * dashlist: starred filter search * ux: tweaked panel color and dashboard background is same as page background * removed call to unused function in panel_ctrl * scrollable panels works better with perfect-scrollbar * Update latest.json * Optimized number of lines fetching in log file initialisation * work on scrollable panels * converted 3 .js files to .ts (#9958) * docs: adds docs for pausing all alerts * Removing file that got committed by accident * scrollable panels: fix initial content size (#9960) * Delete LICENSE.txt * dashlist: adds tag filter select (GitHub style) * [GCS] Support for gcs path * dashlist: toggle folders * dashboard: fix test for folderIds * allows head requests for /api/health endpoint * dashlist: fix tag filtering and some css * fix: fixed issue with metric segment introduced in graphite tags query editor PR * progress on scrollable panels work * mysql: add data source support for Azure MySql * fixed unit tests * fix: alert list panel now works correctly after adding manual annotation on dashboard, fixes #9951 * Elasticsearch max_concurrent_shard_requests parameter for es 5.6+ * prom: add prom2 dashboard as bundled dashboard * show top 5 max scrape durations by job, and fix legend format * fix scrape duration, add rule eval iteration stats, and reorg a bit * fix data source var and remove node_exporter dependency * First draft of a Prometheus 2.0 Stats dashboard * prom: initial docker block for prometheus 2 * tweak tabs: * color fix * make grays cooler * dashlist: started fixing js/css after design changes * updated search * more work on search * minor update to dashboard search * converted test-files to jest * improved search srv * converted influx-series to TS, converted test to jest * dashboard search * working on dashboard search * Move the loading flag to PanelCtrl (#9929) * graph: disable zoom in non-timeseries modes (#9914) * changed padding to pixels, fixes #9916 (#9924) * Use correct moments format for Showing last us time instead of value test (#9923) * Don't import JSON dashboards from hidden directories. * new design for login * fix: build & tests * search: add expanded folders * influxdb: another minor refactor of #9474 * refactor: refactoring InfluxDB query builder with policy PR #9473 * refactor: refactoring InfluxDB query builder with policy PR #9473 * docs: added versions_to_keep to config docs, #9671 * refactoring: minor refactor of clean up dashboard history PR #9882 * fix: fix for avatar images when gzip is turned on, fixes #5952 * elasticsearch: default version to 5.x * Adding a user in a specified organisation uses the admin API * panels: add css tweaks for scrollable panels * dashboard history clean up: avoid potential SQL injections * search: refactor search sql into a builder class * changelog: note about closing #9798 * removes invalid comment * api: fix so that datasources functions returns Response * changelog: note about closing #1789 * fix: Use Response as return type * fix: return id from api when creating new annotation/graphite annotation, fixes #9798 * datasources as cfg: adds docs for all jsondata and secure_json fields * graphite: minor changes * text panel: make scrollable * panels: general property which makes panel scrollable * datasources as cfg: convert yaml map into json for jsonData * fix: fix cloudwatch metricFindQuery error that stopped it working completely, fixes #9876 * dashlist: css adjustments for scrollbar * dashlist: fix resizing after mode switching * dashlist: add scrollbar * dashlist: fix panel resizing * docs: update metrics api path * changelog: adds note about closing #1871 * fixes: #1871 Dropdown starred (#9490) * dont loose subsecond precision when dealing with timestamp or (#9851) * graphite: progress on new query editor * datasource as cfg: fixes typos * docs: format cfg mgt tools as table * docs: adds more info about provisioning * datasource as cfg: update docs to include globbig * datasource as cfg: show deletes first in example * datasource as cfg: support globbing * datasource as cfg: enable editable ds's * datasource as cfg: add org_id to example config * tweak docs * datasource as cfg: adds readonly datasources * datasource as cfg: refactor to use bus * datasource as cfg: test for reading all properties * datasource as cfg: adds provisioning docs * datasource as cfg: rename feature to provisioning * datasource as cfg: improve name for this feature * datasource as cfg: refactor tests to use yaml files * datasource as cfg: ignore datasource all ready exist for inserts * datasource as cfg: add support for securedata field * datasource as cfg: setting for purging datasources not in cfg * datasources as cfg: tests for insert/updating datasources * datasource as cfg: basic implementation * More energy units (#9743) * Add feet to the length menu (#9889) * middleware: recovery handles panics in all handlers * sql: small fix to error handling * graphite: progress on new query editor * changelog: make prom fixes more explicit * dashboard history clean up: add tests * tech: ignore debug.test file created by VS Code * dashboard history: refactor after review * changelog: adds note about closing #9777 * prom: add support for default step param (#9866) * properly escape components of connection string (#9850) * refactor: changed string slicing to strings.TrimPrefix, #9862 * dashboard history: clean up dashboard version history * build: fixed jshint error * sync documentation, add remark about to_timestamp and redshift (#9841) * fix: Html escaping caused issue in InfluxDB query editor, could not pick greater than or less then operators, fixes #9871 * changelog: adds note about closing #8523 * teams: removes print statement * Add Microsoft Teams notifier * docs: update building from source doc with node-gyp * heatmap: fix tooltip in 'Time series bucket' mode, #9332 (#9867) * fix: Table panel now renders annotations correctly. Fixes #9842 (#9868) * build: fixes build and jest tests on Windows * fix cloudwatch ec2_instance_attribute (#9718) * graph: the stack & legend sort sync was not working correctly, the z-index sorting that happened in after the legend sort order was applied and messed with the order even though the sort function returned zero for all entries, combined the sort function to one sort function, fixes #9789 (#9797) * not ok option to alert list, fixes: #9754 * changelog: note about closing #9661 * return empty array for no datapoints * fix query inspector for cloudwatch * Add AWS/NetworkELB to cloudwatch definitions * changelog: note about closing #9784 * test: adds tests for password encodiing * use SHOW RETENTIONS to test influxdb connection (#9824) * Use hex.EncodeToString to encode to hex * Added missing documentation for auth.proxy (#9796) * fix date test (#9811) * docker: expose statsd endpoint for graphite block * update lib/pq (#9788) * Update the config key to database_log_queries so it is more descriptive, as suggested in #9785. * graph: don't change original series name in histogram mode, #8886 (#9782) * MySQL Performance when using GF_DATABASE_URL Set MaxIdleConn and MaxOpenConn when using the GF_DATABASE_URL configuration. Also added GF_DATABASE_DEBUG flag to print SQL statements and SQL execution times. See #9784 for the details. * Update postgres.md * colorpicker: fix color string change #9769 (#9780) * refactor: alert list panel fixes and no alerts message, rewrite of PR #9721 * feat: refactoring hide time picker PR #9756 * search: began writing test for new search * changed class name for no-alerts * chore(docs): update the search Query Example * ux: search progress * dashfolders: fix for dashlist nav * reduce docker-compose header version * ux: progress on new search * ux: minor changes * ignore docker-compose.yaml * docs: update latest release to 4.6.1 * packages: update published package version * option to hide Time picker, fixes #2013 * fix: panel view now wraps, no scrolling required, fixes #9746 * changelog: set release date for 4.6.1 * changelog: adds note about closing #9707 * fix default alias * add period alias * plugins: fix for loading external plugins behind auth proxy, fixes #9509 * testdata: added manual entry mode to test data * new design for no alerts in alert-list, fixes #9721 * fix: fixed compiler error from #9676 * converted ng_model_on_blur.js to ts, deletedkeyboard_manager.js (#9676) * docs: update testdata enable explanantion * MAINTAINER is deprecated, now using LABEL * Update ROADMAP.md * Adding energy, area, and acceleration units (#9336) * tests: migrated tests for link_srv to jest, #9666 * Transitioning fig to docker-compose v3 * tests: migrated tests for link_srv to jest, #9666 * fix for dashboard tag link bug, fixes #9737 (#9739) * github: dont require bug/fr in title * changelog: adds note about closing #9713 * converted confirm_click.js to .ts (#9674) * Update codecov.yml * change default sslmode for postgres to verify-full (#9736) * fix: color picker bug at series overrides page, #9715 (#9738) * Update ROADMAP.md * tech: switch to golang 1.9.2 * always quote template variables for mysql when multi-value is allowed (#9712) * always quote template variables for postgres when multi-value or include (#9714) * fix: dashboard links dropdown toggle did not update view, fixes #9732 * docs: adds prom grafana dashboard * graphite: tag is required for values autocomplete * dashfolders: bulk edit tag filtering * Correct help message of api_dataproxy_request_all_milliseconds * changelog: adds note about closing #9645 * changelog: adds note about closing #9698 * ace editor for text panel * dashboards: bulk edit delete * tech: add missing include * dashboards: fix link to bulk edit * sql: remove title from annotation help * changelog: adds note about closing #9681 * fix: undefined is not an object evaluating this., #9538 * [Bug Fix] Opentsdb Alias issue (#9613) * fix: graphite annotation tooltip included undefined, fixes #9707 * Alertlist: Inform when no alerts in current time range * save as should only delete threshold for panels with alerts * graphite: tags and values autocomplete based on @DanCech PR to graphite-web * changelog: note for #9596 * add __timeGroup macro for mysql (#9596) * updated icons * docs: fix link * ux: testing 3px panel border radius * more link fixes * fixed link issues * renamed file * converted inspect_ctrl.js to ts (#9673) * converted dashboard_loaders.js to .ts (#9672) * declared any to info in declaration * converted analytics.js to ts, minor code formatting fix to timer.ts (#9663) * docs: updated download links * docs: update alerting with new data sources * changelog: spelling * plugins: added backward compatible path for rxjs * ux: updated singlestat default colors * prometheus: fixed unsaved changes warning when changing time range due to step option on query model was changed in datasource.query code, fixes #9675 * docs: updated changelog * fix: firefox can now create region annotations, fixes #9638 * changelog: adds note about closing #9639 * set release date for 4.6.0 * grid: work in progress on row repeats * dashfolders: rough draft of bulk edit * converted linkSrv.js to linkSrv.ts * docs: update docker installation docs * grid: minor changes * converted outline.js to outline.ts (#9658) * converted timer.js to timer.ts (#9656) * datasource as cfg: typo * Create codecov.yml * datasource as cfg: explain why cmd.version can be higher * #edit_grafana_organisation_apis_doc (#9651) * add a phantomjs execution status to log if errors happens, e.g. OOM killer kills it (#9644) * grid: worked on row options modal and row removal * dashboard: fix home dashboard getting started panel * Fix typo in template help tab * replace store.js with store.ts, test for store.ts (#9646) * tests: added test for DashboardRow * docs: update first page with data source guides * docs: document annotations for postgres/mysql * docs: update for template variables * changelog: spelling * Allow for multiple auto interval template variables (#9216) * changelog: adds note about closing #9645 * tech: remove rabbitmq event publisher * changelog: note for #9030 * dont quote variables for mysql and postgres datasource (#9611) * asscoiate comment with name * Update development.md * ux: row collapse / expand starting to work * changelog: adds note about closing #9640 * alerting: only editors can pause rules * prom: adds pre built grafana dashboard * changelog: adds note about closing #9636 * fix: another fix for playlist view state, #9639 * ux: updated icons * shore: migrating config/settings.js to typescript * fix: fixed playlist controls and view state, fixes #9639 * Fixed #9636 * shore: removed unused old system conf file * Use d3 from node_modules (#9625) * update log15 (#9622) * docs: update whats-new-in * changelog: small text change * changelog: v4.6.0-beta3 released * tech: annotations refactor, add tests for regions processing (#9618) * Move #9527 to 4.6.0-beta3 * build: disable jest on precommit hook -windows fix * build: fix all npm run commands for Windows * plugins: fixes path issue on Windows * build: tryingt of fix windows build issue * tests: removes commented tests * graph: invert order when sorting by legend * fix: escape series name in graph legend, added aliasEscaped to time series model to reuse escape, fixes #9615 * build: fixed gofmt issue and addd mock response feature * prometheus: enable gzip for /metrics endpoint * build: split circle test shell scripts * datasources: change to optimisic concurrency * build: reduced webpack log output and remove race flag from go tests * build: set max workers to 2 for jest * build: log heap usage * build: another build fix * tests: migrated two more tests to jest * build: fixed build failure * build: reworking pre commit hook * build: added precommit * fix: fixed tslint validation error * test: added first react snapshot test * docs: another docs fix * docs: fix docs redirect for older datasources index page, fixes #9609 * [Tech]: Start migrating to Jest for tests (#9610) * Fix typo in init.d script * graphite: auto detect version * graphite: improved version comparison * graphite: split tags and functions into 2 rows when seriesByTag used * graphite: add tags to dropdown and switch to tag editor if selected * plugins: expose dashboard impression store * ux: minor ux tweaks * Sort series in the same order as legend in graph panel (#9563) * fix: fixed save to file button in export modal, fixes #9586 * mysql: add usage stats for mysql * run go fmt * Add a setting to allow DB queries * note for #9527 * modify $__timeGroup macro so it can be used in select clause (#9527) * Fix heatmap Y axis rendering (#9580) * prometheus: add builtin template variable as range vectors * Note for #5457 * fix: fixed prometheus step issue that caused browser crash, fixes #9575 * changelog: adds note about closing #9551 * fix: getting started panel and mark adding data source as done, fixes #9568 * pluginloader: esModule true for systemjs config * Fixes for annotations API (#9577) * ux: new fixes * Grafana5 light (#9559) * When Messasge field is set for an alert, map it to the output field in a Sensu check result. If Message is empty, send 'Grafana Metric Condition Met' * ux: work on rows * fix vector range * allow ':' character for metric name * build: added imports of rxjs utility functions * grid: row work * fix template variable expanding * annotations: quote reserved fields (#9550) * fix: fixed color pickers that were broken in minified builds, fixes #9549 * ux: align alert and btn colors * docs: doc updates * remove duplicative prometheus function * remove label match operator from keyword.operator * remove label match operator from keyword.operator * remove extra state push * fix typo * newgrid: row progress * styleguide: fix link in index * api: fix for dashboard version history * textpanel: fixes #9491 * graphite: datasource refactor * csv: fix import for saveAs shim * grid: minor progress on new row concept * ux: add panel progress * alert_tab: clear test result when testing rules * ux: worked on add panel function * plugins: expose more util and flot dependencies * (cloudwatch) fix cloudwatch query error over 24h (#9536) * Add autofocus tag for username field on login.html (#9526) * show error message when cloudwatch datasource can't add * ux: minor button changes * CloudWatch: Add ALB RequestCountPerTarget metric * ux: color tweaks * ux: testing out new icons * set nightly version to v4.7.0-pre1 * changelog: adds release date for v4.6.0-beta1 * ux: minor fixes * grid: fixed grid width issues * grid: repeat refactoring and unit tests * Missing dot in aws credentials path * newgrid: added constants, changed grid to 24 cols, added tests for panel repeats * docs: doc updates * grid: minor progress on panel repeats * changed name back to use underscore instead of camelcase, need to think more about this * fixed dashboard sorting * newgrid: worked panel duplicate * fix: various fixes for new grid * dashgrid: fix or skip tests for repeat rows * dashboardgrid: disable dynamic_dashboard_srv for now * ux: style tweaks * newgrid: various fixes * If retention policy is set for influxDB, preprend that to the measurement name for exploration queries. * newgrid: fixed migration code to new grid * docker: updated our graphite docker container * grid: edit/view now works * dashboard: fixes for panels without rows * webpack: changed devtools setting to stop exceptions * fix: ignore upgrading dashboard grid when there are no rows * grid: fixed migration for rows without height * ux: minor fix sidemenu * newgrid: progress on fullscreen/edit view modes * search: fix search to limit dashboards better * grid: fixed geting started panel pos * grid: progress on react grid * grid: progress on new grid, resize & saving layouts works * grid: minor progress * tech: got angular component to load inside react grid * grid: need to find a way to add angular component inside react * ux: initial react grid poc * graphite-tags: refactor, improve performance - remove unnecessary parseTarget() calls * graphite-tags: add tests * graphite-tags: refactor, use <gf-form-dropdown> instead of <metric-segment> * graphite-tags: initial tag editor * Update kbn.js * Update kbn.js * fixes * Use B/s instead Bps for Bytes per second * fix merge issue * develop: fixed more broken tests, couple still failing * ux: alternative row design * newgrid: fixes to default home dashboard * ux: minor fixes * ux: new grid progress * grid: minor progres on new grid * grid: minor progres on new grid * ux: minor button changes * ux: minor updates * ux: changed cta button style * minor fix * ux: added scroll to two pages * minor fix for page-h1 * grid work * progress on rows as panelsW * fixed unit tests * minor user avatar stuff * started on rows as panels in single grid * minor user list cahnge * users view update * ux: color tweaks * Moved around the columns a bit * ux: dashboard stuff * ux: minor changes * ux: sidemenu animation duration * ux: fixed sidenav issues * ux: sidemenu toggling * ux: sidenav fixes and dashboard search changes * ux: switching orgs now works through modal * ux: making org visibile in profile view * ux: more nav work * ux: nav fixes & polish * ux: more nav work * ux: more nav work * ux: navigation work * ux: sidenav fixes and dashboard search changes * ux: more work on sidemenu * Silly gradient added a placeholder. no more experimentation to be done here until Trent has a pass at it * ux: scrollbar stuff * Added drop shadown for sticky scrolling, moved colors into dark and light variables * Reduced size of breadcrumbs, additional form styling. Colors still need to be adjusted * Starting to play with new form styles * ux: minor scroll fix * ux: removed custom scrollbar look * ux: reduced size of sidemenu icons a bit * ux: testing fixed sidemenu and breadcrumbs * ux: minor navbar update * ux: new breadcrumb progress * ux: wip * ux: new page header look wip * ux: testing roboto font * ux: use flexbox for sidenav, put logo in sidenav * moving panels betwen rows are starting to work * grid: progress on row support * grid: new grid fixes * new-grid: fixed destory issues * grid: remove panel works * grid: updated gridstack to use grafana fork * feat: new grid fixes * minor fixes * updated * feat: new grid system progressW * ux: minor panel menu fix * ux: minor panel menu tweaks * ux: tweaks to new panel menu * updated * dashfolders: inherited permissions for dashboards * dashfolders: handle permission changes when saving/moving dashboards * added code from #8504, and #8021 * dashboard folder search fix * dashfolders: fix user group picker + cleanup * dashfolders: rename refactor * dashfolders: validation for duplicates in acl modal * minor update * ux: style tweaks, trying out non italic headers * ux: nav changes * added sidemeu stuff * dashfolders: use canadmin permission in settings menu * dashfolders: tests for permission modal * dashboard acl fixes * acl fixes * dashfolders: new admin permission needed to view/change acl * acl: more acl work * dashfolders: filter search based on child dash permissions * dashfolders: allows phantomjs rendering for alerting * dashfolders: allow overflow-y for modals * dashfolders: security for png rendering * dashboard acl stuff * dashboard acl work * dashboard acl * working on dashbord acl stuff * WIP: first draft of permissionlist panel * dashboard acl * dashboard acl work * WIP: fix js tests for acl * WIP: fix folder-picker for dashlist * dashboard acl work * refactoring: dashboard folders * dashboard acl modal * WIP: adding roles - not finished * refactoring: moving dashboards acl migrations to its own folder * WIP: fix acl route * refactoring: renaming * folders: changed api urls for dashboard acls * refactoring more renaming * refactoring renaming dashboard folder operations * dashboard_folders refactoring * refactoring dashboard folder security checks * dashboard guardian refactoring starting to work * dashboard folders acl work * refactoring dashoard folder guardian * WIP: refactor user group modal * refactoring: Dashboard guardian * WIP: remove unused test file * WIP: refactor dash search and remove extra query * WIP: move guardian logic for search into the sql query * WIP: remove dashboard children on delete * dashboard_folders: refactoring picker and folder selection in dashboard settings & save as menu * WIP: adds API check to stop folders being included in folders * use gf-form-dropdown in user picker * WIP: add test for add user group permission * WIP: can edit dashboard permission * WIP: clean up after user and org user delete * WIP: remove permissions when deleting global user * dashboard_folders: updated * WIP: delete dependent permissions on user group delete * dashboard_folders: fixes to user picker & group picker * dashboard_folders: fixes to user & group picker * minor update * WIP: permission checking for dash version api methods * ux: gridstack poc * Gridstack: testing * WIP: check permissions for delete/post dashboard * WIP: fixes after version history merge * ux: nav experiments * WIP: add permission check for GetDashboard * ux: side nav experiments * WIP: fix test after merge conflict * WIP: fix go fmt error * WIP: user + user-group pickers for permissions * WIP: API - add dash permission * WIP: user-picker directive * WIP: Permission Type as string in permission query * WIP: fixes after navbar changes * WIP: dashlist in template for new folder * WIP: refactor folder-picker for dashlist * WIP: dashboard search by folder + toggle for list or tree mode * WIP: adds folder-picker to save as dialog * WIP: use metric-segment for folder picker * WIP: add dummy root folder to folder picker * WIP: Create new dashboard button in dash search * WIP: permissions moved to settings tab. Adds folder dropdown to general settings tab * WIP: add parentid to getdashboard query result * WIP: dashboard search by type (folder or dash) * WIP: fix after upstream sqlstore refactoring * WIP: rollback * WIP: delete permission in API * WIP: user group additions * WIP: remove browse mode for dashboard search * WIP: get Dashboard Permissions * WIP: add open/closed folders icons for dash search * WIP: Can remove dashboard permission - sql * WIP: limit GetAllowedDashboards sql query with a where in * WIP: Add or update Dashboard ACL * WIP: guardian service for search * dashboard: sort search with dash folder first * WIP: add some TS types * WIP: edit user group page * WIP: API methods for add/remove members to user group * WIP: add update user group command * WIP: add new group, needs to be redone * WIP: add user group search * WIP: add usergroup commands and queries * WIP: rough prototype of dashboard folders * ux: very early start to new sidemenu * ux: very early start to new sidemenu * ux: minor tweak to faintness of icons of panel menu caret * ux: minor progress on panel title menu makover * use the original options parameter * use targets[0] as the options * pass the options along with a _seriesQuery * pass database parameter in the options * allow setting the database * ux: more work on panel menu * ux: panel title ux improvements poc * Sending image * Discord integration Changes in grafana-natel-discrete-panel: - Add recompress source service - Add set_version source service - Enable changesgenerate for tar_scm source service - Update to version 0.0.9: * split commands * put back the history Changes in openstack-aodh: - Add %_tmpfilesdir to %files Changes in openstack-barbican: - Add %_tmpfilesdir to %files Changes in openstack-cinder: - Add %_tmpfilesdir to %files Changes in openstack-gnocchi: - Add %_tmpfilesdir to %files Changes in openstack-heat: - Add %_tmpfilesdir to %files Changes in openstack-ironic: - Add %_tmpfilesdir to %files Changes in openstack-magnum: - Add %_tmpfilesdir to %files Changes in openstack-manila: - Add %_tmpfilesdir to %files Changes in openstack-monasca-agent: - Add dependency: * fdupes * pwdutils and shadow-utils for useradd/groupadd - remove rpm-packaging integration - Add %_tmpfilesdir to %files Changes in openstack-murano: - Add %_tmpfilesdir to %files Changes in openstack-neutron: - Add %_tmpfilesdir to %files Changes in openstack-neutron-vpnaas: - Add %_tmpfilesdir to %files Changes in openstack-nova: - Add 0014-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch - (bsc#1175484, CVE-2020-17376) - Add 0001-rbd_utils-increase-_destroy_volume-timeout.patch (bsc#1154434) - Fix for https://bugs.launchpad.net/nova/+bug/1856845 Changes in openstack-sahara: - Add %_tmpfilesdir to %files Changes in python-google-api-python-client: - Add pr-201.patch . This enables also older oauth2client versions. - update to 1.5.0: - Release to support oauth2client >= 2.0.0. - Fix file stream recognition in Python 3 (#141) - Fix non-resumable binary uploads in Python 3 (#147) - Default to 'octet-stream' if mimetype detection fails (#157) - Handle SSL errors with retries (#160) - Fix incompatibility with oauth2client v2.0.0 (#182) - Add automatic caching for the discovery docs. - Add the googleapiclient.discovery.Resource.new_batch_http_request method. - Python 3 support. - Small bugfix release. - Fix an infinite loop for downloading small files. - Fix a unicode error in error encoding. - Better handling of `content-length` in media requests. - Add support for methodPath entries containing colon. - Quick release for a fix around aliasing in v1.3. - Add support for the Google Application Default Credentials. - Require python 2.6 as a minimum version. - Update several API samples. - Finish splitting out oauth2client repo and update tests. - Various doc cleanup and bugfixes. - We've added `googleapiclient` as the primary suggested import name, and kept `apiclient` as an alias, in order to have a more appropriate import name. At some point, we will remove `apiclient` as an alias. - Due to an issue around in-place upgrades for Python packages, it's not possible to do an upgrade from version 1.2 to 1.3. Instead, setup.py attempts to detect this and prevents it. Simply remove the previous version and reinstall to fix this. - The use of the gflags library is now deprecated, and is no longer a dependency. If you are still using the oauth2client.tools.run() function then include gflags as a dependency of your application or switch to oauth2client.tools.run_flow. - Samples have been updated to use the new apiclient.sample_tools, and no longer use gflags. - Added support for the experimental Object Change Notification, as found in the Cloud Storage API. - The oauth2client App Engine decorators are now threadsafe. - Use the following redirects feature of httplib2 where it returns the ultimate URL after a series of redirects to avoid multiple hops for every resumable media upload request. - Updated AdSense Management API samples to V1.3 - Add option to automatically retry requests. - Ability to list registered keys in multistore_file. - User-agent must contain (gzip). - The 'method' parameter for httplib2 is not positional. This would cause spurious warnings in the logging. - Making OAuth2Decorator more extensible. Fixes Issue 256. - Update AdExchange Buyer API examples to version v1.2. - Add PEM support to SignedJWTAssertionCredentials (used to only support PKCS12 formatted keys). Note that if you use PEM formatted keys you can use PyCrypto 2.6 or later instead of OpenSSL. - Allow deserialized discovery docs to be passed to build_from_document(). - Make ResumableUploadError derive from HttpError. - Many changes to move all the closures in apiclient.discovery into real classes and objects. - Make from_json behavior inheritable. - Expose the full token response in OAuth2Client and OAuth2Decorator. - Handle reasons that are None. - Added support for NDB based storing of oauth2client objects. - Update grant_type for AssertionCredentials. - Adding a .revoke() to Credentials. Closes issue 98. - Modify oauth2client.multistore_file to store and retrieve credentials using an arbitrary key. - Don't accept 403 challenges by default for auth challenges. - Set httplib2.RETRIES to 1. - Consolidate handling of scopes. - Upgrade to httplib2 version 0.8. - Allow setting the response_type in OAuth2WebServerFlow. - Ensure that dataWrapper feature is checked before using the 'data' value. - HMAC verification does not use a constant time algorithm. - Fix description - Update BuildRequires and Requires - Use Source from pypi Changes in python-Pillow: - Add 0019-FLI-overflow-error-fix-and-testcase.patch * From upstream, backported * Fixes CVE-2016-0775, bsc#965582 - Add 0020-Fix-OOB-reads-in-FLI-decoding.patch * From upstream, backported * Fixes CVE-2020-10177, bsc#1173413 - Add 0021-Fix-bounds-overflow-in-JPEG-2000-decoding.patch * From upstream, backported * Fixes CVE-2020-10994, bsc#1173418 - Add 0022-Fix-bounds-overflow-in-PCX-decoding.patch * From upstream, backported * Fixes CVE-2020-10378, bsc#1173416 Changes in rubygem-crowbar-client: - Update to 3.9.3 - Enable restricted commands for Cloud 7 (bsc#1117080, CVE-2018-17954) Critical SUSE bug 1117080 SUSE bug 1154434 SUSE bug 1164140 SUSE bug 1171823 SUSE bug 1172450 SUSE bug 1173413 SUSE bug 1173416 SUSE bug 1173418 SUSE bug 1174583 SUSE bug 1175484 SUSE bug 965582 CVE-2016-0775 CVE-2018-17954 CVE-2018-18623 CVE-2018-18624 CVE-2018-18625 CVE-2019-15043 CVE-2020-10177 CVE-2020-10378 CVE-2020-10744 CVE-2020-10994 CVE-2020-11110 CVE-2020-12052 CVE-2020-13379 CVE-2020-1733 CVE-2020-17376 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-activesupport-4_2 (Critical) SUSE OpenStack Cloud 7 This update for rubygem-activesupport-4_2 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186) Critical SUSE bug 1172186 CVE-2020-8165 cpe:/o:suse:suse-openstack-cloud:7 Security update for freetype2 (Important) SUSE OpenStack Cloud 7 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:suse:suse-openstack-cloud:7 Security update for glibc (Moderate) SUSE OpenStack Cloud 7 This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero (bsc#1165784) - Use posix_spawn on popen (bsc#1149332, bsc#1176013) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085) - Fixed concurrent changes on nscd aware files (bsc#1171878) Moderate SUSE bug 1149332 SUSE bug 1165784 SUSE bug 1171878 SUSE bug 1172085 SUSE bug 1176013 CVE-2020-10029 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:suse-openstack-cloud:7 Security update for samba (Important) SUSE OpenStack Cloud 7 This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 CVE-2020-14318 CVE-2020-14323 cpe:/o:suse:suse-openstack-cloud:7 Security update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client (Critical) SUSE OpenStack Cloud 7 This update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client contains the following fixes: Security fixes for rubygem-crowbar-client: - CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin passwords to all nodes (bsc#1117080) Changes in crowbar-core: - Update to version 4.0+git.1578392992.fabfd186c: * Avoid nil crash when provisioner attributes are not set (bsc#1160048) - Update to version 4.0+git.1578294389.acc7385d5: * Adding CVE-2019-16770 to the ignore list, regarding SOC-10999. Changes in crowbar-openstack: - Update to version 4.0+git.1579171175.d53ab6363: * tempest: tempest run filters as templates (SOC-11052) * Add tempest filters based on services (SOC-9801) Changes in openstack-neutron-fwaas: - Remove the patch that was deleting the tempest entry point and enable tempest tests. Critical SUSE bug 1117080 SUSE bug 1160048 CVE-2018-17954 CVE-2019-16770 cpe:/o:suse:suse-openstack-cloud:7 Security update for sane-backends (Important) SUSE OpenStack Cloud 7 This update for sane-backends fixes the following issues: - sane-backends version upgrade to 1.0.31: * sane-backends version upgrade to 1.0.30 fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 (bsc#1172524) * sane-backends version upgrade to 1.0.31 to further improve hardware enablement for scanner devices (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) * The new escl backend cannot be provided for SLE12 because it requires more additional software (avahi-client, libcurl, and libpoppler-glib-devel) where in particular for libcurl the one that is in SLE12 (via libcurl-devel-7.37.0) is likely too old because with that building the escl backend fails with 'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH' undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH' Important SUSE bug 1172524 CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:suse:suse-openstack-cloud:7 Security update for ovmf (Moderate) SUSE OpenStack Cloud 7 This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc() (bsc#1163927). Moderate SUSE bug 1163927 SUSE bug 1175476 CVE-2019-14559 CVE-2019-14562 cpe:/o:suse:suse-openstack-cloud:7 Security update for libvirt (Important) SUSE OpenStack Cloud 7 This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). Important SUSE bug 1174955 SUSE bug 1177155 CVE-2020-15708 CVE-2020-25637 cpe:/o:suse:suse-openstack-cloud:7 Security update for apache-commons-httpclient (Important) SUSE OpenStack Cloud 7 This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:suse:suse-openstack-cloud:7 Security update for libqt5-qtbase (Important) SUSE OpenStack Cloud 7 This update for libqt5-qtbase fixes the following issue: Security issue fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Other issue addressed: - Fixed an issue with rendering animated gifs (QTBUG-55141). Important SUSE bug 1118597 SUSE bug 1130246 SUSE bug 1161167 CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Important SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:suse-openstack-cloud:7 Security update for gcc10 (Moderate) SUSE OpenStack Cloud 7 This update for gcc10 fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Moderate) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 prerelease - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:suse-openstack-cloud:7 Security update for systemd (Important) SUSE OpenStack Cloud 7 This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Important SUSE bug 1106383 SUSE bug 1133495 SUSE bug 1139459 SUSE bug 1151377 SUSE bug 1151506 SUSE bug 1154043 SUSE bug 1155574 SUSE bug 1156482 SUSE bug 1159814 SUSE bug 1162108 CVE-2020-1712 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool) Important SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:suse-openstack-cloud:7 Security update for openldap2 (Important) SUSE OpenStack Cloud 7 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888). - CVE-2019-19581: find_next_bit() issues (bsc#1158003). - CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004). - CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005). - CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006). - CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007). - CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448). - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456). - CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458). - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461). - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945). - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497). Important SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 SUSE bug 1157888 SUSE bug 1158003 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 SUSE bug 1161181 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19583 CVE-2020-7211 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate) SUSE OpenStack Cloud 7 This update changes the internal packaging for postgresql, and so contains all currently maintained postgresql versions across our SUSE Linux Enterprise 12 products. * postgresql12 is shipped new in version 12.3 (bsc#1171924). The server and client packages only on SUSE Linux Enterprise Server 12 SP5, the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/12/release-12-3.html * postgresql10 is updated to 10.13 (bsc#1171924). On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/10/release-10-13.html * postgresql96 is updated to 9.6.18 (bsc#1171924): + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/9.6/release-9-6-18.html On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only. * postgresql 9.4 is updated to 9.4.26: + https://www.postgresql.org/about/news/2011/ + https://www.postgresql.org/docs/9.4/release-9-4-26.html + https://www.postgresql.org/about/news/1994/ + https://www.postgresql.org/docs/9.4/release-9-4-25.html Moderate SUSE bug 1171924 cpe:/o:suse:suse-openstack-cloud:7 Security update for raptor (Important) SUSE OpenStack Cloud 7 This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). - Update raptor to version 2.0.15 * Made several fixes to Turtle / N-Triples family of parsers and serializers * Added utility functions for re-entrant sorting of objects and sequences. * Made other fixes and improvements including fixing reported issues: 0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:suse:suse-openstack-cloud:7 Security update for kernel-firmware (Important) SUSE OpenStack Cloud 7 This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:suse:suse-openstack-cloud:7 Security update for libzypp, zypper (Moderate) SUSE OpenStack Cloud 7 This update for libzypp, zypper fixes the following issues: libzypp fixes the following security issue: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). zypper was updated to fix the following issues: - Fixed an issue, where zypper crashed when the system language is set to Spanish and the user tried to patch their system with 'zypper patch --category security' (bsc#1178038) - Fixed a typo in man page (bsc#1169947) Moderate SUSE bug 1158763 SUSE bug 1169947 SUSE bug 1178038 CVE-2019-18900 cpe:/o:suse:suse-openstack-cloud:7 Security update for krb5 (Moderate) SUSE OpenStack Cloud 7 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql10 (Important) SUSE OpenStack Cloud 7 This update for postgresql10 fixes the following issues: Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql96 (Important) SUSE OpenStack Cloud 7 This update for postgresql96 fixes the following issues: Upgrade to version 9.6.20: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/9.6/release-9-6-20.html Changes from 9.6.19: * CVE-2020-14350, bsc#1175194: Make contrib modules installation Important SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2017-18204: Fixed a denial of service in the ocfs2_setattr function of fs/ocfs2/file.c (bnc#1083244). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which could have been used by local attackers to corrupt memory (bsc#1176381). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). The following non-security bugs were fixed: - btrfs: fix race with relocation recovery and fs_root setup (bsc#1131277). - btrfs: flush_space always takes fs_info->fs_root (bsc#1131277). - btrfs: btrfs_init_new_device should use fs_info->dev_root (bsc#1131277, bsc#1176922). - btrfs: btrfs_test_opt and friends should take a btrfs_fs_info (bsc#1131277, bsc#1176922). - btrfs: call functions that always use the same root with fs_info instead (bsc#1131277, bsc#1176922). - btrfs: call functions that overwrite their root parameter with fs_info (bsc#1131277, bsc#1176922). - btrfs: flush_space always takes fs_info->fs_root (bsc#1131277, bsc#1176922). - btrfs: pull node/sector/stripe sizes out of root and into fs_info (bsc#1131277, bsc#1176922). - btrfs: Remove fs_info argument of btrfs_write_and_wait_transaction (bsc#1131277, bsc#1176922). - btrfs: remove root parameter from transaction commit/end routines (bsc#1131277, bsc#1176922). - btrfs: remove root usage from can_overcommit (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, access fs_info->delayed_root directly (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, add fs_info convenience variables (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, btrfs_calc_{trans,trunc}_metadata_size (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, update_block_group{,flags} (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, use fs_info->dev_root everywhere (bsc#1131277, bsc#1176922). - btrfs: split btrfs_wait_marked_extents into normal and tree log functions (bsc#1131277, bsc#1176922). - btrfs: struct btrfsic_state->root should be an fs_info (bsc#1131277, bsc#1176922). - btrfs: take an fs_info directly when the root is not used otherwise (bsc#1131277, bsc#1176922). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1065600 SUSE bug 1083244 SUSE bug 1131277 SUSE bug 1170415 SUSE bug 1175721 SUSE bug 1175749 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176253 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176382 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176725 SUSE bug 1176896 SUSE bug 1176922 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177165 SUSE bug 1177206 SUSE bug 1177226 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177511 SUSE bug 1177513 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1178782 CVE-2017-18204 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-26088 CVE-2020-8694 cpe:/o:suse:suse-openstack-cloud:7 Security update for ucode-intel (Moderate) SUSE OpenStack Cloud 7 This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:suse-openstack-cloud:7 Security update for bluez (Important) SUSE OpenStack Cloud 7 This update for bluez fixes the following issues: - CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751). Important SUSE bug 1166751 CVE-2020-0556 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:suse-openstack-cloud:7 Security update for LibVNCServer (Important) SUSE OpenStack Cloud 7 This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:suse-openstack-cloud:7 Security update for xorg-x11-server (Important) SUSE OpenStack Cloud 7 This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-setuptools (Important) SUSE OpenStack Cloud 7 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3 (Important) SUSE OpenStack Cloud 7 This update for python3 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-pip (Moderate) SUSE OpenStack Cloud 7 This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. Moderate SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:suse-openstack-cloud:7 Security update for gdm (Important) SUSE OpenStack Cloud 7 This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:suse:suse-openstack-cloud:7 Security update for crowbar-openstack, grafana, influxdb, python-urllib3 (Moderate) SUSE OpenStack Cloud 7 This update for crowbar-openstack, grafana, influxdb, python-urllib3 contains the following fixes: Security fixes included in this update: openstack-glance - CVE-2016-8611: Added rate limiting for glance api (bnc#1005886) grafana - CVE-2020-24303: Fixed an XSS via a query alias for the ElasticSearch datasource (#bnc#1178243) influxdb - CVE-2019-20933: Fixed an authentication bypass (bnc#1178988) python-urlib3 - CVE-2019-9740: Fixed a CRLF injection in urllib3 (bnc#1129071). - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bnc#1177120) memcached - CVE-2018-1000115: Fixed a issue where a UDP server allowed spoofed traffic amplification DoS (bnc#1083903). Non-security fixes included in this update: Changes in crowbar-openstack: - Update to version 4.0+git.1604938545.30c10db18: * rabbitmq: Fix crm running check (SOC-11240) Changes in grafana: - Fix bnc#1178243 CVE-2020-24303 by adding 25401-Fix-XSS-vulnerability-with-series-overrides.patch Changes in influxdb: - Add CVE-2019-20933.patch (bnc#1178988, CVE-2019-20933) to fix authentication bypass_ - Declare license files correctly - Version 1.2.4: * The stress tool influx_stress will be removed in a subsequent release. * Remove the override of GOMAXPROCS. * Uncomment section headers from the default configuration file. * Improve write performance significantly. * Prune data in meta store for deleted shards. * Update latest dependencies with Godeps. * Introduce syntax for marking a partial response with chunking. * Use X-Forwarded-For IP address in HTTP logger if present. * Add support for secure transmission via collectd. * Switch logging to use structured logging everywhere. * [CLI feature request] USE retention policy for queries. * Add clear command to cli. * Adding ability to use parameters in queries in the v2 client using the Parameters map in the Query struct. * Allow add items to array config via ENV * Support subquery execution in the query language. * Verbose output for SSL connection errors. * Cache snapshotting performance improvements - Partially revert previous change to fix build for Leap Changes in python-urllib3: - Update urllib3-fix-test-urls.patch. Adjust to match upstream solution. - Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for CVE-2019-9740. - Add urllib3-cve-2020-26137.patch. Don't allow control chars in request method. (bnc#1177120, CVE-2020-26137) Moderate SUSE bug 1005886 SUSE bug 1170479 SUSE bug 1177120 SUSE bug 1178243 SUSE bug 1178988 CVE-2016-8611 CVE-2019-20933 CVE-2019-9740 CVE-2020-24303 CVE-2020-26137 cpe:/o:suse:suse-openstack-cloud:7 Security update for mariadb (Important) SUSE OpenStack Cloud 7 This update for mariadb includes the following fixes: Security fixes included in this update: - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2814: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2760: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-13249: Fixed an improper validation of the content of an OK packet received from a server. - CVE-2020-14812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-14765: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-14776: Fixed an issue which could have resulted in unauthorized ability of accessing data. - CVE-2020-14789: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-15180: Fixed an issue in Galera which could have led to remote code execution. Non Security fixes included in this update: - Update to 10.2.36 GA [bsc#1177472] and [bsc#1178428] * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10236-release-notes https://mariadb.com/kb/en/library/mariadb-10236-changelog https://mariadb.com/kb/en/library/mariadb-10235-release-notes https://mariadb.com/kb/en/library/mariadb-10235-changelog https://mariadb.com/kb/en/library/mariadb-10234-release-notes https://mariadb.com/kb/en/library/mariadb-10234-changelog * fixes for the following security vulnerabilities: 10.2.36: none 10.2.35: CVE-2020-14812, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 10.2.34: CVE-2020-15180 - update suse_skipped_tests.list - Update to 10.2.33 GA [bsc#1175596] * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10233-release-notes https://mariadb.com/kb/en/library/mariadb-10233-changelog * fixes for the following security vulnerabilities: none - refresh mariadb-10.2.4-fortify-and-O.patch - tune the testsuite to avoid randomly failing tests - update suse_skipped_tests.list - Update to 10.2.32 GA [bsc#1171550] * Fixes for the following security vulnerabilities: CVE-2020-2752, CVE-2020-2812, CVE-2020-2814, CVE-2020-2760, CVE-2020-13249 * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10232-release-notes https://mariadb.com/kb/en/library/mariadb-10232-changelog - refresh mariadb-10.2.4-fortify-and-O.patch - drop specfile 'hacks' as things work correctly in upstream now: * renaming tmpfiles.conf -> mariadb.conf * installing pam_user_map.so to /lib64/security for non 32bit architectures * sysusers.conf was renamed to mariadb.conf - update suse_skipped_tests.list Important SUSE bug 1171550 SUSE bug 1175596 SUSE bug 1177472 SUSE bug 1178428 CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 CVE-2020-2752 CVE-2020-2760 CVE-2020-2812 CVE-2020-2814 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-cryptography (Moderate) SUSE OpenStack Cloud 7 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Moderate SUSE bug 1178168 CVE-2020-25659 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql12 (Important) SUSE OpenStack Cloud 7 This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html The previous postgresql12 update already addressed: Update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:suse-openstack-cloud:7 Security update for mutt (Important) SUSE OpenStack Cloud 7 This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 SUSE bug 1179461 CVE-2020-28896 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: - bsc#1178963 - stack corruption from XSA-346 change (XSA-355) - bsc#1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Important) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:suse-openstack-cloud:7 Security update for python (Important) SUSE OpenStack Cloud 7 This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) Important SUSE bug 1161799 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:suse-openstack-cloud:7 Security update for spice-gtk (Important) SUSE OpenStack Cloud 7 This update for spice-gtk fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Fixed a buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:suse-openstack-cloud:7 Security update for spice (Important) SUSE OpenStack Cloud 7 This update for spice fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Fixed a buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Critical) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Moderate) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:suse-openstack-cloud:7 Security update for clamav (Important) SUSE OpenStack Cloud 7 This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): * Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html Important SUSE bug 1118459 SUSE bug 1119353 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2019-12900 CVE-2019-15961 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:suse-openstack-cloud:7 Security update for cyrus-sasl (Important) SUSE OpenStack Cloud 7 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:suse-openstack-cloud:7 Security update for gcc9 (Moderate) SUSE OpenStack Cloud 7 This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) Moderate SUSE bug 1114592 SUSE bug 1135254 SUSE bug 1141897 SUSE bug 1142649 SUSE bug 1142654 SUSE bug 1148517 SUSE bug 1149145 CVE-2019-14250 CVE-2019-15847 cpe:/o:suse:suse-openstack-cloud:7 Security update for sudo (Important) SUSE OpenStack Cloud 7 This update for sudo fixes the following issue: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Important SUSE bug 1162202 CVE-2019-18634 cpe:/o:suse:suse-openstack-cloud:7 Security update for dnsmasq (Moderate) SUSE OpenStack Cloud 7 This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) Other issue addressed: - Removed cache size limit (bsc#1138743). Moderate SUSE bug 1138743 SUSE bug 1154849 CVE-2019-14834 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Non-security issues fixed: * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:suse-openstack-cloud:7 Security update for libexif (Moderate) SUSE OpenStack Cloud 7 This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Moderate) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: - Fixed a crash in BN_copy (bsc#1160163). Moderate SUSE bug 1117951 SUSE bug 1158809 SUSE bug 1160163 CVE-2019-1551 cpe:/o:suse:suse-openstack-cloud:7 Security update for nodejs6 (Important) SUSE OpenStack Cloud 7 This update for nodejs6 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). Important SUSE bug 1163102 SUSE bug 1163103 SUSE bug 1163104 CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 cpe:/o:suse:suse-openstack-cloud:7 Security update for ppp (Important) SUSE OpenStack Cloud 7 This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:suse-openstack-cloud:7 Security update for ovmf (Moderate) SUSE OpenStack Cloud 7 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094291). - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959). - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927). - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969). Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330) Moderate SUSE bug 1077330 SUSE bug 1094291 SUSE bug 1163927 SUSE bug 1163959 SUSE bug 1163969 CVE-2018-0739 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3 (Moderate) SUSE OpenStack Cloud 7 This update for python3 fixes the following issues: Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Moderate SUSE bug 1068664 SUSE bug 1159208 SUSE bug 1159623 CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-9063 CVE-2017-1000158 CVE-2017-9233 cpe:/o:suse:suse-openstack-cloud:7 Security update for mariadb (Moderate) SUSE OpenStack Cloud 7 This update for mariadb fixes the following issues: Security issue fixed: - CVE-2019-2974: Fixed Server Optimizer (bsc#1154162). Moderate SUSE bug 1154162 CVE-2019-2974 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Moderate) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:suse-openstack-cloud:7 Security update for rsyslog (Moderate) SUSE OpenStack Cloud 7 This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Non-security issues fixed: - Handle multiline messages correctly when using the imfile module. (bsc#1015203) - Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to shutdown properly. (bsc#1022804) - Fixed a rsyslogd SIGABORT crash if a path does not exists (bsc#1087920). - Fixed an issue where configuration templates where not consistently flushed (bsc#1084682). Moderate SUSE bug 1015203 SUSE bug 1022804 SUSE bug 1084682 SUSE bug 1087920 SUSE bug 1153451 SUSE bug 1153459 CVE-2019-17041 CVE-2019-17042 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support Important SUSE bug 1160968 SUSE bug 1162972 CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:suse-openstack-cloud:7 Security update for log4j (Important) SUSE OpenStack Cloud 7 This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:suse-openstack-cloud:7 Security update for permissions (Moderate) SUSE OpenStack Cloud 7 This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). Moderate SUSE bug 1123886 SUSE bug 1160594 SUSE bug 1160764 SUSE bug 1161779 SUSE bug 1163922 CVE-2020-8013 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate) SUSE OpenStack Cloud 7 This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues: python-cfn-lint was included as a new package in 0.21.4. python-aws-sam-translator was updated to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications - Initial build + Version 1.9.0 - Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old + ast_drop-compatible-releases-operator.patch python-jsonschema was updated to 2.6.0: * Improved performance on CPython by adding caching around ref resolution Update to version 2.5.0: * Improved performance on CPython by adding caching around ref resolution (#203) Update to version 2.4.0: * Added a CLI (#134) * Added absolute path and absolute schema path to errors (#120) * Added ``relevance`` * Meta-schemas are now loaded via ``pkgutil`` * Added ``by_relevance`` and ``best_match`` (#91) * Fixed ``format`` to allow adding formats for non-strings (#125) * Fixed the ``uri`` format to reject URI references (#131) - Install /usr/bin/jsonschema with update-alternatives support python-nose2 was updated to 0.9.1: * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) python-scandir was included in version 2.3.2. python-requests was updated to version 2.20.1 (bsc#1111622) * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). * remove restriction for urllib3 < 1.24 Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). * Dependencies + Requests now supports urllib3 v1.24. * Deprecations + Requests has officially stopped support for Python 2.6. Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. + Migrate to using collections.abc for 3.7 compatibility. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. * We now support idna v2.7 and urllib3 v1.23. update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging * Dependencies + We now support idna v2.6. update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. Moderate SUSE bug 1111622 SUSE bug 1122668 CVE-2018-18074 cpe:/o:suse:suse-openstack-cloud:7 Security update for libpng16 (Moderate) SUSE OpenStack Cloud 7 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1124211 SUSE bug 1141493 CVE-2017-12652 CVE-2019-7317 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql96 (Low) SUSE OpenStack Cloud 7 This update for postgresql96 fixes the following issues: PostgreSQL was updated to version 9.6.17. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_0-openjdk (Important) SUSE OpenStack Cloud 7 This update for java-1_7_0-openjdk fixes the following issues: Update java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:suse-openstack-cloud:7 Security update for squid (Important) SUSE OpenStack Cloud 7 This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Important SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 CVE-2019-12523 CVE-2019-12526 CVE-2019-12528 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql10 (Low) SUSE OpenStack Cloud 7 This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 SUSE bug 1166238 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:suse-openstack-cloud:7 Security update for tomcat (Important) SUSE OpenStack Cloud 7 This update for tomcat fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1164692 CVE-2020-1938 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-cffi, python-cryptography (Moderate) SUSE OpenStack Cloud 7 This update for python-cffi, python-cryptography fixes the following issues: Security issue fixed: - CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820). Non-security issues fixed: python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598): - fixed a build failure on i586 (bsc#1111657) - Salt was unable to highstate in snapshot 20171129 (bsc#1070737) - Update pytest in spec to add c directory tests in addition to testing directory. - update to version 1.11.2: * Fix Windows issue with managing the thread-state on CPython 3.0 to 3.5 - Update pytest in spec to add c directory tests in addition to testing directory. - Omit test_init_once_multithread tests as they rely on multiple threads finishing in a given time. Returns sporadic pass/fail within build. - Update to 1.11.1: * Fix tests, remove deprecated C API usage * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary extensions (cpython issue #29943) * Fix for 3.7.0a1+ - Update to 1.11.0: * Support the modern standard types char16_t and char32_t. These work like wchar_t: they represent one unicode character, or when used as charN_t * or charN_t[] they represent a unicode string. The difference with wchar_t is that they have a known, fixed size. They should work at all places that used to work with wchar_t (please report an issue if I missed something). Note that with set_source(), you need to make sure that these types are actually defined by the C source you provide (if used in cdef()). * Support the C99 types float _Complex and double _Complex. Note that libffi doesn't support them, which means that in the ABI mode you still cannot call C functions that take complex numbers directly as arguments or return type. * Fixed a rare race condition when creating multiple FFI instances from multiple threads. (Note that you aren't meant to create many FFI instances: in inline mode, you should write ffi = cffi.FFI() at module level just after import cffi; and in out-of-line mode you don't instantiate FFI explicitly at all.) * Windows: using callbacks can be messy because the CFFI internal error messages show up to stderr-but stderr goes nowhere in many applications. This makes it particularly hard to get started with the embedding mode. (Once you get started, you can at least use @ffi.def_extern(onerror=...) and send the error logs where it makes sense for your application, or record them in log files, and so on.) So what is new in CFFI is that now, on Windows CFFI will try to open a non-modal MessageBox (in addition to sending raw messages to stderr). The MessageBox is only visible if the process stays alive: typically, console applications that crash close immediately, but that is also the situation where stderr should be visible anyway. * Progress on support for callbacks in NetBSD. * Functions returning booleans would in some case still return 0 or 1 instead of False or True. Fixed. * ffi.gc() now takes an optional third parameter, which gives an estimate of the size (in bytes) of the object. So far, this is only used by PyPy, to make the next GC occur more quickly (issue #320). In the future, this might have an effect on CPython too (provided the CPython issue 31105 is addressed). * Add a note to the documentation: the ABI mode gives function objects that are slower to call than the API mode does. For some reason it is often thought to be faster. It is not! - Update to 1.10.1: * Fixed the line numbers reported in case of cdef() errors. Also, I just noticed, but pycparser always supported the preprocessor directive # 42 'foo.h' to mean 'from the next line, we're in file foo.h starting from line 42';, which it puts in the error messages. - update to 1.10.0: * Issue #295: use calloc() directly instead of PyObject_Malloc()+memset() to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array) where most of the time you never touch most of the array. * Some OS/X build fixes ('only with Xcode but without CLT';). * Improve a couple of error messages: when getting mismatched versions of cffi and its backend; and when calling functions which cannot be called with libffi because an argument is a struct that is 'too complicated'; (and not a struct pointer, which always works). * Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang) * Implemented the remaining cases for ffi.from_buffer. Now all buffer/memoryview objects can be passed. The one remaining check is against passing unicode strings in Python 2. (They support the buffer interface, but that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the times not what you expect. In Python 3 this has been fixed and the unicode strings don't support the memoryview interface any more.) * The C type _Bool or bool now converts to a Python boolean when reading, instead of the content of the byte as an integer. The potential incompatibility here is what occurs if the byte contains a value different from 0 and 1. Previously, it would just return it; with this change, CFFI raises an exception in this case. But this case means 'undefined behavior'; in C; if you really have to interface with a library relying on this, don't use bool in the CFFI side. Also, it is still valid to use a byte string as initializer for a bool[], but now it must only contain \x00 or \x01. As an aside, ffi.string() no longer works on bool[] (but it never made much sense, as this function stops at the first zero). * ffi.buffer is now the name of cffi's buffer type, and ffi.buffer() works like before but is the constructor of that type. * ffi.addressof(lib, 'name') now works also in in-line mode, not only in out-of-line mode. This is useful for taking the address of global variables. * Issue #255: cdata objects of a primitive type (integers, floats, char) are now compared and ordered by value. For example, <cdata 'int' 42> compares equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C, <cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it compares smaller, because -1 < 4294967295. * PyPy: ffi.new() and ffi.new_allocator()() did not record 'memory pressure';, causing the GC to run too infrequently if you call ffi.new() very often and/or with large arrays. Fixed in PyPy 5.7. * Support in ffi.cdef() for numeric expressions with + or -. Assumes that there is no overflow; it should be fixed first before we add more general support for arbitrary arithmetic on constants. - do not generate HTML documentation for packages that are indirect dependencies of Sphinx (see docs at https://cffi.readthedocs.org/ ) - update to 1.9.1 - Structs with variable-sized arrays as their last field: now we track the length of the array after ffi.new() is called, just like we always tracked the length of ffi.new('int[]', 42). This lets us detect out-of-range accesses to array items. This also lets us display a better repr(), and have the total size returned by ffi.sizeof() and ffi.buffer(). Previously both functions would return a result based on the size of the declared structure type, with an assumed empty array. (Thanks andrew for starting this refactoring.) - Add support in cdef()/set_source() for unspecified-length arrays in typedefs: typedef int foo_t[...];. It was already supported for global variables or structure fields. - I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has no values explicitly defined: refusing to guess which integer type it is meant to be (unsigned/signed, int/long). Now I'm turning it back to a warning again; it seems that guessing that the enum has size int is a 99%-safe bet. (But not 100%, so it stays as a warning.) - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a remaining issue that is hard to fix: if you pass a Python file object to a FILE * argument, then os.dup() is used and the new file descriptor is only closed when the GC reclaims the Python file object-and not at the earlier time when you call close(), which only closes the original file descriptor. If this is an issue, you should avoid this automatic convertion of Python file objects: instead, explicitly manipulate file descriptors and call fdopen() from C (...via cffi). - When passing a void * argument to a function with a different pointer type, or vice-versa, the cast occurs automatically, like in C. The same occurs for initialization with ffi.new() and a few other places. However, I thought that char * had the same property-but I was mistaken. In C you get the usual warning if you try to give a char * to a char ** argument, for example. Sorry about the confusion. This has been fixed in CFFI by giving for now a warning, too. It will turn into an error in a future version. - Issue #283: fixed ffi.new() on structures/unions with nested anonymous structures/unions, when there is at least one union in the mix. When initialized with a list or a dict, it should now behave more closely like the { } syntax does in GCC. - CPython 3.x: experimental: the generated C extension modules now use the 'limited API';, which means that, as a compiled .so/.dll, it should work directly on any version of CPython >= 3.2. The name produced by distutils is still version-specific. To get the version-independent name, you can rename it manually to NAME.abi3.so, or use the very recent setuptools 26. - Added ffi.compile(debug=...), similar to python setup.py build --debug but defaulting to True if we are running a debugging version of Python itself. - Removed the restriction that ffi.from_buffer() cannot be used on byte strings. Now you can get a char * out of a byte string, which is valid as long as the string object is kept alive. (But don't use it to modify the string object! If you need this, use bytearray or other official techniques.) - PyPy 5.4 can now pass a byte string directly to a char * argument (in older versions, a copy would be made). This used to be a CPython-only optimization. - ffi.gc(p, None) removes the destructor on an object previously created by another call to ffi.gc() - bool(ffi.cast('primitive type', x)) now returns False if the value is zero (including -0.0), and True otherwise. Previously this would only return False for cdata objects of a pointer type when the pointer is NULL. - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason it was not supported was that it was hard to do in PyPy, but it works since PyPy 5.3.) To call a C function with a char * argument from a buffer object-now including bytearrays-you write lib.foo(ffi.from_buffer(x)). Additionally, this is now supported: p[0:length] = bytearray-object. The problem with this was that a iterating over bytearrays gives numbers instead of characters. (Now it is implemented with just a memcpy, of course, not actually iterating over the characters.) - C++: compiling the generated C code with C++ was supposed to work, but failed if you make use the bool type (because that is rendered as the C _Bool type, which doesn't exist in C++). - help(lib) and help(lib.myfunc) now give useful information, as well as dir(p) where p is a struct or pointer-to-struct. - update for multipython build - disable 'negative left shift' warning in test suite to prevent failures with gcc6, until upstream fixes the undefined code in question (bsc#981848) - Update to version 1.6.0: * ffi.list_types() * ffi.unpack() * extern 'Python+C'; * in API mode, lib.foo.__doc__ contains the C signature now. * Yet another attempt at robustness of ffi.def_extern() against CPython's interpreter shutdown logic. - Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598) - Make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Add proper conditional for the python2, the ifpython works only for the requires/etc - add missing dependency on python ssl - update to version 2.1.4: * Added X509_up_ref for an upcoming pyOpenSSL release. - update to version 2.1.3: * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0g. - update to version 2.1.2: * Corrected a bug with the manylinux1 wheels where OpenSSL's stack was marked executable. - fix BuildRequires conditions for python3 - update to 2.1.1 - Fix cffi version requirement. - Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478) - update to 2.0.3 - update to 2.0.2 - update to 2.0 - update to 1.9 - add python-packaging to requirements explicitly instead of relying on setuptools to pull it in - Switch to singlespec approach - update to 1.8.1 - Adust Requires and BuildRequires Moderate SUSE bug 1055478 SUSE bug 1070737 SUSE bug 1101820 SUSE bug 1111657 SUSE bug 1138748 SUSE bug 1149792 SUSE bug 981848 CVE-2018-10903 cpe:/o:suse:suse-openstack-cloud:7 Security update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client (Moderate) SUSE OpenStack Cloud 7 This update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client contains the following fixes: Security issue fixed for rubygem-puma: - CVE-2019-16770: Fixed a potential denial of service in Puma's reactor (bsc#1158675, jsc#SOC-10999) Security issue fixed for rubygem-rest-client: - CVE-2015-3448: Fixed a plain text local password disclosure. (bsc#917802) Updates for crowbar-core: - Update to version 4.0+git.1574788924.e4a6aeb0c: * Allow pacemaker remotes for upgrade (SOC-10133) - Update to version 4.0+git.1574713660.972029d1a: * Ignore CVE-2019-13117 in CI builds (bsc#1157028) Updates for crowbar-openstack: - Update to version 4.0+git.1574869671.9c7bade2d: * tempest: configure Kibana version (SOC-10131) - Update to version 4.0+git.1574764112.c260c70e5: * horizon: install lbaas horizon dashboard (SOC-10883) Updates for openstack-horizon-plugin-monasca-ui: - Refresh allow-raw-grafana-links.patch - update to version 1.5.5~dev3 * Replace openstack.org git:// URLs with https:// * Fix the partial missing metrics in Create Alarm Definition flow * import zuul job settings from project-config * Fix incorrect splitting of dimension in ProxyView * Fix Alarm status Panel on Overview page * Change IntegerField to ChoiceField for notification period * Imported Translations from Zanata * Display unique metric names for alarm * Fix Alarm Details section in Alarm History view * Fix validators for creating and editing notifications * Center the text for the button Deterministic * Adding title to Filter Alarms pop-up * Fix misleading validation error * Fix nit found in monasca-ui * Fix Breadcrumbs * Fix description for name field * Fixing 'Create Alarm Definition' for IE11 * Imported Translations from Zanata Updates to openstack-monasca-api: - added fix-metric-name-offset.patch (SOC-10131) - removed 0001-Fix-InfluxDB-repository-list_dimension_values-to-sup.patch (merged upstream) - update to version 1.7.1~dev18 * Replace openstack.org git:// URLs with https:// * import zuul job settings from project-config * Upgrade Apache Storm to 1.0.6 * Zuul: Remove project name Updates to openstack-monasca-log-api: - added fix-tempest-region.patch (SOC-10131) - update to version 1.4.3~dev3 * Replace openstack.org git:// URLs with https:// * import zuul job settings from project-config * Avoid tox\_install.sh for constraints support Updates to openstack-neutron: - neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of https://review.opendev.org/#/c/695867/ Moderate SUSE bug 1157028 SUSE bug 1157482 SUSE bug 1158675 SUSE bug 917802 CVE-2015-3448 CVE-2019-13117 CVE-2019-16770 cpe:/o:suse:suse-openstack-cloud:7 Security update for spamassassin (Important) SUSE OpenStack Cloud 7 This update for spamassassin fixes the following issues: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Important SUSE bug 1118987 SUSE bug 1162197 SUSE bug 1162200 CVE-2018-11805 CVE-2020-1930 CVE-2020-1931 cpe:/o:suse:suse-openstack-cloud:7 Security update for mariadb (Important) SUSE OpenStack Cloud 7 This update for mariadb to version 10.2.31 GA fixes the following issues: MariaDB was updated to version 10.2.31 GA (bsc#1162388 and bsc#1156669). Security issues fixed: - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). - CVE-2019-18901: Fixed an unsafe path handling behavior in mysql-systemd-helper (bsc#1160895). - CVE-2019-2737: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2938: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2740: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2805: Fixed an issue where could lead a local attacker to cause denial of service - CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service - CVE-2019-2758: Fixed an issue where could lead a local attacker to cause denial of service or data corruption - CVE-2019-2739: Fixed an issue where could lead a local attacker to cause denial of service or data corruption - Enabled security hardenings in MariaDB's systemd service, namely ProtectSystem, ProtectHome and UMask (bsc#1160878). - Fixed a potental symlink attack (bsc#1160912). - Fixed a permissions issue in /var/lib/mysql (bsc#1077717). - Used systemd-tmpfiles for a cleaner and safer creation of /run/mysql (bsc#1160883). Important SUSE bug 1077717 SUSE bug 1156669 SUSE bug 1160878 SUSE bug 1160883 SUSE bug 1160895 SUSE bug 1160912 SUSE bug 1162388 CVE-2019-18901 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 CVE-2020-2574 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3 (Moderate) SUSE OpenStack Cloud 7 This update for python3 fixes the following issue: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed an issue with version missmatch (bsc#1162224). - Rename idle icons to idle3 in order to not conflict with python2 variant of the package. (bsc#1165894) Moderate SUSE bug 1155094 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:suse-openstack-cloud:7 Security update for mozilla-nspr, mozilla-nss (Moderate) SUSE OpenStack Cloud 7 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Moderate SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 CVE-2019-11745 CVE-2019-17006 cpe:/o:suse:suse-openstack-cloud:7 Security update for libxslt (Moderate) SUSE OpenStack Cloud 7 This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Moderate SUSE bug 1154609 CVE-2019-18197 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 68.6.1esr MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-actionview-4_2 (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView (bsc#1167240). Moderate SUSE bug 1167240 CVE-2020-5267 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:suse-openstack-cloud:7 Security update for git (Important) SUSE OpenStack Cloud 7 This update for git fixes the following issues: Security issue fixed: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed: git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): - the xinetd snippet was removed - the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0: * 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' * Improved handling of sparse checkouts * Improvements to many commands and internal features git 2.25.1: * 'git commit' now honors advise.statusHints * various updates, bug fixes and documentation updates git 2.25.0: * The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. * A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. * Test updates to prepare for SHA-2 transition continues. * Redo 'git name-rev' to avoid recursive calls. * When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. * HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) - Fix building with asciidoctor and without DocBook4 stylesheets. git 2.24.0 * The command line parser learned '--end-of-options' notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. * fixes and improvements to UI, workflow and features, bash completion fixes * part of it merged upstream * the Makefile attempted to download some documentation, banned git 2.23.0: * The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. * The 'git log' command by default behaves as if the --mailmap option was given. * fixes and improvements to UI, workflow and features git 2.22.1: * A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. * 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. * 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. * 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. * Update to Unicode 12.1 width table. * 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. * 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. * The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. * 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. * Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html git 2.22.0: * The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option * 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * 'git branch' learned a new subcommand '--show-current'. * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0: * Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. * Small fixes and features for fast-export and fast-import. * The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. * 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. * Update 'git multimail' from the upstream. * A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). git 2.20.1: * portability fixes * 'git help -a' did not work well when an overly long alias was defined * no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0: * 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. * 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. * 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). * Developer builds now use -Wunused-function compilation option. * Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. * The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. * Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. * Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. * 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. * ...and much more features and fixes - fix CVE-2018-19486 (bsc#1117257) git 2.19.2: * various bug fixes for multiple subcommands and operations git 2.19.1: * CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0: * 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. * 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. * 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. * The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. * The userdiff pattern for .php has been updated. * The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. * 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). * 'git grep' learned the '--only-matching' option. * 'git rebase --rebase-merges' mode now handles octopus merges as well. * Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). * A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. * Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. * Many more strings are prepared for l10n. * 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. * The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. * 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. * 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. * 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. * The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. * 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. * 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0: * improvements to rename detection logic * When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. * 'git mergetools' learned talking to guiffy. * various other workflow improvements and fixes * performance improvements and other developer visible fixes Update to git 2.16.4: security fix release git 2.17.1: * Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) * Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0: * 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. * 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. * The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. * 'git rebase' learned to take '--allow-empty-message' option. * 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. * 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. * 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. * 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. * The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. * 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). * Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. * 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. * 'git diff' and friends learned funcname patterns for Go language source files. * 'git send-email' learned '--reply-to=<address>' option. * Funcname pattern used for C# now recognizes 'async' keyword. * In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). - Use %license instead of %doc [bsc#1082318] git 2.16.3: * 'git status' after moving a path in the working tree (hence making it appear 'removed') and then adding with the -N option (hence making that appear 'added') detected it as a rename, but did not report the old and new pathnames correctly. * 'git commit --fixup' did not allow '-m<message>' option to be used at the same time; allow it to annotate resulting commit with more text. * When resetting the working tree files recursively, the working tree of submodules are now also reset to match. * Fix for a commented-out code to adjust it to a rather old API change around object ID. * When there are too many changed paths, 'git diff' showed a warning message but in the middle of a line. * The http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable. * Crash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on. * The split-index mode had a few corner case bugs fixed. * Assorted fixes to 'git daemon'. * Completion of 'git merge -s<strategy>' (in contrib/) did not work well in non-C locale. * Workaround for segfault with more recent versions of SVN. * Recently introduced leaks in fsck have been plugged. * Travis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's). - Drop superfluous xinetd snippet, no longer used (bsc#1084460) - Build with asciidoctor for the recent distros (bsc#1075764) - Move %{?systemd_requires} to daemon subpackage - Create subpackage for libsecret credential helper. git 2.16.2: * An old regression in 'git describe --all $annotated_tag^0' has been fixed. * 'git svn dcommit' did not take into account the fact that a svn+ssh:// URL with a username@ (typically used for pushing) refers to the same SVN repository without the username@ and failed when svn.pushmergeinfo option is set. * 'git merge -Xours/-Xtheirs' learned to use our/their version when resolving a conflicting updates to a symbolic link. * 'git clone $there $here' is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation. * 'git stash -- <pathspec>' incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected. * 'git add -p' was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway. git 2.16.1: * 'git clone' segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem git 2.16.0 (CVE-2017-15298, bsc#1063412): * See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt git 2.15.1: * fix 'auto' column output * fixes to moved lines diffing * documentation updates * fix use of repositories immediately under the root directory * improve usage of libsecret * fixes to various error conditions in git commands - Rewrite from sysv init to systemd unit file for git-daemon (bsc#1069803) - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468) - split off p4 to a subpackage (bsc#1067502) - Build with the external libsha1detectcoll (bsc#1042644) git 2.15.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is still warned and Git asks users to use a more explicit '.' for that instead. Removal scheduled for 2.16 * Git now avoids blindly falling back to '.git' when the setup sequence said we are _not_ in Git repository (another corner case removed) * 'branch --set-upstream' was retired, deprecated since 1.8 * many other improvements and updates git 2.14.3: * git send-email understands more cc: formats * fixes so gitk --bisect * git commit-tree fixed to handle -F file alike * Prevent segfault in 'git cat-file --textconv' * Fix function header parsing for HTML * Various small fixes to user commands and and internal functions git 2.14.2: * fixes to color output * http.{sslkey,sslCert} now interpret '~[username]/' prefix * fixes to walking of reflogs via 'log -g' and friends * various fixes to output correctness * 'git push --recurse-submodules $there HEAD:$target' is now propagated down to the submodules * 'git clone --recurse-submodules --quiet' c$how propagates quiet option down to submodules. * 'git svn --localtime' correctness fixes * 'git grep -L' and 'git grep --quiet -L' now report same exit code * fixes to 'git apply' when converting line endings * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041 * 'git cvsserver' no longer is invoked by 'git daemon' by default git 2.14.1 (bsc#1052481): * Security fix for CVE-2017-1000117: A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. * A 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage). * In the same spirit, a repository name that begins with a dash '-' is also forbidden now. git 2.14.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is deprecated, use '.' * Avoid blindly falling back to '.git' when the setup sequence indicates operation not on a Git repository * 'indent heuristics' are now the default. * Builds with pcre2 * Many bug fixes, improvements and updates git 2.13.4: * Update the character width tables. * Fix an alias that contained an uppercase letter * Progress meter fixes * git gc concurrency fixes git 2.13.3: * various internal bug fixes * Fix a regression to 'git rebase -i' * Correct unaligned 32-bit access in pack-bitmap code * Tighten error checks for invalid 'git apply' input * The split index code did not honor core.sharedrepository setting correctly * Fix 'git branch --list' handling of color.branch.local git 2.13.2: * 'collision detecting' SHA-1 update for platform fixes * 'git checkout --recurse-submodules' did not quite work with a submodule that itself has submodules. * The 'run-command' API implementation has been made more robust against dead-locking in a threaded environment. * 'git clean -d' now only cleans ignored files with '-x' * 'git status --ignored' did not list ignored and untracked files without '-uall' * 'git pull --rebase --autostash' didn't auto-stash when the local history fast-forwards to the upstream. * 'git describe --contains' gives as much weight to lightweight tags as annotated tags * Fix 'git stash push <pathspec>' from a subdirectory git 2.13.1: * Setting 'log.decorate=false' in the configuration file did not take effect in v2.13, which has been corrected. * corrections to documentation and command help output * garbage collection fixes * memory leaks fixed * receive-pack now makes sure that the push certificate records the same set of push options used for pushing * shell completion corrections for git stash * fix 'git clone --config var=val' with empty strings * internal efficiency improvements * Update sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches - Fix packaging of documentation git 2.13.0: * empty string as a pathspec element for 'everything matches' is still warned, for future removal. * deprecated argument order 'git merge <msg> HEAD <commit>...' was removed * default location '~/.git-credential-cache/socket' for the socket used to communicate with the credential-cache daemon moved to '~/.cache/git/credential/socket'. * now avoid blindly falling back to '.git' when the setup sequence indicated otherwise * many workflow features, improvements and bug fixes * add a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640) * CVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395) Changes in pcre2: - Include the libraries, development and tools packages. git uses only libpcre2-8 so far, but this allows further application usage of pcre2. Important SUSE bug 1167890 SUSE bug 1168930 CVE-2020-5260 cpe:/o:suse:suse-openstack-cloud:7 Security update for fwupdate (Important) SUSE OpenStack Cloud 7 This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Important SUSE bug 1182057 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-actionpack-4_2 (Moderate) SUSE OpenStack Cloud 7 This update for rubygem-actionpack-4_2 fixes the following issues: - CVE-2019-16782: Possible Information Leak / Session Hijack Vulnerability in Rack (bsc#1159548) Moderate SUSE bug 1159548 CVE-2019-16782 cpe:/o:suse:suse-openstack-cloud:7 Security update for xen (Important) SUSE OpenStack Cloud 7 This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - Fixed an issue where xenstored was crashing with segfault (bsc#1182155). Important SUSE bug 1182155 SUSE bug 1182431 CVE-2021-27379 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-actionpack-4_2 (Important) SUSE OpenStack Cloud 7 This update for rubygem-actionpack-4_2 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack (bsc#1185715). Important SUSE bug 1185715 CVE-2021-22885 cpe:/o:suse:suse-openstack-cloud:7 Security update for dnsmasq (Important) SUSE OpenStack Cloud 7 This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:suse-openstack-cloud:7 Security update for flac (Moderate) SUSE OpenStack Cloud 7 This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). Moderate SUSE bug 1180099 CVE-2020-0499 cpe:/o:suse:suse-openstack-cloud:7 Security update for dovecot22 (Important) SUSE OpenStack Cloud 7 This update for dovecot22 fixes the following issues: - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). Important SUSE bug 1180405 CVE-2020-24386 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-httplib2 (Moderate) SUSE OpenStack Cloud 7 This update for python-httplib2 contains the following fixes: Security fixes included in this update: - CVE-2021-21240: Fixed a regular expression denial of service via malicious header (bsc#1182053). - CVE-2020-11078: Fixed an issue where an attacker could change request headers and body (bsc#1171998). Non-security fixes included in this update: - Update in SLE to 0.19.0 (bsc#1182053, CVE-2021-21240) - update to 0.19.0: * auth: parse headers using pyparsing instead of regexp * auth: WSSE token needs to be string not bytes - update to 0.18.1: (bsc#1171998, CVE-2020-11078) * explicit build-backend workaround for pip build isolation bug * IMPORTANT security vulnerability CWE-93 CRLF injection Force %xx quote of space, CR, LF characters in uri. * Ship test suite in source dist - update to 0.17.3: * bugfixes - Update to 0.17.1 * python3: no_proxy was not checked with https * feature: Http().redirect_codes set, works after follow(_all)_redirects check This allows one line workaround for old gcloud library that uses 308 response without redirect semantics. * IMPORTANT cache invalidation change, fix 307 keep method, add 308 Redirects * proxy: username/password as str compatible with pysocks * python2: regression in connect() error handling * add support for password protected certificate files * feature: Http.close() to clean persistent connections and sensitive data - Update to 0.14.0: * Python3: PROXY_TYPE_SOCKS5 with str user/pass raised TypeError - version update to 0.13.1 0.13.1 * Python3: Use no_proxy https://github.com/httplib2/httplib2/pull/140 0.13.0 * Allow setting TLS max/min versions https://github.com/httplib2/httplib2/pull/138 0.12.3 * No changes to library. Distribute py3 wheels. 0.12.1 * Catch socket timeouts and clear dead connection https://github.com/httplib2/httplib2/issues/18 https://github.com/httplib2/httplib2/pull/111 * Officially support Python 3.7 (package metadata) https://github.com/httplib2/httplib2/issues/123 0.12.0 * Drop support for Python 3.3 * ca_certs from environment HTTPLIB2_CA_CERTS or certifi https://github.com/httplib2/httplib2/pull/117 * PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required https://github.com/httplib2/httplib2/pull/115 * Revert http:443->https workaround https://github.com/httplib2/httplib2/issues/112 * eliminate connection pool read race https://github.com/httplib2/httplib2/pull/110 * cache: stronger safename https://github.com/httplib2/httplib2/pull/101 0.11.3 * No changes, just reupload of 0.11.2 after fixing automatic release conditions in Travis. 0.11.2 * proxy: py3 NameError basestring https://github.com/httplib2/httplib2/pull/100 0.11.1 * Fix HTTP(S)ConnectionWithTimeout AttributeError proxy_info https://github.com/httplib2/httplib2/pull/97 0.11.0 * Add DigiCert Global Root G2 serial 033af1e6a711a9a0bb2864b11d09fae5 https://github.com/httplib2/httplib2/pull/91 * python3 proxy support https://github.com/httplib2/httplib2/pull/90 * If no_proxy environment value ends with comma then proxy is not used https://github.com/httplib2/httplib2/issues/11 * fix UnicodeDecodeError using socks5 proxy https://github.com/httplib2/httplib2/pull/64 * Respect NO_PROXY env var in proxy_info_from_url https://github.com/httplib2/httplib2/pull/58 * NO_PROXY=bar was matching foobar (suffix without dot delimiter) New behavior matches curl/wget: - no_proxy=foo.bar will only skip proxy for exact hostname match - no_proxy=.wild.card will skip proxy for any.subdomains.wild.card https://github.com/httplib2/httplib2/issues/94 * Bugfix for Content-Encoding: deflate https://stackoverflow.com/a/22311297 - deleted patches httplib2 started to use certifi and this is already bent to use system certificate bundle. - handle the case when validation is disabled correctly. The 'check_hostname' context attribute has to be set first, othewise a 'ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.' exception is raised. - handle the case with ssl_version being None correctly - Use ssl.create_default_context in the python2 case so that the system wide certificates are loaded as trusted again. - Source url must be https. - Spec file cleanups - Update to 0.10.3 * Fix certificate validation on Python<=2.7.8 without ssl.CertificateError - Update to 0.10.2 * Just a reupload of 0.10.1, which was broken for Python3 because wheel distribution doesn't play well with our 2/3 split code base. - Update to 0.10.1 * Remove VeriSign Class 3 CA from trusted certs * Add IdenTrust DST Root CA X3 * Support for specifying the SSL protocol version (Python v2) * On App Engine use urlfetch's default deadline if None is passed. * Fix TypeError on AppEngine “__init__() got an unexpected keyword argument 'ssl_version’” * Send SNI data for SSL connections on Python 2.7.9+ * Verify the server hostname if certificate validation is enabled * Add proxy_headers argument to ProxyInfo constructor * Make disable_ssl_certificate_validation work with Python 3.5. * Fix socket error handling - Remove httplib2-bnc-818100.patch, merged upstream. - Project moved from code.google.com to GitHub, fix the url accordingly - attempt to build multi-python - update and cleanup of httplib2-use-system-certs.patch, so that the passthrough is clean for python2 and so that it does the right thing in python3 Moderate SUSE bug 1171998 SUSE bug 1182053 CVE-2020-11078 CVE-2021-21240 cpe:/o:suse:suse-openstack-cloud:7 Security update for libwebp (Critical) SUSE OpenStack Cloud 7 This update for libwebp fixes the following issues: - CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247). Critical SUSE bug 1185652 SUSE bug 1185654 SUSE bug 1185673 SUSE bug 1185674 SUSE bug 1185685 SUSE bug 1185686 SUSE bug 1185690 SUSE bug 1185691 SUSE bug 1186247 CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Moderate) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Pillow (Important) SUSE OpenStack Cloud 7 This update for python-Pillow fixes the following issues: - CVE-2021-25290: Fixed a negative-offset memcpy with an invalid size in TiffDecode.c (bsc#1183105). - CVE-2021-27922,CVE-2021-27923: Fixed improper reported size of a contained image (bsc#1183108,bsc#1183107) - CVE-2020-35653: Fixed buffer over-read in PcxDecode when decoding a crafted PCX file (bsc#1180834). - CVE-2021-25287: Fixed out-of-bounds read in J2kDecode in j2ku_graya_la (bsc#1185805). - CVE-2021-25288: Fixed out-of-bounds read in J2kDecode in j2ku_gray_i (bsc#1185803). - CVE-2021-28675: Fixed DoS in PsdImagePlugin (bsc#1185804). - CVE-2021-28677: Fixed DoS in the open phase via a malicious EPS file (bsc#1185785). - CVE-2021-28676: Fixed infinite loop in FliDecode.c (bsc#1185786). Important SUSE bug 1180834 SUSE bug 1183105 SUSE bug 1183107 SUSE bug 1183108 SUSE bug 1185785 SUSE bug 1185786 SUSE bug 1185803 SUSE bug 1185804 SUSE bug 1185805 CVE-2020-35653 CVE-2021-25287 CVE-2021-25288 CVE-2021-25290 CVE-2021-27922 CVE-2021-27923 CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 cpe:/o:suse:suse-openstack-cloud:7 Security update for crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store (Moderate) SUSE OpenStack Cloud 7 This update for crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store contains the following fixes: Security fixes included in this update: crowbar-openstack: - CVE-2016-8611: Added rate limiting for the '/images' API POST method (bsc#1005886). grafana: - CVE-2021-27358: Fixed a denial of service via remote API call (bsc#1183803) kibana: - CVE-2017-11499: Fixed a vulnerability in nodejs, related to the HashTable implementation, which could cause a denial of service (bsc#1044849) - CVE-2017-11481: Fixed a cross site scripting vulnerability via via URL fields (bsc#1044849) python-Django: - CVE-2021-3281: Fixed a directory traversal via archive.extract() (bsc#1181379) - CVE-2021-28658: Fixed a directory traversal via uploaded files (bsc#1184148) - CVE-2021-31542: Fixed a directory traversal via uploaded files with suitably crafted file names (bsc#1185623) - CVE-2021-33203:Fixed potential path-traversal via admindocs' TemplateDetailView (bsc#1186608) - CVE-2021-33571: Tighten validator checks to not allow leading zeros in IPv4 addresses, which potentially leads to further attacks (bsc#1186611) python-py: - CVE-2020-29651: Fixed a denial of service via regular expressions (bsc#1179805) rubygem-activerecord-session_store: - CVE-2019-25025: Fixed a timing attacks targeting the session id which could allow an attack to hijack sessions (bsc#1183174) Non-security fixes included in this update: Changes in crowbar-openstack: - Update to version 4.0+git.1616146720.44daffca0: * monasca: restart Kibana on update (bsc#1044849) Changes in grafana_Update: - Add CVE-2021-27358.patch (bsc#1183803, CVE-2021-27358) * Prevent unauthenticated remote attackers from causing a DoS through the snapshots API. Changes in kibana_Update: - Ensure /etc/sysconfig/kibana is present - Update to Kibana 4.6.6 (bsc#1044849, CVE-2017-11499, ESA-2017-14, ESA-2017-16) * [4.6] ignore forked code for babel transpile build phase (#13483) * Allow more than match queries in custom filters (#8614) (#10857) * [state] don't make extra $location.replace() calls (#9954) * [optimizer] move to querystring-browser package for up-to-date api * [state/unhashUrl] use encode-uri-query to generate cleanly encoded urls * server: refactor log_interceptor to be more DRY (#9617) * server: downgrade ECANCELED logs to debug (#9616) * server: do not treat logged warnings as errors (#8746) (#9610) * [server/logger] downgrade EPIPE errors to debug level (#9023) * Add basepath when redirecting from a trailling slash (#9035) * [es/kibanaIndex] use unmapped_type rather than ignore_unmapped (#8968) * [server/shortUrl] validate urls before shortening them - Add CVE-2017-11481.patch (bsc#1044849, CVE-2017-11481) * This fixes an XSS vulnerability in URL fields - Remove %dir declaration from /opt/kibana/optimize to ensure no files owned by root end up in there - Exclude /opt/kibana/optimize from %fdupes - Restart service on upgrade - Do not copy LICENSE.txt and README.txt to /opt/kibana - Fix rpmlint warnings/errors - Switch to explicit patch application - Fix source URL - Fix logic for systemd/systemv detection Changes in monasca-installer_Update: - Add support-influxdb-1.2.patch (SOC-11435) Changes in python-Django_Update: - Fixed potential path-traversal via admindocs' TemplateDetailView.(bsc#1186608, CVE-2021-33203) - Prevented leading zeros in IPv4 addresses. (bsc#1186611, CVE-2021-33571) - Add delegate-os-path-filename-generation-to-storage.patch (bsc#1185623) * Needed for CVE-2021-31542.patch to apply - Tightened path & file name sanitation in file uploads. (bsc#1185623, CVE-2021-31542) - Fixed potential directory-traversal via uploaded files. (bsc#1184148, CVE-2021-28658) - Fixes a potential directory traversal when extracting archives. (bsc#1181379, CVE-2021-3281) Changes in python-py_Update: - Add CVE-2020-29651.patch (CVE-2020-29651, bsc#1179805) * svnwc: fix regular expression vulnerable to DoS in blame functionality - Ensure /usr/share/licenses exists Changes in rubygem-activerecord-session_store_Update: - added CVE-2019-25025.patch (CVE-2019-25025, bsc#1183174) * This requires CVE-2019-16782.patch to be included in rubygem-actionpack-4_2 to work correctly. Moderate SUSE bug 1044849 SUSE bug 1179805 SUSE bug 1181379 SUSE bug 1183803 SUSE bug 1184148 SUSE bug 1185623 SUSE bug 1186608 SUSE bug 1186611 CVE-2017-11481 CVE-2017-11499 CVE-2019-25025 CVE-2020-29651 CVE-2021-27358 CVE-2021-28658 CVE-2021-31542 CVE-2021-3281 CVE-2021-33203 CVE-2021-33571 cpe:/o:suse:suse-openstack-cloud:7 Security update for ImageMagick (Important) SUSE OpenStack Cloud 7 This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). Important SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27757 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-PyJWT (Moderate) SUSE OpenStack Cloud 7 This update for python-PyJWT fixes the following issues: python-JWT was updated to 1.5.3. (bsc#1186173) update to version 1.5.3: * Changed + Increase required version of the cryptography package to >=1.4.0. * Fixed + Remove uses of deprecated functions from the cryptography package. + Warn about missing algorithms param to decode() only when verify param is True #281 update to version 1.5.2: - Ensure correct arguments order in decode super call [7c1e61d][7c1e61d] - Change optparse for argparse. [#238][238] - Guard against PKCS1 PEM encododed public keys [#277][277] - Add deprecation warning when decoding without specifying `algorithms` [#277][277] - Improve deprecation messages [#270][270] - PyJWT.decode: move verify param into options [#271][271] - Support for Python 3.6 [#262][262] - Expose jwt.InvalidAlgorithmError [#264][264] - Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244] - Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances. [#187][187] - Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230] - Tokens with future 'iat' values are no longer rejected [#190][190] - Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError - Remove rejection of future 'iat' claims [#252][252] - Add back 'ES512' for backward compatibility (for now) [#225][225] - Fix incorrectly named ECDSA algorithm [#219][219] - Fix rpm build [#196][196] - Add JWK support for HMAC and RSA keys [#202][202] Moderate SUSE bug 1186173 CVE-2017-12880 cpe:/o:suse:suse-openstack-cloud:7 Security update for rubygem-nokogiri (Important) SUSE OpenStack Cloud 7 This update for rubygem-nokogiri fixes the following issues: - CVE-2019-5477: Fixed a command injection vulnerability (bsc#1146578). - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema (bsc#1180507). Important SUSE bug 1146578 SUSE bug 1180507 CVE-2019-5477 CVE-2020-26247 cpe:/o:suse:suse-openstack-cloud:7 Security update for postgresql, postgresql12, postgresql13 (Important) SUSE OpenStack Cloud 7 This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresql12: - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix a DST problem in the test suite. Changes in postgresql13: - Add postgresql-icu68.patch: fix build with ICU 68 - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html - Fix a DST problem in the test suite. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 SUSE bug 1178961 SUSE bug 1179765 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssh (Moderate) SUSE OpenStack Cloud 7 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). Moderate SUSE bug 1173513 CVE-2020-14145 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-py (Moderate) SUSE OpenStack Cloud 7 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). Moderate SUSE bug 1179805 SUSE bug 1184505 CVE-2020-29651 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-rsa (Important) SUSE OpenStack Cloud 7 This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext (bsc#1172389) Important SUSE bug 1172389 CVE-2020-13757 cpe:/o:suse:suse-openstack-cloud:7 Security update for sudo (Important) SUSE OpenStack Cloud 7 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] Important SUSE bug 1180684 SUSE bug 1181090 CVE-2021-23239 CVE-2021-3156 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Pillow (Important) SUSE OpenStack Cloud 7 This update for python-Pillow fixes the following issues: - CVE-2021-34552: Fixed a buffer overflow in Convert.c (bsc#1188574) Important SUSE bug 1188574 CVE-2021-34552 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-PyYAML (Important) SUSE OpenStack Cloud 7 This update for python-PyYAML fixes the following issues: - Update to 5.3.1. - CVE-2020-14343: A vulnerability was discovered in the PyYAML library, where it was susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. Important SUSE bug 1174514 CVE-2020-14343 cpe:/o:suse:suse-openstack-cloud:7 Security update for openvswitch (Important) SUSE OpenStack Cloud 7 This update for openvswitch fixes the following issues: - openvswitch was updated to 2.5.11 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) - datapath: Clear the L4 portion of the key for 'later' fragments - datapath: Properly set L4 keys on 'later' IP fragments - ofproto-dpif: Fix using uninitialised memory in user_action_cookie. - stream-ssl: Fix crash on NULL private key and valid certificate. - datapath: fix flow actions reallocation Important SUSE bug 1117483 SUSE bug 1181345 CVE-2020-27827 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Moderate) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:suse-openstack-cloud:7 Security update for python3 (Important) SUSE OpenStack Cloud 7 This update for python3 fixes the following issues: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 CVE-2019-20916 cpe:/o:suse:suse-openstack-cloud:7 Security update for python (Important) SUSE OpenStack Cloud 7 This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ). - CVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755). - futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755). - futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755). - futex: Avoid freeing an active timer (bsc#969755). - futex: Avoid violating the 10th rule of futex (bsc#969755). - futex: Change locking rules (bsc#969755). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755). - futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755). - futex: Fix OWNER_DEAD fixup (bsc#969755). - futex: Fix incorrect should_fail_futex() handling (bsc#969755). - futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755). - futex: Fix pi_state->owner serialization (bsc#969755). - futex: Fix small (and harmless looking) inconsistencies (bsc#969755). - futex: Futex_unlock_pi() determinism (bsc#969755). - futex: Handle early deadlock return correctly (bsc#969755). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#969755). - futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755). - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755). - futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). Important SUSE bug 1070943 SUSE bug 1121826 SUSE bug 1121872 SUSE bug 1157298 SUSE bug 1168952 SUSE bug 1173942 SUSE bug 1176395 SUSE bug 1176485 SUSE bug 1177411 SUSE bug 1178123 SUSE bug 1178182 SUSE bug 1178589 SUSE bug 1178622 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179204 SUSE bug 1179419 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1181349 SUSE bug 969755 CVE-2019-19063 CVE-2019-20934 CVE-2019-6133 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27673 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 cpe:/o:suse:suse-openstack-cloud:7 Security update for openvswitch (Important) SUSE OpenStack Cloud 7 This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Important SUSE bug 1181742 CVE-2020-35498 cpe:/o:suse:suse-openstack-cloud:7 Security update for wpa_supplicant (Important) SUSE OpenStack Cloud 7 This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Important SUSE bug 1150934 SUSE bug 1181777 CVE-2019-16275 CVE-2021-0326 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-urllib3 (Moderate) SUSE OpenStack Cloud 7 This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). Moderate SUSE bug 1177211 CVE-2020-26116 cpe:/o:suse:suse-openstack-cloud:7 Security update for jasper (Important) SUSE OpenStack Cloud 7 This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:suse-openstack-cloud:7 Security update for screen (Important) SUSE OpenStack Cloud 7 This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Important SUSE bug 1182092 CVE-2021-26937 cpe:/o:suse:suse-openstack-cloud:7 Security update for bind (Important) SUSE OpenStack Cloud 7 This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_7_1-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:suse-openstack-cloud:7 Security update for krb5-appl (Important) SUSE OpenStack Cloud 7 This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). Important SUSE bug 1131109 CVE-2019-25017 CVE-2019-25018 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-openjdk (Moderate) SUSE OpenStack Cloud 7 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Moderate SUSE bug 1181239 CVE-2020-14803 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-Jinja2 (Important) SUSE OpenStack Cloud 7 This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Important SUSE bug 1181944 CVE-2020-28493 cpe:/o:suse:suse-openstack-cloud:7 Security update for java-1_8_0-ibm (Important) SUSE OpenStack Cloud 7 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:suse-openstack-cloud:7 Security update for perl-XML-Twig (Moderate) SUSE OpenStack Cloud 7 This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:suse-openstack-cloud:7 Security update for python-cryptography (Important) SUSE OpenStack Cloud 7 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). Important SUSE bug 1182066 CVE-2020-36242 cpe:/o:suse:suse-openstack-cloud:7 Security update for grub2 (Important) SUSE OpenStack Cloud 7 This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) grub2 was bumped to version 2.02, same as SUSE Linux Enterprise 12 SP3. Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:suse-openstack-cloud:7 Security update for openldap2 (Important) SUSE OpenStack Cloud 7 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Important) SUSE OpenStack Cloud 7 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). The following non-security bug was fixed: - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1178372 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182175 CVE-2020-28374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:suse-openstack-cloud:7 Security update for wpa_supplicant (Important) SUSE OpenStack Cloud 7 This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805) Important SUSE bug 1182805 CVE-2021-27803 cpe:/o:suse:suse-openstack-cloud:7 Security update for git (Important) SUSE OpenStack Cloud 7 This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) Important SUSE bug 1183026 CVE-2021-21300 cpe:/o:suse:suse-openstack-cloud:7 Security update for python (Moderate) SUSE OpenStack Cloud 7 This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2019-18348 CVE-2021-23336 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:suse-openstack-cloud:7 Security update for glib2 (Important) SUSE OpenStack Cloud 7 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 CVE-2021-27219 cpe:/o:suse:suse-openstack-cloud:7 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE OpenStack Cloud 7 This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:suse-openstack-cloud:7 Security update for sudo (Important) SUSE OpenStack Cloud 7 This update for sudo fixes the following issues: - Fixed a potential crash on exit as a result of the fix of CVE-2021-3156 [bsc#1181090] Important SUSE bug 1181090 CVE-2021-3156 cpe:/o:suse:suse-openstack-cloud:7 Security update for wavpack (Important) SUSE OpenStack Cloud 7 This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:suse-openstack-cloud:7 Security update for nghttp2 (Important) SUSE OpenStack Cloud 7 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Important SUSE bug 1082318 SUSE bug 1088639 SUSE bug 1112438 SUSE bug 1125689 SUSE bug 1134616 SUSE bug 1146182 SUSE bug 1146184 SUSE bug 1181358 SUSE bug 962914 SUSE bug 964140 SUSE bug 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:suse:suse-openstack-cloud:7 Security update for openssl (Moderate) SUSE OpenStack Cloud 7 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:suse-openstack-cloud:7 Security update for MozillaFirefox (Important) SUSE OpenStack Cloud 7 This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:suse-openstack-cloud:7 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2 This update for bind fixes the following issues: - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. (CVE-2016-8864, bsc#1007829). - Fix BIND to return a valid hostname in response to ldapdump queries. (bsc#965748) Important SUSE bug 1007829 SUSE bug 965748 CVE-2016-8864 cpe:/o:suse:sles:12:sp2 Security update for jasper (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for jasper to version 1.900.14 fixes several issues. These security issues were fixed: - CVE-2016-8887: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (bsc#1006836) - CVE-2016-8886: memory allocation failure in jas_malloc (jas_malloc.c) (bsc#1006599) - CVE-2016-8884,CVE-2016-8885: two null pointer dereferences in bmp_getdata (incomplete fix for CVE-2016-8690) (bsc#1007009) - CVE-2016-8883: assert in jpc_dec_tiledecode() (bsc#1006598) - CVE-2016-8882: segfault / null pointer access in jpc_pi_destroy (bsc#1006597) - CVE-2016-8881: Heap overflow in jpc_getuint16() (bsc#1006593) - CVE-2016-8880: Heap overflow in jpc_dec_cp_setfromcox() (bsc#1006591) - CVE-2016-8693 Double free vulnerability in mem_close (bsc#1005242) - CVE-2016-8691, CVE-2016-8692: Divide by zero in jpc_dec_process_siz (bsc#1005090) - CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image (bsc#1005084) - CVE-2016-2116: Memory leak in the jas_iccprof_createfrombuf function in JasPer allowed remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file (bsc#968373) - CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) - CVE-2016-1867: Out-of-bounds Read in the JasPer's jpc_pi_nextcprl() function (bsc#961886) - CVE-2015-5221: Use-after-free (and double-free) in Jasper JPEG-200 (bsc#942553). - CVE-2015-5203: Double free corruption in JasPer JPEG-2000 implementation (bsc#941919) - CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer might have allowed context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (bsc#392410) - jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) (bsc#1006839) For additional change description please have a look at the changelog. Moderate SUSE bug 1005084 SUSE bug 1005090 SUSE bug 1005242 SUSE bug 1006591 SUSE bug 1006593 SUSE bug 1006597 SUSE bug 1006598 SUSE bug 1006599 SUSE bug 1006836 SUSE bug 1006839 SUSE bug 1007009 SUSE bug 392410 SUSE bug 941919 SUSE bug 942553 SUSE bug 961886 SUSE bug 963983 SUSE bug 968373 CVE-2008-3522 CVE-2014-8158 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 cpe:/o:suse:sles:12:sp2 Security update for ghostscript (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ghostscript fixes the following issues: - bsc#1006592: Fix a regression introduced in CVE-2013-5653 by which ps files couldn't be opened in okular/evince (kde#371887). Moderate SUSE bug 1006592 CVE-2013-5653 cpe:/o:suse:sles:12:sp2 Security update for X Window System client libraries (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for the X Window System client libraries fixes a class of privilege escalation issues. A malicious X Server could send specially crafted data to X clients, which allowed for triggering crashes, or privilege escalation if this relationship was untrusted or crossed user or permission level boundaries. libX11, libXfixes, libXi, libXrandr, libXrender, libXtst, libXv, libXvMC were fixed, specifically: libX11: - CVE-2016-7942: insufficient validation of data from the X server allowed out of boundary memory read (bsc#1002991) libXfixes: - CVE-2016-7944: insufficient validation of data from the X server can cause an integer overflow on 32 bit architectures (bsc#1002995) libXi: - CVE-2016-7945, CVE-2016-7946: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998) libXtst: - CVE-2016-7951, CVE-2016-7952: insufficient validation of data from the X server can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1003012) libXv: - CVE-2016-5407: insufficient validation of data from the X server can cause out of boundary memory and memory corruption (bsc#1003017) libXvMC: - CVE-2016-7953: insufficient validation of data from the X server can cause a one byte buffer read underrun (bsc#1003023) libXrender: - CVE-2016-7949, CVE-2016-7950: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003002) libXrandr: - CVE-2016-7947, CVE-2016-7948: insufficient validation of data from the X server can cause out of boundary memory writes (bsc#1003000) Moderate SUSE bug 1002991 SUSE bug 1002995 SUSE bug 1002998 SUSE bug 1003000 SUSE bug 1003002 SUSE bug 1003012 SUSE bug 1003017 SUSE bug 1003023 CVE-2016-5407 CVE-2016-7942 CVE-2016-7944 CVE-2016-7945 CVE-2016-7946 CVE-2016-7947 CVE-2016-7948 CVE-2016-7949 CVE-2016-7950 CVE-2016-7951 CVE-2016-7952 CVE-2016-7953 cpe:/o:suse:sles:12:sp2 Security update for python3 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed: - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes: - Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582) For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html Moderate SUSE bug 951166 SUSE bug 983582 SUSE bug 984751 SUSE bug 985177 SUSE bug 985348 SUSE bug 989523 SUSE bug 991069 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 cpe:/o:suse:sles:12:sp2 Security update for libtcnative-1-0 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libtcnative-1-0 fixes the following issues: - Upgrade to libtcnative-1.1.34 (bugfix release) (bsc#1004455) See https://tomcat.apache.org/native-1.1-doc/miscellaneous/changelog.html * Unconditionally disable export Ciphers. * Improve ephemeral key handling for DH and ECDH. Parameter strength is by default derived from the certificate key strength. * APIs SSL.generateRSATempKey() and SSL.loadDSATempKey() are no longer supported. * Various bugfixes. Moderate SUSE bug 1004455 cpe:/o:suse:sles:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for qemu to version 2.6.2 fixes the several issues. These security issues were fixed: - CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allowed attackers to execute arbitrary code on the QEMU host via a large ethlite packet (bsc#1001151). - CVE-2016-7170: OOB stack memory access when processing svga command (bsc#998516). - CVE-2016-7466: xhci memory leakage during device unplug (bsc#1000345). - CVE-2016-7422: NULL pointer dereference in virtqueu_map_desc (bsc#1000346). - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1002550). - CVE-2016-7995: Memory leak in ehci_process_itd (bsc#1003612). - CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process (bsc#1003878). - CVE-2016-8578: The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation (bsc#1003894). - CVE-2016-9105: Memory leakage in v9fs_link (bsc#1007494). - CVE-2016-8577: Memory leak in the v9fs_read function in hw/9pfs/9p.c allowed local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation (bsc#1003893). - CVE-2016-9106: Memory leakage in v9fs_write (bsc#1007495). - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1004707). - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1002557). - CVE-2016-9101: eepro100 memory leakage whern unplugging a device (bsc#1007391). - CVE-2016-8668: The rocker_io_writel function in hw/net/rocker/rocker.c allowed local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size (bsc#1004706). - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1006538). - CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position (bsc#1006536). - CVE-2016-7994: Memory leak in virtio_gpu_resource_create_2d (bsc#1003613). - CVE-2016-9104: Integer overflow leading to OOB access in 9pfs (bsc#1007493). - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1004702). - CVE-2016-7907: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1002549). These non-security issues were fixed: - Change kvm-supported.txt to be per-architecture documentation, stored in the package documentation directory of each per-arch package (bsc#1005353). - Update support doc to include current ARM64 (AArch64) support stance (bsc#1005374). - Fix migration failure when snapshot also has been done (bsc#1008148). - Change package post script udevadm trigger calls to be device specific (bsc#1002116). - Add qmp-commands.txt documentation file back in. It was inadvertently dropped. - Add an x86 cpu option (l3-cache) to specify that an L3 cache is present and another option (cpuid-0xb) to enable the cpuid 0xb leaf (bsc#1007769). For Leap 42.2 this update also enabled the smartcard support (bsc#1007263). Moderate SUSE bug 1000345 SUSE bug 1000346 SUSE bug 1001151 SUSE bug 1002116 SUSE bug 1002549 SUSE bug 1002550 SUSE bug 1002557 SUSE bug 1003612 SUSE bug 1003613 SUSE bug 1003878 SUSE bug 1003893 SUSE bug 1003894 SUSE bug 1004702 SUSE bug 1004706 SUSE bug 1004707 SUSE bug 1005353 SUSE bug 1005374 SUSE bug 1006536 SUSE bug 1006538 SUSE bug 1007263 SUSE bug 1007391 SUSE bug 1007493 SUSE bug 1007494 SUSE bug 1007495 SUSE bug 1007769 SUSE bug 1008148 SUSE bug 998516 CVE-2016-7161 CVE-2016-7170 CVE-2016-7422 CVE-2016-7466 CVE-2016-7907 CVE-2016-7908 CVE-2016-7909 CVE-2016-7994 CVE-2016-7995 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8668 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 OpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues: * Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries * Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app's Java pid. + S8017462: G1: guarantee fails with UseDynamicNumberOfGCThreads + S8034168: ThreadMXBean/Locks.java failed, blocked on wrong object + S8036006: [TESTBUG] sun/tools/native2ascii/NativeErrors.java fails: Process exit code was 0, but error was expected. + S8041781: Need new regression tests for PBE keys + S8041787: Need new regressions tests for buffer handling for PBE algorithms + S8043836: Need new tests for AES cipher + S8044199: Tests for RSA keys and key specifications + S8044772: TempDirTest.java still times out with -Xcomp + S8046339: sun.rmi.transport.DGCAckHandler leaks memory + S8047031: Add SocketPermission tests for legacy socket types + S8048052: Permission tests for setFactory + S8048138: Tests for JAAS callbacks + S8048147: Privilege tests with JAAS Subject.doAs + S8048356: SecureRandom default provider tests + S8048357: PKCS basic tests + S8048360: Test signed jar files + S8048362: Tests for doPrivileged with accomplice + S8048596: Tests for AEAD ciphers + S8048599: Tests for key wrap and unwrap operations + S8048603: Additional tests for MAC algorithms + S8048604: Tests for strong crypto ciphers + S8048607: Test key generation of DES and DESEDE + S8048610: Implement regression test for bug fix of 4686632 in JCE + S8048617: Tests for PKCS12 read operations + S8048618: Tests for PKCS12 write operations. + S8048619: Implement tests for converting PKCS12 keystores + S8048624: Tests for SealedObject + S8048819: Implement reliability test for DH algorithm + S8048820: Implement tests for SecretKeyFactory + S8048830: Implement tests for new functionality provided in JEP 166 + S8049237: Need new tests for X509V3 certificates + S8049321: Support SHA256WithDSA in JSSE + S8049429: Tests for java client server communications with various TLS/SSL combinations. + S8049432: New tests for TLS property jdk.tls.client.protocols + S8049814: Additional SASL client-server tests + S8050281: New permission tests for JEP 140 + S8050370: Need new regressions tests for messageDigest with DigestIOStream + S8050371: More MessageDigest tests + S8050374: More Signature tests + S8050427: LoginContext tests to cover JDK-4703361 + S8050460: JAAS login/logout tests with LoginContext + S8050461: Tests for syntax checking of JAAS configuration file + S8054278: Refactor jps utility tests + S8055530: assert(_exits.control()->is_top() || !_gvn.type(ret_phi)->empty()) failed: return value must be well defined + S8055844: [TESTBUG] test/runtime/NMT/VirtualAllocCommitUncommitRecommit.java fails on Solaris Sparc due to incorrect page size being used + S8059677: Thread.getName() instantiates Strings + S8061464: A typo in CipherTestUtils test + S8062536: [TESTBUG] Conflicting GC combinations in jdk tests + S8065076: java/net/SocketPermission/SocketPermissionTest.java fails intermittently + S8065078: NetworkInterface.getNetworkInterfaces() triggers intermittent test failures + S8066871: java.lang.VerifyError: Bad local variable type - local final String + S8068427: Hashtable deserialization reconstitutes table with wrong capacity + S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 + S8069253: javax/net/ssl/TLS/TestJSSE.java failed on Mac + S8071125: Improve exception messages in URLPermission + S8072081: Supplementary characters are rejected in comments + S8072463: Remove requirement that AKID and SKID have to match when building certificate chain + S8072725: Provide more granular levels for GC verification + S8073400: Some Monospaced logical fonts have a different width + S8073872: Schemagen fails with StackOverflowError if element references containing class + S8074931: Additional tests for CertPath API + S8075286: Additional tests for signature algorithm OIDs and transformation string + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8076545: Text size is twice bigger under Windows L&F on Win 8.1 with HiDPI display + S8076995: gc/ergonomics/TestDynamicNumberOfGCThreads.java failed with java.lang.RuntimeException: 'new_active_workers' missing from stdout/stderr + S8079138: Additional negative tests for XML signature processing + S8081512: Remove sun.invoke.anon classes, or move / co-locate them with tests + S8081771: ProcessTool.createJavaProcessBuilder() needs new addTestVmAndJavaOptions argument + S8129419: heapDumper.cpp: assert(length_in_bytes > 0) failed: nothing to copy + S8130150: Implement BigInteger.montgomeryMultiply intrinsic + S8130242: DataFlavorComparator transitivity exception + S8130304: Inference: NodeNotFoundException thrown with deep generic method call chain + S8130425: libjvm crash due to stack overflow in executables with 32k tbss/tdata + S8133023: ParallelGCThreads is not calculated correctly + S8134111: Unmarshaller unmarshalls XML element which doesn't have the expected namespace + S8135259: InetAddress.getAllByName only reports 'unknown error' instead of actual cause + S8136506: Include sun.arch.data.model as a property that can be queried by jtreg + S8137068: Tests added in JDK-8048604 fail to compile + S8139040: Fix initializations before ShouldNotReachHere() etc. and enable -Wuninitialized on linux. + S8139581: AWT components are not drawn after removal and addition to a container + S8141243: Unexpected timezone returned after parsing a date + S8141420: Compiler runtime entries don't hold Klass* from being GCed + S8141445: Use of Solaris/SPARC M7 libadimalloc.so can generate unknown signal in hs_err file + S8141551: C2 can not handle returns with inccompatible interface arrays + S8143377: Test PKCS8Test.java fails + S8143647: Javac compiles method reference that allows results in an IllegalAccessError + S8144144: ORB destroy() leaks filedescriptors after unsuccessful connection + S8144593: Suppress not recognized property/feature warning messages from SAXParser + S8144957: Remove PICL warning message + S8145039: JAXB marshaller fails with ClassCastException on classes generated by xjc + S8145228: Java Access Bridge, getAccessibleStatesStringFromContext doesn't wrap the call to getAccessibleRole + S8145388: URLConnection.guessContentTypeFromStream returns image/jpg for some JPEG images + S8145974: XMLStreamWriter produces invalid XML for surrogate pairs on OutputStreamWriter + S8146035: Windows - With LCD antialiasing, some glyphs are not rendered correctly + S8146192: Add test for JDK-8049321 + S8146274: Thread spinning on WeakHashMap.getEntry() with concurrent use of nashorn + S8147468: Allow users to bound the size of buffers cached in the per-thread buffer caches + S8147645: get_ctrl_no_update() code is wrong + S8147807: crash in libkcms.so on linux-sparc + S8148379: jdk.nashorn.api.scripting spec. adjustments, clarifications + S8148627: RestrictTestMaxCachedBufferSize.java to 64-bit platforms + S8148820: Missing @since Javadoc tag in Logger.log(Level, Supplier) + S8148926: Call site profiling fails on braces-wrapped anonymous function + S8149017: Delayed provider selection broken in RSA client key exchange + S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks + S8149330: Capacity of StringBuilder should not get close to Integer.MAX_VALUE unless necessary + S8149334: JSON.parse(JSON.stringify([])).push(10) creates an array containing two elements + S8149368: [hidpi] JLabel font is twice bigger than JTextArea font on Windows 7,HiDPI, Windows L&F + S8149411: PKCS12KeyStore cannot extract AES Secret Keys + S8149417: Use final restricted flag + S8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception + S8149453: [hidpi] JFileChooser does not scale properly on Windows with HiDPI display and Windows L&F + S8149543: range check CastII nodes should not be split through Phi + S8149743: JVM crash after debugger hotswap with lambdas + S8149744: fix testng.jar delivery in Nashorn build.xml + S8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE + S8150002: Check for the validity of oop before printing it in verify_remembered_set + S8150470: JCK: api/xsl/conf/copy/copy19 test failure + S8150518: G1 GC crashes at G1CollectedHeap::do_collection_pause_at_safepoint(double) + S8150533: Test java/util/logging/LogManagerAppContextDeadlock.java times out intermittently. + S8150704: XALAN: ERROR: 'No more DTM IDs are available' when transforming with lots of temporary result trees + S8150780: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError + S8151064: com/sun/jdi/RedefineAddPrivateMethod.sh fails intermittently + S8151197: [TEST_BUG] Need to backport fix for test/javax/net/ssl/TLS/TestJSSE.java + S8151352: jdk/test/sample fails with 'effective library path is outside the test suite' + S8151431: DateFormatSymbols triggers this.clone() in the constructor + S8151535: TESTBUG: java/lang/invoke/AccessControlTest.java should be modified to run with JTREG 4.1 b13 + S8151731: Add new jtreg keywords to jdk 8 + S8151998: VS2010 ThemeReader.cpp(758) : error C3861: 'round': identifier not found + S8152927: Incorrect GPL header in StubFactoryDynamicBase.java reported + S8153252: SA: Hotspot build on Windows fails if make/closed folder does not exist + S8153531: Improve exception messaging for RSAClientKeyExchange + S8153641: assert(thread_state == _thread_in_native) failed: Assumed thread_in_native while heap dump + S8153673: [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S8154304: NullpointerException at LdapReferralException.getReferralContext + S8154722: Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails + S8157078: 8u102 L10n resource file updates + S8157838: Personalized Windows Font Size is not taken into account in Java8u102 * Import of OpenJDK 8 u111 build 14 + S6882559: new JEditorPane('text/plain','') fails for null context class loader + S8049171: Additional tests for jarsigner's warnings + S8063086: Math.pow yields different results upon repeated calls + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8153399: Constrain AppCDS behavior (back port) + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8158994: Service Menu services + S8159684: (tz) Support tzdata2016f + S8160904: Typo in code from 8079718 fix : enableCustomValueHanlde + S8160934: isnan() is not available on older MSVC compilers + S8161141: correct bugId for JDK-8158994 fix push + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S8078628, PR3208: Zero build fails with pre-compiled headers disabled + S8141491, PR3159, G592292: Unaligned memory access in Bits.c + S8157306, PR3121: Random infrequent null pointer exceptions in javac (enabled on AArch64 only) + S8162384, PR3122: Performance regression: bimorphic inlining may be bypassed by type speculation * Bug fixes + PR3123: Some object files built without -fPIC on x86 only + PR3126: pax-mark-vm script calls 'exit -1' which is invalid in dash + PR3127, G590348: Only apply PaX markings by default on running PaX kernels + PR3199: Invalid nashorn URL + PR3201: Update infinality configure test + PR3218: PR3159 leads to build failure on clean tree * AArch64 port + S8131779, PR3220: AARCH64: add Montgomery multiply intrinsic + S8167200, PR3220: AArch64: Broken stack pointer adjustment in interpreter + S8167421, PR3220: AArch64: in one core system, fatal error: Illegal threadstate encountered + S8167595, PR3220: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt + S8168888, PR3220: Port 8160591: Improve internal array handling to AArch64. * Shenandoah + PR3224: Shenandoah broken when building without pre-compiled headers - Build against system kerberos - Build against system pcsc and sctp - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) Important SUSE bug 1005522 SUSE bug 1005523 SUSE bug 1005524 SUSE bug 1005525 SUSE bug 1005526 SUSE bug 1005527 SUSE bug 1005528 SUSE bug 988651 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 cpe:/o:suse:sles:12:sp2 Security update for sudo (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for sudo fixes the following issues: - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: * noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501] Moderate SUSE bug 1007501 SUSE bug 1007766 CVE-2016-7032 CVE-2016-7076 cpe:/o:suse:sles:12:sp2 Security update for tar (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line [bsc#1007188] [CVE-2016-6321] - Fix Amanda integration issue (bsc#913058) Moderate SUSE bug 1007188 SUSE bug 913058 CVE-2016-6321 cpe:/o:suse:sles:12:sp2 Security update for libarchive (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libarchive fixes several issues. These security issues were fixed: - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). Moderate SUSE bug 1005070 SUSE bug 1005072 SUSE bug 1005076 SUSE bug 986566 SUSE bug 989980 SUSE bug 998677 CVE-2015-2304 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-8687 CVE-2016-8688 CVE-2016-8689 cpe:/o:suse:sles:12:sp2 Security update for dovecot22 (Low) SUSE Linux Enterprise Server 12 SP2 This update for dovecot22 fixes the following issues: - insecure SSL/TLS key and certificate file creation (CVE-2016-4983) (bnc #984639) - Fix LDAP based authentication for some setups (boo #1003952) Low SUSE bug 1003952 SUSE bug 984639 CVE-2016-4983 cpe:/o:suse:sles:12:sp2 Recommended update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2 This mariadb update to version 10.0.28 fixes the following issues (bsc#1008318): Security fixes: - CVE-2016-8283: Unspecified vulnerability in subcomponent Types (bsc#1005582) - CVE-2016-7440: Unspecified vulnerability in subcomponent Encryption (bsc#1005581) - CVE-2016-5629: Unspecified vulnerability in subcomponent Federated (bsc#1005569) - CVE-2016-5626: Unspecified vulnerability in subcomponent GIS (bsc#1005566) - CVE-2016-5624: Unspecified vulnerability in subcomponent DML (bsc#1005564) - CVE-2016-5616: Unspecified vulnerability in subcomponent MyISAM (bsc#1005562) - CVE-2016-5584: Unspecified vulnerability in subcomponent Encryption (bsc#1005558) - CVE-2016-3492: Unspecified vulnerability in subcomponent Optimizer (bsc#1005555) - CVE-2016-6663: Privilege Escalation / Race Condition (bsc#1001367) Bugfixes: - mysql_install_db can't find data files (bsc#1006539) - mariadb failing test sys_vars.optimizer_switch_basic (bsc#1003800) - Remove useless mysql@default.service (bsc#1004477) - Replace all occurrences of the string '@sysconfdir@' with '/etc' as it wasn't expanded properly (bsc#990890) - Notable changes: * XtraDB updated to 5.6.33-79.0 * TokuDB updated to 5.6.33-79.0 * Innodb updated to 5.6.33 * Performance Schema updated to 5.6.33 - Release notes and upstream changelog: * https://kb.askmonty.org/en/mariadb-10028-release-notes * https://kb.askmonty.org/en/mariadb-10028-changelog Important SUSE bug 1001367 SUSE bug 1003800 SUSE bug 1004477 SUSE bug 1005555 SUSE bug 1005558 SUSE bug 1005562 SUSE bug 1005564 SUSE bug 1005566 SUSE bug 1005569 SUSE bug 1005581 SUSE bug 1005582 SUSE bug 1006539 SUSE bug 1008318 SUSE bug 990890 CVE-2016-3492 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6663 CVE-2016-7440 CVE-2016-8283 cpe:/o:suse:sles:12:sp2 Security update for vim (Important) SUSE Linux Enterprise Server 12 SP2 This update for vim fixes the following security issues: - Fixed CVE-2016-1248 an arbitrary command execution vulnerability (bsc#1010685) This update for vim fixes the following issues: - Fix build with Python 3.5. (bsc#988903) Important SUSE bug 1010685 SUSE bug 988903 CVE-2016-1248 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: - Memory allocation failure in AcquireMagickMemory (CVE-2016-8862) [bsc#1007245] - update incomplete patch of CVE-2016-6823 [bsc#1001066] Moderate SUSE bug 1001066 SUSE bug 1007245 CVE-2016-6823 CVE-2016-8862 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.8 - OpenJDK 7u121 * Security fixes + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages (bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3207, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * Import of OpenJDK 7 u121 build 0 + S6624200: Regression test fails: test/closed/javax/swing/JMenuItem/4654927/bug4654927.java + S6882559: new JEditorPane('text/plain','') fails for null context class loader + S7090158: Networking Libraries don't build with javac -Werror + S7125055: ContentHandler.getContent API changed in error + S7145960: sun/security/mscapi/ShortRSAKey1024.sh failing on windows + S7187051: ShortRSAKeynnn.sh tests should do cleanup before start test + S8000626: Implement dead key detection for KeyEvent on Linux + S8003890: corelibs test scripts should pass TESTVMOPTS + S8005629: javac warnings compiling java.awt.EventDispatchThread and sun.awt.X11.XIconWindow + S8010297: Missing isLoggable() checks in logging code + S8010782: clean up source files containing carriage return characters + S8014431: cleanup warnings indicated by the -Wunused-value compiler option on linux + S8015265: revise the fix for 8007037 + S8016747: Replace deprecated PlatformLogger isLoggable(int) with isLoggable(Level) + S8020708: NLS mnemonics missing in SwingSet2/JInternalFrame demo + S8024756: method grouping tabs are not selectable + S8026741: jdk8 l10n resource file translation update 5 + S8048147: Privilege tests with JAAS Subject.doAs + S8048357: PKCS basic tests + S8049171: Additional tests for jarsigner's warnings + S8059177: jdk8u40 l10n resource file translation update 1 + S8075584: test for 8067364 depends on hardwired text advance + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8077953: [TEST_BUG] com/sun/management/OperatingSystemMXBean/TestTotalSwap.java Compilation failed after JDK-8077387 + S8080628: No mnemonics on Open and Save buttons in JFileChooser + S8083601: jdk8u60 l10n resource file translation update 2 + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8143134: L10n resource file translation update + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8159684: (tz) Support tzdata2016f + S8160934: isnan() is not available on older MSVC compilers + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816: jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S6604109, PR3162: javax.print.PrintServiceLookup.lookupPrintServices fails SOMETIMES for Cups + S6907252, PR3162: ZipFileInputStream Not Thread-Safe + S8024046, PR3162: Test sun/security/krb5/runNameEquals.sh failed on 7u45 Embedded linux-ppc* + S8028479, PR3162: runNameEquals still cannot precisely detect if a usable native krb5 is available + S8034057, PR3162: Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win) + S8038491, PR3162: Improve synchronization in ZipFile.read() + S8038502, PR3162: Deflater.needsInput() should use synchronization + S8059411, PR3162: RowSetWarning does not correctly chain warnings + S8062198, PR3162: Add RowSetMetaDataImpl Tests and add column range validation to isdefinitlyWritable + S8066188, PR3162: BaseRowSet returns the wrong default value for escape processing + S8072466, PR3162: Deadlock when initializing MulticastSocket and DatagramSocket + S8075118, PR3162: JVM stuck in infinite loop during verification + S8076579, PR3162: Popping a stack frame after exception breakpoint sets last method param to exception + S8078495, PR3162: End time checking for native TGT is wrong + S8078668, PR3162: jar usage string mentions unsupported option '-n' + S8080115, PR3162: (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads + S8081794, PR3162: ParsePosition getErrorIndex returns 0 for TimeZone parsing problem + S8129957, PR3162: Deadlock in JNDI LDAP implementation when closing the LDAP context + S8130136, PR3162: Swing window sometimes fails to repaint partially when it becomes exposed + S8130274, PR3162: java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal + S8132551, PR3162: Initialize local variables before returning them in p11_convert.c + S8133207, PR3162: [TEST_BUG] ParallelProbes.java test fails after changes for JDK-8080115 + S8133666, PR3162: OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux + S8135002, PR3162: Fix or remove broken links in objectMonitor.cpp comments + S8137121, PR3162: (fc) Infinite loop FileChannel.truncate + S8137230, PR3162: TEST_BUG: java/nio/channels/FileChannel/LoopingTruncate.java timed out + S8139373, PR3162: [TEST_BUG] java/net/MulticastSocket/MultiDead.java failed with timeout + S8140249, PR3162: JVM Crashing During startUp If Flight Recording is enabled + S8141491, PR3160, G592292: Unaligned memory access in Bits.c + S8144483, PR3162: One long Safepoint pause directly after each GC log rotation + S8149611, PR3160, G592292: Add tests for Unsafe.copySwapMemory * Bug fixes + S8078628, PR3151: Zero build fails with pre-compiled headers disabled + PR3128: pax-mark-vm script calls 'exit -1' which is invalid in dash + PR3131: PaX marking fails on filesystems which don't support extended attributes + PR3135: Makefile.am rule stamps/add/tzdata-support-debug.stamp has a typo in add-tzdata dependency + PR3141: Pass $(CC) and $(CXX) to OpenJDK build + PR3166: invalid zip timestamp handling leads to error building bootstrap-javac + PR3202: Update infinality configure test + PR3212: Disable ARM32 JIT by default * CACAO + PR3136: CACAO is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * JamVM + PR3134: JamVM is broken due to 2 new native methods in sun.misc.Unsafe (from S8158260) * AArch64 port + S8167200, PR3204: AArch64: Broken stack pointer adjustment in interpreter + S8168888: Port 8160591: Improve internal array handling to AArch64. + PR3211: AArch64 build fails with pre-compiled headers disabled - Changed patch: * java-1_7_0-openjdk-gcc6.patch + Rediff to changed context - Disable arm32 JIT, since its build broken (http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2942) Moderate SUSE bug 1005522 SUSE bug 1005523 SUSE bug 1005524 SUSE bug 1005525 SUSE bug 1005526 SUSE bug 1005527 SUSE bug 1005528 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 cpe:/o:suse:sles:12:sp2 Security update for util-linux (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for util-linux fixes the following issues: - Consider redundant slashes when comparing paths (bsc#982331, util-linux-libmount-ignore-redundant-slashes.patch, affects backport of util-linux-libmount-cifs-is_mounted.patch). - Use upstream compatibility patches for --show-pt-geometry with obsolescence and deprecation warning (bsc#990531) - Replace cifs mount detection patch with upstream one that covers all cases (bsc#987176). - Reuse existing loop device to prevent possible data corruption when multiple -o loop are used to mount a single file (bsc#947494) - Safe loop re-use in libmount, mount and losetup (bsc#947494) - UPSTREAM DIVERGENCE!!! losetup -L continues to use SLE12 SP1 and SP2 specific meaning --logical-blocksize instead of upstream --nooverlap (bsc#966891). - Make release-dependent conflict with old sysvinit-tools SLE specific, as it is required only for SLE 11 upgrade, and breaks openSUSE staging builds (bsc#994399). - Extended partition loop in MBR partition table leads to DoS (bsc#988361, CVE-2016-5011) Moderate SUSE bug 947494 SUSE bug 966891 SUSE bug 982331 SUSE bug 987176 SUSE bug 988361 SUSE bug 990531 SUSE bug 994399 CVE-2016-5011 cpe:/o:suse:sles:12:sp2 Security update for pcre (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed: - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). These non-security issues were fixed: - JIT compiler improvements - performance improvements - The Unicode data tables have been updated to Unicode 7.0.0. Moderate SUSE bug 906574 SUSE bug 924960 SUSE bug 933288 SUSE bug 933878 SUSE bug 936227 SUSE bug 942865 SUSE bug 957566 SUSE bug 957567 SUSE bug 957598 SUSE bug 957600 SUSE bug 960837 SUSE bug 971741 SUSE bug 972127 CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-1283 CVE-2016-3191 cpe:/o:suse:sles:12:sp2 Security update for libX11 (Moderate) SUSE Linux Enterprise Server 12 SP2 libX11 was updated to fix a memory leak that was introduced with the security fix for CVE-2016-7942. Moderate SUSE bug 1002991 CVE-2016-7942 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2 This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026): - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) The Mozilla Firefox changelog was amended to document patched dropped in a previous update. Important SUSE bug 1009026 SUSE bug 1010395 SUSE bug 1010401 SUSE bug 1010402 SUSE bug 1010404 SUSE bug 1010410 SUSE bug 1010422 SUSE bug 1010427 SUSE bug 1010517 SUSE bug 992549 CVE-2016-5285 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066 CVE-2016-9074 cpe:/o:suse:sles:12:sp2 Security update for libXi (Moderate) SUSE Linux Enterprise Server 12 SP2 libXi was updated to fix two security issues. These security issues were fixed: - CVE-2016-7945: Integer overflows in libXI can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998). - CVE-2016-7946: Insufficient validation of data in libXI can cause out of boundary memory access or endless loops (Denial of Service) (bsc#1002998). Moderate SUSE bug 1002998 CVE-2016-7945 CVE-2016-7946 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-3.60 (bsc#1009280) Fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542 Important SUSE bug 1009280 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2 This update for MozillaFirefox fixes security issues. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bbsc#1012964): - CVE-2016-9079: Use-after-free in SVG Animation could be used for code execution (MFSA 2016-92 bsc#1012964) Important SUSE bug 1012964 CVE-2016-9079 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive critical security fixes. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). Important SUSE bug 1008831 SUSE bug 1011685 SUSE bug 1012754 CVE-2016-8632 CVE-2016-8655 CVE-2016-9555 cpe:/o:suse:sles:12:sp2 Security update for w3m (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for w3m fixes the following issues: - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) Moderate SUSE bug 1011283 SUSE bug 1011284 SUSE bug 1011285 SUSE bug 1011286 SUSE bug 1011287 SUSE bug 1011288 SUSE bug 1011289 SUSE bug 1011290 SUSE bug 1011291 SUSE bug 1011292 SUSE bug 1011293 SUSE bug 1012021 SUSE bug 1012022 SUSE bug 1012023 SUSE bug 1012024 SUSE bug 1012025 SUSE bug 1012026 SUSE bug 1012027 SUSE bug 1012028 SUSE bug 1012029 SUSE bug 1012030 SUSE bug 1012031 SUSE bug 1012032 CVE-2016-9434 CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442 CVE-2016-9443 CVE-2016-9621 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 CVE-2016-9628 CVE-2016-9629 CVE-2016-9630 CVE-2016-9631 CVE-2016-9632 CVE-2016-9633 cpe:/o:suse:sles:12:sp2 Security update for gc (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gc fixes the following issues: - integer overflow in GC_MALLOC_ATOMIC() (CVE-2016-9427, bsc#1011276) Moderate SUSE bug 1011276 CVE-2016-9427 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host (bsc#1011652). - CVE-2016-9386: x86 null segments were not always treated as unusable allowing an unprivileged guest user program to elevate its privilege to that of the guest operating system. Exploit of this vulnerability is easy on Intel and more complicated on AMD (bsc#1009100). - CVE-2016-9382: x86 task switch to VM86 mode was mis-handled, allowing a unprivileged guest process to escalate its privilege to that of the guest operating system on AMD hardware. On Intel hardware a malicious unprivileged guest process can crash the guest (bsc#1009103). - CVE-2016-9385: x86 segment base write emulation lacked canonical address checks, allowing a malicious guest administrator to crash the host (bsc#1009104). - CVE-2016-9384: Guest 32-bit ELF symbol table load leaking host data to unprivileged guest users (bsc#1009105). - CVE-2016-9383: The x86 64-bit bit test instruction emulation was broken, allowing a guest to modify arbitrary memory leading to arbitray code execution (bsc#1009107). - CVE-2016-9377: x86 software interrupt injection was mis-handled, allowing an unprivileged guest user to crash the guest (bsc#1009108). - CVE-2016-9378: x86 software interrupt injection was mis-handled, allowing an unprivileged guest user to crash the guest (bsc#1009108) - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109). - CVE-2016-9379: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111). - CVE-2016-9380: Delimiter injection vulnerabilities in pygrub allowed guest administrators to obtain the contents of sensitive host files or delete the files (bsc#1009111). - CVE-2016-7777: Xen did not properly honor CR0.TS and CR0.EM, which allowed local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it (bsc#1000106). - CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c allowed local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count (bsc#1007157). - CVE-2016-8667: The rc4030_write function in hw/dma/rc4030.c in allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value (bsc#1005004). - CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c allowed local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base (bsc#1005005). - CVE-2016-7908: The mcf_fec_do_tx function in hw/net/mcf_fec.c did not properly limit the buffer descriptor count when transmitting packets, which allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags (bsc#1003030). - CVE-2016-7909: The pcnet_rdra_addr function in hw/net/pcnet.c allowed local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0 (bsc#1003032). These non-security issues were fixed: - bsc#1004981: Xen RPM didn't contain debug hypervisor for EFI systems - bsc#1007941: Xen tools limited the number of vcpus to 256 Important SUSE bug 1000106 SUSE bug 1003030 SUSE bug 1003032 SUSE bug 1004981 SUSE bug 1005004 SUSE bug 1005005 SUSE bug 1007157 SUSE bug 1007941 SUSE bug 1009100 SUSE bug 1009103 SUSE bug 1009104 SUSE bug 1009105 SUSE bug 1009107 SUSE bug 1009108 SUSE bug 1009109 SUSE bug 1009111 SUSE bug 1011652 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 cpe:/o:suse:sles:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2 This update for tomcat fixes the following issues: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. (bsc#1010893 fate#321029) Security fixes: - CVE-2016-0762: Realm Timing Attack (bsc#1007854) - CVE-2016-5018: Security Manager Bypass (bsc#1007855) - CVE-2016-6794: System Property Disclosure (bsc#1007857) - CVE-2016-6796: Security Manager Bypass (bsc#1007858) - CVE-2016-6797: Unrestricted Access to Global Resources (bsc#1007853) - CVE-2016-8735: Remote code execution vulnerability in JmxRemoteLifecycleListener (bsc#1011805) - CVE-2016-6816: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests (bsc#1011812) Bug fixes: - Enabled optional setenv.sh script. See section '(3.4) Using the 'setenv' script' in http://tomcat.apache.org/tomcat-8.0-doc/RUNNING.txt. (bsc#1002639) Important SUSE bug 1002639 SUSE bug 1007853 SUSE bug 1007854 SUSE bug 1007855 SUSE bug 1007857 SUSE bug 1007858 SUSE bug 1010893 SUSE bug 1011805 SUSE bug 1011812 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-ibm fixes the following issues: - CVE-2016-5568: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT - CVE-2016-5556: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D - CVE-2016-5573: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot - CVE-2016-5597: Unspecified vulnerability allowed remote attackers to affect confidentiality via vectors related to Networking - CVE-2016-5554: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to JMX - CVE-2016-5542: Unspecified vulnerability allowed remote attackers to affect integrity via vectors related to Libraries Important SUSE bug 1009280 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5597 cpe:/o:suse:sles:12:sp2 Security update for libass (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libass fixes the following issues: CVE-2016-7969, CVE-2016-7970, CVE-2016-7971, CVE-2016-7972: Fixed multiple memory allocation issues found by fuzzing (bsc#1002982). Moderate SUSE bug 1002982 CVE-2016-7969 CVE-2016-7970 CVE-2016-7971 CVE-2016-7972 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP 2 kernel was updated to fix two security issues. The following security bugs were fixed: - CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604). - CVE-2016-9794: A use-after-free vulnerability in the ALSA pcm layer allowed local users to cause a denial of service, memory corruption or possibly even to elevate their privileges (bsc#1013533). Important SUSE bug 1013533 SUSE bug 1013604 CVE-2016-9576 CVE-2016-9794 cpe:/o:suse:sles:12:sp2 Security update for pcre (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for pcre to version 8.39 (bsc#972127) fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code. These security issues were fixed: - CVE-2014-8964: Heap-based buffer overflow in PCRE allowed remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats (bsc#906574). - CVE-2015-2325: Heap buffer overflow in compile_branch() (bsc#924960). - CVE-2015-3210: Heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288) - CVE-2015-3217: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878). - CVE-2015-5073: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227). - bsc#942865: heap overflow in compile_regex() - CVE-2015-8380: The pcre_exec function in pcre_exec.c mishandled a // pattern with a \01 string, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957566). - CVE-2015-2327: PCRE mishandled certain patterns with internal recursive back references, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror (bsc#957567). - bsc#957598: Various security issues - CVE-2015-8381: Heap Overflow in compile_regex() (bsc#957598). - CVE-2015-8382: Regular Expression Uninitialized Pointer Information Disclosure Vulnerability (ZDI-CAN-2547)(bsc#957598). - CVE-2015-8383: Buffer overflow caused by repeated conditional group(bsc#957598). - CVE-2015-8384: Buffer overflow caused by recursive back reference by name within certain group(bsc#957598). - CVE-2015-8385: Buffer overflow caused by forward reference by name to certain group(bsc#957598). - CVE-2015-8386: Buffer overflow caused by lookbehind assertion(bsc#957598). - CVE-2015-8387: Integer overflow in subroutine calls(bsc#957598). - CVE-2015-8388: Buffer overflow caused by certain patterns with an unmatched closing parenthesis(bsc#957598). - CVE-2015-8389: Infinite recursion in JIT compiler when processing certain patterns(bsc#957598). - CVE-2015-8390: Reading from uninitialized memory when processing certain patterns(bsc#957598). - CVE-2015-8391: Some pathological patterns causes pcre_compile() to run for a very long time(bsc#957598). - CVE-2015-8392: Buffer overflow caused by certain patterns with duplicated named groups(bsc#957598). - CVE-2015-8393: Information leak when running pcgrep -q on crafted binary(bsc#957598). - CVE-2015-8394: Integer overflow caused by missing check for certain conditions(bsc#957598). - CVE-2015-8395: Buffer overflow caused by certain references(bsc#957598). - CVE-2015-2328: PCRE mishandled the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression (bsc#957600). - CVE-2016-1283: The pcre_compile2 function in pcre_compile.c in PCRE mishandled certain patterns with named subgroups, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression (bsc#960837). - CVE-2016-3191: The compile_branch function in pcre_compile.c in pcre2_compile.c mishandled patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allowed remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression (bsc#971741). These non-security issues were fixed: - JIT compiler improvements - performance improvements - The Unicode data tables have been updated to Unicode 7.0.0. Moderate SUSE bug 906574 SUSE bug 924960 SUSE bug 933288 SUSE bug 933878 SUSE bug 936227 SUSE bug 942865 SUSE bug 957566 SUSE bug 957567 SUSE bug 957598 SUSE bug 957600 SUSE bug 960837 SUSE bug 971741 SUSE bug 972127 CVE-2014-8964 CVE-2015-2325 CVE-2015-2327 CVE-2015-2328 CVE-2015-3210 CVE-2015-3217 CVE-2015-5073 CVE-2015-8380 CVE-2015-8381 CVE-2015-8382 CVE-2015-8383 CVE-2015-8384 CVE-2015-8385 CVE-2015-8386 CVE-2015-8387 CVE-2015-8388 CVE-2015-8389 CVE-2015-8390 CVE-2015-8391 CVE-2015-8392 CVE-2015-8393 CVE-2015-8394 CVE-2015-8395 CVE-2016-1283 CVE-2016-3191 cpe:/o:suse:sles:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc#1011417: Broadcast Mode Poll Interval Enforcement DoS. - CVE-2016-7431, bsc#1011395: Regression: 010-origin: Zero Origin Timestamp Bypass. - CVE-2016-7434, bsc#1011398: Null pointer dereference in _IO_str_init_static_internal(). - CVE-2016-7429, bsc#1011404: Interface selection attack. - CVE-2016-7426, bsc#1011406: Client rate limiting and server responses. - CVE-2016-7433, bsc#1011411: Reboot sync calculation problem. - CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216). Non-security issues fixed: - Fix a spurious error message. - Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in 'trap' (bsc#981252). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606). - Fix segfault in 'sntp -a' (bsc#1009434). - Silence an OpenSSL version warning (bsc#992038). - Make the resolver task change user and group IDs to the same values as the main task. (bsc#988028) - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365). Moderate SUSE bug 1009434 SUSE bug 1011377 SUSE bug 1011390 SUSE bug 1011395 SUSE bug 1011398 SUSE bug 1011404 SUSE bug 1011406 SUSE bug 1011411 SUSE bug 1011417 SUSE bug 943216 SUSE bug 956365 SUSE bug 981252 SUSE bug 988028 SUSE bug 992038 SUSE bug 992606 CVE-2015-5219 CVE-2016-7426 CVE-2016-7427 CVE-2016-7428 CVE-2016-7429 CVE-2016-7431 CVE-2016-7433 CVE-2016-7434 CVE-2016-9310 CVE-2016-9311 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. (XSA-204, bsc#1016340, CVE-2016-10013) - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure. (XSA-200, bsc#1012651, CVE-2016-9932) - PV guests may have been able to mask interrupts causing a Denial of Service. (XSA-202, bsc#1014298, CVE-2016-10024) - A missing NULL pointer check in VMFUNC emulation could lead to a hypervisor crash leading to a Denial of Servce. (XSA-203, bsc#1014300, CVE-2016-10025) Important SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1014300 SUSE bug 1016340 CVE-2016-10013 CVE-2016-10024 CVE-2016-10025 CVE-2016-9932 cpe:/o:suse:sles:12:sp2 Security update for gd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gd fixes the following issues: * CVE-2016-9933 possible stackoverflow on malicious truecolor images [bsc#1015187] Moderate SUSE bug 1015187 CVE-2016-9933 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2 MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. Important SUSE bug 1015422 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 cpe:/o:suse:sles:12:sp2 Security update for libgme (Important) SUSE Linux Enterprise Server 12 SP2 This update for libgme fixes the following issues: - CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Various issues were fixed in the handling of SPC music files that could have been exploited for gaining privileges of desktop users. [bsc#1015941] Important SUSE bug 1015941 CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960 CVE-2016-9961 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: * CVE-2016-9556 Possible Heap-overflow found by fuzzing [bsc#1011130] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] * CVE-2016-8707 Possible code execution in Tiff conver utility [bsc#1014159] * CVE-2016-8866 Memory allocation failure in AcquireMagickMemory could lead to Heap overflow [bsc#1009318] * CVE-2016-9559 Possible Null pointer access found by fuzzing [bsc#1011136] Important SUSE bug 1009318 SUSE bug 1011130 SUSE bug 1011136 SUSE bug 1013376 SUSE bug 1014159 CVE-2014-9848 CVE-2016-8707 CVE-2016-8866 CVE-2016-9556 CVE-2016-9559 CVE-2016-9773 cpe:/o:suse:sles:12:sp2 Security update for wget (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for wget fixes the following issues: Security issues fixed: - CVE-2016-7098: Fixed a potential race condition by creating files with .tmp ext and making them accessible to the current user only. (bsc#995964) Non security issues fixed: - bsc#1005091: Don't call xfree() on string returned by usr_error() - bsc#1012677: Add support for enforcing TLSv1.1 and TLSv1.2 (TLS 1.2 support was already present, but it was not enforcable). Moderate SUSE bug 1005091 SUSE bug 1012677 SUSE bug 995964 CVE-2016-7098 cpe:/o:suse:sles:12:sp2 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 12 SP2 This update for dnsmasq fixes the following issues: - CVE-2015-8899: Denial of service between local and remote dns entries (bsc#983273) Important SUSE bug 983273 CVE-2015-8899 cpe:/o:suse:sles:12:sp2 Security update for openjpeg2 (Important) SUSE Linux Enterprise Server 12 SP2 This update for openjpeg2 fixes the following issues: * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] Important SUSE bug 1002414 SUSE bug 1007739 SUSE bug 1007740 SUSE bug 1007741 SUSE bug 1007742 SUSE bug 1007743 SUSE bug 1007744 SUSE bug 1007747 SUSE bug 1014543 SUSE bug 1014975 SUSE bug 999817 CVE-2016-7445 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 cpe:/o:suse:sles:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). This component is not built into our packages, so we are not affected. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085) Moderate SUSE bug 1009085 SUSE bug 1014437 SUSE bug 1014441 SUSE bug 1014442 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 cpe:/o:suse:sles:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issues: Security issues fixed: - CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441). - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442). - CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). The component affected is not built in our packages. Non security issues fixed: - s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085) - Add doc changes for net ads --no-dns-updates switch; (bsc#991564) - Include vfstest in samba-test; (bsc#1001203). - s3/winbindd: using default domain with user@domain.com format fails (bsc#997833). - Fix illegal memory access after memory has been deleted (bsc#975299). - Fix bug in tevent poll backend causing winbind to loop tightly (bsc#994500). - Various fixes for spnego/ntlm (bsc#986675). Moderate SUSE bug 1001203 SUSE bug 1009085 SUSE bug 1014437 SUSE bug 1014441 SUSE bug 1014442 SUSE bug 975299 SUSE bug 986675 SUSE bug 991564 SUSE bug 994500 SUSE bug 997833 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 cpe:/o:suse:sles:12:sp2 Security update for libcares2 (Low) SUSE Linux Enterprise Server 12 SP2 This update for libcares2 fixes the following issues: - Add patch to fix single byte out of buffer write (CVE-2016-5180, bsc#1007728) Low SUSE bug 1007728 CVE-2016-5180 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-plugins-bad (Important) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2016-9809: Malicious mkv/h264 file could cause an off by one out of bounds read and lead to crash (bsc#1013659) - CVE-2016-9812: Malicious mpeg file could cause invalid a null pointer access and lead to crash (bsc#1013678) - CVE-2016-9813: Malicious mpegts file could cause invalid a null pointer access and lead to crash (bsc#1013680) - CVE-2016-9445, CVE-2016-9446: Check an integer overflow and initialize a buffer in vmncdec (bsc#1010829) Important SUSE bug 1010829 SUSE bug 1013659 SUSE bug 1013678 SUSE bug 1013680 CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-plugins-bad (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes: - Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829) - CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659). - CVE-2016-9812: Add more section size checks (bsc#1013678). - CVE-2016-9813: fix PAT parsing (bsc#1013680). Moderate SUSE bug 1010829 SUSE bug 1013659 SUSE bug 1013678 SUSE bug 1013680 CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 cpe:/o:suse:sles:12:sp2 Security update for tiff (Moderate) SUSE Linux Enterprise Server 12 SP2 The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890] - CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161] - CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840] - CVE-2016-9273: heap overflow [bnc#1010163] - CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449] - CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280] - CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107] - CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351] - CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103] - CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function [bnc#984813] - CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815] Moderate SUSE bug 1007280 SUSE bug 1010161 SUSE bug 1010163 SUSE bug 1011103 SUSE bug 1011107 SUSE bug 914890 SUSE bug 974449 SUSE bug 974840 SUSE bug 984813 SUSE bug 984815 SUSE bug 987351 CVE-2014-8127 CVE-2016-3622 CVE-2016-3658 CVE-2016-5321 CVE-2016-5323 CVE-2016-5652 CVE-2016-5875 CVE-2016-9273 CVE-2016-9297 CVE-2016-9448 CVE-2016-9453 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-plugins-good (Important) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-plugins-good fixes the following security issues: - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655) - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103) - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104) - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653) - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663) Important SUSE bug 1012102 SUSE bug 1012103 SUSE bug 1012104 SUSE bug 1013653 SUSE bug 1013655 SUSE bug 1013663 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9810 cpe:/o:suse:sles:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2 This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. (bsc#1042146) Also the following non security bug was fixed: - Link the 'system_group' plugin with sudo_util library to resolve the missing sudo_dso_findsym symbol (bsc#1034560) Important SUSE bug 1034560 SUSE bug 1042146 CVE-2017-1000368 cpe:/o:suse:sles:12:sp2 Security update for openvpn (Important) SUSE Linux Enterprise Server 12 SP2 This update for openvpn fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a (quite inefficient) DoS attack on the server. [bsc#1044947, CVE-2017-7521] - The ASN1 parsing code contained a bug that could have resulted in some buffers being free()d twice, and this issue could have potentially been triggered remotely by a VPN peer. [bsc#1044947, CVE-2017-7521] - If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker between client and proxy could cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory was likely to contain the proxy password. If the proxy password had not been reused, this was unlikely to compromise the security of the OpenVPN tunnel itself. Clients who did not use the --http-proxy option with ntlm2 authentication were not affected. [bsc#1044947, CVE-2017-7520] - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known. [bsc#1044947, CVE-2017-7508] Important SUSE bug 1044947 CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-plugins-base (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-plugins-base fixes the following issues: * CVE-2016-9811: Malicious file could could cause an invalid read leading to crash [bsc#1013669] Moderate SUSE bug 1013669 CVE-2016-9811 cpe:/o:suse:sles:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2 The network debugging tool wireshark was updated to version 2.2.7 to fix the following issues: - CVE-2017-9352: Bazaar dissector infinite loop (wnpa-sec-2017-22) (bsc#1042304) - CVE-2017-9348: DOF dissector read overflow (wnpa-sec-2017-23) (bsc#1042303) - CVE-2017-9351: DHCP dissector read overflow (wnpa-sec-2017-24) (bsc#1042302) - CVE-2017-9346: SoulSeek dissector infinite loop (wnpa-sec-2017-25) (bsc#1042301) - CVE-2017-9345: DNS dissector infinite loop (wnpa-sec-2017-26) (bsc#1042300) - CVE-2017-9349: DICOM dissector infinite loop (wnpa-sec-2017-27) (bsc#1042305) - CVE-2017-9350: openSAFETY dissector memory exh.. (wnpa-sec-2017-28) (bsc#1042299) - CVE-2017-9344: BT L2CAP dissector divide by zero (wnpa-sec-2017-29) (bsc#1042298) - CVE-2017-9343: MSNIP dissector crash (wnpa-sec-2017-30) (bsc#1042309) - CVE-2017-9347: ROS dissector crash (wnpa-sec-2017-31) (bsc#1042308) - CVE-2017-9354: RGMP dissector crash (wnpa-sec-2017-32) (bsc#1042307) - CVE-2017-9353: wireshark: IPv6 dissector crash (wnpa-sec-2017-33) (bsc#1042306) Moderate SUSE bug 1042298 SUSE bug 1042299 SUSE bug 1042300 SUSE bug 1042301 SUSE bug 1042302 SUSE bug 1042303 SUSE bug 1042304 SUSE bug 1042305 SUSE bug 1042306 SUSE bug 1042307 SUSE bug 1042308 SUSE bug 1042309 CVE-2017-9343 CVE-2017-9344 CVE-2017-9345 CVE-2017-9346 CVE-2017-9347 CVE-2017-9348 CVE-2017-9349 CVE-2017-9350 CVE-2017-9351 CVE-2017-9352 CVE-2017-9353 CVE-2017-9354 cpe:/o:suse:sles:12:sp2 Security update for cairo (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for cairo fixes the following issues: - CVE-2017-7475: Fixed a segfault in get_bitmap_surface due to malformed font (bsc#1036789). - CVE-2016-9082: fix a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255). Moderate SUSE bug 1007255 SUSE bug 1036789 CVE-2016-9082 CVE-2017-7475 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important) SUSE Linux Enterprise Server 12 SP2 The MozillaFirefox was updated to the new ESR 52.2 release, which fixes the following issues (bsc#1043960): * MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus encoder * MFSA 2017-16/CVE-2017-7749 Use-after-free during docshell reloading * MFSA 2017-16/CVE-2017-7751 Use-after-free with content viewer listeners * MFSA 2017-16/CVE-2017-5472 Use-after-free using destroyed node when regenerating trees * MFSA 2017-16/CVE-2017-5470 Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 * MFSA 2017-16/CVE-2017-7752 Use-after-free with IME input * MFSA 2017-16/CVE-2017-7750 Use-after-free with track elements * MFSA 2017-16/CVE-2017-7768 32 byte arbitrary file read through Mozilla Maintenance Service * MFSA 2017-16/CVE-2017-7778 Vulnerabilities in the Graphite 2 library * MFSA 2017-16/CVE-2017-7754 Out-of-bounds read in WebGL with ImageInfo object * MFSA 2017-16/CVE-2017-7755 Privilege escalation through Firefox Installer with same directory DLL files * MFSA 2017-16/CVE-2017-7756 Use-after-free and use-after-scope logging XHR header errors * MFSA 2017-16/CVE-2017-7757 Use-after-free in IndexedDB * MFSA 2017-16/CVE-2017-7761 File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application * MFSA 2017-16/CVE-2017-7763 Mac fonts render some unicode characters as spaces * MFSA 2017-16/CVE-2017-7765 Mark of the Web bypass when saving executable files * MFSA 2017-16/CVE-2017-7764 (bmo#1364283, bmo#http://www.unicode.org/reports/tr31/tr31-26 .html#Aspirational_Use_Scripts) Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082) * MFSA 2017-12/CVE-2016-10196 Vulnerabilities in Libevent library * MFSA 2017-12/CVE-2017-5443 Out-of-bounds write during BinHex decoding * MFSA 2017-12/CVE-2017-5429 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 * MFSA 2017-12/CVE-2017-5464 Memory corruption with accessibility and DOM manipulation * MFSA 2017-12/CVE-2017-5465 Out-of-bounds read in ConvolvePixel * MFSA 2017-12/CVE-2017-5466 Origin confusion when reloading isolated data:text/html URL * MFSA 2017-12/CVE-2017-5467 Memory corruption when drawing Skia content * MFSA 2017-12/CVE-2017-5460 Use-after-free in frame selection * MFSA 2017-12/CVE-2017-5461 Out-of-bounds write in Base64 encoding in NSS * MFSA 2017-12/CVE-2017-5448 Out-of-bounds write in ClearKeyDecryptor * MFSA 2017-12/CVE-2017-5449 Crash during bidirectional unicode manipulation with animation * MFSA 2017-12/CVE-2017-5446 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * MFSA 2017-12/CVE-2017-5447 Out-of-bounds read during glyph processing * MFSA 2017-12/CVE-2017-5444 Buffer overflow while parsing application/http-index-format content * MFSA 2017-12/CVE-2017-5445 Uninitialized values used while parsing application/http- index-format content * MFSA 2017-12/CVE-2017-5442 Use-after-free during style changes * MFSA 2017-12/CVE-2017-5469 Potential Buffer overflow in flex-generated code * MFSA 2017-12/CVE-2017-5440 Use-after-free in txExecutionState destructor during XSLT processing * MFSA 2017-12/CVE-2017-5441 Use-after-free with selection during scroll events * MFSA 2017-12/CVE-2017-5439 Use-after-free in nsTArray Length() during XSLT processing * MFSA 2017-12/CVE-2017-5438 Use-after-free in nsAutoPtr during XSLT processing * MFSA 2017-12/CVE-2017-5436 Out-of-bounds write with malicious font in Graphite 2 * MFSA 2017-12/CVE-2017-5435 Use-after-free during transaction processing in the editor * MFSA 2017-12/CVE-2017-5434 Use-after-free during focus handling * MFSA 2017-12/CVE-2017-5433 Use-after-free in SMIL animation functions * MFSA 2017-12/CVE-2017-5432 Use-after-free in text input selection * MFSA 2017-12/CVE-2017-5430 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 * MFSA 2017-12/CVE-2017-5459 Buffer overflow in WebGL * MFSA 2017-12/CVE-2017-5462 DRBG flaw in NSS * MFSA 2017-12/CVE-2017-5455 Sandbox escape through internal feed reader APIs * MFSA 2017-12/CVE-2017-5454 Sandbox escape allowing file system read access through file picker * MFSA 2017-12/CVE-2017-5456 Sandbox escape allowing local file system access * MFSA 2017-12/CVE-2017-5451 Addressbar spoofing with onblur event Important SUSE bug 1035082 SUSE bug 1043960 CVE-2016-10196 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7755 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7761 CVE-2017-7763 CVE-2017-7764 CVE-2017-7765 CVE-2017-7768 CVE-2017-7778 cpe:/o:suse:sles:12:sp2 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) Moderate SUSE bug 1024989 SUSE bug 1044337 CVE-2017-0663 CVE-2017-5969 cpe:/o:suse:sles:12:sp2 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for xorg-x11-server provides the following fixes: - Remove unused function with use-after-free issue. (bsc#1025035) - Use arc4random to generate cookies. (bsc#1025084) - Prevent timing attack against MIT cookie. (bsc#1025029, CVE-2017-2624) - XDrawArc performance improvement. (bsc#1019649) - Re-enable indirect GLX by default. (bsc#1039042) - Add IndirectGLX ServerFlags option which allows users to enable or disable indirect GLX. (bsc#1032509) - Fix dashing in GLAMOR. (bsc#1021803) - Fix X server crash on drawing dashed lines. (bsc#1025985) Moderate SUSE bug 1019649 SUSE bug 1021803 SUSE bug 1025029 SUSE bug 1025035 SUSE bug 1025084 SUSE bug 1025985 SUSE bug 1032509 SUSE bug 1039042 CVE-2017-2624 cpe:/o:suse:sles:12:sp2 Security update for poppler (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for poppler fixes the following issues: - CVE-2017-9406: Fixed a memory leak that occurred while parsing invalid XRef attributes (bsc#1042803). - CVE-2017-9083: Fixed a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1040170) Moderate SUSE bug 1040170 SUSE bug 1042803 CVE-2017-9083 CVE-2017-9406 cpe:/o:suse:sles:12:sp2 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for postgresql94 to 9.4.12 fixes the following issues: Upstream changelogs: - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed: * CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. * CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) * CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12: * Build corruption with CREATE INDEX CONCURRENTLY * Fixes for visibility and write-ahead-log stability Changes in version 9.4.10: * Fix WAL-logging of truncation of relation free space maps and visibility maps * Fix incorrect creation of GIN index WAL records on big-endian machines * Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction * Fix EvalPlanQual rechecks involving CTE scans * Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. Moderate SUSE bug 1037603 SUSE bug 1037624 SUSE bug 1038293 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 cpe:/o:suse:sles:12:sp2 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for freeradius-server fixes the following issues: Security issue fixed: - CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (bsc#1041445) Non security issue fixed: - Fix case insensitive matching in compiled regular expressions (bsc#1027243) Moderate SUSE bug 1027243 SUSE bug 1041445 CVE-2017-9148 cpe:/o:suse:sles:12:sp2 Security update for the Linux kernel (Important) SUSE Linux Enterprise Server 12 SP2 This Linux kernel update for SUSE Linux Enterprise 12 SP2 fixes the following issues: - A previous security update to address CVE-2017-1000364 caused unintended side-effects in several other tools, most notably Java. These issues have been remedied. [bsc#1045340] Important SUSE bug 1045340 CVE-2017-1000364 cpe:/o:suse:sles:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for apache2 provides the following fixes: Security issues fixed: - CVE-2017-3167: In Apache use of httpd ap_get_basic_auth_pw() outside of the authentication phase could lead to authentication requirements bypass (bsc#1045065) - CVE-2017-3169: In mod_ssl may have a dereference NULL pointer issue which could lead to denial of service (bsc#1045062) - CVE-2017-7679: In mod_mime can buffer over-read by 1 byte, potentially leading to a crash or information disclosure (bsc#1045060) Non-Security issues fixed: - Remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade. (bsc#1041830) - In gensslcert, use hostname when fqdn is too long. (bsc#1035829) Moderate SUSE bug 1035829 SUSE bug 1041830 SUSE bug 1045060 SUSE bug 1045062 SUSE bug 1045065 CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 cpe:/o:suse:sles:12:sp2 Security update for vim (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for vim fixes the following issues: Security issues fixed: - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed: - Speed up YAML syntax highlighting (bsc#1018870) Moderate SUSE bug 1018870 SUSE bug 1024724 SUSE bug 1027053 SUSE bug 1027057 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 cpe:/o:suse:sles:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2 This update for clamav fixes the following issues: Security issue fixed: - CVE-2012-6706: Fixed an arbitrary memory write in VMSF_DELTA filter in libclamunrar (bsc#1045490) Non security issues fixed: - Provide and obsolete clamav-nodb to trigger its removal in openSUSE Leap. (bsc#1040662) Important SUSE bug 1040662 SUSE bug 1045490 CVE-2012-6706 cpe:/o:suse:sles:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2 This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Important SUSE bug 1046554 SUSE bug 1046555 CVE-2017-3142 CVE-2017-3143 cpe:/o:suse:sles:12:sp2 Security update for unrar (Important) SUSE Linux Enterprise Server 12 SP2 This update for unrar fixes the following issues: - CVE-2012-6706: decoding malicious RAR files could have lead to memory corruption or code execution. (bsc#1045315). Important SUSE bug 1045315 CVE-2012-6706 cpe:/o:suse:sles:12:sp2 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) * CVE-2017-7375: Prevent unwanted external entity reference [bsc#1044894, ] Moderate SUSE bug 1044887 SUSE bug 1044894 CVE-2017-7375 CVE-2017-7376 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen fixes several issues. These security issues were fixed: - Page transfer might have allowed PV guest to elevate privilege (XSA-217, bsc#1042882) - Races in the grant table unmap code allowed for informations leaks and potentially privilege escalation (XSA-218, bsc#1042893) - Insufficient reference counts during shadow emulation allowed a malicious pair of guest to elevate their privileges to the privileges that XEN runs under (XSA-219, bsc#1042915) - Missing NULL pointer check in event channel poll allows guests to DoS the host (XSA-221, bsc#1042924) - Stale P2M mappings due to insufficient error checking allowed malicious guest to leak information or elevate privileges (XSA-222, bsc#1042931) - Grant table operations mishandled reference counts allowing malicious guests to escape (XSA-224, bsc#1042938) - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042160) - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037243) - PKRU and BND* leakage between vCPU-s might have leaked information to other guests (XSA-220, bsc#1042923) These non-security issues were fixed: - bsc#1027519: Included various upstream patches - bsc#1035642: Ensure that rpmbuild works Important SUSE bug 1027519 SUSE bug 1035642 SUSE bug 1037243 SUSE bug 1042160 SUSE bug 1042882 SUSE bug 1042893 SUSE bug 1042915 SUSE bug 1042923 SUSE bug 1042924 SUSE bug 1042931 SUSE bug 1042938 CVE-2017-8309 CVE-2017-9330 cpe:/o:suse:sles:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value (bsc#1042159). - CVE-2017-8379: Memory leak in the keyboard input event handlers support allowed local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events (bsc#1037334). - CVE-2017-8309: Memory leak in the audio/audio.c allowed remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture (bsc#1037242). - CVE-2017-7493: The VirtFS, host directory sharing via Plan 9 File System(9pfs) support, was vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could have used this flaw to escalate their privileges inside guest (bsc#1039495). - CVE-2017-7377: The v9fs_create and v9fs_lcreate functions in hw/9pfs/9p.c allowed local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid (bsc#1032075). - CVE-2017-8086: A memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c allowed local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable (bsc#1035950). - CVE-2017-5973: A infinite loop while doing control transfer in xhci_kick_epctx allowed privileged user inside the guest to crash the host process resulting in DoS (bsc#1025109) - CVE-2017-5987: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c allowed local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer (bsc#1025311). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028184) - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028656) - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034908) - CVE-2017-7980: An out-of-bounds r/w access issues in the Cirrus CLGD 54xx VGA Emulator support allowed privileged user inside guest to use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on a host with privileges of Qemu process on the host (bsc#1035406) - CVE-2017-8112: hw/scsi/vmw_pvscsi.c allowed local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count (bsc#1036211). - CVE-2017-9375: The USB xHCI controller emulator support was vulnerable to an infinite recursive call loop issue, which allowed a privileged user inside guest to crash the Qemu process resulting in DoS (bsc#1042800). - CVE-2017-9374: Missing free of 's->ipacket', causes a host memory leak, allowing for DoS (bsc#1043073). - CVE-2017-9373: The IDE AHCI Emulation support was vulnerable to a host memory leakage issue, which allowed a privileged user inside guest to leak host memory resulting in DoS (bsc#1042801). - CVE-2017-8380: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to an out-of-bounds read access issue which allowed a privileged user inside guest to read host memory resulting in DoS (bsc#1037336). - CVE-2016-9602: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper link following issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1020427). - CVE-2017-7471: The VirtFS host directory sharing via Plan 9 File System(9pfs) support was vulnerable to an improper access control issue which allowed a privileged user inside guest to access host file system beyond the shared folder and potentially escalating their privileges on a host (bsc#1034866). - Fix privilege escalation in TCG mode of QEMU. This is not considered a security issue by the upstream project, but is included as additional hardening (bsc#1030624) - Fix potential DoS in virtfs - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084, bsc#1016503) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081, bsc#1016504) - CVE-2017-5579: The 16550A UART serial device emulation support was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021741) - CVE-2017-9503: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a null pointer dereference issue which allowed a privileged user inside guest to crash the Qemu process on the host resulting in DoS (bsc#1043296). This non-security issue was fixed: - Enable MONITOR/MWAIT support for guests (bsc#1031142) Important SUSE bug 1016503 SUSE bug 1016504 SUSE bug 1017081 SUSE bug 1017084 SUSE bug 1020427 SUSE bug 1021741 SUSE bug 1025109 SUSE bug 1025311 SUSE bug 1028184 SUSE bug 1028656 SUSE bug 1030624 SUSE bug 1031142 SUSE bug 1032075 SUSE bug 1034866 SUSE bug 1034908 SUSE bug 1035406 SUSE bug 1035950 SUSE bug 1036211 SUSE bug 1037242 SUSE bug 1037334 SUSE bug 1037336 SUSE bug 1039495 SUSE bug 1042159 SUSE bug 1042800 SUSE bug 1042801 SUSE bug 1043073 SUSE bug 1043296 CVE-2016-10028 CVE-2016-10029 CVE-2016-9602 CVE-2016-9603 CVE-2017-5579 CVE-2017-5973 CVE-2017-5987 CVE-2017-6505 CVE-2017-7377 CVE-2017-7471 CVE-2017-7493 CVE-2017-7718 CVE-2017-7980 CVE-2017-8086 CVE-2017-8112 CVE-2017-8309 CVE-2017-8379 CVE-2017-8380 CVE-2017-9330 CVE-2017-9373 CVE-2017-9374 CVE-2017-9375 CVE-2017-9503 cpe:/o:suse:sles:12:sp2 Security update for systemd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-9217: resolved: Fix null pointer p->question dereferencing that could lead to resolved aborting (bsc#1040614) The update also fixed several non-security bugs: - core/mount: Use the '-c' flag to not canonicalize paths when calling /bin/umount - automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942) - automount: Rework propagation between automount and mount units - build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary - build: Fix systemd-journal-upload installation - basic: Detect XEN Dom0 as no virtualization (bsc#1036873) - virt: Make sure some errors are not ignored - fstab-generator: Do not skip Before= ordering for noauto mountpoints - fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec - core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995) - fstab-generator: Apply the _netdev option also to device units (bsc#1004995) - job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995) - job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995) - rules: Export NVMe WWID udev attribute (bsc#1038865) - rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives - rules: Add rules for NVMe devices - sysusers: Make group shadow support configurable (bsc#1029516) - core: When deserializing a unit, fully restore its cgroup state (bsc#1029102) - core: Introduce cg_mask_from_string()/cg_mask_to_string() - core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258) - Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303) The database might be missing when upgrading a package which was shipping no sysv init scripts nor unit files (at the time --save was called) but the new version start shipping unit files. - Disable group shadow support (bsc#1029516) - Only check signature job error if signature job exists (bsc#1043758) Moderate SUSE bug 1004995 SUSE bug 1029102 SUSE bug 1029516 SUSE bug 1036873 SUSE bug 1038865 SUSE bug 1040258 SUSE bug 1040614 SUSE bug 1040942 SUSE bug 1043758 SUSE bug 982303 CVE-2017-9217 cpe:/o:suse:sles:12:sp2 Security update for sudo (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for sudo fixes the following issues: - A regression in the fix for the CVE-2017-1000368 that broke sudo with the 'requiretty' flag (bsc#1045986) Moderate SUSE bug 1045986 CVE-2017-1000368 cpe:/o:suse:sles:12:sp2 Security update for libquicktime (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libquicktime fixes the following issues: * CVE-2017-9122: A DoS in quicktime_read_moov function in moov.c via acrafted mp4 file was fixed. (bsc#1044077) * CVE-2017-9123: An invalid memory read in lqt_frame_duration via a crafted mp4 file was fixed. (bsc#1044009) * CVE-2017-9124: A NULL pointer dereference in quicktime_match_32 via a crafted mp4 file was fixed. (bsc#1044008) * CVE-2017-9125: A DoS in lqt_frame_duration function in lqt_quicktime.c via crafted mp4 file was fixed. (bsc#1044122) * CVE-2017-9126: A heap-based buffer overflow in quicktime_read_dref_table via a crafted mp4 file was fixed. (bsc#1044006) * CVE-2017-9127: A heap-based buffer overflow in quicktime_user_atoms_read_atom via a crafted mp4 file was fixed. (bsc#1044002) * CVE-2017-9128: A heap-based buffer over-read in quicktime_video_width via a crafted mp4 file was fixed. (bsc#1044000) Moderate SUSE bug 1044000 SUSE bug 1044002 SUSE bug 1044006 SUSE bug 1044008 SUSE bug 1044009 SUSE bug 1044077 SUSE bug 1044122 CVE-2017-9122 CVE-2017-9123 CVE-2017-9124 CVE-2017-9125 CVE-2017-9126 CVE-2017-9127 CVE-2017-9128 cpe:/o:suse:sles:12:sp2 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening against a local side-channel attack in RSA key handling has been added (bsc#1046607) Moderate SUSE bug 1046607 CVE-2017-7526 cpe:/o:suse:sles:12:sp2 Security update for libcares2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libcares2 fixes the following issues: - CVE-2017-1000381: A NAPTR parser out of bounds access was fixed that could lead to crashes. (bsc#1044946) Moderate SUSE bug 1044946 CVE-2017-1000381 cpe:/o:suse:sles:12:sp2 Recommended update for ncurses (Important) SUSE Linux Enterprise Server 12 SP2 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858) - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853) Bugfixes: - Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does not need it anymore and as well as it causes bug bsc#1000662 Important SUSE bug 1000662 SUSE bug 1046853 SUSE bug 1046858 CVE-2017-10684 CVE-2017-10685 cpe:/o:suse:sles:12:sp2 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gnutls fixes the following issues: - GNUTLS-SA-2017-4 / CVE-2017-7507: Fix crash in status response TLS extension decoding (bsc#1043398) - GNUTLS-SA-2017-3 / CVE-2017-7869: Fix out-of-bounds write in OpenPGP certificate decoding (bsc#1034173) - Address read of 4 bytes past the end of buffer in OpenPGP certificate parsing (bsc#1038337) Moderate SUSE bug 1034173 SUSE bug 1038337 SUSE bug 1043398 CVE-2017-7507 CVE-2017-7869 cpe:/o:suse:sles:12:sp2 Security update for libICE (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libICE fixes the following issues: - CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068) Moderate SUSE bug 1025068 CVE-2017-2626 cpe:/o:suse:sles:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2 This update for spice fixes the following issues: - CVE-2017-7506: A possible buffer overflow via invalid monitor configurations (bsc#1046779) Important SUSE bug 1046779 CVE-2017-7506 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). - CVE-2017-7346: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate certain levels data, which allowed local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031796). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. (bsc#1038982) - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. (bsc#1038981) - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544). - CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel did not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allowed local users to obtain sensitive address information via crafted bpf system calls (bnc#1040279). - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue (bnc#1033340). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). The following non-security bugs were fixed: - 9p: fix a potential acl leak (4.4.68 stable queue). - acpi / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal (bsc#1031717). - acpi / scan: Drop support for force_remove (bnc#1029607). - ahci: disable correct irq for dummy ports (bsc#1040125). - alsa: hda - Fix deadlock of controller device lock at unbinding (4.4.68 stable queue). - arm: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode (4.4.68 stable queue). - arm: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build (4.4.68 stable queue). - ASoC: Intel: Skylake: Uninitialized variable in probe_codec() (bsc#1043231). - ASoC: rt5640: use msleep() for long delays (bsc#1031717). - ASoC: sti: Fix error handling if of_clk_get() fails (bsc#1031717). - bcache: fix calling ida_simple_remove() with incorrect minor (bsc#1038085). - block: copy NOMERGE flag from bio to request (bsc#1030070). - block: get rid of blk_integrity_revalidate() (4.4.68 stable queue). - bna: add missing per queue ethtool stat (bsc#966321). - bna: avoid writing uninitialized data into hw registers (bsc#966321). - bna: integer overflow bug in debugfs (bsc#966321). - bnxt_en: allocate enough space for ->ntp_fltr_bmap (bsc#1020412 FATE#321671). - bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal (bsc#1042286). - bonding: do not use stale speed and duplex information (bsc#1042286). - bonding: prevent out of bound accesses (bsc#1042286). - bpf, arm64: fix jit branch offset related to ldimm64 (4.4.68 stable queue). - brcmfmac: add fallback for devices that do not report per-chain values (bsc#1043231). - brcmfmac: avoid writing channel out of allocated array (bsc#1043231). - brcmfmac: Ensure pointer correctly set if skb data location changes (4.4.68 stable queue). - brcmfmac: Make skb header writable before use (4.4.68 stable queue). - brcmfmac: restore stopping netdev queue when bus clogs up (bsc#1031717). - btrfs: add a flags field to btrfs_fs_info (bsc#1012452). - btrfs: add ASSERT for block group's memory leak (bsc#1012452). - btrfs: add btrfs_trans_handle->fs_info pointer (bsc#1012452). - btrfs: add bytes_readonly to the spaceinfo at once (bsc#1012452). - btrfs: add check to sysfs handler of label (bsc#1012452). - btrfs: add dynamic debug support (bsc#1012452). - btrfs: add error handling for extent buffer in print tree (bsc#1012452). - btrfs: add missing bytes_readonly attribute file in sysfs (bsc#1012452). - btrfs: add missing check for writeback errors on fsync (bsc#1012452). - btrfs: add more validation checks for superblock (bsc#1012452). - btrfs: Add ratelimit to btrfs printing (bsc#1012452). - btrfs: add read-only check to sysfs handler of features (bsc#1012452). - btrfs: add semaphore to synchronize direct IO writes with fsync (bsc#1012452). - btrfs: add tracepoint for adding block groups (bsc#1012452). - btrfs: add tracepoints for flush events (bsc#1012452). - btrfs: add transaction space reservation tracepoints (bsc#1012452). - btrfs: add validadtion checks for chunk loading (bsc#1012452). - btrfs: add write protection to SET_FEATURES ioctl (bsc#1012452). - btrfs: allow balancing to dup with multi-device (bsc#1012452). - btrfs: always reserve metadata for delalloc extents (bsc#1012452). - btrfs: always use trans->block_rsv for orphans (bsc#1012452). - btrfs: avoid blocking open_ctree from cleaner_kthread (bsc#1012452). - btrfs: avoid deadlocks during reservations in btrfs_truncate_block (bsc#1012452). - btrfs: avoid overflowing f_bfree (bsc#1012452). - btrfs: avoid uninitialized variable warning (bsc#1012452). - btrfs: btrfs_abort_transaction, drop root parameter (bsc#1012452). - btrfs: __btrfs_buffered_write: Pass valid file offset when releasing delalloc space (bsc#1012452). - btrfs: __btrfs_buffered_write: Reserve/release extents aligned to block size (bsc#1012452). - btrfs: btrfs_check_super_valid: Allow 4096 as stripesize (bsc#1012452). - btrfs: btrfs_debug should consume fs_info when DEBUG is not defined (bsc#1012452). - btrfs: btrfs_ioctl_clone: Truncate complete page after performing clone operation (bsc#1012452). - btrfs: btrfs_page_mkwrite: Reserve space in sectorsized units (bsc#1012452). - btrfs: btrfs_relocate_chunk pass extent_root to btrfs_end_transaction (bsc#1012452). - btrfs: btrfs_submit_direct_hook: Handle map_length < bio vector length (bsc#1012452). - btrfs: build fixup for qgroup_account_snapshot (bsc#1012452). - btrfs: change BUG_ON()'s to ASSERT()'s in backref_cache_cleanup() (bsc#1012452). - btrfs: change delayed reservation fallback behavior (bsc#1012452). - btrfs: change how we calculate the global block rsv (bsc#1012452). - btrfs: change how we update the global block rsv (bsc#1012452). - btrfs: check btree node's nritems (bsc#1012452). - btrfs: check if extent buffer is aligned to sectorsize (bsc#1012452). - btrfs: check inconsistence between chunk and block group (bsc#1012452). - btrfs: check reserved when deciding to background flush (bsc#1012452). - btrfs: clarify do_chunk_alloc()'s return value (bsc#1012452). - btrfs: Clean pte corresponding to page straddling i_size (bsc#1012452). - btrfs: clean the old superblocks before freeing the device (bsc#1012452). - btrfs: clean up and optimize __check_raid_min_device() (bsc#1012452). - btrfs: cleanup assigning next active device with a check (bsc#1012452). - btrfs: cleanup BUG_ON in merge_bio (bsc#1012452). - btrfs: Cleanup compress_file_range() (bsc#1012452). - btrfs: cleanup error handling in extent_write_cached_pages (bsc#1012452). - btrfs: clear uptodate flags of pages in sys_array eb (bsc#1012452). - btrfs: clone: use vmalloc only as fallback for nodesize bufer (bsc#1012452). - btrfs: Compute and look up csums based on sectorsized blocks (bsc#1012452). - btrfs: convert nodesize macros to static inlines (bsc#1012452). - btrfs: convert printk(KERN_* to use pr_* calls (bsc#1012452). - btrfs: convert pr_* to btrfs_* where possible (bsc#1012452). - btrfs: convert send's verbose_printk to btrfs_debug (bsc#1012452). - btrfs: copy_to_sk drop unused root parameter (bsc#1012452). - btrfs: create a helper function to read the disk super (bsc#1012452). - btrfs: create example debugfs file only in debugging build (bsc#1012452). - btrfs: create helper btrfs_find_device_by_user_input() (bsc#1012452). - btrfs: create helper function __check_raid_min_devices() (bsc#1012452). - btrfs: csum_tree_block: return proper errno value (bsc#1012452). - btrfs: detect corruption when non-root leaf has zero item (bsc#1012452). - btrfs: device add and remove: use GFP_KERNEL (bsc#1012452). - btrfs: Direct I/O read: Work on sectorsized blocks (bsc#1012452). - btrfs: disable possible cause of premature ENOSPC (bsc#1040182) - btrfs: divide btrfs_update_reserved_bytes() into two functions (bsc#1012452). - btrfs: do not background blkdev_put() (bsc#1012452). - btrfs: do not bother kicking async if there's nothing to reclaim (bsc#1012452). - btrfs: do not BUG_ON() in btrfs_orphan_add (bsc#1012452). - btrfs: do not create empty block group if we have allocated data (bsc#1012452). - btrfs: do not decrease bytes_may_use when replaying extents (bsc#1012452). - btrfs: do not do nocow check unless we have to (bsc#1012452). - btrfs: do not do unnecessary delalloc flushes when relocating (bsc#1012452). - btrfs: do not force mounts to wait for cleaner_kthread to delete one or more subvolumes (bsc#1012452). - btrfs: do not wait for unrelated IO to finish before relocation (bsc#1012452). - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1035866). - btrfs: do not write corrupted metadata blocks to disk (bsc#1012452). - btrfs: end transaction if we abort when creating uuid root (bsc#1012452). - btrfs: enhance btrfs_find_device_by_user_input() to check device path (bsc#1012452). - btrfs: error out if generic_bin_search get invalid arguments (bsc#1012452). - btrfs: expand cow_file_range() to support in-band dedup and subpage-blocksize (bsc#1012452). - btrfs: extend btrfs_set_extent_delalloc and its friends to support in-band dedupe and subpage size patchset (bsc#1012452). - btrfs: extent same: use GFP_KERNEL for page array allocations (bsc#1012452). - btrfs: fallback to vmalloc in btrfs_compare_tree (bsc#1012452). - btrfs: fallocate: use GFP_KERNEL (bsc#1012452). - btrfs: fallocate: Work with sectorsized blocks (bsc#1012452). - btrfs: fill relocation block rsv after allocation (bsc#1012452). - btrfs: fix an integer overflow check (bsc#1012452). - btrfs: fix a possible umount deadlock (bsc#1012452). - btrfs: Fix block size returned to user space (bsc#1012452). - btrfs: fix btrfs_no_printk stub helper (bsc#1012452). - btrfs: Fix BUG_ON condition in scrub_setup_recheck_block() (bsc#1012452). - btrfs: fix BUG_ON in btrfs_mark_buffer_dirty (bsc#1012452). - btrfs: fix BUG_ON in btrfs_submit_compressed_write (bsc#1012452). - btrfs: fix build warning (bsc#1012452). - btrfs: fix callers of btrfs_block_rsv_migrate (bsc#1012452). - btrfs: fix check_direct_IO() for non-iovec iterators (bsc#1012452). - btrfs: fix check_shared for fiemap ioctl (bsc#1037177). - btrfs: fix crash when tracepoint arguments are freed by wq callbacks (bsc#1012452). - btrfs: fix data loss after truncate when using the no-holes feature (bsc#1036214). - btrfs: fix deadlock in delayed_ref_async_start (bsc#1012452). - btrfs: fix delalloc accounting after copy_from_user faults (bsc#1012452). - btrfs: fix delalloc reservation amount tracepoint (bsc#1012452). - btrfs: fix disk_i_size update bug when fallocate() fails (bsc#1012452). - btrfs: fix divide error upon chunk's stripe_len (bsc#1012452). - btrfs: fix double free of fs root (bsc#1012452). - btrfs: fix eb memory leak due to readpage failure (bsc#1012452). - btrfs: fix em leak in find_first_block_group (bsc#1012452). - btrfs: fix emptiness check for dirtied extent buffers at check_leaf() (bsc#1012452). - btrfs: fix error handling in map_private_extent_buffer (bsc#1012452). - btrfs: fix error return code in btrfs_init_test_fs() (bsc#1012452). - btrfs: fix extent_same allowing destination offset beyond i_size (bsc#1012452). - btrfs: fix free space calculation in dump_space_info() (bsc#1012452). - btrfs: fix fsfreeze hang caused by delayed iputs deal (bsc#1012452). - btrfs: fix fspath error deallocation (bsc#1012452). - btrfs: fix handling of faults from btrfs_copy_from_user (bsc#1012452). - btrfs: fix int32 overflow in shrink_delalloc() (bsc#1012452). - btrfs: Fix integer overflow when calculating bytes_per_bitmap (bsc#1012452). - btrfs: fix invalid dereference in btrfs_retry_endio (bsc#1040395). - btrfs: fix invalid reference in replace_path (bsc#1012452). - btrfs: fix listxattrs not listing all xattrs packed in the same item (bsc#1012452). - btrfs: fix lockdep deadlock warning due to dev_replace (bsc#1012452). - btrfs: fix lock dep warning, move scratch dev out of device_list_mutex and uuid_mutex (bsc#1012452). - btrfs: fix lock dep warning move scratch super outside of chunk_mutex (bsc#1012452). - btrfs: fix __MAX_CSUM_ITEMS (bsc#1012452). - btrfs: fix memory leak during RAID 5/6 device replacement (bsc#1012452). - btrfs: fix memory leak of block group cache (bsc#1012452). - btrfs: fix memory leak of reloc_root (bsc#1012452). - btrfs: fix mixed block count of available space (bsc#1012452). - btrfs: fix one bug that process may endlessly wait for ticket in wait_reserve_ticket() (bsc#1012452). - btrfs: fix panic in balance due to EIO (bsc#1012452). - btrfs: fix race between block group relocation and nocow writes (bsc#1012452). - btrfs: fix race between device replace and block group removal (bsc#1012452). - btrfs: fix race between device replace and chunk allocation (bsc#1012452). - btrfs: fix race between device replace and discard (bsc#1012452). - btrfs: fix race between device replace and read repair (bsc#1012452). - btrfs: fix race between fsync and direct IO writes for prealloc extents (bsc#1012452). - btrfs: fix race between readahead and device replace/removal (bsc#1012452). - btrfs: fix race setting block group back to RW mode during device replace (bsc#1012452). - btrfs: fix race setting block group readonly during device replace (bsc#1012452). - btrfs: fix read_node_slot to return errors (bsc#1012452). - btrfs: fix release reserved extents trace points (bsc#1012452). - btrfs: fix segmentation fault when doing dio read (bsc#1040425). - btrfs: Fix slab accounting flags (bsc#1012452). - btrfs: fix truncate_space_check (bsc#1012452). - btrfs: fix unexpected return value of fiemap (bsc#1012452). - btrfs: fix unprotected assignment of the left cursor for device replace (bsc#1012452). - btrfs: fix WARNING in btrfs_select_ref_head() (bsc#1012452). - btrfs: flush_space: treat return value of do_chunk_alloc properly (bsc#1012452). - btrfs: Force stripesize to the value of sectorsize (bsc#1012452). - btrfs: free sys_array eb as soon as possible (bsc#1012452). - btrfs: GFP_NOFS does not GFP_HIGHMEM (bsc#1012452). - btrfs: Handle uninitialised inode eviction (bsc#1012452). - btrfs: hide test-only member under ifdef (bsc#1012452). - btrfs: improve check_node to avoid reading corrupted nodes (bsc#1012452). - btrfs: Improve FL_KEEP_SIZE handling in fallocate (bsc#1012452). - btrfs: introduce BTRFS_MAX_ITEM_SIZE (bsc#1012452). - btrfs: introduce device delete by devid (bsc#1012452). - btrfs: introduce raid-type to error-code table, for minimum device constraint (bsc#1012452). - btrfs: introduce ticketed enospc infrastructure (bsc#1012452). - btrfs: introduce tickets_id to determine whether asynchronous metadata reclaim work makes progress (bsc#1012452). - btrfs: ioctl: reorder exclusive op check in RM_DEV (bsc#1012452). - btrfs: kill BUG_ON in do_relocation (bsc#1012452). - btrfs: kill BUG_ON in run_delayed_tree_ref (bsc#1012452). - btrfs: kill BUG_ON()'s in btrfs_mark_extent_written (bsc#1012452). - btrfs: kill invalid ASSERT() in process_all_refs() (bsc#1012452). - btrfs: kill the start argument to read_extent_buffer_pages (bsc#1012452). - btrfs: kill unused writepage_io_hook callback (bsc#1012452). - btrfs: let callers of btrfs_alloc_root pass gfp flags (bsc#1012452). - btrfs: Limit inline extents to root->sectorsize (bsc#1012452). - btrfs: make find_workspace always succeed (bsc#1012452). - btrfs: make find_workspace warn if there are no workspaces (bsc#1012452). - btrfs: make mapping->writeback_index point to the last written page (bsc#1012452). - btrfs: make state preallocation more speculative in __set_extent_bit (bsc#1012452). - btrfs: make sure device is synced before return (bsc#1012452). - btrfs: make sure we stay inside the bvec during __btrfs_lookup_bio_sums (bsc#1012452). - btrfs: make use of btrfs_find_device_by_user_input() (bsc#1012452). - btrfs: make use of btrfs_scratch_superblocks() in btrfs_rm_device() (bsc#1012452). - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912). - btrfs: memset to avoid stale content in btree leaf (bsc#1012452). - btrfs: memset to avoid stale content in btree node block (bsc#1012452). - btrfs: move error handling code together in ctree.h (bsc#1012452). - btrfs: optimize check for stale device (bsc#1012452). - btrfs: Output more info for enospc_debug mount option (bsc#1012452). - btrfs: parent_start initialization cleanup (bsc#1012452). - btrfs: pass correct args to btrfs_async_run_delayed_refs() (bsc#1012452). - btrfs: pass number of devices to btrfs_check_raid_min_devices (bsc#1012452). - btrfs: pass the right error code to the btrfs_std_error (bsc#1012452). - btrfs: preallocate compression workspaces (bsc#1012452). - btrfs: Print Warning only if ENOSPC_DEBUG is enabled (bsc#1012452). - btrfs: Ratelimit 'no csum found' info message (bsc#1012452). - btrfs: reada: add all reachable mirrors into reada device list (bsc#1012452). - btrfs: reada: Add missed segment checking in reada_find_zone (bsc#1012452). - btrfs: reada: Avoid many times of empty loop (bsc#1012452). - btrfs: reada: avoid undone reada extents in btrfs_reada_wait (bsc#1012452). - btrfs: reada: bypass adding extent when all zone failed (bsc#1012452). - btrfs: reada: Fix a debug code typo (bsc#1012452). - btrfs: reada: Fix in-segment calculation for reada (bsc#1012452). - btrfs: reada: ignore creating reada_extent for a non-existent device (bsc#1012452). - btrfs: reada: Jump into cleanup in direct way for __readahead_hook() (bsc#1012452). - btrfs: reada: limit max works count (bsc#1012452). - btrfs: reada: Move is_need_to_readahead contition earlier (bsc#1012452). - btrfs: reada: move reada_extent_put to place after __readahead_hook() (bsc#1012452). - btrfs: reada: Pass reada_extent into __readahead_hook directly (bsc#1012452). - btrfs: reada: reduce additional fs_info->reada_lock in reada_find_zone (bsc#1012452). - btrfs: reada: Remove level argument in severial functions (bsc#1012452). - btrfs: reada: simplify dev->reada_in_flight processing (bsc#1012452). - btrfs: reada: Use fs_info instead of root in __readahead_hook's argument (bsc#1012452). - btrfs: reada: use GFP_KERNEL everywhere (bsc#1012452). - btrfs: readdir: use GFP_KERNEL (bsc#1012452). - btrfs: refactor btrfs_dev_replace_start for reuse (bsc#1012452). - btrfs: Refactor btrfs_lock_cluster() to kill compiler warning (bsc#1012452). - btrfs: remove BUG() in raid56 (bsc#1012452). - btrfs: remove BUG_ON in start_transaction (bsc#1012452). - btrfs: remove BUG_ON()'s in btrfs_map_block (bsc#1012452). - btrfs: remove build fixup for qgroup_account_snapshot (bsc#1012452). - btrfs: remove redundant error check (bsc#1012452). - btrfs: remove save_error_info() (bsc#1012452). - btrfs: remove unnecessary btrfs_mark_buffer_dirty in split_leaf (bsc#1012452). - btrfs: remove unused function btrfs_assert() (bsc#1012452). - btrfs: rename and document compression workspace members (bsc#1012452). - btrfs: rename btrfs_find_device_by_user_input (bsc#1012452). - btrfs: rename btrfs_std_error to btrfs_handle_fs_error (bsc#1012452). - btrfs: rename __check_raid_min_devices (bsc#1012452). - btrfs: rename flags for vol args v2 (bsc#1012452). - btrfs: reorg btrfs_close_one_device() (bsc#1012452). - btrfs: Replace -ENOENT by -ERANGE in btrfs_get_acl() (bsc#1012452). - btrfs: Reset IO error counters before start of device replacing (bsc#1012452). - btrfs: reuse existing variable in scrub_stripe, reduce stack usage (bsc#1012452). - btrfs: Round down values which are written for total_bytes_size (bsc#1043912). - btrfs: s_bdev is not null after missing replace (bsc#1012452). - btrfs: scrub: Set bbio to NULL before calling btrfs_map_block (bsc#1012452). - btrfs: scrub: use GFP_KERNEL on the submission path (bsc#1012452). - btrfs: Search for all ordered extents that could span across a page (bsc#1012452). - btrfs: send: silence an integer overflow warning (bsc#1012452). - btrfs: send: use GFP_KERNEL everywhere (bsc#1012452). - btrfs: send: use temporary variable to store allocation size (bsc#1012452). - btrfs: send: use vmalloc only as fallback for clone_roots (bsc#1012452). - btrfs: send: use vmalloc only as fallback for clone_sources_tmp (bsc#1012452). - btrfs: send: use vmalloc only as fallback for read_buf (bsc#1012452). - btrfs: send: use vmalloc only as fallback for send_buf (bsc#1012452). - btrfs: Simplify conditions about compress while mapping btrfs flags to inode flags (bsc#1012452). - btrfs: sink gfp parameter to clear_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to clear_extent_dirty (bsc#1012452). - btrfs: sink gfp parameter to clear_record_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to convert_extent_bit (bsc#1012452). - btrfs: sink gfp parameter to set_extent_bits (bsc#1012452). - btrfs: sink gfp parameter to set_extent_defrag (bsc#1012452). - btrfs: sink gfp parameter to set_extent_delalloc (bsc#1012452). - btrfs: sink gfp parameter to set_extent_new (bsc#1012452). - btrfs: sink gfp parameter to set_record_extent_bits (bsc#1012452). - btrfs: skip commit transaction if we do not have enough pinned bytes (bsc#1037186). - btrfs: subpage-blocksize: Rate limit scrub error message (bsc#1012452). - btrfs: switch to common message helpers in open_ctree, adjust messages (bsc#1012452). - btrfs: switch to kcalloc in btrfs_cmp_data_prepare (bsc#1012452). - btrfs: sysfs: protect reading label by lock (bsc#1012452). - btrfs: trace pinned extents (bsc#1012452). - btrfs: track transid for delayed ref flushing (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, document subvol flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move balance flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move BTRFS_LABEL_SIZE (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move feature flags (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, move struct btrfs_ioctl_defrag_range_args (bsc#1012452). - btrfs: uapi/linux/btrfs.h migration, qgroup limit flags (bsc#1012452). - btrfs: uapi/linux/btrfs_tree.h migration, item types and defines (bsc#1012452). - btrfs: uapi/linux/btrfs_tree.h, use __u8 and __u64 (bsc#1012452). - btrfs: unsplit printed strings (bsc#1012452). - btrfs: untangle gotos a bit in __clear_extent_bit (bsc#1012452). - btrfs: untangle gotos a bit in convert_extent_bit (bsc#1012452). - btrfs: untangle gotos a bit in __set_extent_bit (bsc#1012452). - btrfs: update btrfs_space_info's bytes_may_use timely (bsc#1012452). - btrfs: Use correct format specifier (bsc#1012452). - btrfs: use correct offset for reloc_inode in prealloc_file_extent_cluster() (bsc#1012452). - btrfs: use dynamic allocation for root item in create_subvol (bsc#1012452). - btrfs: Use (eb->start, seq) as search key for tree modification log (bsc#1012452). - btrfs: use existing device constraints table btrfs_raid_array (bsc#1012452). - btrfs: use FLUSH_LIMIT for relocation in reserve_metadata_bytes (bsc#1012452). - btrfs: use fs_info directly (bsc#1012452). - btrfs: use new error message helper in qgroup_account_snapshot (bsc#1012452). - btrfs: use proper type for failrec in extent_state (bsc#1012452). - btrfs: use root when checking need_async_flush (bsc#1012452). - btrfs: use the correct struct for BTRFS_IOC_LOGICAL_INO (bsc#1012452). - btrfs: Use __u64 in exported linux/btrfs.h (bsc#1012452). - btrfs: warn_on for unaccounted spaces (bsc#1012452). - ceph: check i_nlink while converting a file handle to dentry (bsc#1039864). - ceph: Check that the new inode size is within limits in ceph_fallocate() (bsc#1037969). - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes). - ceph: fix file open flags on ppc64 (bsc#1022266). - ceph: fix memory leak in __ceph_setxattr() (bsc#1036763). - ceph: fix potential use-after-free (bsc#1043371). - ceph: fix recursively call between ceph_set_acl and __ceph_setattr (bsc#1034902). - ceph: memory leak in ceph_direct_read_write callback (bsc#1041810). - cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode (bsc#1012829). - cgroup: remove redundant cleanup in css_create (bsc#1012829). - cifs: backport prepath matching fix (bsc#799133). - cifs: small underflow in cnvrtDosUnixTm() (bnc#1043935). - clk: Make x86/ conditional on CONFIG_COMMON_CLK (4.4.68 stable queue). - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores (4.4.68 stable queue). - crypto: algif_aead - Require setkey before accept(2) (bsc#1031717). - crypto: sha-mb - Fix load failure (bsc#1037384). - cxgb4: Add control net_device for configuring PCIe VF (bsc#1021424). - cxgb4: Add llseek operation for flash debugfs entry (bsc#1021424). - cxgb4: add new routine to get adapter info (bsc#1021424). - cxgb4: Add PCI device ID for new adapter (bsc#1021424). - cxgb4: Add port description for new cards (bsc#1021424). - cxgb4: Add support to enable logging of firmware mailbox commands (bsc#1021424). - cxgb4: Check for firmware errors in the mailbox command loop (bsc#1021424). - cxgb4: correct device ID of T6 adapter (bsc#1021424). - cxgb4/cxgb4vf: Add set VF mac address support (bsc#1021424). - cxgb4/cxgb4vf: Allocate more queues for 25G and 100G adapter (bsc#1021424). - cxgb4/cxgb4vf: Assign netdev->dev_port with port ID (bsc#1021424). - cxgb4/cxgb4vf: Display 25G and 100G link speed (bsc#1021424). - cxgb4/cxgb4vf: Remove deprecated module parameters (bsc#1021424). - cxgb4: DCB message handler needs to use correct portid to netdev mapping (bsc#1021424). - cxgb4: Decode link down reason code obtained from firmware (bsc#1021424). - cxgb4: Do not assume FW_PORT_CMD reply is always port info msg (bsc#1021424). - cxgb4: do not call napi_hash_del() (bsc#1021424). - cxgb4: Do not sleep when mbox cmd is issued from interrupt context (bsc#1021424). - cxgb4: Enable SR-IOV configuration via PCI sysfs interface (bsc#1021424). - cxgb4: Fix issue while re-registering VF mgmt netdev (bsc#1021424). - cxgb4: MU requested by Chelsio (bsc#1021424). - cxgb4: Properly decode port module type (bsc#1021424). - cxgb4: Refactor t4_port_init function (bsc#1021424). - cxgb4: Reset dcb state machine and tx queue prio only if dcb is enabled (bsc#1021424). - cxgb4: Support compressed error vector for T6 (bsc#1021424). - cxgb4: Synchronize access to mailbox (bsc#1021424). - cxgb4: update latest firmware version supported (bsc#1021424). - dell-laptop: Adds support for keyboard backlight timeout AC settings (bsc#1013561). - Disable CONFIG_POWER_SUPPLY_DEBUG in debug kernel (bsc#1031500). - dmaengine: dw: fix typo in Kconfig (bsc#1031717). - dm: fix dm_target_io leak if clone_bio() returns an error (bsc#1040125). - dm-mpath: fix race window in do_end_io() (bsc#1011044). - dm: remove dummy dm_table definition (bsc#1045307) - dm round robin: do not use this_cpu_ptr() without having preemption disabled (bsc#1040125). - dm verity fec: fix block calculation (bsc#1040125). - dm verity fec: fix bufio leaks (bsc#1040125). - dm verity fec: limit error correction recursion (bsc#1040125). - drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments (bsc#1031717). - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg() (fate#320485, bsc#1023287, bsc#1028217). - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O (bsc#1031717). - drm/i915: Disable tv output on i9x5gm (bsc#1039700). - drm/i915: Do not touch NULL sg on i915_gem_object_get_pages_gtt() error (bsc#1031717). - drm/i915: Fix mismatched INIT power domain disabling during suspend (bsc#1031717). - drm/i915: Introduce Kabypoint PCH for Kabylake H/DT (bsc#1032581). - drm/i915: Nuke debug messages from the pipe update critical section (bsc#1031717). - drm/i915: Program iboost settings for HDMI/DVI on SKL (bsc#1031717). - drm/i915: relax uncritical udelay_range() (bsc#1031717). - drm/i915: relax uncritical udelay_range() settings (bsc#1031717). - drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl (bsc#1040463). - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452, bsc#995542). - drm/nouveau/tmr: fully separate alarm execution/pending lists (bsc#1043467). - drm/ttm: fix use-after-free races in vm fault handling (4.4.68 stable queue). - e1000e: Do not return uninitialized stats (bug#1034635). - efi: Do not issue error message when booted under Xen (bnc#1036638). - enic: set skb->hash type properly (bsc#922871 fate#318754). - ext4: fix data corruption for mmap writes (bsc#1012829). - ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO (bsc#1012829). - ext4: fix use-after-iput when fscrypt contexts are inconsistent (bsc#1012829). - f2fs: fix bad prefetchw of NULL page (bsc#1012829). - f2fs: sanity check segment count (4.4.68 stable queue). - Fix kabi after adding new field to struct mddev (bsc#1040351). - Fix soft lockup in svc_rdma_send (bsc#1044854). - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920). - fs/block_dev: always invalidate cleancache in invalidate_bdev() (git-fixes). - fs: fix data invalidation in the cleancache during direct IO (git-fixes). - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes). - ftrace: Make ftrace_location_range() global (FATE#322421). - fuse: fix clearing suid, sgid for chown() (bsc#1012829). - hpsa: limit transfer length to 1MB (bsc#1025461). - hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105). - ib/addr: Fix setting source address in addr6_resolve() (bsc#1044082). - ib/core: Fix kernel crash during fail to initialize device (bsc#1022595). - ib/core: For multicast functions, verify that LIDs are multicast LIDs (bsc#1022595). - ib/core: If the MGID/MLID pair is not on the list return an error (bsc#1022595). - ib/ipoib: Fix deadlock between ipoib_stop and mcast join flow (bsc#1022595). - ib/ipoib: Fix memory leak in create child syscall (bsc#1022595). - ib/mlx5: Assign DSCP for R-RoCE QPs Address Path (bsc#966170 bsc#966172 bsc#966191). - ib/mlx5: Check supported flow table size (bsc#966170 bsc#966172 bsc#966191). - ib/mlx5: Enlarge autogroup flow table (bsc#966170 bsc#966172 bsc#966191). - ib/mlx5: Fix kernel to user leak prevention logic (bsc#966170 bsc#966172 bsc#966191). - ibmvnic: Activate disabled RX buffer pools on reset (bsc#1044767). - ibmvnic: Add set_link_state routine for setting adapter link state (fate#322021, bsc#1031512). - ibmvnic: Allocate number of rx/tx buffers agreed on by firmware (fate#322021, bsc#1031512). - ibmvnic: Allocate zero-filled memory for sub crqs (fate#322021, bsc#1031512). - ibmvnic: Call napi_disable instead of napi_enable in failure path (fate#322021, bsc#1031512). - ibmvnic: Check adapter state during ibmvnic_poll (fate#322021, bsc#1040855). - ibmvnic: Check for driver reset first in ibmvnic_xmit (fate#322021, bsc#1038297). - ibmvnic: Cleanup failure path in ibmvnic_open (fate#322021, bsc#1031512). - ibmvnic: Clean up tx pools when closing (fate#322021, bsc#1038297). - ibmvnic: Client-initiated failover (bsc#1043990). - ibmvnic: Continue skb processing after skb completion error (fate#322021, bsc#1038297). - ibmvnic: Correct crq and resource releasing (fate#322021, bsc#1031512). - ibmvnic: Correct ibmvnic handling of device open/close (fate#322021, bsc#1031512). - ibmvnic: Correct return code checking for ibmvnic_init during probe (bsc#1045286). - ibmvnic: Create init and release routines for the bounce buffer (fate#322021, bsc#1031512). - ibmvnic: Create init and release routines for the rx pool (fate#322021, bsc#1031512). - ibmvnic: Create init and release routines for the tx pool (fate#322021, bsc#1031512). - ibmvnic: Create init/release routines for stats token (fate#322021, bsc#1031512). - ibmvnic: Deactivate RX pool buffer replenishment on H_CLOSED (fate#322021, bsc#1040855). - ibmvnic: Delete napi's when releasing driver resources (fate#322021, bsc#1038297). - ibmvnic: Disable irq prior to close (fate#322021, bsc#1031512). - ibmvnic: Do not disable IRQ after scheduling tasklet (fate#322021, bsc#1031512). - ibmvnic: driver initialization for kdump/kexec (bsc#1044772). - ibmvnic: Ensure that TX queues are disabled in __ibmvnic_close (bsc#1044767). - ibmvnic: Exit polling routine correctly during adapter reset (bsc#1044767). - ibmvnic: Fix assignment of RX/TX IRQ's (bsc#1046589). - ibmvnic: Fix cleanup of SKB's on driver close (fate#322021, bsc#1040855). - ibmvnic: Fix endian errors in error reporting output (fate#322021, bsc#1031512). - ibmvnic: Fix endian error when requesting device capabilities (fate#322021, bsc#1031512). - ibmvnic: Fix error handling when registering long-term-mapped buffers (bsc#1045568). - ibmvnic: Fix ibmvnic_change_mac_addr struct format (fate#322021, bsc#1031512). - ibmvnic: Fix incorrectly defined ibmvnic_request_map_rsp structure (bsc#1045568). - ibmvnic: Fix initial MTU settings (bsc#1031512). - ibmvnic: fix missing unlock on error in __ibmvnic_reset() (fate#322021, bsc#1038297, Fixes: ed651a10875f). - ibmvnic: Fix overflowing firmware/hardware TX queue (fate#322021, bsc#1031512). - ibmvnic: Fixup atomic API usage (fate#322021, bsc#1031512). - ibmvnic: Free skb's in cases of failure in transmit (fate#322021, bsc#1031512). - ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs (fate#322021, bsc#1031512). - ibmvnic: Halt TX and report carrier off on H_CLOSED return code (fate#322021, bsc#1040855). - ibmvnic: Handle failover after failed init crq (fate#322021, bsc#1040855). - ibmvnic: Handle processing of CRQ messages in a tasklet (fate#322021, bsc#1031512). - ibmvnic: Initialize completion variables before starting work (fate#322021, bsc#1031512). - ibmvnic: Insert header on VLAN tagged received frame (fate#322021, bsc#1031512). - ibmvnic: Make CRQ interrupt tasklet wait for all capabilities crqs (fate#322021, bsc#1031512). - ibmvnic: Merge the two release_sub_crq_queue routines (fate#322021, bsc#1031512). - ibmvnic: Move ibmvnic adapter intialization to its own routine (fate#322021, bsc#1031512). - ibmvnic: Move initialization of sub crqs to ibmvnic_init (fate#322021, bsc#1031512). - ibmvnic: Move initialization of the stats token to ibmvnic_open (fate#322021, bsc#1031512). - ibmvnic: Move login and queue negotiation into ibmvnic_open (fate#322021, bsc#1031512). - ibmvnic: Move login to its own routine (fate#322021, bsc#1031512). - ibmvnic: Move queue restarting in ibmvnic_tx_complete (fate#322021, bsc#1038297). - ibmvnic: Move resource initialization to its own routine (fate#322021, bsc#1038297). - ibmvnic: Non-fatal error handling (fate#322021, bsc#1040855). - ibmvnic: Only retrieve error info if present (fate#322021, bsc#1031512). - ibmvnic: Record SKB RX queue during poll (fate#322021, bsc#1038297). - ibmvnic: Remove debugfs support (fate#322021, bsc#1031512). - ibmvnic: Remove inflight list (fate#322021, bsc#1031512). - ibmvnic: Remove module author mailing address (bsc#1045467). - ibmvnic: Remove netdev notify for failover resets (bsc#1044120). - ibmvnic: Remove unused bouce buffer (fate#322021, bsc#1031512). - ibmvnic: Remove VNIC_CLOSING check from pending_scrq (bsc#1044767). - ibmvnic: Replace is_closed with state field (fate#322021, bsc#1038297). - ibmvnic: Report errors when failing to release sub-crqs (fate#322021, bsc#1031512). - ibmvnic: Reset sub-crqs during driver reset (fate#322021, bsc#1040855). - ibmvnic: Reset the CRQ queue during driver reset (fate#322021, bsc#1040855). - ibmvnic: Reset tx/rx pools on driver reset (fate#322021, bsc#1040855). - ibmvnic: Return failure on attempted mtu change (bsc#1043236). - ibmvnic: Return from ibmvnic_resume if not in VNIC_OPEN state (bsc#1045235). - ibmvnic: Sanitize entire SCRQ buffer on reset (bsc#1044767). - ibmvnic: Send gratuitous arp on reset (fate#322021, bsc#1040855). - ibmvnic: Set real number of rx queues (fate#322021, bsc#1031512). - ibmvnic: Split initialization of scrqs to its own routine (fate#322021, bsc#1031512). - ibmvnic: Track state of adapter napis (fate#322021, bsc#1040855). - ibmvnic: Unmap longer term buffer before free (fate#322021, bsc#1031512). - ibmvnic: Updated reset handling (fate#322021, bsc#1038297). - ibmvnic: Update main crq initialization and release (fate#322021, bsc#1031512). - ibmvnic: Use common counter for capabilities checks (fate#322021, bsc#1031512). - ibmvnic: use max_mtu instead of req_mtu for MTU range check (bsc#1031512). - ibmvnic: Validate napi exist before disabling them (fate#322021, bsc#1031512). - ibmvnic: Wait for any pending scrqs entries at driver close (fate#322021, bsc#1038297). - ibmvnic: Whitespace correction in release_rx_pools (fate#322021, bsc#1038297). - iio: hid-sensor: Store restore poll and hysteresis on S3 (bsc#1031717). - infiniband: avoid dereferencing uninitialized dst on error path (git-fixes). - iommu/arm-smmu: Disable stalling faults for all endpoints (bsc#1038843). - iommu/dma: Respect IOMMU aperture when allocating (bsc#1038842). - iommu/exynos: Block SYSMMU while invalidating FLPD cache (bsc#1038848). - iommu: Handle default domain attach failure (bsc#1038846). - iommu/vt-d: Do not over-free page table directories (bsc#1038847). - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header (4.4.68 stable queue). - ipv6: Do not use ufo handling on later transformed packets (bsc#1042286). - ipv6: fix endianness error in icmpv6_err (bsc#1042286). - ipv6: initialize route null entry in addrconf_init() (4.4.68 stable queue). - ipv6: release dst on error in ip6_dst_lookup_tail (git-fixes). - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf (4.4.68 stable queue). - isa: Call isa_bus_init before dependent ISA bus drivers register (bsc#1031717). - iscsi-target: Return error if unable to add network portal (bsc#1032803). - iw_cxgb4: Fix error return code in c4iw_rdev_open() (bsc#1026570). - iw_cxgb4: Guard against null cm_id in dump_ep/qp (bsc#1026570). - iwlwifi: 8000: fix MODULE_FIRMWARE input. - iwlwifi: 9000: increase the number of queues. - iwlwifi: add device ID for 8265. - iwlwifi: add device IDs for the 8265 device. - iwlwifi: add disable_11ac module param. - iwlwifi: add new 3168 series devices support. - iwlwifi: add new 8260 PCI IDs. - iwlwifi: add new 8265. - iwlwifi: add new 8265 series PCI ID. - iwlwifi: Add new PCI IDs for 9260 and 5165 series. - iwlwifi: Add PCI IDs for the new 3168 series. - iwlwifi: Add PCI IDs for the new series 8165. - iwlwifi: add support for 12K Receive Buffers. - iwlwifi: add support for getting HW address from CSR. - iwlwifi: avoid d0i3 commands when no/init ucode is loaded. - iwlwifi: bail out in case of bad trans state. - iwlwifi: block the queues when we send ADD_STA for uAPSD. - iwlwifi: change the Intel Wireless email address. - iwlwifi: change the Intel Wireless email address. - iwlwifi: check for valid ethernet address provided by OEM. - iwlwifi: clean up transport debugfs handling. - iwlwifi: clear ieee80211_tx_info->driver_data in the op_mode. - iwlwifi: Document missing module options. - iwlwifi: dump prph registers in a common place for all transports. - iwlwifi: dvm: advertise NETIF_F_SG. - iwlwifi: dvm: fix compare_const_fl.cocci warnings. - iwlwifi: dvm: handle zero brightness for wifi LED. - iwlwifi: dvm: remove a wrong dependency on m. - iwlwifi: dvm: remove Kconfig default. - iwlwifi: dvm: remove stray debug code. - iwlwifi: export the _no_grab version of PRPH IO functions. - iwlwifi: expose fw usniffer mode to more utilities. - iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000. - iwlwifi: Fix firmware name maximum length definition. - iwlwifi: fix name of ucode loaded for 8265 series. - iwlwifi: fix printf specifier. - iwlwifi: generalize d0i3_entry_timeout module parameter. - iwlwifi: mvm: adapt the firmware assert log to new firmware. - iwlwifi: mvm: add 9000-series RX API. - iwlwifi: mvm: add 9000 series RX processing. - iwlwifi: mvm: add a non-trigger window to fw dbg triggers. - iwlwifi: mvm: add an option to start rs from HT/VHT rates. - iwlwifi: mvm: Add a station in monitor mode. - iwlwifi: mvm: add bt rrc and ttc to debugfs. - iwlwifi: mvm: add bt settings to debugfs. - iwlwifi: mvm: add ctdp operations to debugfs. - iwlwifi: mvm: add CT-KILL notification. - iwlwifi: mvm: add debug print if scan config is ignored. - iwlwifi: mvm: add extended dwell time. - iwlwifi: mvm: add new ADD_STA command version. - iwlwifi: mvm: Add P2P client snoozing. - iwlwifi: mvm: add registration to cooling device. - iwlwifi: mvm: add registration to thermal zone. - iwlwifi: mvm: add support for negative temperatures. - iwlwifi: mvm: add tlv for multi queue rx support. - iwlwifi: mvm: add trigger for firmware dump upon TDLS events. - iwlwifi: mvm: add trigger for firmware dump upon TX response status. - iwlwifi: mvm: advertise NETIF_F_SG. - iwlwifi: mvm: Align bt-coex priority with requirements. - iwlwifi: mvm: allow to disable beacon filtering for AP/GO interface. - iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning. - iwlwifi: mvm: avoid panics with thermal device usage. - iwlwifi: mvm: avoid to WARN about gscan capabilities. - iwlwifi: mvm: bail out if CTDP start operation fails. - iwlwifi: mvm: bump firmware API to 21. - iwlwifi: mvm: bump max API to 20. - iwlwifi: mvm: change access to ieee80211_hdr. - iwlwifi: mvm: change iwl_mvm_get_key_sta_id() to return the station. - iwlwifi: mvm: change mcc update API. - iwlwifi: mvm: change name of iwl_mvm_d3_update_gtk. - iwlwifi: mvm: Change number of associated stations when station becomes associated. - iwlwifi: mvm: change protocol offload flows. - iwlwifi: mvm: change the check for ADD_STA status. - iwlwifi: mvm: check FW's response for nvm access write cmd. - iwlwifi: mvm: check iwl_mvm_wowlan_config_key_params() return value. - iwlwifi: mvm: check minimum temperature notification length. - iwlwifi: mvm: cleanup roc te on restart cleanup. - iwlwifi: mvm: Configure fragmented scan for scheduled scan. - iwlwifi: mvm: configure scheduled scan according to traffic conditions. - iwlwifi: mvm: constify the parameters of a few functions in fw-dbg.c. - iwlwifi: mvm: Disable beacon storing in D3 when WOWLAN configured. - iwlwifi: mvm: disable DQA support. - iwlwifi: mvm: do not ask beacons when P2P GO vif and no assoc sta. - iwlwifi: mvm: do not keep an mvm ref when the interface is down. - iwlwifi: mvm: do not let NDPs mess the packet tracking. - iwlwifi: mvm: do not restart HW if suspend fails with unified image. - iwlwifi: mvm: Do not switch to D3 image on suspend. - iwlwifi: mvm: do not try to offload AES-CMAC in AP/IBSS modes. - iwlwifi: mvm: drop low_latency_agg_frame_cnt_limit. - iwlwifi: mvm: dump more registers upon error. - iwlwifi: mvm: dump the radio registers when the firmware crashes. - iwlwifi: mvm: enable L3 filtering. - iwlwifi: mvm: Enable MPLUT only on supported hw. - iwlwifi: mvm: enable VHT MU-MIMO for supported hardware. - iwlwifi: mvm: extend time event duration. - iwlwifi: mvm: fix accessing Null pointer during fw dump collection. - iwlwifi: mvm: fix d3_test with unified D0/D3 images. - iwlwifi: mvm: fix debugfs signedness warning. - iwlwifi: mvm: fix extended dwell time. - iwlwifi: mvm: fix incorrect fallthrough in iwl_mvm_check_running_scans(). - iwlwifi: mvm: fix memory leaks in error paths upon fw error dump. - iwlwifi: mvm: fix netdetect starting/stopping for unified images. - iwlwifi: mvm: fix RSS key sizing. - iwlwifi: mvm: fix unregistration of thermal in some error flows. - iwlwifi: mvm: flush all used TX queues before suspending. - iwlwifi: mvm: forbid U-APSD for P2P Client if the firmware does not support it. - iwlwifi: mvm: handle pass all scan reporting. - iwlwifi: mvm: ignore LMAC scan notifications when running UMAC scans. - iwlwifi: mvm: infrastructure for frame-release message. - iwlwifi: mvm: kill iwl_mvm_enable_agg_txq. - iwlwifi: mvm: let the firmware choose the antenna for beacons. - iwlwifi: mvm: make collecting fw debug data optional. - iwlwifi: mvm: move fw-dbg code to separate file. - iwlwifi: mvm: only release the trans ref if d0i3 is supported in fw. - iwlwifi: mvm: prepare the code towards TSO implementation. - iwlwifi: mvm: refactor d3 key update functions. - iwlwifi: mvm: refactor the way fw_key_table is handled. - iwlwifi: mvm: remove an extra tab. - iwlwifi: mvm: Remove bf_vif from iwl_power_vifs. - iwlwifi: mvm: Remove iwl_mvm_update_beacon_abort. - iwlwifi: mvm: remove redundant d0i3 flag from the config struct. - iwlwifi: mvm: remove shadowing variable. - iwlwifi: mvm: remove stray nd_config element. - iwlwifi: mvm: remove the vif parameter of iwl_mvm_configure_bcast_filter(). - iwlwifi: mvm: remove unnecessary check in iwl_mvm_is_d0i3_supported(). - iwlwifi: mvm: remove useless WARN_ON and rely on cfg80211's combination. - iwlwifi: mvm: report wakeup for wowlan. - iwlwifi: mvm: reset mvm->scan_type when firmware is started. - iwlwifi: mvm: return the cooling state index instead of the budget. - iwlwifi: mvm: ROC: cleanup time event info on FW failure. - iwlwifi: mvm: ROC: Extend the ROC max delay duration & limit ROC duration. - iwlwifi: mvm: rs: fix a potential out of bounds access. - iwlwifi: mvm: rs: fix a theoretical access to uninitialized array elements. - iwlwifi: mvm: rs: fix a warning message. - iwlwifi: mvm: rs: fix TPC action decision algorithm. - iwlwifi: mvm: rs: fix TPC statistics handling. - iwlwifi: mvm: Send power command on BSS_CHANGED_BEACON_INFO if needed. - iwlwifi: mvm: set default new STA as non-aggregated. - iwlwifi: mvm: set the correct amsdu enum values. - iwlwifi: mvm: set the correct descriptor size for tracing. - iwlwifi: mvm: small update in the firmware API. - iwlwifi: mvm: support A-MSDU in A-MPDU. - iwlwifi: mvm: support beacon storing. - iwlwifi: mvm: support description for user triggered fw dbg collection. - iwlwifi: mvm: support rss queues configuration command. - iwlwifi: mvm: Support setting continuous recording debug mode. - iwlwifi: mvm: support setting minimum quota from debugfs. - iwlwifi: mvm: support sw queue start/stop from mvm. - iwlwifi: mvm: take care of padded packets. - iwlwifi: mvm: take the transport ref back when leaving. - iwlwifi: mvm: track low-latency sources separately. - iwlwifi: mvm: update GSCAN capabilities. - iwlwifi: mvm: update ucode status before stopping device. - iwlwifi: mvm: use build-time assertion for fw trigger ID. - iwlwifi: mvm: use firmware station lookup, combine code. - iwlwifi: mvm: various trivial cleanups. - iwlwifi: mvm: writing zero bytes to debugfs causes a crash. - iwlwifi: nvm: fix loading default NVM file. - iwlwifi: nvm: fix up phy section when reading it. - iwlwifi: pcie: add 9000 series multi queue rx DMA support. - iwlwifi: pcie: add infrastructure for multi-queue rx. - iwlwifi: pcie: add initial RTPM support for PCI. - iwlwifi: pcie: Add new configuration to enable MSIX. - iwlwifi: pcie: add pm_prepare and pm_complete ops. - iwlwifi: pcie: add RTPM support when wifi is enabled. - iwlwifi: pcie: aggregate Flow Handler configuration writes. - iwlwifi: pcie: allow the op_mode to block the tx queues. - iwlwifi: pcie: allow to pretend to have Tx CSUM for debug. - iwlwifi: pcie: avoid restocks inside rx loop if not emergency. - iwlwifi: pcie: buffer packets to avoid overflowing Tx queues. - iwlwifi: pcie: build an A-MSDU using TSO core. - iwlwifi: pcie: configure more RFH settings. - iwlwifi: pcie: detect and workaround invalid write ptr behavior. - iwlwifi: pcie: do not increment / decrement a bool. - iwlwifi: pcie: enable interrupts before releasing the NIC's CPU. - iwlwifi: pcie: enable multi-queue rx path. - iwlwifi: pcie: extend device reset delay. - iwlwifi: pcie: fine tune number of rxbs. - iwlwifi: pcie: fix a race in firmware loading flow. - iwlwifi: pcie: fix erroneous return value. - iwlwifi: pcie: fix global table size. - iwlwifi: pcie: fix identation in trans.c. - iwlwifi: pcie: fix RF-Kill vs. firmware load race. - iwlwifi: pcie: forbid RTPM on device removal. - iwlwifi: pcie: mark command queue lock with separate lockdep class. - iwlwifi: pcie: prevent skbs shadowing in iwl_trans_pcie_reclaim. - iwlwifi: pcie: refactor RXBs reclaiming code. - iwlwifi: pcie: remove ICT allocation message. - iwlwifi: pcie: remove pointer from debug message. - iwlwifi: pcie: re-organize code towards TSO. - iwlwifi: pcie: set RB chunk size back to 64. - iwlwifi: pcie: update iwl_mpdu_desc fields. - iwlwifi: print index in api/capa flags parsing message. - iwlwifi: refactor the code that reads the MAC address from the NVM. - iwlwifi: remove IWL_DL_LED. - iwlwifi: remove unused parameter from grab_nic_access. - iwlwifi: replace d0i3_mode and wowlan_d0i3 with more generic variables. - iwlwifi: set max firmware version of 7265 to 17. - iwlwifi: support ucode with d0 unified image - regular and usniffer. - iwlwifi: trans: make various conversion macros inlines. - iwlwifi: trans: support a callback for ASYNC commands. - iwlwifi: treat iwl_parse_nvm_data() MAC addr as little endian. - iwlwifi: tt: move ucode_loaded check under mutex. - iwlwifi: uninline iwl_trans_send_cmd. - iwlwifi: update host command messages to new format. - iwlwifi: Update PCI IDs for 8000 and 9000 series. - iwlwifi: update support for 3168 series firmware and NVM. - iwlwifi: various comments and code cleanups. - jump label: fix passing kbuild_cflags when checking for asm goto support (git-fixes). - kabi: Hide new include in arch/powerpc/kernel/process.c (fate#322421). - kabi: ignore fs_info parameter for tracepoints that didn't have it (bsc#1044912). - kABI: move and hide new cxgbi device owner field (bsc#1018885). - kABI: protect cgroup include in kernel/kthread (kabi). - kABI: protect struct fib_info (kabi). - kABI: protect struct mnt_namespace (kabi). - kABI: protect struct pglist_data (kabi). - kABI: protect struct snd_fw_async_midi_port (kabi). - kABI: protect struct xlog (bsc#1043598). - kABI: restore ttm_ref_object_add parameters (kabi). - kabi/severities: ignore kABi changes in iwlwifi stuff itself - kabi workaround for net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286). - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422) - kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed (4.4.68 stable queue). - kvm: better MWAIT emulation for guests (bsc#1031142). - kvm: nVMX: do not leak PML full vmexit to L1 (4.4.68 stable queue). - kvm: nVMX: initialize PML fields in vmcs02 (4.4.68 stable queue). - kvm: svm: add support for RDTSCP (bsc#1033117). - l2tp: fix race in l2tp_recv_common() (bsc#1042286). - lan78xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - leds: ktd2692: avoid harmless maybe-uninitialized warning (4.4.68 stable queue). - libata-scsi: Fixup ata_gen_passthru_sense() (bsc#1040125). - libceph: NULL deref on crush_decode() error path (bsc#1044015). - libcxgb: add library module for Chelsio drivers (bsc#1021424). - lib/mpi: mpi_read_raw_data(): fix nbits calculation (bsc#1003581). - lib/mpi: mpi_read_raw_data(): purge redundant clearing of nbits (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): do not include leading zero SGEs in nbytes (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes (bsc#1003581). - lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices (bsc#1003581). - libnvdimm, pfn: fix 'npfns' vs section alignment (bsc#1040125). - livepatch: Allow architectures to specify an alternate ftrace location (FATE#322421). - locking/ww_mutex: Fix compilation of __WW_MUTEX_INITIALIZER (bsc#1031717). - loop: Add PF_LESS_THROTTLE to block/loop device thread (bsc#1027101). - lpfc: remove incorrect lockdep assertion (bsc#1040125). - md: allow creation of mdNNN arrays via md_mod/parameters/new_array (bsc#1032339). - md.c:didn't unlock the mddev before return EINVAL in array_size_store (bsc#1038143). - md-cluster: fix potential lock issue in add_new_disk (bsc#1041087). - md: fix a null dereference (bsc#1040351). - md: handle read-only member devices better (bsc#1033281). - md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop (bsc#1038142). - md/raid1: avoid reusing a resync bio after error handling (Fate#311379). - md: support disabling of create-on-open semantics (bsc#1032339). - md: use a separate bio_set for synchronous IO (bsc#1040351). - media: am437x-vpfe: fix an uninitialized variable bug (bsc#1031717). - media: b2c2: use IS_REACHABLE() instead of open-coding it (bsc#1031717). - media: c8sectpfe: Rework firmware loading mechanism (bsc#1031717). - media: cx231xx-audio: fix NULL-deref at probe (bsc#1031717). - media: cx231xx-cards: fix NULL-deref at probe (bsc#1031717). - media: cx23885: uninitialized variable in cx23885_av_work_handler() (bsc#1031717). - media: DaVinci-VPBE: Check return value of a setup_if_config() call in vpbe_set_output() (bsc#1031717). - media: DaVinci-VPFE-Capture: fix error handling (bsc#1031717). - media: dib0700: fix NULL-deref at probe (bsc#1031717). - media: dvb-usb: avoid link error with dib3000m{b,c| (bsc#1031717). - media: exynos4-is: fix a format string bug (bsc#1031717). - media: gspca: konica: add missing endpoint sanity check (bsc#1031717). - media: lirc_imon: do not leave imon_probe() with mutex held (bsc#1031717). - media: pvrusb2: reduce stack usage pvr2_eeprom_analyze() (bsc#1031717). - media: rc: allow rc modules to be loaded if rc-main is not a module (bsc#1031717). - media: s5p-mfc: Fix unbalanced call to clock management (bsc#1031717). - media: sh-vou: clarify videobuf2 dependency (bsc#1031717). - media: staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs() (bsc#1031717). - media: usbvision: fix NULL-deref at probe (bsc#1031717). - media: uvcvideo: Fix empty packet statistic (bsc#1031717). - media: vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1043231). - mem-hotplug: fix node spanned pages when we have a movable node (bnc#1034671). - mips: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix (4.4.68 stable queue). - mlx4: Fix memory leak after mlx4_en_update_priv() (bsc#966170 bsc#966172 bsc#966191). - mmc: debugfs: correct wrong voltage value (bsc#1031717). - mmc: Downgrade error level (bsc#1042536). - mm,compaction: serialize waitqueue_active() checks (bsc#971975). - mmc: sdhci-pxav3: fix higher speed mode capabilities (bsc#1031717). - mmc: sdhci: restore behavior when setting VDD via external regulator (bsc#1031717). - mm: fix <linux/pagemap.h> stray kernel-doc notation (bnc#971975 VM -- git fixes). - mm: fix new crash in unmapped_area_topdown() (bnc#1039348). - mm/hugetlb: check for reserved hugepages during memory offline (bnc#971975 VM -- git fixes). - mm/hugetlb: fix incorrect hugepages count during mem hotplug (bnc#971975 VM -- git fixes). - module: fix memory leak on early load_module() failures (bsc#1043014). - mwifiex: Avoid skipping WEP key deletion for AP (4.4.68 stable queue). - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print (4.4.68 stable queue). - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset (bsc#1031717). - mwifiex: Removed unused 'pkt_type' variable (bsc#1031717). - mwifiex: remove redundant dma padding in AMSDU (4.4.68 stable queue). - mwifiex: Remove unused 'bcd_usb' variable (bsc#1031717). - mwifiex: Remove unused 'chan_num' variable (bsc#1031717). - mwifiex: Remove unused 'pm_flag' variable (bsc#1031717). - mwifiex: Remove unused 'sta_ptr' variable (bsc#1031717). - net: bridge: start hello timer only if device is up (bnc#1012382). - netfilter: nf_conntrack_sip: extend request line validation (bsc#1042286). - netfilter: nf_ct_expect: remove the redundant slash when policy name is empty (bsc#1042286). - netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags (bsc#1042286). - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register (bsc#1042286). - netfilter: nfnetlink_queue: reject verdict request from different portid (bsc#1042286). - netfilter: restart search if moved to other chain (bsc#1042286). - netfilter: use fwmark_reflect in nf_send_reset (bsc#1042286). - net: fix compile error in skb_orphan_partial() (bnc#1012382). - net: ibmvnic: Remove unused net_stats member from struct ibmvnic_adapter (fate#322021, bsc#1031512). - net: icmp_route_lookup should use rt dev to determine L3 domain (bsc#1042286). - net: ipv6: Fix processing of RAs in presence of VRF (bsc#1042286). - net: ipv6: set route type for anycast routes (bsc#1042286). - net: l3mdev: Add master device lookup by index (bsc#1042286). - net: make netdev_for_each_lower_dev safe for device removal (bsc#1042286). - net/mlx5: Do not unlock fte while still using it (bsc#966170 bsc#966172 bsc#966191). - net/mlx5e: Fix timestamping capabilities reporting (bsc#966170 bsc#1015342). - net/mlx5e: Modify TIRs hash only when it's needed (bsc#966170 bsc#966172 bsc#966191). - net/mlx5: Fix create autogroup prev initializer (bsc#966170 bsc#966172 bsc#966191). - net/mlx5: Prevent setting multicast macs for VFs (bsc#966170 bsc#966172 bsc#966191). - net/mlx5: Release FTE lock in error flow (bsc#966170 bsc#966172 bsc#966191). - net: vrf: Create FIB tables on link create (bsc#1042286). - net: vrf: Fix crash when IPv6 is disabled at boot time (bsc#1042286). - net: vrf: Fix dev refcnt leak due to IPv6 prefix route (bsc#1042286). - net: vrf: Fix dst reference counting (bsc#1042286). - net: vrf: protect changes to private data with rcu (bsc#1042286). - net: vrf: Switch dst dev to loopback on device delete (bsc#1042286). - netxen_nic: set rcode to the return status from the call to netxen_issue_cmd (bsc#966339 FATE#320150). - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670). - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670). - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670). - nfs: Fix an LOCK/OPEN race when unlinking an open file (git-fixes). - nfs: Fix 'Do not increment lock sequence ID after NFS4ERR_MOVED' (git-fixes). - nfs: Fix inode corruption in nfs_prime_dcache() (git-fixes). - nfs: Fix missing pg_cleanup after nfs_pageio_cond_complete() (git-fixes). - nfs: Use GFP_NOIO for two allocations in writeback (git-fixes). - nfsv4.1: Fix Oopsable condition in server callback races (git-fixes). - nfsv4: do not let hanging mounts block other mounts (bsc#1040364). - nfsv4: fix a reference leak caused WARNING messages (git-fixes). - nfsv4: Fix the underestimation of delegation XDR space reservation (git-fixes). - nsfs: mark dentry with DCACHE_RCUACCESS (bsc#1012829). - nvme: Delete created IO queues on reset (bsc#1031717). - nvme: submit nvme_admin_activate_fw to admin queue (bsc#1044532). - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (bsc#1004003). - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (bsc#1004003). - overlayfs: compat, fix incorrect dentry use in ovl_rename2 (bsc#1032400). - overlayfs: compat, use correct dentry to detect compat mode in ovl_compat_is_whiteout (bsc#1032400). - pci: pciehp: Prioritize data-link event over presence detect (bsc#1031040,bsc#1037483). - pci: Reverse standard ACS vs device-specific ACS enabling (bsc#1030057). - pci: Work around Intel Sunrise Point PCH incorrect ACS capability (bsc#1030057). - percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (bnc#971975 VM -- git fixes). - perf/x86/intel/rapl: Make Knights Landings support functional (bsc#1042517). - perf/x86/intel/uncore: Remove SBOX support for Broadwell server (bsc#1035887). - phy: qcom-usb-hs: Add depends on EXTCON (4.4.68 stable queue). - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (bnc#1012985). - PKCS#7: fix missing break on OID_sha224 case (bsc#1031717). - platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks (bsc#1031717). - pm / QoS: Fix memory leak on resume_latency.notifiers (bsc#1043231). - pm / wakeirq: Enable dedicated wakeirq for suspend (bsc#1031717). - pm / wakeirq: Fix spurious wake-up events for dedicated wakeirqs (bsc#1031717). - pm / wakeirq: report a wakeup_event on dedicated wekup irq (bsc#1031717). - power: bq27xxx: fix register numbers of bq27500 (bsc#1031717). - powerpc/64: Fix flush_(d|i)cache_range() called from modules (bnc#863764 fate#315275, LTC#103998). - powerpc: Create a helper for getting the kernel toc value (FATE#322421). - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609). - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669). - powerpc/fadump: avoid holes in boot memory area when fadump is registered (bsc#1037669). - powerpc/fadump: provide a helpful error message (bsc#1037669). - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM (bsc#1032141). - powerpc/fadump: return error when fadump registration fails (bsc#1040567). - powerpc/fadump: Update fadump documentation (bsc#1032141). - powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel (FATE#322421). - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI (FATE#322421). - powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS (FATE#322421). - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace (FATE#322421). - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421). - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421). - powerpc/livepatch: Add livepatch header (FATE#322421). - powerpc/livepatch: Add live patching support on ppc64le (FATE#322421). - powerpc/livepatch: Add livepatch stack to struct thread_info (FATE#322421). - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421). - powerpc/module: Mark module stubs with a magic value (FATE#322421). - powerpc/module: Only try to generate the ftrace_caller() stub once (FATE#322421). - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount() call (FATE#322421). - powerpc/powernv: Fix opal_exit tracepoint opcode (4.4.68 stable queue). - power: supply: bq24190_charger: Call power_supply_changed() for relevant component (4.4.68 stable queue). - power: supply: bq24190_charger: Call set_mode_host() on pm_resume() (4.4.68 stable queue). - power: supply: bq24190_charger: Do not read fault register outside irq_handle_thread() (4.4.68 stable queue). - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING (4.4.68 stable queue). - power: supply: bq24190_charger: Handle fault before status on interrupt (4.4.68 stable queue). - power: supply: bq24190_charger: Install irq_handler_thread() at end of probe() (4.4.68 stable queue). - printk: Correctly handle preemption in console_unlock() (bsc#1046434). - printk: Switch to the sync mode when an emergency message is printed (bsc#1034995). - printk/xen: Force printk sync mode when migrating Xen guest (bsc#1043347). - quota: fill in Q_XGETQSTAT inode information for inactive quotas (bsc#1042356). - radix-tree: fix radix_tree_iter_retry() for tagged iterators (bsc#1012829). - ravb: Fix use-after-free on `ifconfig eth0 down` (git-fixes). - rdma/iw_cxgb4: Add missing error codes for act open cmd (bsc#1026570). - rdma/iw_cxgb4: Always wake up waiter in c4iw_peer_abort_intr() (bsc#1026570). - rdma/iw_cxgb4: Low resource fixes for Completion queue (bsc#1026570). - rdma/iw_cxgb4: only read markers_enabled mod param once (bsc#1026570). - regulator: isl9305: fix array size (bsc#1031717). - reiserfs: do not preallocate blocks for extended attributes (bsc#990682). - Revert 'acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison)' (kabi). - Revert 'btrfs: qgroup: Move half of the qgroup accounting time out of' (bsc#1017461 bsc#1033885). - Revert 'KVM: nested VMX: disable perf cpuid reporting' (4.4.68 stable queue). - Revert 'l2tp: take reference on sessions being dumped' (kabi). - Revert 'mac80211: pass block ack session timeout to to driver' (kabi). - Revert 'mac80211: RX BA support for sta max_rx_aggregation_subframes' (kabi). - Revert 'wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event' (kabi). - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060) - rpm/SLES-UEFI-SIGN-Certificate-2048.crt: Update the certificate (bsc#1035922) - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string (4.4.68 stable queue). - rtnl: reset calcit fptr in rtnl_unregister() (bsc#1042286). - s390/dasd: check if query host access feature is supported (bsc#1037871). - sbp-target: Fix second argument of percpu_ida_alloc() (bsc#1032803). - scsi: be2iscsi: Add FUNCTION_RESET during driver unload (bsc#1038458). - scsi: be2iscsi: Add IOCTL to check UER supported (bsc#1038458). - scsi: be2iscsi: Add TPE recovery feature (bsc#1038458). - scsi: be2iscsi: Add V1 of EPFW cleanup IOCTL (bsc#1038458). - scsi: be2iscsi: allocate enough memory in beiscsi_boot_get_sinfo() (bsc#1038458). - scsi: be2iscsi: Check all zeroes IP before issuing IOCTL (bsc#1038458). - scsi: be2iscsi: Fail the sessions immediately after TPE (bsc#1038458). - scsi: be2iscsi: Fix async PDU handling path (bsc#1038458). - scsi: be2iscsi: Fix bad WRB index error (bsc#1038458). - scsi: be2iscsi: Fix checks for HBA in error state (bsc#1038458). - scsi: be2iscsi: Fix gateway APIs to support IPv4 & IPv6 (bsc#1038458). - scsi: be2iscsi: Fix POST check and reset sequence (bsc#1038458). - scsi: be2iscsi: Fix queue and connection parameters (bsc#1038458). - scsi: be2iscsi: Fix release of DHCP IP in static mode (bsc#1038458). - scsi: be2iscsi: Fix to add timer for UE detection (bsc#1038458). - scsi: be2iscsi: Fix to make boot discovery non-blocking (bsc#1038458). - scsi: be2iscsi: Fix to use correct configuration values (bsc#1038458). - scsi: be2iscsi: Handle only NET_PARAM in iface_get_param (bsc#1038458). - scsi: be2iscsi: Move functions to right files (bsc#1038458). - scsi: be2iscsi: Move VLAN code to common iface_set_param (bsc#1038458). - scsi: be2iscsi: Reduce driver load/unload time (bsc#1038458). - scsi: be2iscsi: Remove alloc_mcc_tag & beiscsi_pci_soft_reset (bsc#1038458). - scsi: be2iscsi: Remove isr_lock and dead code (bsc#1038458). - scsi: be2iscsi: Rename iface get/set/create/destroy APIs (bsc#1038458). - scsi: be2iscsi: Replace _bh version for mcc_lock spinlock (bsc#1038458). - scsi: be2iscsi: Set and return right iface v4/v6 states (bsc#1038458). - scsi: be2iscsi: Update copyright information (bsc#1038458). - scsi: be2iscsi: Update iface handle before any set param (bsc#1038458). - scsi: be2iscsi: Update the driver version (bsc#1038458). - scsi: cxgb4i: libcxgbi: add missing module_put() (bsc#1018885). - scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature (bsc#1021424). - scsi: cxlflash: Remove the device cleanly in the system shutdown path (bsc#1028310, fate#321597, bsc#1034762). cherry-pick from SP3 - scsi_dh_alua: do not call BUG_ON when updating port group (bsc#1028340). - scsi_dh_alua: Do not retry for unmapped device (bsc#1012910). - scsi_error: count medium access timeout only once per EH run (bsc#993832, bsc#1032345). - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck (bsc#1035920). - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (bsc#1034419). - scsi: ipr: Driver version 2.6.4 (bsc#1031555). - scsi: ipr: Error path locking fixes (bsc#1031555). - scsi: ipr: Fix abort path race condition (bsc#1031555). - scsi: ipr: Fix missed EH wakeup (bsc#1031555). - scsi: ipr: Fix SATA EH hang (bsc#1031555). - scsi: ipr: Remove redundant initialization (bsc#1031555). - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m (4.4.68 stable queue). - scsi: scsi_dh_alua: Check scsi_device_get() return value (bsc#1040125). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (4.4.68 stable queue). - scsi_transport_fc: do not call queue_work under lock (bsc#1013887). - scsi_transport_fc: fixup race condition in fc_rport_final_delete() (bsc#1013887). - scsi_transport_fc: return -EBUSY for deleted vport (bsc#1013887). - sctp: check af before verify address in sctp_addr_id2transport (git-fixes). - serial: 8250_omap: Fix probe and remove for PM runtime (4.4.68 stable queue). - smartpqi: limit transfer length to 1MB (bsc#1025461). - staging: emxx_udc: remove incorrect __init annotations (4.4.68 stable queue). - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data() (bsc#1031717). - staging: wlan-ng: add missing byte order conversion (4.4.68 stable queue). - sunrpc: Allow xprt->ops->timer method to sleep (git-fixes). - sunrpc: ensure correct error is reported by xs_tcp_setup_socket() (git-fixes). - sunrpc: fix UDP memory accounting (git-fixes). - sunrpc: Silence WARN_ON when NFSv4.1 over RDMA is in use (git-fixes). - supported.conf: added drivers/net/ethernet/chelsio/libcxgb/libcxgb - supported.conf: Bugzilla and FATE references for dcdbas and dell_rbu - sysfs: be careful of error returns from ops->show() (bsc#1028883). - tcp: account for ts offset only if tsecr not zero (bsc#1042286). - tcp: do not inherit fastopen_req from parent (4.4.68 stable queue). - tcp: do not underestimate skb->truesize in tcp_trim_head() (4.4.68 stable queue). - tcp: fastopen: accept data/FIN present in SYNACK message (bsc#1042286). - tcp: fastopen: avoid negative sk_forward_alloc (bsc#1042286). - tcp: fastopen: call tcp_fin() if FIN present in SYNACK (bsc#1042286). - tcp: fastopen: fix rcv_wup initialization for TFO server on SYN/data (bsc#1042286). - tcp: fix wraparound issue in tcp_lp (4.4.68 stable queue). - Temporarily disable iwlwifi-expose-default-fallback-ucode-api ... for updating iwlwifi stack - thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974). - thp: reduce indentation level in change_huge_pmd() (bnc#1027974). - tpm: Downgrade error level (bsc#1042535). - tpm: fix checks for policy digest existence in tpm2_seal_trusted() (bsc#1034048, Pending fixes 2017-04-10). - tpm: fix RC value check in tpm2_seal_trusted (bsc#1034048, Pending fixes 2017-04-10). - tpm: fix: set continueSession attribute for the unseal operation (bsc#1034048, Pending fixes 2017-04-10). - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985). - tty: Destroy ldisc instance on hangup (bnc#1043488). - tty: Fix ldisc crash on reopened tty (bnc#1043488). - tty: Handle NULL tty->ldisc (bnc#1043488). - tty: Move tty_ldisc_kill() (bnc#1043488). - tty: Prepare for destroying line discipline on hangup (bnc#1043488). - tty: Refactor tty_ldisc_reinit() for reuse (bnc#1043488). - tty: Reset c_line from driver's init_termios (bnc#1043488). - tty: Simplify tty_set_ldisc() exit handling (bnc#1043488). - tty: Use 'disc' for line discipline index name (bnc#1043488). - udp: avoid ufo handling on IP payload compression packets (bsc#1042286). - udplite: call proper backlog handlers (bsc#1042286). - Update config files: add CONFIG_IWLWIFI_PCIE_RTPM=y (FATE#323335) - Update patches.fixes/x86-pci-mark-broadwell-ep-home-agent-1-as-having-non-compliant-bars (bsc#1039214). Fix the wrong bsc number. - Update patches.fixes/xen-silence-efi-error-messge.patch (bnc#1039900). - Update ppc64le config files to use KGRAFT. - usb: chipidea: Handle extcon events properly (4.4.68 stable queue). - usb: chipidea: Only read/write OTGSC from one place (4.4.68 stable queue). - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths (4.4.68 stable queue). - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths (4.4.68 stable queue). - usb: musb: ux500: Fix NULL pointer dereference at system PM (bsc#1038033). - usb: serial: ark3116: fix open error handling (bnc#1038043). - usb: serial: ch341: add register and USB request definitions (bnc#1038043). - usb: serial: ch341: add support for parity, frame length, stop bits (bnc#1038043). - usb: serial: ch341: fix baud rate and line-control handling (bnc#1038043). - usb: serial: ch341: fix line settings after reset-resume (bnc#1038043). - usb: serial: ch341: fix modem-status handling (bnc#1038043). - usb: serial: ch341: reinitialize chip on reconfiguration (bnc#1038043). - usb: serial: digi_acceleport: fix incomplete rx sanity check (4.4.68 stable queue). - usb: serial: fix compare_const_fl.cocci warnings (bnc#1038043). - usb: serial: ftdi_sio: fix latency-timer error handling (4.4.68 stable queue). - usb: serial: io_edgeport: fix descriptor error handling (4.4.68 stable queue). - usb: serial: io_edgeport: fix epic-descriptor handling (bnc#1038043). - usb: serial: keyspan_pda: fix receive sanity checks (4.4.68 stable queue). - usb: serial: mct_u232: fix modem-status error handling (4.4.68 stable queue). - usb: serial: quatech2: fix control-message error handling (bnc#1038043). - usb: serial: sierra: fix bogus alternate-setting assumption (bnc#1038043). - usb: serial: ssu100: fix control-message error handling (bnc#1038043). - usb: serial: ti_usb_3410_5052: fix control-message error handling (4.4.68 stable queue). - Use make --output-sync feature when available (bsc#1012422). The mesages in make output can interleave making it impossible to extract warnings reliably. Since version 4 GNU Make supports --output-sync flag that prints output of each sub-command atomically preventing this issue. Detect the flag and use it if available. - Use up spare in struct module for livepatch (FATE#322421). - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065). - vrf: remove slave queue and private slave struct (bsc#1042286). - vsock: Detach QP check should filter out non matching QPs (bsc#1036752). - x86/CPU/AMD: Fix Zen SMT topology (bsc#1027512). - x86/ioapic: Restore IO-APIC irq_chip retrigger callback (4.4.68 stable queue). - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 (4.4.68 stable queue). - x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs (bsc#9048891). - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device (4.4.68 stable queue). - x86/platform/uv/BAU: Add generic function pointers (bsc#1035024). - x86/platform/uv/BAU: Add payload descriptor qualifier (bsc#1035024). - x86/platform/uv/BAU: Add status mmr location fields to bau_control (bsc#1035024). - x86/platform/uv/BAU: Add UV4-specific functions (bsc#1035024). - x86/platform/uv/BAU: Add uv_bau_version enumerated constants (bsc#1035024). - x86/platform/uv/BAU: Add wait_completion to bau_operations (bsc#1035024). - x86/platform/uv/BAU: Clean up and update printks (bsc#1035024). - x86/platform/uv/BAU: Cleanup bau_operations declaration and instances (bsc#1035024). - x86/platform/uv/BAU: Clean up pq_init() (bsc#1035024). - x86/platform/uv/BAU: Clean up vertical alignment (bsc#1035024). - x86/platform/uv/BAU: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (bsc#1035024). - x86/platform/uv/BAU: Disable software timeout on UV4 hardware (bsc#1035024). - x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register (bsc#1035024). - x86/platform/uv/BAU: Fix payload queue setup on UV4 hardware (bsc#1035024). - x86/platform/uv/BAU: Implement uv4_wait_completion with read_status (bsc#1035024). - x86/platform/uv/BAU: Populate ->uvhub_version with UV4 version information (bsc#1035024). - x86/platform/uv/BAU: Use generic function pointers (bsc#1035024). - x86/platform/uv: Fix calculation of Global Physical Address (bsc#1031147). - xen: add sysfs node for guest type (bnc#1037840). - xen: adjust early dom0 p2m handling to xen hypervisor behavior (bnc#1031470). - xen-blkback: do not leak stack data via response ring (bsc#1042863 XSA-216). - xen/mce: do not issue error message for failed /dev/mcelog registration (bnc#1036638). - xfrm: Fix memory leak of aead algorithm name (bsc#1042286). - xfrm: Only add l3mdev oif to dst lookups (bsc#1042286). - xfs: add missing include dependencies to xfs_dir2.h (bsc#1042421). - xfs: do not assert fail on non-async buffers on ioacct decrement (bsc#1041160). - xfs: do not warn on buffers not being recovered due to LSN (bsc#1043598). - xfs: fix eofblocks race with file extending async dio writes (bsc#1040929). - xfs: Fix missed holes in SEEK_HOLE implementation (bsc#1041168). - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() (bsc#1041168). - xfs: fix xfs_mode_to_ftype() prototype (bsc#1043598). - xfs: in _attrlist_by_handle, copy the cursor back to userspace (bsc#1041242). - xfs: log recovery tracepoints to track current lsn and buffer submission (bsc#1043598). - xfs: Make __xfs_xattr_put_listen preperly report errors (bsc#1041242). - xfs: only return -errno or success from attr ->put_listent (bsc#1041242). - xfs: pass current lsn to log recovery buffer validation (bsc#1043598). - xfs: refactor log record unpack and data processing (bsc#1043598). - xfs: replace xfs_mode_to_ftype table with switch statement (bsc#1042421). - xfs: rework log recovery to submit buffers on LSN boundaries (bsc#1043598). - xfs: rework the inline directory verifiers (bsc#1042421). - xfs: sanity check directory inode di_size (bsc#1042421). - xfs: sanity check inode di_mode (bsc#1042421). - xfs: Split default quota limits by quota type (bsc#1049421). - xfs: update metadata LSN in buffers during log recovery (bsc#1043598). - xfs: use ->b_state to fix buffer I/O accounting release race (bsc#1041160). - xfs: verify inline directory data forks (bsc#1042421). - zswap: do not param_set_charp while holding spinlock (VM Functionality, bsc#1042886). Important SUSE bug 1003581 SUSE bug 1004003 SUSE bug 1011044 SUSE bug 1012060 SUSE bug 1012382 SUSE bug 1012422 SUSE bug 1012452 SUSE bug 1012829 SUSE bug 1012910 SUSE bug 1012985 SUSE bug 1013561 SUSE bug 1013887 SUSE bug 1015342 SUSE bug 1015452 SUSE bug 1017461 SUSE bug 1018885 SUSE bug 1020412 SUSE bug 1021424 SUSE bug 1022266 SUSE bug 1022595 SUSE bug 1023287 SUSE bug 1025461 SUSE bug 1026570 SUSE bug 1027101 SUSE bug 1027512 SUSE bug 1027974 SUSE bug 1028217 SUSE bug 1028310 SUSE bug 1028340 SUSE bug 1028883 SUSE bug 1029607 SUSE bug 1030057 SUSE bug 1030070 SUSE bug 1031040 SUSE bug 1031142 SUSE bug 1031147 SUSE bug 1031470 SUSE bug 1031500 SUSE bug 1031512 SUSE bug 1031555 SUSE bug 1031717 SUSE bug 1031796 SUSE bug 1032141 SUSE bug 1032339 SUSE bug 1032345 SUSE bug 1032400 SUSE bug 1032581 SUSE bug 1032803 SUSE bug 1033117 SUSE bug 1033281 SUSE bug 1033336 SUSE bug 1033340 SUSE bug 1033885 SUSE bug 1034048 SUSE bug 1034419 SUSE bug 1034635 SUSE bug 1034670 SUSE bug 1034671 SUSE bug 1034762 SUSE bug 1034902 SUSE bug 1034995 SUSE bug 1035024 SUSE bug 1035866 SUSE bug 1035887 SUSE bug 1035920 SUSE bug 1035922 SUSE bug 1036214 SUSE bug 1036638 SUSE bug 1036752 SUSE bug 1036763 SUSE bug 1037177 SUSE bug 1037186 SUSE bug 1037384 SUSE bug 1037483 SUSE bug 1037669 SUSE bug 1037840 SUSE bug 1037871 SUSE bug 1037969 SUSE bug 1038033 SUSE bug 1038043 SUSE bug 1038085 SUSE bug 1038142 SUSE bug 1038143 SUSE bug 1038297 SUSE bug 1038458 SUSE bug 1038544 SUSE bug 1038842 SUSE bug 1038843 SUSE bug 1038846 SUSE bug 1038847 SUSE bug 1038848 SUSE bug 1038879 SUSE bug 1038981 SUSE bug 1038982 SUSE bug 1039214 SUSE bug 1039348 SUSE bug 1039354 SUSE bug 1039700 SUSE bug 1039864 SUSE bug 1039882 SUSE bug 1039883 SUSE bug 1039885 SUSE bug 1039900 SUSE bug 1040069 SUSE bug 1040125 SUSE bug 1040182 SUSE bug 1040279 SUSE bug 1040351 SUSE bug 1040364 SUSE bug 1040395 SUSE bug 1040425 SUSE bug 1040463 SUSE bug 1040567 SUSE bug 1040609 SUSE bug 1040855 SUSE bug 1040929 SUSE bug 1040941 SUSE bug 1041087 SUSE bug 1041160 SUSE bug 1041168 SUSE bug 1041242 SUSE bug 1041431 SUSE bug 1041810 SUSE bug 1042286 SUSE bug 1042356 SUSE bug 1042421 SUSE bug 1042517 SUSE bug 1042535 SUSE bug 1042536 SUSE bug 1042863 SUSE bug 1042886 SUSE bug 1043014 SUSE bug 1043231 SUSE bug 1043236 SUSE bug 1043347 SUSE bug 1043371 SUSE bug 1043467 SUSE bug 1043488 SUSE bug 1043598 SUSE bug 1043912 SUSE bug 1043935 SUSE bug 1043990 SUSE bug 1044015 SUSE bug 1044082 SUSE bug 1044120 SUSE bug 1044125 SUSE bug 1044532 SUSE bug 1044767 SUSE bug 1044772 SUSE bug 1044854 SUSE bug 1044880 SUSE bug 1044912 SUSE bug 1045154 SUSE bug 1045235 SUSE bug 1045286 SUSE bug 1045307 SUSE bug 1045467 SUSE bug 1045568 SUSE bug 1046105 SUSE bug 1046434 SUSE bug 1046589 SUSE bug 799133 SUSE bug 863764 SUSE bug 922871 SUSE bug 939801 SUSE bug 966170 SUSE bug 966172 SUSE bug 966191 SUSE bug 966321 SUSE bug 966339 SUSE bug 971975 SUSE bug 988065 SUSE bug 989311 SUSE bug 990058 SUSE bug 990682 SUSE bug 993832 SUSE bug 995542 CVE-2017-1000365 CVE-2017-1000380 CVE-2017-7346 CVE-2017-7487 CVE-2017-7616 CVE-2017-7618 CVE-2017-8890 CVE-2017-8924 CVE-2017-8925 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9150 CVE-2017-9242 cpe:/o:suse:sles:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2 This update for xorg-x11-server provides the following fixes: - CVE-2017-10971: Fix endianess handling of GenericEvent to prevent a stack overflow by clients. (bnc#1035283) - Make sure the type of all events to be sent by ProcXSendExtensionEvent are in the allowed range. - CVE-2017-10972: Initialize the xEvent eventT with zeros to avoid information leakage. Important SUSE bug 1035283 CVE-2017-10971 CVE-2017-10972 cpe:/o:suse:sles:12:sp2 Security update for libXdmcp (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046) Moderate SUSE bug 1025046 CVE-2017-2625 cpe:/o:suse:sles:12:sp2 Security update for evince (Important) SUSE Linux Enterprise Server 12 SP2 This update for evince fixes the following issues: - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. (bsc#1046856, bgo#784630) Important SUSE bug 1046856 CVE-2017-1000083 cpe:/o:suse:sles:12:sp2 Security update for systemd, dracut (Important) SUSE Linux Enterprise Server 12 SP2 This update for systemd and dracut fixes the following issues: Security issues fixed: - CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server. (bsc#1045290) Non-security issues fixed in systemd: - Automounter issue in combination with NFS volumes (bsc#1040968) - Missing symbolic link for SAS device in /dev/disk/by-path (bsc#1040153) - Add minimal support for boot.d/* scripts in systemd-sysv-convert (bsc#1046750) Non-security issues fixed in dracut: - Bail out if module directory does not exist. (bsc#1043900) - Suppress bogus error message. (bsc#1032029) - Fix module force loading with systemd. (bsc#986216) - Ship udev files required by systemd. (bsc#1040153) - Ignore module resolution errors (e.g. with kgraft). (bsc#1037120) Important SUSE bug 1032029 SUSE bug 1033238 SUSE bug 1037120 SUSE bug 1040153 SUSE bug 1040968 SUSE bug 1043900 SUSE bug 1045290 SUSE bug 1046750 SUSE bug 986216 CVE-2017-9445 cpe:/o:suse:sles:12:sp2 Security update for jasper (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9262: Multiple integer overflows in the jas_realloc function in base/jas_malloc.c and mem_resize function in base/jas_stream.c allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. (bsc#1009994) - CVE-2016-9388: The ras_getcmap function in ras_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010975) - CVE-2016-9389: The jpc_irct and jpc_iict functions in jpc_mct.c allow remote attackers to cause a denial of service (assertion failure). (bsc#1010968) - CVE-2016-9390: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. (bsc#1010774) - CVE-2016-9391: The jpc_bitstream_getbits function in jpc_bs.c allows remote attackers to cause a denial of service (assertion failure) via a very large integer. (bsc#1010782) - CVE-2017-1000050: The jp2_encode function in jp2_enc.c allows remote attackers to cause a denial of service. (bsc#1047958) CVEs already fixed with previous update: - CVE-2016-9392: The calcstepsizes function in jpc_dec.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010757) - CVE-2016-9393: The jpc_pi_nextrpcl function in jpc_t2cod.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010766) - CVE-2016-9394: The jas_seq2d_create function in jas_seq.c allows remote attackers to cause a denial of service (assertion failure) via a crafted file. (bsc#1010756) Moderate SUSE bug 1009994 SUSE bug 1010756 SUSE bug 1010757 SUSE bug 1010766 SUSE bug 1010774 SUSE bug 1010782 SUSE bug 1010968 SUSE bug 1010975 SUSE bug 1047958 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2017-1000050 cpe:/o:suse:sles:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for apache2 fixes the following issues: Security issue fixed: - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest. (bsc#1048576) Bug fixes: - Include individual sysconfig.d files instead of the whole sysconfig.d directory. - Include sysconfig.d/include.conf after httpd.conf is processed. (bsc#1023616, bsc#1043055) Moderate SUSE bug 1023616 SUSE bug 1043055 SUSE bug 1048576 CVE-2017-9788 cpe:/o:suse:sles:12:sp2 Security update for libquicktime (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libquicktime fixes the following issues: Security issue fixed: - CVE-2016-2399: Adjust patch to prevent endless loop when there are less than 256 bytes to read. (bsc#1022805) Moderate SUSE bug 1022805 CVE-2016-2399 cpe:/o:suse:sles:12:sp2 Security update for libical (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. (bsc#986639) - CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function. (bsc#986631) - CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. (bsc#1015964) Bug fixes: - libical crashes while parsing timezones (bsc#1044995) Moderate SUSE bug 1015964 SUSE bug 1044995 SUSE bug 986631 SUSE bug 986639 CVE-2016-5824 CVE-2016-5827 CVE-2016-9584 cpe:/o:suse:sles:12:sp2 Security update for poppler (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for poppler fixes the following issues: Security issues fixed: - CVE-2017-9775: Fix a stack overflow bug in pdftocairo that could have been exploited in a denial of service attack through a specially crafted PDF document. (bsc#1045719) - CVE-2017-9776: Fix an integer overflow bug that could have been exploited in a denial of service attack through a specially crafted PDF document. (bsc#1045721) - CVE-2017-9408: Fix a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1042802) Moderate SUSE bug 1042802 SUSE bug 1045719 SUSE bug 1045721 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 cpe:/o:suse:sles:12:sp2 Security update for poppler (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for poppler fixes the following issues: Security issues fixed: - CVE-2017-9775: DoS stack buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719) - CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721) - CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088) - CVE-2017-7511: Null pointer dereference in pdfunite via crafted documents (bsc#1041783) - CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803) - CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802) Moderate SUSE bug 1041783 SUSE bug 1042802 SUSE bug 1042803 SUSE bug 1043088 SUSE bug 1045719 SUSE bug 1045721 CVE-2017-7511 CVE-2017-7515 CVE-2017-9406 CVE-2017-9408 CVE-2017-9775 CVE-2017-9776 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-0_10-plugins-base (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-0_10-plugins-base fixes the following issue: - CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669) Moderate SUSE bug 1013669 CVE-2016-9811 cpe:/o:suse:sles:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2 This MariaDB update to version 10.0.31 GA fixes the following issues: Security issues fixed: - CVE-2017-3308: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3309: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3453: Subcomponent: Server: Optimizer: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3456: Subcomponent: Server: DML: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) - CVE-2017-3464: Subcomponent: Server: DDL: Easily 'exploitable' vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). (bsc#1048715) Bug fixes: - switch from 'Restart=on-failure' to 'Restart=on-abort' in mysql.service in order to follow the upstream. It also fixes hanging mysql-systemd-helper when mariadb fails (e.g. because of the misconfiguration) (bsc#963041) - XtraDB updated to 5.6.36-82.0 - TokuDB updated to 5.6.36-82.0 - Innodb updated to 5.6.36 - Performance Schema updated to 5.6.36 Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10031-release-notes - https://kb.askmonty.org/en/mariadb-10031-changelog Important SUSE bug 1048715 SUSE bug 963041 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 cpe:/o:suse:sles:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2 This wireshark update to version 2.2.8 fixes the following issues: Security issues fixed: - CVE-2017-11411: The openSAFETY dissectorcould crash or exhaust system memory because of missing length validation. (bsc#1049621) - CVE-2017-11410: The WBXML dissector could go into an infinite loop. (bsc#1049255) - CVE-2017-11408: The AMQP dissector could crash. (bsc#1049255) - CVE-2017-11407: The MQ dissector could crash. (bsc#1049255) - CVE-2017-11406: The DOCSIS dissector could go into an infinite loop. (bsc#1049255) Moderate SUSE bug 1049255 SUSE bug 1049621 CVE-2017-11406 CVE-2017-11407 CVE-2017-11408 CVE-2017-11410 CVE-2017-11411 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive the following security update: - CVE-2017-7533: Bug in inotify code allowed privilege escalation (bnc#1049483). Important SUSE bug 1049483 CVE-2017-7533 cpe:/o:suse:sles:12:sp2 Security update for libzypp, zypper (Important) SUSE Linux Enterprise Server 12 SP2 The Software Update Stack was updated to receive fixes and enhancements. libzypp: Security issues fixed: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984) Bug fixes: - Re-probe on refresh if the repository type changes. (bsc#1048315) - Propagate proper error code to DownloadProgressReport. (bsc#1047785) - Allow to trigger an appdata refresh unconditionally. (bsc#1009745) - Support custom repo variables defined in /etc/zypp/vars.d. - Adapt loop mounting of ISO images. (bsc#1038132, bsc#1033236) - Fix potential crash if repository has no baseurl. (bsc#1043218) zypper: - Adapt download callback to report and handle unsigned packages. (bsc#1038984) - Report missing/optional files as 'not found' rather than 'error'. (bsc#1047785) - Document support for custom repository variables defined in /etc/zypp/vars.d. - Emphasize that it depends on how fast PackageKit will respond to a 'quit' request sent if PK blocks package management. Important SUSE bug 1009745 SUSE bug 1031756 SUSE bug 1033236 SUSE bug 1038132 SUSE bug 1038984 SUSE bug 1043218 SUSE bug 1045735 SUSE bug 1047785 SUSE bug 1048315 CVE-2017-7435 CVE-2017-7436 CVE-2017-9269 cpe:/o:suse:sles:12:sp2 Security update for ncurses (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964) - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965) - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344) Moderate SUSE bug 1046853 SUSE bug 1046858 SUSE bug 1047964 SUSE bug 1047965 SUSE bug 1049344 CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 cpe:/o:suse:sles:12:sp2 Security update for librsvg (Low) SUSE Linux Enterprise Server 12 SP2 This update librsvg to version 2.40.18 fixes the following issues: Security issue fixed: - CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c. (bsc#1049607) Low SUSE bug 1049607 CVE-2017-11464 cpe:/o:suse:sles:12:sp2 Security update for libsoup (Important) SUSE Linux Enterprise Server 12 SP2 This update for libsoup fixes the following issues: - A bug in the HTTP Chunked Encoding code has been fixed that could have been exploited by attackers to cause a stack-based buffer overflow in client or server code running libsoup (bsc#1052916, CVE-2017-2885). Important SUSE bug 1052916 CVE-2017-2885 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000111: fix race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: fix race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). The following non-security bugs were fixed: - powerpc/numa: fix regression that could cause kernel panics during installation (bsc#1048914). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). Important SUSE bug 1038078 SUSE bug 1043652 SUSE bug 1048914 SUSE bug 1052311 SUSE bug 1052365 CVE-2017-1000111 CVE-2017-1000112 cpe:/o:suse:sles:12:sp2 Security update for strongswan (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for strongswan fixes the following issues: CVE-2017-11185: Specific RSA signatures passed to the gmp plugin for verification can cause a null-pointer dereference and it may lead to a denial of service (bsc#1051222) Moderate SUSE bug 1051222 CVE-2017-11185 cpe:/o:suse:sles:12:sp2 Security update for openjpeg2 (Important) SUSE Linux Enterprise Server 12 SP2 This update for openjpeg2 fixes the following issues: - CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857). - CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907). Important SUSE bug 979907 SUSE bug 997857 CVE-2015-8871 CVE-2016-7163 cpe:/o:suse:sles:12:sp2 Security update for libxml2 (Low) SUSE Linux Enterprise Server 12 SP2 This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-8872: Out-of-bounds read in htmlParseTryOrFinish. (bsc#1038444) Low SUSE bug 1038444 CVE-2017-8872 cpe:/o:suse:sles:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644) - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643) Moderate SUSE bug 1051643 SUSE bug 1051644 CVE-2017-1000100 CVE-2017-1000101 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0) fixes the following issues: Security issues fixed: - CVE-2017-10053: Improved image post-processing steps (bsc#1049305) - CVE-2017-10067: Additional jar validation steps (bsc#1049306) - CVE-2017-10074: Image conversion improvements (bsc#1049307) - CVE-2017-10078: Better script accessibility for JavaScript (bsc#1049308) - CVE-2017-10081: Right parenthesis issue (bsc#1049309) - CVE-2017-10086: Unspecified vulnerability in subcomponent JavaFX (bsc#1049310) - CVE-2017-10087: Better Thread Pool execution (bsc#1049311) - CVE-2017-10089: Service Registration Lifecycle (bsc#1049312) - CVE-2017-10090: Better handling of channel groups (bsc#1049313) - CVE-2017-10096: Transform Transformer Exceptions (bsc#1049314) - CVE-2017-10101: Better reading of text catalogs (bsc#1049315) - CVE-2017-10102: Improved garbage collection (bsc#1049316) - CVE-2017-10105: Unspecified vulnerability in subcomponent deployment (bsc#1049317) - CVE-2017-10107: Less Active Activations (bsc#1049318) - CVE-2017-10108: Better naming attribution (bsc#1049319) - CVE-2017-10109: Better sourcing of code (bsc#1049320) - CVE-2017-10110: Better image fetching (bsc#1049321) - CVE-2017-10111: Rearrange MethodHandle arrangements (bsc#1049322) - CVE-2017-10114: Unspecified vulnerability in subcomponent JavaFX (bsc#1049323) - CVE-2017-10115: Higher quality DSA operations (bsc#1049324) - CVE-2017-10116: Proper directory lookup processing (bsc#1049325) - CVE-2017-10118: Higher quality ECDSA operations (bsc#1049326) - CVE-2017-10125: Unspecified vulnerability in subcomponent deployment (bsc#1049327) - CVE-2017-10135: Better handling of PKCS8 material (bsc#1049328) - CVE-2017-10176: Additional elliptic curve support (bsc#1049329) - CVE-2017-10193: Improve algorithm constraints implementation (bsc#1049330) - CVE-2017-10198: Clear certificate chain connections (bsc#1049331) - CVE-2017-10243: Unspecified vulnerability in subcomponent JAX-WS (bsc#1049332) Bug fixes: - Check registry registration location - Improved certificate processing - JMX diagnostic improvements - Update to libpng 1.6.28 - Import of OpenJDK 8 u141 build 15 (bsc#1049302) New features: - Support using RSAandMGF1 with the SHA hash algorithms in the PKCS11 provider Important SUSE bug 1049302 SUSE bug 1049305 SUSE bug 1049306 SUSE bug 1049307 SUSE bug 1049308 SUSE bug 1049309 SUSE bug 1049310 SUSE bug 1049311 SUSE bug 1049312 SUSE bug 1049313 SUSE bug 1049314 SUSE bug 1049315 SUSE bug 1049316 SUSE bug 1049317 SUSE bug 1049318 SUSE bug 1049319 SUSE bug 1049320 SUSE bug 1049321 SUSE bug 1049322 SUSE bug 1049323 SUSE bug 1049324 SUSE bug 1049325 SUSE bug 1049326 SUSE bug 1049327 SUSE bug 1049328 SUSE bug 1049329 SUSE bug 1049330 SUSE bug 1049331 SUSE bug 1049332 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 cpe:/o:suse:sles:12:sp2 Security update for libplist (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libplist fixes the following issues: Security issues fixed: - CVE-2017-6439: Heap-based buffer overflow in the parse_string_node function. (bsc#1029638) - CVE-2017-6438: Heap-based buffer overflow in the parse_unicode_node function. (bsc#1029706) - CVE-2017-6437: The base64encode function in base64.c allows local users to cause denial of service (out-of-bounds read) via a crafted plist file. (bsc#1029707) - CVE-2017-6436: Integer overflow in parse_string_node. (bsc#1029751) - CVE-2017-6435: Crafted plist file could lead to Heap-buffer overflow. (bsc#1029639) Moderate SUSE bug 1029638 SUSE bug 1029639 SUSE bug 1029706 SUSE bug 1029707 SUSE bug 1029751 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-9439: A memory leak was found in the function ReadPDBImage incoders/pdb.c (bsc#1042826) - CVE-2017-9440: A memory leak was found in the function ReadPSDChannelin coders/psd.c (bsc#1042812) - CVE-2017-9501: An assertion failure could cause a denial of service via a crafted file (bsc#1043289) - CVE-2017-11403: ReadMNGImage function in coders/png.c has an out-of-order CloseBlob call, resulting in a use-after-free via acrafted file (bsc#1049072) Important SUSE bug 1042812 SUSE bug 1042826 SUSE bug 1043289 SUSE bug 1049072 CVE-2017-11403 CVE-2017-9439 CVE-2017-9440 CVE-2017-9501 cpe:/o:suse:sles:12:sp2 Security update for gnome-shell (Low) SUSE Linux Enterprise Server 12 SP2 This update for gnome-shell provides the following fixes: - Fix not intuitive login screen for root user (bsc#1047262) - Disable session selection button when it's hidden in user switch dialog (bsc#1034584, bsc#1034827) - Fix app windows overlay app list in overview screen (bsc#1008539) - Properly handle failures when loading extensions (bsc#1036494, CVE-2017-8288) Low SUSE bug 1008539 SUSE bug 1034584 SUSE bug 1034827 SUSE bug 1036494 SUSE bug 1047262 CVE-2017-8288 cpe:/o:suse:sles:12:sp2 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for freeradius fixes the following issues: Security issues fixed: - CVE-2017-10988: Decode 'signed' attributes correctly. (bnc#1049086) - CVE-2017-10987: Check for option overflowing the packet. (bnc#1049086) - CVE-2017-10985: Fix infinite loop and memory exhaustion with 'concat' attributes. (bnc#1049086) - CVE-2017-10984: Fix write overflow in data2vp_wimax(). (bnc#1049086) - CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086) - CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086) Moderate SUSE bug 1049086 CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10987 CVE-2017-10988 cpe:/o:suse:sles:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openssh fixes several issues. These security issues were fixed: - CVE-2016-8858: The kex_input_kexinit function in kex.c allowed remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests (bsc#1005480). - CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) did not ensure that a bounds check is enforced by all compilers, which might allowed local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures (bsc#1016370). - CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c allowed remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket (bsc#1016366). - CVE-2016-10010: When forwarding unix domain sockets with privilege separation disabled, the resulting sockets have be created as 'root' instead of the authenticated user. Forwarding unix domain sockets without privilege separation enabled is now rejected. - CVE-2016-10011: authfile.c in sshd did not properly consider the effects of realloc on buffer contents, which might allowed local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process (bsc#1016369). These non-security issues were fixed: - Adjusted suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - Properly verify CIDR masks in configuration (bsc#1005893) Moderate SUSE bug 1005480 SUSE bug 1005893 SUSE bug 1006221 SUSE bug 1016366 SUSE bug 1016368 SUSE bug 1016369 SUSE bug 1016370 CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 CVE-2016-8858 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-ibm fixes the following issues: - Version update to 8.0-4.10 [bsc#1053431] CVE-2017-10111, CVE-2017-10110, CVE-2017-10107, CVE-2017-10101, CVE-2017-10096, CVE-2017-10090, CVE-2017-10089, CVE-2017-10087, CVE-2017-10102, CVE-2017-10116, CVE-2017-10074, CVE-2017-10078, CVE-2017-10115, CVE-2017-10067, CVE-2017-10125, CVE-2017-10243, CVE-2017-10109, CVE-2017-10108, CVE-2017-10053, CVE-2017-10105, CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_July_18_2017_CPU Important SUSE bug 1053431 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.10 [bsc#1053431] * CVE-2017-10111 CVE-2017-10110 CVE-2017-10107 CVE-2017-10101 CVE-2017-10096 CVE-2017-10090 CVE-2017-10089 CVE-2017-10087 CVE-2017-10102 CVE-2017-10116 CVE-2017-10074 CVE-2017-10115 CVE-2017-10067 CVE-2017-10125 CVE-2017-10243 CVE-2017-10109 CVE-2017-10108 CVE-2017-10053 CVE-2017-10105 CVE-2017-10081: Multiple unspecified vulnerabilities in multiple Java components could lead to code execution or sandbox escape More information can be found here: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#Oracle_July_18_2017_CPU Important SUSE bug 1053431 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10125 CVE-2017-10243 cpe:/o:suse:sles:12:sp2 Security update for quagga (Important) SUSE Linux Enterprise Server 12 SP2 This update provides Quagga 1.1.1, which brings several fixes and enhancements. Security issues fixed: - CVE-2017-5495: Telnet 'vty' interface DoS due to unbounded memory allocation. (bsc#1021669) - CVE-2016-1245: Stack overrun in IPv6 RA receive code. (bsc#1005258) Bug fixes: - Do not enable zebra's TCP interface (port 2600) to use default UNIX socket for communication between the daemons. (fate#323170) Between 0.99.22.1 and 1.1.1 the following improvements have been implemented: - Changed the default of 'link-detect' state, controlling whether zebra will respond to link-state events and consider an interface to be down when link is down. To retain the current behavior save your config before updating, otherwise remove the 'link-detect' flag from your config prior to updating. There is also a new global 'default link-detect (on|off)' flag to configure the global default. - Greatly improved nexthop resolution for recursive routes. - Event driven nexthop resolution for BGP. - Route tags support. - Transport of TE related metrics over OSPF, IS-IS. - IPv6 Multipath for zebra and BGP. - Multicast RIB support has been extended. It still is IPv4 only. - RIP for IPv4 now supports equal-cost multipath (ECMP). - route-maps have a new action 'set ipv6 next-hop peer-address'. - route-maps have a new action 'set as-path prepend last-as'. - 'next-hop-self all' to override nexthop on iBGP route reflector setups. - New pimd daemon provides IPv4 PIM-SSM multicast routing. - IPv6 address management has been improved regarding tentative addresses. This is visible in that a freshly configured address will not immediately be marked as usable. - Recursive route support has been overhauled. Scripts parsing 'show ip route' output may need adaptation. - A large amount of changes has been merged for ospf6d. Careful evaluation prior to deployment is recommended. - Multiprotocol peerings over IPv6 now try to find a more appropriate IPv4 nexthop by looking at the interface. - Relaxed bestpath criteria for multipath and improved display of multipath routes in 'show ip bgp'. Scripts parsing this output may need to be updated. - Support for iBGP TTL security. Important SUSE bug 1005258 SUSE bug 1021669 SUSE bug 1034273 CVE-2016-1245 CVE-2017-5495 cpe:/o:suse:sles:12:sp2 Security update for expat (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for expat fixes the following issues: - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse leading to unexpected behaviour (bsc#1047240) - CVE-2017-9233: External Entity Vulnerability could lead to denial of service (bsc#1047236) Moderate SUSE bug 1047236 SUSE bug 1047240 CVE-2016-9063 CVE-2017-9233 cpe:/o:suse:sles:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2 This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed (bsc#1052481) Important SUSE bug 1052481 CVE-2017-1000117 cpe:/o:suse:sles:12:sp2 Security update for icu (Moderate) SUSE Linux Enterprise Server 12 SP2 icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). Moderate SUSE bug 929629 CVE-2014-8146 CVE-2014-8147 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen to version 4.7.3 fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information (XSA-226, bsc#1051787). - CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for privilege escalation (XSA-227, bsc#1051788). - CVE-2017-12136: Race conditions with maptrack free list handling allows a malicious guest administrator to crash the host or escalate their privilege to that of the host (XSA-228, bsc#1051789). - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049578). - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046637). - CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to potentially leaking sensitive information (XSA-230 CVE-2017-12855). These non-security issues were fixed: - bsc#1055695: XEN: 11SP4 and 12SP3 HVM guests can not be restored after the save using xl stack - bsc#1035231: Migration of HVM domU did not use superpages on destination dom0 - bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd - bsc#1037840: Xen-detect always showed HVM for PV guests Important SUSE bug 1002573 SUSE bug 1026236 SUSE bug 1035231 SUSE bug 1037840 SUSE bug 1046637 SUSE bug 1049578 SUSE bug 1051787 SUSE bug 1051788 SUSE bug 1051789 SUSE bug 1052686 SUSE bug 1055695 CVE-2016-9603 CVE-2017-10664 CVE-2017-11434 CVE-2017-12135 CVE-2017-12136 CVE-2017-12137 CVE-2017-12855 cpe:/o:suse:sles:12:sp2 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 12 SP2 This update for postgresql94 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 cpe:/o:suse:sles:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2 This update for postgresql96 fixes the following issues: * CVE-2017-7547: Further restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1051685) * CVE-2017-7546: Disallow empty passwords in all password-based authentication methods. (bsc#1051684) * CVE-2017-7548: lo_put() function ignores ACLs. (bsc#1053259) The changelog for this release is here: https://www.postgresql.org/docs/9.6/static/release-9-6-4.html Important SUSE bug 1051684 SUSE bug 1051685 SUSE bug 1053259 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 cpe:/o:suse:sles:12:sp2 Security update for gdk-pixbuf (Important) SUSE Linux Enterprise Server 12 SP2 This update for gdk-pixbuf fixes the following issues: - CVE-2017-2862: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (bsc#1048289) - CVE-2017-2870: tiff_image_parse Code Execution Vulnerability (bsc#1048544) - CVE-2017-6313: A dangerous integer underflow in io-icns.c (bsc#1027024) - CVE-2017-6314: Infinite loop in io-tiff.c (bsc#1027025) - CVE-2017-6312: Out-of-bounds read on io-ico.c (bsc#1027026) Important SUSE bug 1027024 SUSE bug 1027025 SUSE bug 1027026 SUSE bug 1048289 SUSE bug 1048544 SUSE bug 1049877 CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 cpe:/o:suse:sles:12:sp2 Security update for evince (Important) SUSE Linux Enterprise Server 12 SP2 This update for evince fixes the following issue: - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code (bsc#1046856). Important SUSE bug 1046856 CVE-2017-1000083 cpe:/o:suse:sles:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2 This update for systemd fixes the following issues: This security issue was fixed: - CVE-2016-10156: Fix permissions set on permanent timer timestamp files, preventing local unprivileged users from escalating privileges (bsc#1020601). These non-security issues were fixed: - Fix permission set on /var/lib/systemd/linger/* - install: follow config_path symlink (#3362) - install: fix disable when /etc/systemd/system is a symlink (bsc#1014560) - run: make --slice= work in conjunction with --scope (bsc#1014566) - core: don't dispatch load queue when setting Slice= for transient units - systemctl: remove duplicate entries showed by list-dependencies (#5049) (bsc#1012266) - rule: don't automatically online standby memory on s390x (bsc#997682) Important SUSE bug 1012266 SUSE bug 1014560 SUSE bug 1014566 SUSE bug 1020601 SUSE bug 997682 CVE-2016-10156 cpe:/o:suse:sles:12:sp2 Security update for cvs (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for cvs fixes the following issues: - CVE-2017-12836: A leading dash in the argument of the '-d' option could lead to argument injection (bsc#1053364) Moderate SUSE bug 1053364 CVE-2017-12836 cpe:/o:suse:sles:12:sp2 Security update for pcsc-lite (Moderate) SUSE Linux Enterprise Server 12 SP2 pcsc-lite was updated to fix one security issue. This security issue was fixed: - CVE-2016-10109: This use-after-free and double-free issue allowed local attacker to cause a Denial of Service and possible privilege escalation (bsc#1017902). Moderate SUSE bug 1017902 CVE-2016-10109 cpe:/o:suse:sles:12:sp2 Security update for dbus-1 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. - Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008) - Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952) - Add locking to DBusCounter's reference count and notify function (fdo#89297) - Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312) - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021) - Correctly initialize all fields of DBusTypeReader (fdo#90021) - Fix some missing \n in verbose (debug log) messages (fdo#90004) - Clean up some memory leaks in test code (fdo#90021) Moderate SUSE bug 1003898 SUSE bug 1018556 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for an internal array allowed attackers using crafted hypercalls to execute arbitrary code within Xen (XSA-231, bsc#1056278) - CVE-2017-14318: The function __gnttab_cache_flush missed a check for grant tables, allowing a malicious guest to crash the host or for x86 PV guests to potentially escalate privileges (XSA-232, bsc#1056280) - CVE-2017-14317: A race in cxenstored may have cause a double-free allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281). - CVE-2017-14319: An error while handling grant mappings allowed malicious or buggy x86 PV guest to escalate its privileges or crash the hypervisor (XSA-234, bsc#1056282). These non-security issues were fixed: - bsc#1055695: Fixed restoring updates for HVM guests for ballooned domUs Important SUSE bug 1027519 SUSE bug 1055695 SUSE bug 1056278 SUSE bug 1056280 SUSE bug 1056281 SUSE bug 1056282 CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive the following security fixes: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote denial-of-service vulnerability but no remote code execution due to use of CONFIG_CC_STACKPROTECTOR. [bnc#1057389] Important SUSE bug 1057389 CVE-2017-1000251 cpe:/o:suse:sles:12:sp2 Security update for gcc48 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. [bnc#1039513] Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdseed code generation issue [bsc#1050947] Bugs fixed: - Enable LFS support in 32bit libgcov.a. [bsc#1044016] - Bump libffi version in libffi.pc to 3.0.11. - Fix libffi issue for armv7l. [bsc#988274] - Properly diagnose missing -fsanitize=address support on ppc64le. [bnc#1028744] - Backport patch for PR65612. [bnc#1022062] - Fixed DR#1288. [bnc#1011348] Moderate SUSE bug 1011348 SUSE bug 1022062 SUSE bug 1028744 SUSE bug 1039513 SUSE bug 1044016 SUSE bug 1050947 SUSE bug 988274 CVE-2017-11671 cpe:/o:suse:sles:12:sp2 Security update for emacs (Important) SUSE Linux Enterprise Server 12 SP2 This update for emacs fixes one issues. This security issue was fixed: - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425) Important SUSE bug 1058425 CVE-2017-14482 cpe:/o:suse:sles:12:sp2 Security update for libzip (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libzip fixes one issues. This security issue was fixed: - CVE-2017-14107: The _zip_read_eocd64 function mishandled EOCD records, which allowed remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive (bsc#1056996). Moderate SUSE bug 1056996 CVE-2017-14107 cpe:/o:suse:sles:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for apache2 fixes the following security issue: - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058). Moderate SUSE bug 1058058 CVE-2017-9798 cpe:/o:suse:sles:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for wireshark to version 2.2.9 fixes several issues. These security issues were fixed: - CVE-2017-13767: The MSDP dissector could have gone into an infinite loop. This was addressed by adding length validation (bsc#1056248). - CVE-2017-13766: The Profinet I/O dissector could have crash with an out-of-bounds write. This was addressed by adding string validation (bsc#1056249). - CVE-2017-13765: The IrCOMM dissector had a buffer over-read and application crash. This was addressed by adding length validation (bsc#1056251). - CVE-2017-9766: PROFINET IO data with a high recursion depth allowed remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function (bsc#1045341). - CVE-2017-9617: Deeply nested DAAP data may have cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in the DAAP dissector (bsc#1044417). Moderate SUSE bug 1044417 SUSE bug 1045341 SUSE bug 1056248 SUSE bug 1056249 SUSE bug 1056251 CVE-2017-13765 CVE-2017-13766 CVE-2017-13767 CVE-2017-9617 CVE-2017-9766 cpe:/o:suse:sles:12:sp2 Security update for tiff (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tiff to version 4.0.8 fixes a several bugs and security issues: These security issues were fixed: - CVE-2017-7595: The JPEGSetupEncode function allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033127). - CVE-2016-10371: The TIFFWriteDirectoryTagCheckedRational function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file (bsc#1038438). - CVE-2017-7598: Error in tif_dirread.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image (bsc#1033118). - CVE-2017-7596: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033126). - CVE-2017-7597: Undefined behavior because of floats outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033120). - CVE-2017-7599: Undefined behavior because of shorts outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033113). - CVE-2017-7600: Undefined behavior because of chars outside their expected value range, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033112). - CVE-2017-7601: Because of a shift exponent too large for 64-bit type long undefined behavior was caused, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033111). - CVE-2017-7602: Prevent signed integer overflow, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033109). - CVE-2017-7592: The putagreytile function had a left-shift undefined behavior issue, which might allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033131). - CVE-2017-7593: Ensure that tif_rawdata is properly initialized, to prevent remote attackers to obtain sensitive information from process memory via a crafted image (bsc#1033129). - CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function allowed remote attackers to cause a denial of service (memory leak) via a crafted image (bsc#1033128). - CVE-2017-9403: Prevent memory leak in function TIFFReadDirEntryLong8Array, which allowed attackers to cause a denial of service via a crafted file (bsc#1042805). - CVE-2017-9404: Fixed memory leak vulnerability in function OJPEGReadHeaderInfoSecTablesQTable, which allowed attackers to cause a denial of service via a crafted file (bsc#1042804). These various other issues were fixed: - Fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer division by zero. Reported by Agostino Sarubbo. - fix heap-based buffer overflow on generation of PixarLog / LUV compressed files, with ColorMap, TransferFunction attached and nasty plays with bitspersample. The fix for LUV has not been tested, but suffers from the same kind of issue of PixarLog. - modify ChopUpSingleUncompressedStrip() to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on the total size of data. Which is faulty is the total size of data is not sufficient to fill the whole image, and thus results in reading outside of the StripByCounts/StripOffsets arrays when using TIFFReadScanline() - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues. - fix misleading indentation as warned by GCC. - revert change done on 2016-01-09 that made Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the binary. It happens that the Hylafax software uses the tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable), although they are not in a public libtiff header. - add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants of the functions without ext, with an extra argument to control the stop_on_error behaviour. - fix potential memory leaks in error code path of TIFFRGBAImageBegin(). - increase libjpeg max memory usable to 10 MB instead of libjpeg 1MB default. This helps when creating files with 'big' tile, without using libjpeg temporary files. - add _TIFFcalloc() - return 0 in Encode functions instead of -1 when TIFFFlushData1() fails. - only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling tag is not explicitly present. This helps a bit to reduce the I/O amount when the tag is present (especially on cloud hosted files). - in LZWPostEncode(), increase, if necessary, the code bit-width after flushing the remaining code and before emitting the EOI code. - fix memory leak in error code path of PixarLogSetupDecode(). - fix potential memory leak in OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable - avoid crash in Fax3Close() on empty file. - TIFFFillStrip(): add limitation to the number of bytes read in case td_stripbytecount[strip] is bigger than reasonable, so as to avoid excessive memory allocation. - fix memory leak when the underlying codec (ZIP, PixarLog) succeeds its setupdecode() method, but PredictorSetup fails. - TIFFFillStrip() and TIFFFillTile(): avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds and non-mapped cases. - TIFFFillStripPartial() / TIFFSeek(), avoid potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode. - avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds. - update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with tif_rawdataloaded when calling TIFFStartStrip() or TIFFFillStripPartial(). - avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes - avoid potential int32 overflows in multiply_ms() and add_ms(). - fix out-of-buffer read in PackBitsDecode() Fixes - LogL16InitState(): avoid excessive memory allocation when RowsPerStrip tag is missing. - update dec_bitsleft at beginning of LZWDecode(), and update tif_rawcc at end of LZWDecode(). This is needed to properly work with the latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. - PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc with avail_in at beginning and end of function, similarly to what is done in LZWDecode(). Likely needed so that it works properly with latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. - initYCbCrConversion(): add basic validation of luma and refBlackWhite coefficients (just check they are not NaN for now), to avoid potential float to int overflows. - _TIFFVSetField(): fix outside range cast of double to float. - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero - _TIFFVSetField(): fix outside range cast of double to float. - initYCbCrConversion(): check luma[1] is not zero to avoid division by zero. - initYCbCrConversion(): stricter validation for refBlackWhite coefficients values. - avoid uint32 underflow in cpDecodedStrips that can cause various issues, such as buffer overflows in the library. - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the output buffer is correctly incremented to avoid write outside bounds. - add 3 extra bytes at end of strip buffer in readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer. - fix integer division by zero when BitsPerSample is missing. - fix null pointer dereference in -r mode when the image has no StripByteCount tag. - avoid potential division by zero is BitsPerSamples tag is missing. - when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit the return number of inks to SamplesPerPixel, so that code that parses ink names doesn't go past the end of the buffer. - avoid potential division by zero is BitsPerSamples tag is missing. - fix uint32 underflow/overflow that can cause heap-based buffer overflow. - replace assert( (bps % 8) == 0 ) by a non assert check. - fix 2 heap-based buffer overflows (in PSDataBW and PSDataColorContig). - prevent heap-based buffer overflow in -j mode on a paletted image. - fix wrong usage of memcpy() that can trigger unspecified behaviour. - avoid potential invalid memory read in t2p_writeproc. - avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile(). - remove extraneous TIFFClose() in error code path, that caused double free. - error out cleanly in cpContig2SeparateByRow and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow. - avoid integer division by zero. - call TIFFClose() in error code paths. - emit appropriate message if the input file is empty. - close TIFF handle in error code path. Moderate SUSE bug 1033109 SUSE bug 1033111 SUSE bug 1033112 SUSE bug 1033113 SUSE bug 1033118 SUSE bug 1033120 SUSE bug 1033126 SUSE bug 1033127 SUSE bug 1033128 SUSE bug 1033129 SUSE bug 1033131 SUSE bug 1038438 SUSE bug 1042804 SUSE bug 1042805 CVE-2016-10371 CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 CVE-2017-9403 CVE-2017-9404 cpe:/o:suse:sles:12:sp2 Security update for liblouis (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for liblouis fixes several issues. These security issues were fixed: - CVE-2017-13738: Prevent illegal address access in the _lou_getALine function that allowed to cause remote DoS (bsc#1056105). - CVE-2017-13739: Prevent heap-based buffer overflow in the function resolveSubtable() that could have caused DoS or remote code execution (bsc#1056101). - CVE-2017-13740: Prevent stack-based buffer overflow in the function parseChars() that could have caused DoS or possibly unspecified other impact (bsc#1056097) - CVE-2017-13741: Prevent use-after-free in function compileBrailleIndicator() that allowed to cause remote DoS (bsc#1056095). - CVE_2017-13742: Prevent stack-based buffer overflow in function includeFile that allowed to cause remote DoS (bsc#1056093). - CVE-2017-13743: Prevent buffer overflow triggered in the function _lou_showString() that allowed to cause remote DoS (bsc#1056090). - CVE-2017-13744: Prevent illegal address access in the function _lou_getALine() that allowed to cause remote DoS (bsc#1056088). Moderate SUSE bug 1056088 SUSE bug 1056090 SUSE bug 1056093 SUSE bug 1056095 SUSE bug 1056097 SUSE bug 1056101 SUSE bug 1056105 CVE-2017-13738 CVE-2017-13739 CVE-2017-13740 CVE-2017-13741 CVE-2017-13743 CVE-2017-13744 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2 This update for MozillaFirefox to ESR 52.3 fixes several issues. These security issues were fixed: - CVE-2017-7807 Domain hijacking through AppCache fallback (bsc#1052829) - CVE-2017-7791 Spoofing following page navigation with data: protocol and modal alerts (bsc#1052829) - CVE-2017-7792 Buffer overflow viewing certificates with an extremely long OID (bsc#1052829) - CVE-2017-7782 WindowsDllDetourPatcher allocates memory without DEP protections (bsc#1052829) - CVE-2017-7787 Same-origin policy bypass with iframes through page reloads (bsc#1052829) - CVE-2017-7786 Buffer overflow while painting non-displayable SVG (bsc#1052829) - CVE-2017-7785 Buffer overflow manipulating ARIA attributes in DOM (bsc#1052829) - CVE-2017-7784 Use-after-free with image observers (bsc#1052829) - CVE-2017-7753 Out-of-bounds read with cached style data and pseudo-elements (bsc#1052829) - CVE-2017-7798 XUL injection in the style editor in devtools (bsc#1052829) - CVE-2017-7804 Memory protection bypass through WindowsDllDetourPatcher (bsc#1052829) - CVE-2017-7779 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (bsc#1052829) - CVE-2017-7800 Use-after-free in WebSockets during disconnection (bsc#1052829) - CVE-2017-7801 Use-after-free with marquee during window resizing (bsc#1052829) - CVE-2017-7802 Use-after-free resizing image elements (bsc#1052829) - CVE-2017-7803 CSP containing 'sandbox' improperly applied (bsc#1052829) Important SUSE bug 1052829 CVE-2017-7753 CVE-2017-7779 CVE-2017-7782 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7804 CVE-2017-7807 cpe:/o:suse:sles:12:sp2 Security update for tcmu-runner (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tcmu-runner fixes the following issues: Security issues fixed: - CVE-2017-1000198: The glfs handler allowed local DoS via crafted CheckConfig strings (bsc#1049485) - CVE-2017-1000199: The qcow handler leaked information via the CheckConfig D-Bus method (bsc#1049491) Moderate SUSE bug 1049485 SUSE bug 1049491 CVE-2017-1000198 CVE-2017-1000199 cpe:/o:suse:sles:12:sp2 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 12 SP2 This update for dnsmasq fixes the following security issues: - CVE-2017-14491: 2 byte heap based overflow. [bsc#1060354] - CVE-2017-14492: heap based overflow. [bsc#1060355] - CVE-2017-14493: stack based overflow. [bsc#1060360] - CVE-2017-14494: DHCP - info leak. [bsc#1060361] - CVE-2017-14495: DNS - OOM DoS. [bsc#1060362] - CVE-2017-14496: DNS - DoS Integer underflow. [bsc#1060364] Important SUSE bug 1060354 SUSE bug 1060355 SUSE bug 1060360 SUSE bug 1060361 SUSE bug 1060362 SUSE bug 1060364 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 cpe:/o:suse:sles:12:sp2 Security update for openjpeg2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openjpeg2 fixes several issues. These security issues were fixed: - CVE-2016-10507: Integer overflow vulnerability in the bmp24toimage function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file (bsc#1056421). - CVE-2017-14039: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly unspecified other impact (bsc#1056622). - CVE-2017-14164: A size-validation issue was discovered in opj_j2k_write_sot. The vulnerability caused an out-of-bounds write, which may have lead to remote DoS or possibly remote code execution (bsc#1057511). - CVE-2017-14040: An invalid write access was discovered in bin/jp2/convert.c, triggering a crash in the tgatoimage function. The vulnerability may have lead to remote denial of service or possibly unspecified other impact (bsc#1056621). - CVE-2017-14041: A stack-based buffer overflow was discovered in the pgxtoimage function. The vulnerability caused an out-of-bounds write, which may have lead to remote denial of service or possibly remote code execution (bsc#1056562). Moderate SUSE bug 1056421 SUSE bug 1056562 SUSE bug 1056621 SUSE bug 1056622 SUSE bug 1057511 CVE-2016-10507 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14164 cpe:/o:suse:sles:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624). - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). These non-security issues were fixed: - Fixed error where short name length was read as 2 bytes, should be 1 (bsc#1042419) - Fixed GUID string format on GetPrinter to prevent published printers from disappearing 7 (bsc#1050707). - Halt endless forest trust scan to prevent winbind from running out of memory (bsc#1044084). Moderate SUSE bug 1042419 SUSE bug 1044084 SUSE bug 1050707 SUSE bug 1058565 SUSE bug 1058622 SUSE bug 1058624 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 cpe:/o:suse:sles:12:sp2 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for krb5 fixes several issues. This security issue was fixed: - CVE-2017-11462: Prevent automatic security context deletion to prevent double-free (bsc#1056995) These non-security issues were fixed: - Set 'rdns' and 'dns_canonicalize_hostname' to false in krb5.conf in order to improve client security in handling service principle names. (bsc#1054028) - Prevent kadmind.service startup failure caused by absence of LDAP service. (bsc#903543) - Remove main package's dependency on systemd (bsc#1032680) Moderate SUSE bug 1032680 SUSE bug 1054028 SUSE bug 1056995 SUSE bug 903543 CVE-2017-11462 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox, mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2 This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the following issues: This security issue was fixed for mozilla-nss: - CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating handshake hashes (bsc#1061005) These security issues were fixed for Firefox - CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters rendering (bsc#1060445). - CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake hashes (bsc#1060445). - CVE-2017-7819: Prevent Use-after-free while resizing images in design mode (bsc#1060445). - CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation (bsc#1060445). - CVE-2017-7793: Prevent Use-after-free with Fetch API (bsc#1060445). - CVE-2017-7824: Prevent Buffer overflow when drawing and validating elements with ANGLE (bsc#1060445). - CVE-2017-7810: Fixed several memory safety bugs (bsc#1060445). - CVE-2017-7823: CSP sandbox directive did not create a unique origin (bsc#1060445). - CVE-2017-7814: Blob and data URLs bypassed phishing and malware protection warnings (bsc#1060445). Important SUSE bug 1060445 SUSE bug 1061005 CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 CVE-2017-7825 cpe:/o:suse:sles:12:sp2 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libvirt fixes several issues. This security issue was fixed: - bsc#1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc#1049505, bsc#1051017: Security manager: Don't autogenerate seclabels of type 'none' when AppArmor is inactive - bsc#1052151: Moved /usr/share/libvirt/libvirtLogo.png symlink from client to doc subpackage, where its target resides - bsc#1048783: Ignore newlines in libvirt-guests.sh guest list - bsc#1031056: Add default controllers for USB devices - bsc#1012143: Define path to parted using autoconf cache variable. parted is used for management of disk-based storage pools - bsc#1036785: Prevent output of null target in domxml-to-native Moderate SUSE bug 1012143 SUSE bug 1017189 SUSE bug 1031056 SUSE bug 1036785 SUSE bug 1048783 SUSE bug 1049505 SUSE bug 1051017 SUSE bug 1052151 SUSE bug 1053600 cpe:/o:suse:sles:12:sp2 Security update for xerces-j2 (Moderate) SUSE Linux Enterprise Server 12 SP2 xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc#814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file against a schema (bsc#1047536, bsc#879138) Moderate SUSE bug 1047536 SUSE bug 814241 SUSE bug 879138 cpe:/o:suse:sles:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2 This update for git fixes the following issues: This security issue was fixed: - CVE-2017-14867: Git used unsafe Perl scripts to support subcommands such as cvsserver, which allowed attackers to execute arbitrary OS commands via shell metacharacters in a module name (bsc#1061041). Important SUSE bug 1061041 CVE-2017-14867 cpe:/o:suse:sles:12:sp2 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 12 SP2 This update for wpa_supplicant fixes the security issues: - Several vulnerabilities in standard conforming implementations of the WPA2 protocol have been discovered and published under the code name KRACK. This update remedies those issues in a backwards compatible manner, i.e. the updated wpa_supplicant can interface properly with both vulnerable and patched implementations of WPA2, but an attacker won't be able to exploit the KRACK weaknesses in those connections anymore even if the other party is still vulnerable. [bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088] Important SUSE bug 1056061 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 cpe:/o:suse:sles:12:sp2 Security update for policycoreutils (Low) SUSE Linux Enterprise Server 12 SP2 This update for policycoreutils fixes the following issues: * CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998] Low SUSE bug 1000998 CVE-2016-7545 cpe:/o:suse:sles:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for curl fixes the following issues: Security issues fixed: - CVE-2017-1000254: FTP PWD response parser out of bounds read (bsc#1061876) - CVE-2017-1000257: IMAP FETCH response out of bounds read (bsc#1063824) Bugs fixed: - Fixed error 'error:1408F10B:SSL routines' when connecting to ftps via proxy (bsc#1060653) Moderate SUSE bug 1060653 SUSE bug 1061876 SUSE bug 1063824 CVE-2017-1000254 CVE-2017-1000257 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-openjdk fixes the following issues: Oracle Critical Patch Update of January 2017 (bsc#1020905) Upgrade to version jdk8u121 (icedtea 3.3.0): - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvements - S8168724, CVE-2016-5549: ECDSA signing improvements Important SUSE bug 1020905 SUSE bug 1022053 CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 cpe:/o:suse:sles:12:sp2 Security update for openvpn (Important) SUSE Linux Enterprise Server 12 SP2 This update for openvpn fixes the following issues: - CVE-2017-12166: Lack of bound check in read_key in old legacy key handling before using values could be used for a remote buffer overflow (bsc#1060877). Important SUSE bug 1060877 CVE-2017-12166 cpe:/o:suse:sles:12:sp2 Security update for gnutls (Important) SUSE Linux Enterprise Server 12 SP2 This update for gnutls fixes the following security issues: - GnuTLS could have crashed when processing maliciously crafted OpenPGP certificates (GNUTLS-SA-2017-2, bsc#1018832, CVE-2017-5335, CVE-2017-5337, CVE-2017-5336) - GnuTLS could have falsely accepted certificates when using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444) - GnuTLS could have suffered from 100% CPU load DoS attacks by using SSL alert packets during the handshake (bsc#1005879, CVE-2016-8610) Important SUSE bug 1005879 SUSE bug 1018832 SUSE bug 999646 CVE-2016-7444 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 cpe:/o:suse:sles:12:sp2 Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tcpdump to version 4.9.2 fixes several issues. These security issues were fixed: - CVE-2017-11108: Prevent remote attackers to cause DoS (heap-based buffer over-read and application crash) via crafted packet data. The crash occured in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol (bsc#1047873, bsc#1057247). - CVE-2017-11543: Prevent buffer overflow in the sliplink_print function in print-sl.c that allowed remote DoS (bsc#1057247). - CVE-2017-13011: Prevent buffer overflow in bittok2str_internal() that allowed remote DoS (bsc#1057247) - CVE-2017-12989: Prevent infinite loop in the RESP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12990: Prevent infinite loop in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12995: Prevent infinite loop in the DNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12997: Prevent infinite loop in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-11541: Prevent heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c that allowed remote DoS (bsc#1057247). - CVE-2017-11542: Prevent heap-based buffer over-read in the pimv1_print function in print-pim.c that allowed remote DoS (bsc#1057247). - CVE-2017-12893: Prevent buffer over-read in the SMB/CIFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12894: Prevent buffer over-read in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12895: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12896: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12897: Prevent buffer over-read in the ISO CLNS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12898: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12899: Prevent buffer over-read in the DECnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12900: Prevent buffer over-read in the in several protocol parsers that allowed remote DoS (bsc#1057247) - CVE-2017-12901: Prevent buffer over-read in the EIGRP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12902: Prevent buffer over-read in the Zephyr parser that allowed remote DoS (bsc#1057247) - CVE-2017-12985: Prevent buffer over-read in the IPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12986: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - CVE-2017-12987: Prevent buffer over-read in the 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12988: Prevent buffer over-read in the telnet parser that allowed remote DoS (bsc#1057247) - CVE-2017-12991: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12992: Prevent buffer over-read in the RIPng parser that allowed remote DoS (bsc#1057247) - CVE-2017-12993: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-12994: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-12996: Prevent buffer over-read in the PIMv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-12998: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-12999: Prevent buffer over-read in the IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13000: Prevent buffer over-read in the IEEE 802.15.4 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13001: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13002: Prevent buffer over-read in the AODV parser that allowed remote DoS (bsc#1057247) - CVE-2017-13003: Prevent buffer over-read in the LMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13004: Prevent buffer over-read in the Juniper protocols parser that allowed remote DoS (bsc#1057247) - CVE-2017-13005: Prevent buffer over-read in the NFS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13006: Prevent buffer over-read in the L2TP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13007: Prevent buffer over-read in the Apple PKTAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13008: Prevent buffer over-read in the IEEE 802.11 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13009: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13010: Prevent buffer over-read in the BEEP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13012: Prevent buffer over-read in the ICMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13013: Prevent buffer over-read in the ARP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13014: Prevent buffer over-read in the White Board protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13015: Prevent buffer over-read in the EAP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13016: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13017: Prevent buffer over-read in the DHCPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13018: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13019: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13020: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13021: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13022: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13023: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13024: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13025: Prevent buffer over-read in the IPv6 mobility parser that allowed remote DoS (bsc#1057247) - CVE-2017-13026: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13027: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13028: Prevent buffer over-read in the BOOTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13029: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13030: Prevent buffer over-read in the PIM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13031: Prevent buffer over-read in the IPv6 fragmentation header parser that allowed remote DoS (bsc#1057247) - CVE-2017-13032: Prevent buffer over-read in the RADIUS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13033: Prevent buffer over-read in the VTP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13034: Prevent buffer over-read in the PGM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13035: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13036: Prevent buffer over-read in the OSPFv3 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13037: Prevent buffer over-read in the IP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13038: Prevent buffer over-read in the PPP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13039: Prevent buffer over-read in the ISAKMP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13040: Prevent buffer over-read in the MPTCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13041: Prevent buffer over-read in the ICMPv6 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13042: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13043: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13044: Prevent buffer over-read in the HNCP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13045: Prevent buffer over-read in the VQP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13046: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13047: Prevent buffer over-read in the ISO ES-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13048: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13049: Prevent buffer over-read in the Rx protocol parser that allowed remote DoS (bsc#1057247) - CVE-2017-13050: Prevent buffer over-read in the RPKI-Router parser that allowed remote DoS (bsc#1057247) - CVE-2017-13051: Prevent buffer over-read in the RSVP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13052: Prevent buffer over-read in the CFM parser that allowed remote DoS (bsc#1057247) - CVE-2017-13053: Prevent buffer over-read in the BGP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13054: Prevent buffer over-read in the LLDP parser that allowed remote DoS (bsc#1057247) - CVE-2017-13055: Prevent buffer over-read in the ISO IS-IS parser that allowed remote DoS (bsc#1057247) - CVE-2017-13687: Prevent buffer over-read in the Cisco HDLC parser that allowed remote DoS (bsc#1057247) - CVE-2017-13688: Prevent buffer over-read in the OLSR parser that allowed remote DoS (bsc#1057247) - CVE-2017-13689: Prevent buffer over-read in the IKEv1 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13690: Prevent buffer over-read in the IKEv2 parser that allowed remote DoS (bsc#1057247) - CVE-2017-13725: Prevent buffer over-read in the IPv6 routing header parser that allowed remote DoS (bsc#1057247) - Prevent segmentation fault in ESP decoder with OpenSSL 1.1 (bsc#1057247) Moderate SUSE bug 1047873 SUSE bug 1057247 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 cpe:/o:suse:sles:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for wireshark fixes the following issues: Wireshark was updated to 2.2.10, fixing security issues and bugs: * CVE-2017-15191: DMP dissector crash (wnpa-sec-2017-44) * CVE-2017-15192: BT ATT dissector crash (wnpa-sec-2017-42) * CVE-2017-15193: MBIM dissector crash (wnpa-sec-2017-43) Moderate SUSE bug 1062645 CVE-2017-15191 CVE-2017-15192 CVE-2017-15193 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen fixes several issues: These security issues were fixed: - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1059777) - CVE-2017-15593: Missing cleanup in the page type system allowed a malicious or buggy PV guest to cause DoS (XSA-242 bsc#1061084) - CVE-2017-15592: A problem in the shadow pagetable code allowed a malicious or buggy HVM guest to cause DoS or cause hypervisor memory corruption potentially allowing the guest to escalate its privilege (XSA-243 bsc#1061086) - CVE-2017-15594: Problematic handling of the selector fields in the Interrupt Descriptor Table (IDT) allowed a malicious or buggy x86 PV guest to escalate its privileges or cause DoS (XSA-244 bsc#1061087) - CVE-2017-15591: Missing checks in the handling of DMOPs allowed malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 to cause a DoS (XSA-238 bsc#1061077) - CVE-2017-15589: Intercepted I/O write operations with less than a full machine word's worth of data were not properly handled, which allowed a malicious unprivileged x86 HVM guest to obtain sensitive information from the host or other guests (XSA-239 bsc#1061080) - CVE-2017-15595: In certain configurations of linear page tables a stack overflow might have occured that allowed a malicious or buggy PV guest to cause DoS and potentially privilege escalation and information leaks (XSA-240 bsc#1061081) - CVE-2017-15588: Under certain conditions x86 PV guests could have caused the hypervisor to miss a necessary TLB flush for a page. This allowed a malicious x86 PV guest to access all of system memory, allowing for privilege escalation, DoS, and information leaks (XSA-241 bsc#1061082) - CVE-2017-15590: Multiple issues existed with the setup of PCI MSI interrupts that allowed a malicious or buggy guest to cause DoS and potentially privilege escalation and information leaks (XSA-237 bsc#1061076) This non-security issue was fixed: - bsc#1057358: Fixed boot when secure boot is enabled Important SUSE bug 1027519 SUSE bug 1057358 SUSE bug 1059777 SUSE bug 1061076 SUSE bug 1061077 SUSE bug 1061080 SUSE bug 1061081 SUSE bug 1061082 SUSE bug 1061084 SUSE bug 1061086 SUSE bug 1061087 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15591 CVE-2017-15592 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-5526 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the 'CR8-load exiting' and 'CR8-store exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR shadow' vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388). - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction and potentially lead to guest privilege escalation. (bsc#1045922). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). The following non-security bugs were fixed: - acpi / processor: Avoid reserving IO regions too early (bsc#1051478). - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Fix endless loop of codec configure (bsc#1031717). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - arc: Re-enable MMU upon Machine Check exception (bnc#1012382). - arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382). - arm64: Make sure SPsel is always set (bnc#1012382). - arm: pxa: add the number of DMA requestor lines (bnc#1012382). - arm: pxa: fix the number of DMA requestor lines (bnc#1012382). - b43: Add missing MODULE_FIRMWARE() (bsc#1037344). - bcache: correct cache_dirty_target in __update_writeback_rate() (bnc#1012382). - bcache: Correct return value for sysfs attach errors (bnc#1012382). - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382). - bcache: fix bch_hprint crash and improve output (bnc#1012382). - bcache: fix for gc and write-back race (bnc#1012382). - bcache: Fix leak of bdev reference (bnc#1012382). - bcache: force trigger gc (bsc#1038078). - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307). - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb() - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717). - blacklist.conf: add unapplicable drm fixes (bsc#1031717). - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue. - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning. - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels. - blkfront: add uevent for size change (bnc#1036632). - block: Allow bdi re-registration (bsc#1040307). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - block: Fix front merge check (bsc#1051239). - block: Make del_gendisk() safer for disks without queues (bsc#1040307). - block: Move bdi_unregister() to del_gendisk() (bsc#1040307). - block: Relax a check in blk_start_queue() (bnc#1012382). - bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784). - bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784). - bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784). - bnxt: add a missing rcu synchronization (bnc#1038583). - bnxt: do not busy-poll when link is down (bnc#1038583). - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583). - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583). - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583). - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583). - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583). - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583). - bnxt_en: Fix 'uninitialized variable' bug in TPA code path (bnc#1038583). - bnxt_en: Fix VF virtual link state (bnc#1038583). - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583). - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583). - bnxt_en: Refactor TPA code path (bnc#1038583). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515). - btrfs: change how we decide to commit transactions during flushing (bsc#1060197). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: fix early ENOSPC due to delalloc (bsc#1049226). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - btrfs: fix NULL pointer dereference from free_reloc_roots() (bnc#1012382). - btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - btrfs: prevent to set invalid default subvolid (bnc#1012382). - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382). - btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755). - btrfs: resume qgroup rescan on rw remount (bsc#1047152). - btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - ceph: fix readpage from fscache (bsc#1057015). - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382). - cifs: release auth_key.response for reconnect (bnc#1012382). - class: Add 'shutdown' to 'struct class' (bsc#1053117). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - crypto: AF_ALG - remove SGL terminator indicator when chaining (bnc#1012382). - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317). - crypto: talitos - Do not provide setkey for non hmac hashing algs (bnc#1012382). - crypto: talitos - fix sha224 (bnc#1012382). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154). - cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743). - cxl: Fix driver use count (bnc#1012382). - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes). - dentry name snapshots (bsc#1049483). - dmaengine: mmp-pdma: add number of requestors (bnc#1012382). - dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670). - drivers: hv: Fix the bug in generating the guest ID (fate#320485). - drivers: hv: util: Fix a typo (fate#320485). - drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112). - drivers: hv: vmbus: Move the code to signal end of message (fate#320485). - drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485). - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485). - drivers: hv: vmbus: Restructure the clockevents code (fate#320485). - drivers: net: xgene: Fix wrong logical operation (bsc#1056827). - drm: Add driver-private objects to atomic state (bsc#1055493). - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717). - drm/bochs: Implement nomodeset (bsc#1047096). - drm/dp: Introduce MST topology state to track available link bandwidth (bsc#1055493). - drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821). - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: fix incorrect quotaoff if the quota feature is enabled (bnc#1012382). - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bnc#1012382). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - f2fs: check hot_data for roll-forward recovery (bnc#1012382). - fix xen_swiotlb_dma_mmap prototype (bnc#1012382). - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180). - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bnc#1012382). - ftrace: Fix selftest goto location on error (bnc#1012382). - fuse: initialize the flock flag in fuse_file on allocation (git-fixes). - gcov: add support for gcc version >= 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - genirq: Fix for_each_action_of_desc() macro (bsc#1061064). - getcwd: Close race with d_move called by lustre (bsc#1052593). - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829). - gfs2: Fix debugfs glocks dump (bnc#1012382). - gfs2: fix flock panic issue (bsc#1012829). - gianfar: Fix Tx flow control deactivation (bnc#1012382). - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch (bnc#1022967). - hrtimer: Catch invalid clockids again (bsc#1047651). - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651). - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_util: switch to using timespec64 (fate#320485). - i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913). - i40e: add hw struct local variable (bsc#1039915). - i40e: add private flag to control source pruning (bsc#1034075). - i40e: add VSI info to macaddr messages (bsc#1039915). - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915). - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915). - i40e: delete filter after adding its replacement when converting (bsc#1039915). - i40e: do not add broadcast filter for VFs (bsc#1039915). - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915). - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915). - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915). - i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915). - i40e: fix MAC filters when removing VLANs (bsc#1039915). - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (bsc#1039915). - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915). - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915). - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters (bsc#1039915). - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (bsc#1039915). - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters (bsc#1039915). - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915). - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan (bsc#1039915). - i40e: refactor i40e_update_filter_state to avoid passing aq_err (bsc#1039915). - i40e: refactor Rx filter handling (bsc#1039915). - i40e: Removal of workaround for simple MAC address filter deletion (bsc#1039915). - i40e: remove code to handle dev_addr specially (bsc#1039915). - i40e: removed unreachable code (bsc#1039915). - i40e: remove duplicate add/delete adminq command code for filters (bsc#1039915). - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid (bsc#1039915). - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: restore workaround for removing default MAC filter (bsc#1039915). - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915). - i40e: store MAC/VLAN filters in a hash with the MAC Address as key (bsc#1039915). - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID (bsc#1039915). - i40e: when adding or removing MAC filters, correctly handle VLANs (bsc#1039915). - i40e: When searching all MAC/VLAN filters, ignore removed filters (bsc#1039915). - i40e: write HENA for VFs (bsc#1039915). - ib/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value (bsc#1031717). - input: gpio-keys - fix check for disabling unsupported keys (bsc#1031717). - input: i8042 - add Gigabyte P57 to the keyboard reset table (bnc#1012382). - introduce the walk_process_tree() helper (bnc#1022476). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067). - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958). - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (bnc#1012382). - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382). - ipv6: fix memory leak with multiple tables during netns destruction (bnc#1012382). - ipv6: fix sparse warning on rt6i_node (bnc#1012382). - ipv6: fix typo in fib6_net_exit() (bnc#1012382). - ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958). - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717). - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335). - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353, FATE#323335). - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353, FATE#323335). - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - kABI-fix for 'x86/panic: replace smp_send_stop() with kdump friendly version in panic path' (bsc#1051478). - kABI: protect enum pid_type (kabi). - kABI: protect lwtunnel include in ip6_route.h (kabi). - kABI: protect struct iscsi_np (kabi). - kABI: protect struct iscsi_tpg_attrib (kabi). - kABI: protect struct se_lun (kabi). - kABI: protect struct tpm_chip (kabi). - kABI: protect struct xfrm_dst (kabi). - kABI: protect struct xfrm_dst (kabi). - kabi/severities: ignore nfs_pgio_data_destroy - kABI: uninline task_tgid_nr_nr (kabi). - kernel/*: switch to memdup_user_nul() (bsc#1048893). - keys: fix writing past end of user-supplied buffer in keyring_read() (bnc#1012382). - keys: prevent creating a different user's keyrings (bnc#1012382). - keys: prevent KEYCTL_READ on negative key (bnc#1012382). - kvm: async_pf: Fix #DF due to inject 'Page not Present' and 'Page Ready' exceptions simultaneously (bsc#1061017). - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() (bnc#1012382). - kvm: SVM: Add a missing 'break' statement (bsc#1061017). - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017). - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt (bsc#1061017). - kvm: VMX: use cmpxchg64 (bnc#1012382). - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - lib: test_rhashtable: fix for large entry counts (bsc#1055359). - lib: test_rhashtable: Fix KASAN warning (bsc#1055359). - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466). - mac80211: flush hw_roc_start work before cancelling the ROC (bnc#1012382). - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651). - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172). - md: fix sleep in atomic (bsc#1040351). - md/raid5: fix a race condition in stripe batch (linux-stable). - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list (bnc#1012382). - md/raid5: release/flush io in raid5_do_work() (bnc#1012382). - media: uvcvideo: Prevent heap overflow when accessing mapped controls (bnc#1012382). - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382). - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs (bnc#1012382). - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs (bnc#1012382). - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero (bnc#1012382). - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation (bnc#1012382). - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative (bnc#1012382). - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs (bnc#1012382). - mm: adaptive hash table scaling (bnc#1036303). - mm: call page_ext_init() after all struct pages are initialized (VM Debugging Functionality, bsc#1047048). - mm: drop HASH_ADAPT (bnc#1036303). - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality, bsc#1042314). - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes). - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382). - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850). - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net: account for current skb length when deciding about UFO (bsc#1041958). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - netfilter: fix IS_ERR_VALUE usage (bsc#1052888). - netfilter: x_tables: pack percpu counter allocations (bsc#1052888). - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888). - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888). - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() (bsc#1042286). - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - new helper: memdup_user_nul() (bsc#1048893). - nfs: Cache aggressively when file is open for writing (bsc#1033587). - nfsd: Fix general protection fault in release_lock_stateid() (bnc#1012382). - nfs: Do not flush caches for a getattr that races with writeback (bsc#1033587). - nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309). - nfs: invalidate file size when taking a lock (git-fixes). - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - of: fix '/cpus' reference leak in of_numa_parse_cpu_nodes() (bsc#1056827). - ovl: fix dentry leak for default_permissions (bsc#1054084). - pci: Add Mellanox device IDs (bsc#1051478). - pci: Allow PCI express root ports to find themselves (bsc#1061046). - pci: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - pci: Enable ECRC only if device supports it (bsc#1051478). - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046). - pci: Fix race condition with driver_override (bnc#1012382). - pci / pm: Fix native PME handling during system suspend/resume (bsc#1051478). - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382). - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096). - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096). - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096). - percpu_ref: restructure operation mode switching (bsc#1055096). - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096). - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct tracking' (bsc#1061831). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - pm / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382). - powerpc/pseries: Fix parent_dn reference leak in add_dt_node() (bnc#1012382). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - qlge: avoid memcpy buffer overflow (bnc#1012382). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - Revert 'ACPI / video: Add force_native quirk for HP Pavilion dv6' (bsc#1031717). - Revert 'net: fix percpu memory leaks' (bnc#1012382). - Revert 'net: phy: Correctly process PHY_HALTED in phy_stop_machine()' (bnc#1012382). - Revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (bnc#1012382). - Revert 'powerpc/numa: Fix percpu allocations to be NUMA aware' (bsc#1048914). - Revert 'tpm: Issue a TPM2_Shutdown for TPM2 devices.' (kabi). - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261). - s390: export symbols for crash-kmp (bsc#1053915). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - scsi: ILLEGAL REQUEST + ASC==27 =&gt; target failure (bsc#1059465). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (bnc#1012382). - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382). - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - scsi: sg: factor out sg_fill_request_table() (bnc#1012382). - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382). - scsi: sg: off by one in sg_ioctl() (bnc#1012382). - scsi: sg: remove 'save_scat_len' (bnc#1012382). - scsi: sg: use standard lists for sg_requests (bnc#1012382). - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382). - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485, bnc#1044636). - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path (bnc#1012382). - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records (bnc#1012382). - scsi: zfcp: fix missing trace records for early returns in TMF eh handlers (bnc#1012382). - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA (bnc#1012382). - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records (bnc#1012382). - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled (bnc#1012382). - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response (bnc#1012382). - scsi: zfcp: trace high part of 'new' 64 bit SCSI LUN (bnc#1012382). - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() (bnc#1012382). - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382). - skd: Submit requests to firmware before triggering the doorbell (bnc#1012382). - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382). - smb: Validate negotiate (to protect against downgrade) even if signing off (bnc#1012382). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382). - sysctl: do not print negative flag for proc_douintvec (bnc#1046985). - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893). - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893). - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893). - sysctl: simplify unsigned int support (bsc#1048893). - timers: Plug locking race vs. timer migration (bnc#1022476). - timer/sysclt: Restrict timer migration sysctl values to 0 and 1 (bnc#1012382). - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed). - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117). - tpm: KABI fix (bsc#1053117). - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3). - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382). - tracing: Erase irqsoff trace with empty write (bnc#1012382). - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382). - tty: fix __tty_insert_flip_char regression (bnc#1012382). - tty: improve tty_insert_flip_char() fast path (bnc#1012382). - tty: improve tty_insert_flip_char() slow path (bnc#1012382). - tty: serial: msm: Support more bauds (git-fixes). - ubifs: Correctly evict xattr inodes (bsc#1012829). - ubifs: Do not leak kernel memory to the MTD (bsc#1012829). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - usb: core: fix device node leak (bsc#1047487). - vfs: fix missing inode_get_dev sites (bsc#1052049). - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets (bnc#1012382). - video: fbdev: aty: do not leak uninitialized padding in clk to userspace (bnc#1012382). - Workaround for kABI compatibility with DP-MST patches (bsc#1055493). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382). - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps (bnc#1012382). - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - xen: allocate page for shared info page from low memory (bnc#1038616). - xen/balloon: do not online new memory initially (bnc#1028173). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xen-netfront: Rework the fix for Rx stall during OOM and network stress (git-fixes). - xen/pvh*: Support &gt; 32 VCPUs at domain restore (bnc#1045563). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfs/dmapi: fix incorrect file-&gt;f_path.dentry-&gt;d_inode usage (bsc#1055896). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - xfs: fix inobt inode allocation search optimization (bsc#1012829). Important SUSE bug 1006180 SUSE bug 1011913 SUSE bug 1012382 SUSE bug 1012829 SUSE bug 1013887 SUSE bug 1019151 SUSE bug 1020645 SUSE bug 1020657 SUSE bug 1021424 SUSE bug 1022476 SUSE bug 1022743 SUSE bug 1022967 SUSE bug 1023175 SUSE bug 1024405 SUSE bug 1028173 SUSE bug 1028286 SUSE bug 1029693 SUSE bug 1030552 SUSE bug 1030850 SUSE bug 1031515 SUSE bug 1031717 SUSE bug 1031784 SUSE bug 1033587 SUSE bug 1034048 SUSE bug 1034075 SUSE bug 1034762 SUSE bug 1036303 SUSE bug 1036632 SUSE bug 1037344 SUSE bug 1037404 SUSE bug 1037994 SUSE bug 1038078 SUSE bug 1038583 SUSE bug 1038616 SUSE bug 1038792 SUSE bug 1039915 SUSE bug 1040307 SUSE bug 1040351 SUSE bug 1041958 SUSE bug 1042286 SUSE bug 1042314 SUSE bug 1042422 SUSE bug 1042778 SUSE bug 1043652 SUSE bug 1044112 SUSE bug 1044636 SUSE bug 1045154 SUSE bug 1045563 SUSE bug 1045922 SUSE bug 1046682 SUSE bug 1046821 SUSE bug 1046985 SUSE bug 1047027 SUSE bug 1047048 SUSE bug 1047096 SUSE bug 1047118 SUSE bug 1047121 SUSE bug 1047152 SUSE bug 1047277 SUSE bug 1047343 SUSE bug 1047354 SUSE bug 1047487 SUSE bug 1047651 SUSE bug 1047653 SUSE bug 1047670 SUSE bug 1048155 SUSE bug 1048221 SUSE bug 1048317 SUSE bug 1048891 SUSE bug 1048893 SUSE bug 1048914 SUSE bug 1048934 SUSE bug 1049226 SUSE bug 1049483 SUSE bug 1049486 SUSE bug 1049580 SUSE bug 1049603 SUSE bug 1049645 SUSE bug 1049882 SUSE bug 1050061 SUSE bug 1050188 SUSE bug 1051022 SUSE bug 1051059 SUSE bug 1051239 SUSE bug 1051399 SUSE bug 1051478 SUSE bug 1051479 SUSE bug 1051556 SUSE bug 1051663 SUSE bug 1051790 SUSE bug 1052049 SUSE bug 1052223 SUSE bug 1052533 SUSE bug 1052580 SUSE bug 1052593 SUSE bug 1052709 SUSE bug 1052773 SUSE bug 1052794 SUSE bug 1052888 SUSE bug 1053117 SUSE bug 1053802 SUSE bug 1053915 SUSE bug 1053919 SUSE bug 1054084 SUSE bug 1055013 SUSE bug 1055096 SUSE bug 1055359 SUSE bug 1055493 SUSE bug 1055755 SUSE bug 1055896 SUSE bug 1056261 SUSE bug 1056588 SUSE bug 1056827 SUSE bug 1056982 SUSE bug 1057015 SUSE bug 1058038 SUSE bug 1058116 SUSE bug 1058410 SUSE bug 1058507 SUSE bug 1059051 SUSE bug 1059465 SUSE bug 1060197 SUSE bug 1061017 SUSE bug 1061046 SUSE bug 1061064 SUSE bug 1061067 SUSE bug 1061172 SUSE bug 1061831 SUSE bug 1061872 SUSE bug 1063667 SUSE bug 1064206 SUSE bug 1064388 SUSE bug 964063 SUSE bug 971975 SUSE bug 974215 SUSE bug 981309 CVE-2017-1000252 CVE-2017-10810 CVE-2017-11472 CVE-2017-11473 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-13080 CVE-2017-14051 CVE-2017-14106 CVE-2017-14489 CVE-2017-15649 CVE-2017-7518 CVE-2017-7541 CVE-2017-7542 CVE-2017-8831 cpe:/o:suse:sles:12:sp2 Security update for wget (Important) SUSE Linux Enterprise Server 12 SP2 This update for wget fixes the following security issues: - CVE-2017-13089,CVE-2017-13090: Missing checks for negative remaining_chunk_size in skip_short_body and fd_read_body could cause stack buffer overflows, which could have been exploited by malicious servers. (bsc#1064715,bsc#1064716) Important SUSE bug 1064715 SUSE bug 1064716 CVE-2017-13089 CVE-2017-13090 cpe:/o:suse:sles:12:sp2 Security update for SuSEfirewall2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules (bsc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. Moderate SUSE bug 1064127 CVE-2017-15638 cpe:/o:suse:sles:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2 This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed: - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469). - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1050469). - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1045460) - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749). - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted web site (bsc#1024749) - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site (bsc#1024749) - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1024749) - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that used HTTP redirects (bsc#1020950) - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site (bsc#1020950) - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site (bsc#1020950) - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a web site (bsc#1020950) - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted web site (bsc#1020950) For other non-security fixes please check the changelog. Important SUSE bug 1020950 SUSE bug 1024749 SUSE bug 1045460 SUSE bug 1050469 CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2538 CVE-2017-2539 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 cpe:/o:suse:sles:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c (bsc#1062942). - CVE-2017-9524: The qemu-nbd server when built with the Network Block Device (NBD) Server support allowed remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs talking to a client in the nbd_negotiate function (bsc#1043808). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063122) - CVE-2017-15038: Race condition in the v9fs_xattrwalk function local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes (bsc#1062069) - CVE-2017-10911: The make_response function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures (bsc#1057378) - CVE-2017-12809: The IDE disk and CD/DVD-ROM Emulator support allowed local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive (bsc#1054724) - CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt (bsc#1046636) - CVE-2017-10806: Stack-based buffer overflow allowed local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages (bsc#1047674) - CVE-2017-14167: Integer overflow in the load_multiboot function allowed local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write (bsc#1057585) - CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local guest OS users to cause a denial of service (out-of-bounds read) via a crafted DHCP options string (bsc#1049381) - CVE-2017-11334: The address_space_write_continue function allowed local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area (bsc#1048902) - CVE-2017-13672: The VGA display emulator support allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update (bsc#1056334) These non-security issues were fixed: - Fixed not being able to build from rpm sources due to undefined macro (bsc#1057966) - Fixed wrong permissions for kvm_stat.1 file - Fixed KVM lun resize not working as expected on SLES12 SP2 HV (bsc#1043176) Important SUSE bug 1043176 SUSE bug 1043808 SUSE bug 1046636 SUSE bug 1047674 SUSE bug 1048902 SUSE bug 1049381 SUSE bug 1054724 SUSE bug 1056334 SUSE bug 1057378 SUSE bug 1057585 SUSE bug 1057966 SUSE bug 1059369 SUSE bug 1062069 SUSE bug 1062942 SUSE bug 1063122 SUSE bug 997358 CVE-2017-10664 CVE-2017-10806 CVE-2017-10911 CVE-2017-11334 CVE-2017-11434 CVE-2017-12809 CVE-2017-13672 CVE-2017-14167 CVE-2017-15038 CVE-2017-15268 CVE-2017-15289 CVE-2017-9524 cpe:/o:suse:sles:12:sp2 Security update for sssd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for sssd provides the following fixes: Security issues fixed: - CVE-2017-12173: Fixed unsanitized input when searching in local cache database (bsc#1061832). Non security issues fixed: - Fixed a segfault issue in ldap_rfc_2307_fallback_to_local_users. (bsc#1055123) - Install /var/lib/sss/mc directory to correct sssd cache invalidation behaviour. (bsc#1039567) Moderate SUSE bug 1039567 SUSE bug 1055123 SUSE bug 1061832 CVE-2017-12173 cpe:/o:suse:sles:12:sp2 Security update for krb5 (Important) SUSE Linux Enterprise Server 12 SP2 This update for krb5 fixes the following issues: Security issues fixed: - CVE-2017-15088: A buffer overflow in get_matching_data() was fixed that could under specific circumstances be used to execute code (bsc#1065274) Important SUSE bug 1065274 CVE-2017-15088 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: Security issues fixed: * CVE-2017-15033: A denial of service attack (memory leak) was fixed in ReadYUVImage in coders/yuv.c [bsc#1061873] * CVE-2017-11446: An infinite loop in ReadPESImage was fixed. (bsc#1049379) * CVE-2017-12433: A memory leak in ReadPESImage in coders/pes.c was fixed. (bsc#1052545) * CVE-2017-12428: A memory leak in ReadWMFImage in coders/wmf.c was fixed. (bsc#1052249) * CVE-2017-12431: A use-after-free in ReadWMFImage was fixed. (bsc#1052253) * CVE-2017-11534: A memory leak in the lite_font_map() in coders/wmf.c was fixed. (bsc#1050135) * CVE-2017-13133: A memory exhaustion in load_level function in coders/xcf.c was fixed. (bsc#1055219) * CVE-2017-13139: A out-of-bounds read in the ReadOneMNGImage was fixed. (bsc#1055430) This update also reverts an incorrect fix for CVE-2016-7530 [bsc#1054924]. Moderate SUSE bug 1049379 SUSE bug 1050135 SUSE bug 1052249 SUSE bug 1052253 SUSE bug 1052545 SUSE bug 1054924 SUSE bug 1055219 SUSE bug 1055430 SUSE bug 1061873 CVE-2016-7530 CVE-2017-11446 CVE-2017-11534 CVE-2017-12428 CVE-2017-12431 CVE-2017-12433 CVE-2017-13133 CVE-2017-13139 CVE-2017-15033 cpe:/o:suse:sles:12:sp2 Security update for shadow (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for shadow fixes several issues. This security issue was fixed: - CVE-2017-12424: The newusers tool could have been forced to manipulate internal data structures in ways unintended by the authors. Malformed input may have lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors (bsc#1052261). These non-security issues were fixed: - bsc#1023895: Fixed man page to not contain invalid options and also prevent warnings when using these options in certain settings - bsc#980486: Reset user in /var/log/tallylog because of the usage of pam_tally2 Moderate SUSE bug 1023895 SUSE bug 1052261 SUSE bug 980486 CVE-2017-12424 cpe:/o:suse:sles:12:sp2 Security update for poppler (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for poppler fixes the following issues: This security issue was fixed: - CVE-2017-14517: Prevent NULL Pointer dereference in the XRef::parseEntry() function via a crafted PDF document (bsc#1059066). - CVE-2017-14518: Remedy a floating point exception in isImageInterpolationRequired() that could have been exploited using a specially crafted PDF document. (bsc#1059101) - CVE-2017-14520: Remedy a floating point exception in Splash::scaleImageYuXd() that could have been exploited using a specially crafted PDF document. (bsc#1059155) - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) Moderate SUSE bug 1059066 SUSE bug 1059101 SUSE bug 1059155 SUSE bug 1061265 CVE-2017-14517 CVE-2017-14518 CVE-2017-14520 CVE-2017-14977 cpe:/o:suse:sles:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes several issues. These security issues were fixed: - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file, leaking information from the server to the client (bsc#1058624). - CVE-2017-12150: Always enforce smb signing when it is configured (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects (bsc#1058565). This non-security issue was fixed: - Fix error where short name length was read as 2 bytes, should be 1 (bsc#1042419) Moderate SUSE bug 1042419 SUSE bug 1058565 SUSE bug 1058622 SUSE bug 1058624 SUSE bug 1064016 SUSE bug 1065892 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u151 (icedtea 3.6.0) Security issues fixed: - CVE-2017-10274: Handle smartcard clean up better (bsc#1064071) - CVE-2017-10281: Better queuing priorities (bsc#1064072) - CVE-2017-10285: Unreferenced references (bsc#1064073) - CVE-2017-10295: Better URL connections (bsc#1064075) - CVE-2017-10388: Correct Kerberos ticket grants (bsc#1064086) - CVE-2017-10346: Better invokespecial checks (bsc#1064078) - CVE-2017-10350: Better Base Exceptions (bsc#1064082) - CVE-2017-10347: Better timezone processing (bsc#1064079) - CVE-2017-10349: Better X processing (bsc#1064081) - CVE-2017-10345: Better keystore handling (bsc#1064077) - CVE-2017-10348: Better processing of unresolved permissions (bsc#1064080) - CVE-2017-10357: Process Proxy presentation (bsc#1064085) - CVE-2017-10355: More stable connection processing (bsc#1064083) - CVE-2017-10356: Update storage implementations (bsc#1064084) - CVE-2016-10165: Improve CMS header processing (bsc#1064069) - CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843: Upgrade compression library (bsc#1064070) Bug fixes: - Fix bsc#1032647, bsc#1052009 with btrfs subvolumes and overlayfs Important SUSE bug 1032647 SUSE bug 1052009 SUSE bug 1064069 SUSE bug 1064070 SUSE bug 1064071 SUSE bug 1064072 SUSE bug 1064073 SUSE bug 1064075 SUSE bug 1064077 SUSE bug 1064078 SUSE bug 1064079 SUSE bug 1064080 SUSE bug 1064081 SUSE bug 1064082 SUSE bug 1064083 SUSE bug 1064084 SUSE bug 1064085 SUSE bug 1064086 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sles:12:sp2 Security update for cpio (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for cpio fixes two issues. This security issue was fixed: - CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio allowed remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file (bsc#963448). This non-security issue was fixed: - bsc#1020108: Always use 32 bit CRC to prevent checksum errors for files greater than 32MB Moderate SUSE bug 1020108 SUSE bug 963448 CVE-2016-2037 cpe:/o:suse:sles:12:sp2 Security update for ceph (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ceph fixes the following issues: * CVE-2016-5009: moncommand with empty prefix could crash monitor [bsc#987144] * Invalid commandd in SOC7 with ceph [bsc#1008894] * Performance fix was missing in SES4 [bsc#1005179] * ceph build problems on ppc64le [bsc#982141] * ceph make build unit test failure [bsc#977940] * ceph-deploy mon create-initial fails on one node [bsc#999688] * MDS dies while running xfstests [bsc#985232] * Typerror while calling _recover_auth_meta() [bsc#1008501] * OSD daemon uses ~100% CPU load right after OSD creation / first OSD start [bsc#1014338] * civetweb HTTPS support not working [bsc#990438] * systemd is killing off OSDs [bsc#1007216] Moderate SUSE bug 1005179 SUSE bug 1007216 SUSE bug 1008501 SUSE bug 1008894 SUSE bug 1014338 SUSE bug 977940 SUSE bug 982141 SUSE bug 985232 SUSE bug 987144 SUSE bug 990438 SUSE bug 999688 CVE-2016-5009 cpe:/o:suse:sles:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910). - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352) - CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554) Non security bugs fixed: - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) Important SUSE bug 1019016 SUSE bug 1042910 SUSE bug 1053352 SUSE bug 1059554 SUSE bug 977410 CVE-2017-12617 CVE-2017-5664 CVE-2017-7674 cpe:/o:suse:sles:12:sp2 Security update for file (Moderate) SUSE Linux Enterprise Server 12 SP2 The GNU file utility was updated to version 5.22. Security issues fixed: - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 * add indirect relative for TIFF/Exif * restructure elf note printing to avoid repeated messages * add note limit, suggested by Alexander Cherepanov * Bail out on partial pread()'s (Alexander Cherepanov) * Fix incorrect bounds check in file_printable (Alexander Cherepanov) * PR/405: ignore SIGPIPE from uncompress programs * change printable -> file_printable and use it in more places for safety * in ELF, instead of '(uses dynamic libraries)' when PT_INTERP is present print the interpreter name. Version update to file version 5.21 * there was an incorrect free in magic_load_buffers() * there was an out of bounds read for some pascal strings * there was a memory leak in magic lists * don't interpret strings printed from files using the current locale, convert them to ascii format first. * there was an out of bounds read in elf note reads Update to file version 5.20 * recognize encrypted CDF documents * add magic_load_buffers from Brooks Davis * add thumbs.db support Additional non-security bug fixes: * Fixed a memory corruption during rpmbuild (bsc#1063269) * Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) * file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966) Moderate SUSE bug 1009966 SUSE bug 1063269 SUSE bug 910252 SUSE bug 910253 SUSE bug 913650 SUSE bug 913651 SUSE bug 917152 SUSE bug 996511 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9621 CVE-2014-9653 cpe:/o:suse:sles:12:sp2 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for xorg-x11-server fixes several issues. These security issues were fixed: - CVE-2017-13721: Missing validation of shmseg resource id in Xext/XShm could lead to shared memory segments of other users beeing freed (bnc#1052984) - CVE-2017-13723: A local denial of service via unusual characters in XkbAtomText and XkbStringText was fixed (bnc#1051150) - CVE-2017-12184,CVE-2017-12185,CVE-2017-12186,CVE-2017-12187: Fixed unvalidated lengths in multiple extensions (bsc#1063034) - CVE-2017-12183: Fixed some unvalidated lengths in the XFIXES extension. (bsc#1063035) - CVE-2017-12180,CVE-2017-12181,CVE-2017-12182: Fixed various unvalidated lengths in the XFree86-VidMode/XFree86-DGA/XFree86-DRI extensions (bsc#1063037) - CVE-2017-12179: Fixed an integer overflow and unvalidated length in (S)ProcXIBarrierReleasePointer in Xi (bsc#1063038) - CVE-2017-12178: Fixed a wrong extra length check in ProcXIChangeHierarchy in Xi (bsc#1063039) - CVE-2017-12177: Fixed an unvalidated variable-length request in ProcDbeGetVisualInfo (bsc#1063040) - CVE-2017-12176: Fixed an unvalidated extra length in ProcEstablishConnection (bsc#1063041) These non-security issues were fixed: - Make colormap/gamma glue code work with the RandR extension disabled. This prevents it from crashing and showing wrong colors. (bsc#1061107) - Recognize ssh as a remote client to fix launching applications remotely when using DRI3. (bsc#1022727) Moderate SUSE bug 1022727 SUSE bug 1051150 SUSE bug 1052984 SUSE bug 1061107 SUSE bug 1063034 SUSE bug 1063035 SUSE bug 1063037 SUSE bug 1063038 SUSE bug 1063039 SUSE bug 1063040 SUSE bug 1063041 CVE-2017-12176 CVE-2017-12177 CVE-2017-12178 CVE-2017-12179 CVE-2017-12180 CVE-2017-12181 CVE-2017-12182 CVE-2017-12183 CVE-2017-12184 CVE-2017-12185 CVE-2017-12186 CVE-2017-12187 CVE-2017-13721 CVE-2017-13723 cpe:/o:suse:sles:12:sp2 Recommended update for tboot (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tboot fixes the following issues: Security issue fixed: - CVE-2017-16837: Certain function pointers in Trusted Boot (tboot) through 1.9.6 are notvalidated and can cause arbitrary code execution, which allows local users tooverwrite dynamic PCRs of Trusted Platform Module (TPM) by h (bsc#1068390) Bug fixes: - Fixed failed trusted boot on some systems like Intel Xeon 'Purley 8s' processors. The following error message showed: 'TBOOT: wait-for-sipi loop timed-out'. Booting continued but 'TXT measured launch' was wrongly reported as FALSE. (bsc#1057555) Moderate SUSE bug 1057555 SUSE bug 1068390 CVE-2017-16837 cpe:/o:suse:sles:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-14746: Fixed a use-after-free vulnerability that could be used to crash smbd or potentially execute code (bsc#1060427). - CVE-2017-15275: Fixed a server heap memory information leak (bsc#1063008). Non-security issues fixed: - Update 'winbind expand groups' doc in smb.conf man page; (bsc#1027593). Important SUSE bug 1027593 SUSE bug 1060427 SUSE bug 1063008 CVE-2017-14746 CVE-2017-15275 cpe:/o:suse:sles:12:sp2 Security update for perl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for perl fixes the following issues: Security issues fixed: - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. (bnc#1057724) - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. (bnc#1057721) - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes: - backport set_capture_string changes from upstream (bsc#999735) - reformat baselibs.conf as source validator workaround Moderate SUSE bug 1047178 SUSE bug 1057721 SUSE bug 1057724 SUSE bug 999735 CVE-2017-12837 CVE-2017-12883 CVE-2017-6512 cpe:/o:suse:sles:12:sp2 Security update for kernel-firmware (Important) SUSE Linux Enterprise Server 12 SP2 This update for kernel-firmware fixes the following issues: - Update Intel WiFi firmwares for the 3160, 7260 and 7265 adapters. Security issues fixed are part of the 'KRACK' attacks affecting the firmware: - CVE-2017-13080: The reinstallation of the Group Temporal key could be used for replay attacks (bsc#1066295): - CVE-2017-13081: The reinstallation of the Integrity Group Temporal key could be used for replay attacks (bsc#1066295): Important SUSE bug 1066295 CVE-2017-13080 CVE-2017-13081 cpe:/o:suse:sles:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-14746: Use-after-free vulnerability (bsc#1060427). - CVE-2017-15275: Server heap memory information leak (bsc#1063008). Bug fixes: - Update 'winbind expand groups' doc in smb.conf man page (bsc#1027593). Important SUSE bug 1027593 SUSE bug 1060427 SUSE bug 1063008 CVE-2017-14746 CVE-2017-15275 cpe:/o:suse:sles:12:sp2 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libxml2 fixes the following issues: * CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] * Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] * CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not detected by the recursion limits, allowing for DoS (bsc#1017497). For CVE-2016-9318 we decided not to ship a fix since it can break existing setups. Please take appropriate actions if you parse untrusted XML files and use the new -noxxe flag if possible (bnc#1010675, bnc#1013930). Moderate SUSE bug 1005544 SUSE bug 1010675 SUSE bug 1013930 SUSE bug 1014873 SUSE bug 1017497 CVE-2016-4658 CVE-2016-9318 CVE-2016-9597 cpe:/o:suse:sles:12:sp2 Security update for guile (Low) SUSE Linux Enterprise Server 12 SP2 This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). Low SUSE bug 1004221 CVE-2016-8605 cpe:/o:suse:sles:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openssl fixes the following issues: Security issues fixed: - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) Moderate SUSE bug 1055825 SUSE bug 1056058 SUSE bug 1065363 SUSE bug 1066242 CVE-2017-3735 CVE-2017-3736 cpe:/o:suse:sles:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2 GNU binutil was updated to the 2.29.1 release, bringing various new features, fixing a lot of bugs and security issues. Following security issues are being addressed by this release: * 18750 bsc#1030296 CVE-2014-9939 * 20891 bsc#1030585 CVE-2017-7225 * 20892 bsc#1030588 CVE-2017-7224 * 20898 bsc#1030589 CVE-2017-7223 * 20905 bsc#1030584 CVE-2017-7226 * 20908 bsc#1031644 CVE-2017-7299 * 20909 bsc#1031656 CVE-2017-7300 * 20921 bsc#1031595 CVE-2017-7302 * 20922 bsc#1031593 CVE-2017-7303 * 20924 bsc#1031638 CVE-2017-7301 * 20931 bsc#1031590 CVE-2017-7304 * 21135 bsc#1030298 CVE-2017-7209 * 21137 bsc#1029909 CVE-2017-6965 * 21139 bsc#1029908 CVE-2017-6966 * 21156 bsc#1029907 CVE-2017-6969 * 21157 bsc#1030297 CVE-2017-7210 * 21409 bsc#1037052 CVE-2017-8392 * 21412 bsc#1037057 CVE-2017-8393 * 21414 bsc#1037061 CVE-2017-8394 * 21432 bsc#1037066 CVE-2017-8396 * 21440 bsc#1037273 CVE-2017-8421 * 21580 bsc#1044891 CVE-2017-9746 * 21581 bsc#1044897 CVE-2017-9747 * 21582 bsc#1044901 CVE-2017-9748 * 21587 bsc#1044909 CVE-2017-9750 * 21594 bsc#1044925 CVE-2017-9755 * 21595 bsc#1044927 CVE-2017-9756 * 21787 bsc#1052518 CVE-2017-12448 * 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 * 21933 bsc#1053347 CVE-2017-12799 * 21990 bsc#1058480 CVE-2017-14333 * 22018 bsc#1056312 CVE-2017-13757 * 22047 bsc#1057144 CVE-2017-14129 * 22058 bsc#1057149 CVE-2017-14130 * 22059 bsc#1057139 CVE-2017-14128 * 22113 bsc#1059050 CVE-2017-14529 * 22148 bsc#1060599 CVE-2017-14745 * 22163 bsc#1061241 CVE-2017-14974 * 22170 bsc#1060621 CVE-2017-14729 Update to binutils 2.29. [fate#321454, fate#321494, fate#323293]: * The MIPS port now supports microMIPS eXtended Physical Addressing (XPA) instructions for assembly and disassembly. * The MIPS port now supports the microMIPS Release 5 ISA for assembly and disassembly. * The MIPS port now supports the Imagination interAptiv MR2 processor, which implements the MIPS32r3 ISA, the MIPS16e2 ASE as well as a couple of implementation-specific regular MIPS and MIPS16e2 ASE instructions. * The SPARC port now supports the SPARC M8 processor, which implements the Oracle SPARC Architecture 2017. * The MIPS port now supports the MIPS16e2 ASE for assembly and disassembly. * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX. * Add support for the wasm32 ELF conversion of the WebAssembly file format. * Add --inlines option to objdump, which extends the --line-numbers option so that inlined functions will display their nesting information. * Add --merge-notes options to objcopy to reduce the size of notes in a binary file by merging and deleting redundant notes. * Add support for locating separate debug info files using the build-id method, where the separate file has a name based upon the build-id of the original file. - GAS specific: * Add support for ELF SHF_GNU_MBIND. * Add support for the WebAssembly file format and wasm32 ELF conversion. * PowerPC gas now checks that the correct register class is used in instructions. For instance, 'addi %f4,%cr3,%r31' warns three times that the registers are invalid. * Add support for the Texas Instruments PRU processor. * Support for the ARMv8-R architecture and Cortex-R52 processor has been added to the ARM port. - GNU ld specific: * Support for -z shstk in the x86 ELF linker to generate GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties. * Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties in the x86 ELF linker. * Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program properties in the x86 ELF linker. * Support for -z ibtplt in the x86 ELF linker to generate IBT-enabled PLT. * Support for -z ibt in the x86 ELF linker to generate IBT-enabled PLT as well as GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program properties. * Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX. * Add support for ELF GNU program properties. * Add support for the Texas Instruments PRU processor. * When configuring for arc*-*-linux* targets the default linker emulation will change if --with-cpu=nps400 is used at configure time. * Improve assignment of LMAs to orphan sections in some edge cases where a mixture of both AT>LMA_REGION and AT(LMA) are used. * Orphan sections placed after an empty section that has an AT(LMA) will now take an load memory address starting from LMA. * Section groups can now be resolved (the group deleted and the group members placed like normal sections) at partial link time either using the new linker option --force-group-allocation or by placing FORCE_GROUP_ALLOCATION into the linker script. - Add riscv64 target, tested with gcc7 and downstream newlib 2.4.0 - Prepare riscv32 target (gh#riscv/riscv-newlib#8) - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] Minor security bugs fixed: PR 21147, PR 21148, PR 21149, PR 21150, PR 21151, PR 21155, PR 21158, PR 21159 - Update to binutils 2.28. * Add support for locating separate debug info files using the build-id method, where the separate file has a name based upon the build-id of the original file. * This version of binutils fixes a problem with PowerPC VLE 16A and 16D relocations which were functionally swapped, for example, R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D performed like R_PPC_VLE_HA16A. This could have been fixed by renumbering relocations, which would keep object files created by an older version of gas compatible with a newer ld. However, that would require an ABI update, affecting other assemblers and linkers that create and process the relocations correctly. It is recommended that all VLE object files be recompiled, but ld can modify the relocations if --vle-reloc-fixup is passed to ld. If the new ld command line option is not used, ld will ld warn on finding relocations inconsistent with the instructions being relocated. * The nm program has a new command line option (--with-version-strings) which will display a symbol's version information, if any, after the symbol's name. * The ARC port of objdump now accepts a -M option to specify the extra instruction class(es) that should be disassembled. * The --remove-section option for objcopy and strip now accepts section patterns starting with an exclamation point to indicate a non-matching section. A non-matching section is removed from the set of sections matched by an earlier --remove-section pattern. * The --only-section option for objcopy now accepts section patterns starting with an exclamation point to indicate a non-matching section. A non-matching section is removed from the set of sections matched by an earlier --only-section pattern. * New --remove-relocations=SECTIONPATTERN option for objcopy and strip. This option can be used to remove sections containing relocations. The SECTIONPATTERN is the section to which the relocations apply, not the relocation section itself. - GAS specific: * Add support for the RISC-V architecture. * Add support for the ARM Cortex-M23 and Cortex-M33 processors. - GNU ld specific: * The EXCLUDE_FILE linker script construct can now be applied outside of the section list in order for the exclusions to apply over all input sections in the list. * Add support for the RISC-V architecture. * The command line option --no-eh-frame-hdr can now be used in ELF based linkers to disable the automatic generation of .eh_frame_hdr sections. * Add --in-implib=<infile> to the ARM linker to enable specifying a set of Secure Gateway veneers that must exist in the output import library specified by --out-implib=<outfile> and the address they must have. As such, --in-implib is only supported in combination with --cmse-implib. * Extended the --out-implib=<file> option, previously restricted to x86 PE targets, to any ELF based target. This allows the generation of an import library for an ELF executable, which can then be used by another application to link against the executable. - GOLD specific: * Add -z bndplt option (x86-64 only) to support Intel MPX. * Add --orphan-handling option. * Add --stub-group-multi option (PowerPC only). * Add --target1-rel, --target1-abs, --target2 options (Arm only). * Add -z stack-size option. * Add --be8 option (Arm only). * Add HIDDEN support in linker scripts. * Add SORT_BY_INIT_PRIORITY support in linker scripts. - Other fixes: * Fix section alignment on .gnu_debuglink. [bso#21193] * Add s390x to gold_archs. * Fix alignment frags for aarch64 (bsc#1003846) * Call ldconfig for libbfd * Fix an assembler problem with clang on ARM. * Restore monotonically increasing section offsets. - Update to binutils 2.27. * Add a configure option, --enable-64-bit-archive, to force use of a 64-bit format when creating an archive symbol index. * Add --elf-stt-common= option to objcopy for ELF targets to control whether to convert common symbols to the STT_COMMON type. - GAS specific: * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets. * Add --no-pad-sections to stop the assembler from padding the end of output sections up to their alignment boundary. * Support for the ARMv8-M architecture has been added to the ARM port. Support for the ARMv8-M Security and DSP Extensions has also been added to the ARM port. * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and .extCoreRegister pseudo-ops that allow an user to define custom instructions, conditional codes, auxiliary and core registers. * Add a configure option --enable-elf-stt-common to decide whether ELF assembler should generate common symbols with the STT_COMMON type by default. Default to no. * New command line option --elf-stt-common= for ELF targets to control whether to generate common symbols with the STT_COMMON type. * Add ability to set section flags and types via numeric values for ELF based targets. * Add a configure option --enable-x86-relax-relocations to decide whether x86 assembler should generate relax relocations by default. Default to yes, except for x86 Solaris targets older than Solaris 12. * New command line option -mrelax-relocations= for x86 target to control whether to generate relax relocations. * New command line option -mfence-as-lock-add=yes for x86 target to encode lfence, mfence and sfence as 'lock addl $0x0, (%[re]sp)'. * Add assembly-time relaxation option for ARC cpus. * Add --with-cpu=TYPE configure option for ARC gas. This allows the default cpu type to be adjusted at configure time. - GOLD specific: * Add a configure option --enable-relro to decide whether -z relro should be enabled by default. Default to yes. * Add support for s390, MIPS, AArch64, and TILE-Gx architectures. * Add support for STT_GNU_IFUNC symbols. * Add support for incremental linking (--incremental). - GNU ld specific: * Add a configure option --enable-relro to decide whether -z relro should be enabled in ELF linker by default. Default to yes for all Linux targets except FRV, HPPA, IA64 and MIPS. * Support for -z noreloc-overflow in the x86-64 ELF linker to disable relocation overflow check. * Add -z common/-z nocommon options for ELF targets to control whether to convert common symbols to the STT_COMMON type during a relocatable link. * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which avoids dynamic relocations against undefined weak symbols in executable. * The NOCROSSREFSTO command was added to the linker script language. * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply link-time values for dynamic relocations. Moderate SUSE bug 1003846 SUSE bug 1025282 SUSE bug 1029907 SUSE bug 1029908 SUSE bug 1029909 SUSE bug 1029995 SUSE bug 1030296 SUSE bug 1030297 SUSE bug 1030298 SUSE bug 1030583 SUSE bug 1030584 SUSE bug 1030585 SUSE bug 1030588 SUSE bug 1030589 SUSE bug 1031590 SUSE bug 1031593 SUSE bug 1031595 SUSE bug 1031638 SUSE bug 1031644 SUSE bug 1031656 SUSE bug 1033122 SUSE bug 1037052 SUSE bug 1037057 SUSE bug 1037061 SUSE bug 1037062 SUSE bug 1037066 SUSE bug 1037070 SUSE bug 1037072 SUSE bug 1037273 SUSE bug 1038874 SUSE bug 1038875 SUSE bug 1038876 SUSE bug 1038877 SUSE bug 1038878 SUSE bug 1038880 SUSE bug 1038881 SUSE bug 1044891 SUSE bug 1044897 SUSE bug 1044901 SUSE bug 1044909 SUSE bug 1044925 SUSE bug 1044927 SUSE bug 1046094 SUSE bug 1052061 SUSE bug 1052496 SUSE bug 1052503 SUSE bug 1052507 SUSE bug 1052509 SUSE bug 1052511 SUSE bug 1052514 SUSE bug 1052518 SUSE bug 1053347 SUSE bug 1056312 SUSE bug 1056437 SUSE bug 1057139 SUSE bug 1057144 SUSE bug 1057149 SUSE bug 1058480 SUSE bug 1059050 SUSE bug 1060599 SUSE bug 1060621 SUSE bug 1061241 SUSE bug 437293 SUSE bug 445037 SUSE bug 546106 SUSE bug 561142 SUSE bug 578249 SUSE bug 590820 SUSE bug 691290 SUSE bug 698346 SUSE bug 713504 SUSE bug 776968 SUSE bug 863764 SUSE bug 938658 SUSE bug 970239 CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-12452 CVE-2017-12453 CVE-2017-12454 CVE-2017-12456 CVE-2017-12799 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130 CVE-2017-14333 CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14974 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7227 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-7614 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8395 CVE-2017-8396 CVE-2017-8397 CVE-2017-8398 CVE-2017-8421 CVE-2017-9038 CVE-2017-9039 CVE-2017-9040 CVE-2017-9041 CVE-2017-9042 CVE-2017-9043 CVE-2017-9044 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2017-9954 CVE-2017-9955 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen to version 4.7.4 (bsc#1027519) fixes several issues. This new feature was added: - Support migration of HVM domains larger than 1 TB These security issues were fixed: - bsc#1068187: Failure to recognize errors in the Populate on Demand (PoD) code allowed for DoS (XSA-246) - bsc#1068191: Missing p2m error checking in PoD code allowed unprivileged guests to retain a writable mapping of freed memory leading to information leaks, privilege escalation or DoS (XSA-247). - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation (bsc#1063123) - CVE-2017-15597: A grant copy operation being done on a grant of a dying domain allowed a malicious guest administrator to corrupt hypervisor memory, allowing for DoS or potentially privilege escalation and information leaks (bsc#1061075). This non-security issue was fixed: - bsc#1055047: Fixed --initrd-inject option in virt-install Important SUSE bug 1027519 SUSE bug 1055047 SUSE bug 1061075 SUSE bug 1063123 SUSE bug 1068187 SUSE bug 1068191 CVE-2017-15289 CVE-2017-15597 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2 This update for MozillaFirefox ESR 52.5 fixes the following issues: Security issues fixed: - CVE-2017-7826: Memory safety bugs fixed (bsc#1068101). - CVE-2017-7828: Use-after-free of PressShell while restyling layout (bsc#1068101). - CVE-2017-7830: Cross-origin URL information leak through Resource Timing API (bsc#1068101). Mozilla Foundation Security Advisory (MFSA 2017-25): - https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/ Important SUSE bug 1068101 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 cpe:/o:suse:sles:12:sp2 Security update for zlib (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for zlib fixes the following issues: CVE-2016-9843: Big-endian out-of-bounds pointer CVE-2016-9842: Undefined Left Shift of Negative Number (bsc#1003580) CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c (bsc#1003579) Incompatible declarations for external linkage function deflate (bsc#1003577) Moderate SUSE bug 1003577 SUSE bug 1003579 SUSE bug 1003580 SUSE bug 1013882 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 cpe:/o:suse:sles:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2 This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Important SUSE bug 1023078 SUSE bug 1023079 CVE-2016-9577 CVE-2016-9578 cpe:/o:suse:sles:12:sp2 Security update for libXcursor (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libXcursor fixes the following issues: Security issue fixed: - CVE-2017-16612: Fix integeroverflow while parsing images and a signedness issue while parsing comments (bsc#1065386). Moderate SUSE bug 1065386 CVE-2017-16612 cpe:/o:suse:sles:12:sp2 Security update for shibboleth-sp (Important) SUSE Linux Enterprise Server 12 SP2 This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2017-16852: Fix critical security checks in the Dynamic MetadataProvider plugin in Shibboleth Service (bsc#1068689). Important SUSE bug 1068689 CVE-2017-16852 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000405: A bug in the THP CoW support could be used by local attackers to corrupt memory of other processes and cause them to crash (bnc#1069496). - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702). The following non-security bugs were fixed: Fix a build issue on ppc64le systems (bsc#1070805) Important SUSE bug 1069496 SUSE bug 1069702 SUSE bug 1070805 CVE-2017-1000405 CVE-2017-16939 cpe:/o:suse:sles:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openssh fixes the following issues: Security issue fixed: - CVE-2017-15906: Stricter checking of operations in read-only mode in sftp server (bsc#1065000). Bug fixes: - FIPS: Startup selfchecks (bsc#1068310). - FIPS: Silent complaints about unsupported key exchange methods (bsc#1006166). - Refine handling of sockets for X11 forwarding to remove reintroduced CVE-2008-1483 (bsc#1069509). - Test configuration before running daemon to prevent looping resulting in service shutdown (bsc#1048367) Moderate SUSE bug 1006166 SUSE bug 1048367 SUSE bug 1065000 SUSE bug 1068310 SUSE bug 1069509 CVE-2008-1483 CVE-2017-15906 cpe:/o:suse:sles:12:sp2 Security update for opensaml (Important) SUSE Linux Enterprise Server 12 SP2 This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks (bsc#1068685). Important SUSE bug 1068685 CVE-2017-16853 cpe:/o:suse:sles:12:sp2 Security update for libapr-util1 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libapr-util1 fixes the following issues: Security issue fixed: - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) Moderate SUSE bug 1064990 CVE-2017-12618 cpe:/o:suse:sles:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2 This mariadb version update to 10.0.29 fixes the following issues: - CVE-2017-3318: unspecified vulnerability affecting Error Handling (bsc#1020896) - CVE-2017-3317: unspecified vulnerability affecting Logging (bsc#1020894) - CVE-2017-3312: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 (bsc#1020873) - CVE-2017-3291: unrestricted mysqld_safe's ledir (bsc#1020884) - CVE-2017-3265: unsafe chmod/chown use in init script (bsc#1020885) - CVE-2017-3258: unspecified vulnerability in the DDL component (bsc#1020875) - CVE-2017-3257: unspecified vulnerability affecting InnoDB (bsc#1020878) - CVE-2017-3244: unspecified vulnerability affecing the DML component (bsc#1020877) - CVE-2017-3243: unspecified vulnerability affecting the Charsets component (bsc#1020891) - CVE-2017-3238: unspecified vulnerability affecting the Optimizer component (bsc#1020882) - CVE-2016-6664: Root Privilege Escalation (bsc#1008253) - Applications using the client library for MySQL (libmysqlclient.so) had a use-after-free issue that could cause the applications to crash (bsc#1022428) - notable changes: * XtraDB updated to 5.6.34-79.1 * TokuDB updated to 5.6.34-79.1 * Innodb updated to 5.6.35 * Performance Schema updated to 5.6.35 Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10029-release-notes * https://kb.askmonty.org/en/mariadb-10029-changelog Important SUSE bug 1008253 SUSE bug 1020868 SUSE bug 1020873 SUSE bug 1020875 SUSE bug 1020877 SUSE bug 1020878 SUSE bug 1020882 SUSE bug 1020884 SUSE bug 1020885 SUSE bug 1020891 SUSE bug 1020894 SUSE bug 1020896 SUSE bug 1022428 CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3312 CVE-2017-3317 CVE-2017-3318 cpe:/o:suse:sles:12:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 12 SP2 This update for openssl fixes the following issues: - OpenSSL Security Advisory [07 Dec 2017] * CVE-2017-3737: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \'error state\' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. (bsc#1071905) * CVE-2017-3738: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. (bsc#1071906) Important SUSE bug 1071905 SUSE bug 1071906 CVE-2017-3737 CVE-2017-3738 cpe:/o:suse:sles:12:sp2 Security update for expat (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for expat fixes the following security issues: - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Moderate SUSE bug 983215 SUSE bug 983216 CVE-2012-6702 CVE-2016-5300 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: * CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service [bsc#1061254] * CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service [bsc#1060176] * Memory leak in WriteINLINEImage in coders/inline.c could lead to denial of service [bsc#1052744] * CVE-2017-14607: out of bounds read flaw related to ReadTIFFImagehas could possibly disclose potentially sensitive memory [bsc#1059778] * CVE-2017-11640: NULL pointer deref in WritePTIFImage() in coders/tiff.c [bsc#1050632] * CVE-2017-14342: a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1058485] * CVE-2017-14341: Infinite loop in the ReadWPGImage function [bsc#1058637] * CVE-2017-16546: problem in the function ReadWPGImage in coders/wpg.c could lead to denial of service [bsc#1067181] * CVE-2017-16545: The ReadWPGImage function in coders/wpg.c in validation problems could lead to denial of service [bsc#1067184] * CVE-2017-16669: problem in coders/wpg.c could allow remote attackers to cause a denial of service via crafted file [bsc#1067409] * CVE-2017-14175: Lack of End of File check could lead to denial of service [bsc#1057719] * CVE-2017-14138: memory leak vulnerability in ReadWEBPImage in coders/webp.c could lead to denial of service [bsc#1057157] * CVE-2017-13769: denial of service issue in function WriteTHUMBNAILImage in coders/thumbnail.c [bsc#1056432] * CVE-2017-13134: a heap-based buffer over-read was found in thefunction SFWScan in coders/sfw.c, which allows attackers to cause adenial of service via a crafted file. [bsc#1055214] * CVE-2017-15217: memory leak in ReadSGIImage in coders/sgi.c [bsc#1062750] * CVE-2017-11478: ReadOneDJVUImage in coders/djvu.c in ImageMagick allows remote attackers to cause a DoS [bsc#1049796] * CVE-2017-15930: Null Pointer dereference while transfering JPEG scanlines could lead to denial of service [bsc#1066003] * CVE-2017-12983: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c inImageMagick 7.0.6-8 allows remote attackers to cause a denial of service [bsc#1054757] * CVE-2017-14531: memory exhaustion issue in ReadSUNImage incoders/sun.c. [bsc#1059666] * CVE-2017-12435: Memory exhaustion in ReadSUNImage in coders/sun.c, which allows attackers to cause denial of service [bsc#1052553] * CVE-2017-12587: User controlable large loop in the ReadPWPImage in coders\pwp.c could lead to denial of service [bsc#1052450] * CVE-2017-11523: ReadTXTImage in coders/txt.c allows remote attackers to cause a denial of service [bsc#1050083] * CVE-2017-14173: unction ReadTXTImage is vulnerable to a integer overflow that could lead to denial of service [bsc#1057729] * CVE-2017-11188: ImageMagick: The ReadDPXImage function in codersdpx.c in ImageMagick 7.0.6-0 has a largeloop vulnerability that can cause CPU exhaustion via a crafted DPX file, relatedto lack of an EOF check. [bnc#1048457] * CVE-2017-11527: ImageMagick: ReadDPXImage in coders/dpx.c allows remote attackers to cause DoS [bnc#1050116] * CVE-2017-11535: GraphicsMagick, ImageMagick: Heap-based buffer over-read in WritePSImage() in coders/ps.c [bnc#1050139] * CVE-2017-11752: ImageMagick: ReadMAGICKImage in coders/magick.c allows to cause DoS [bnc#1051441] * CVE-2017-12140: ImageMagick: ReadDCMImage in codersdcm.c has a ninteger signedness error leading to excessive memory consumption [bnc#1051847] * CVE-2017-12669: ImageMagick: Memory leak in WriteCALSImage in coders/cals.c [bnc#1052689] * CVE-2017-12662: GraphicsMagick, ImageMagick: Memory leak in WritePDFImage in coders/pdf.c [bnc#1052758] * CVE-2017-12644: ImageMagick: Memory leak in ReadDCMImage in codersdcm.c [bnc#1052764] * CVE-2017-14172: ImageMagick: Lack of end of file check in ReadPSImage() could lead to a denial of service [bnc#1057730] * CVE-2017-14733: GraphicsMagick: Heap overflow on ReadRLEImage in coders/rle.c could lead to denial of service [bnc#1060577] Important SUSE bug 1048457 SUSE bug 1049796 SUSE bug 1050083 SUSE bug 1050116 SUSE bug 1050139 SUSE bug 1050632 SUSE bug 1051441 SUSE bug 1051847 SUSE bug 1052450 SUSE bug 1052553 SUSE bug 1052689 SUSE bug 1052744 SUSE bug 1052758 SUSE bug 1052764 SUSE bug 1054757 SUSE bug 1055214 SUSE bug 1056432 SUSE bug 1057157 SUSE bug 1057719 SUSE bug 1057729 SUSE bug 1057730 SUSE bug 1058485 SUSE bug 1058637 SUSE bug 1059666 SUSE bug 1059778 SUSE bug 1060176 SUSE bug 1060577 SUSE bug 1061254 SUSE bug 1062750 SUSE bug 1066003 SUSE bug 1067181 SUSE bug 1067184 SUSE bug 1067409 CVE-2017-11188 CVE-2017-11478 CVE-2017-11523 CVE-2017-11527 CVE-2017-11535 CVE-2017-11640 CVE-2017-11752 CVE-2017-12140 CVE-2017-12435 CVE-2017-12587 CVE-2017-12644 CVE-2017-12662 CVE-2017-12669 CVE-2017-12983 CVE-2017-13134 CVE-2017-13769 CVE-2017-14138 CVE-2017-14172 CVE-2017-14173 CVE-2017-14175 CVE-2017-14341 CVE-2017-14342 CVE-2017-14531 CVE-2017-14607 CVE-2017-14682 CVE-2017-14733 CVE-2017-14989 CVE-2017-15217 CVE-2017-15930 CVE-2017-16545 CVE-2017-16546 CVE-2017-16669 cpe:/o:suse:sles:12:sp2 Security update for postgresql96 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for postgresql96 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-15099: Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions and RLS policies in all cases (bsc#1067841). Bug fixes: - Update to version 9.6.6: * https://www.postgresql.org/docs/9.6/static/release-9-6-6.html * https://www.postgresql.org/docs/9.6/static/release-9-6-5.html Moderate SUSE bug 1067841 SUSE bug 1067844 CVE-2017-15098 CVE-2017-15099 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.103 to receive various security and bugfixes. This update enables SMB encryption in the CIFS support in the Linux Kernel (fate#324404) The following security bugs were fixed: - CVE-2017-1000410: The Linux kernel was affected by an information leak in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. (bnc#1070535). - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231). - CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (bnc#1066192). - CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-16528: sound/core/seq_device.c in the Linux kernel allowed local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066629). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16645: The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067132). - CVE-2017-16646: drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067105). - CVE-2017-16994: The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandled holes in hugetlb ranges, which allowed local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (bnc#1069996). - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693). - CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694). - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695). - CVE-2017-7482: Fixed an overflow when decoding a krb5 principal. (bnc#1046107). - CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771). The following non-security bugs were fixed: - adm80211: return an error if adm8211_alloc_rings() fails (bsc#1031717). - adv7604: Initialize drive strength to default when using DT (bnc#1012382). - af_netlink: ensure that NLMSG_DONE never fails in dumps (bnc#1012382). - alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382). - alsa: caiaq: Fix stray URB at probe error path (bnc#1012382). - alsa: compress: Remove unused variable (bnc#1012382). - alsa: hda: Add Raven PCI ID (bnc#1012382). - alsa: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE (bnc#1012382). - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc236 (bnc#1012382). - alsa: hda - No loopback on ALC299 codec (git-fixes). - alsa: hda/realtek: Add headset mic support for Intel NUC Skull Canyon (bsc#1031717). - alsa: hda/realtek - Add new codec ID ALC299 (bnc#1012382). - alsa: hda/realtek - Add support for ALC236/ALC3204 (bnc#1012382). - alsa: hda/realtek - Fix ALC700 family no sound issue (bsc#1031717). - alsa: hda: Remove superfluous '-' added by printk conversion (bnc#1012382). - alsa: line6: Fix leftover URB at error-path during probe (bnc#1012382). - alsa: pcm: update tstamp only if audio_tstamp changed (bsc#1031717). - alsa: seq: Avoid invalid lockdep class warning (bsc#1031717). - alsa: seq: Enable 'use' locking in all configurations (bnc#1012382). - alsa: seq: Fix copy_from_user() call inside lock (bnc#1012382). - alsa: seq: Fix nested rwsem annotation for lockdep splat (bnc#1012382). - alsa: seq: Fix OSS sysex delivery in OSS emulation (bnc#1012382). - alsa: timer: Add missing mutex lock for compat ioctls (bnc#1012382). - alsa: timer: Remove kernel warning at compat ioctl error paths (bsc#1031717). - alsa: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital (bnc#1012382). - alsa: usb-audio: Add sanity checks in v2 clock parsers (bsc#1031717). - alsa: usb-audio: Add sanity checks to FE parser (bsc#1031717). - alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382). - alsa: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1031717). - alsa: usb-audio: Kill stray URB at exiting (bnc#1012382). - alsa: usb-audio: uac1: Invalidate ctl on interrupt (bsc#1031717). - alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382). - alsa: vx: Do not try to update capture stream before running (bnc#1012382). - alsa: vx: Fix possible transfer overflow (bnc#1012382). - Apply generic ppc build fixes to vanilla (bsc#1070805) - arm64: dts: NS2: reserve memory for Nitro firmware (bnc#1012382). - arm64: ensure __dump_instr() checks addr_limit (bnc#1012382). - arm64: fix dump_instr when PAN and UAO are in use (bnc#1012382). - arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382). - arm: 8715/1: add a private asm/unaligned.h (bnc#1012382). - arm: 8720/1: ensure dump_instr() checks addr_limit (bnc#1012382). - arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bnc#1012382). - arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bnc#1012382). - arm: crypto: reduce priority of bit-sliced AES cipher (bnc#1012382). - arm: dts: Fix am335x and dm814x scm syscon to probe children (bnc#1012382). - arm: dts: Fix compatible for ti81xx uarts for 8250 (bnc#1012382). - arm: dts: Fix omap3 off mode pull defines (bnc#1012382). - arm: dts: mvebu: pl310-cache disable double-linefill (bnc#1012382). - arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382). - arm: OMAP2+: Fix init for multiple quirks for the same SoC (bnc#1012382). - arm: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 (bnc#1012382). - arm: pxa: Do not rely on public mmc header to include leds.h (bnc#1012382). - arm: remove duplicate 'const' annotations' (bnc#1012382). - asm/sections: add helpers to check for section data (bsc#1063026). - asoc: adau17x1: Workaround for noise bug in ADC (bnc#1012382). - asoc: cs42l56: Fix reset GPIO name in example DT binding (bsc#1031717). - asoc: dapm: fix some pointer error handling (bnc#1012382). - asoc: dapm: handle probe deferrals (bnc#1012382). - asoc: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' (bsc#1031717). - asoc: rsnd: do not double free kctrl (bnc#1012382). - asoc: samsung: Fix possible double iounmap on s3c24xx driver probe failure (bsc#1031717). - asoc: wm_adsp: Do not overrun firmware file buffer when reading region data (bnc#1012382). - ata: ATA_BMDMA should depend on HAS_DMA (bnc#1012382). - ata: fixes kernel crash while tracing ata_eh_link_autopsy event (bnc#1012382). - ata: SATA_HIGHBANK should depend on HAS_DMA (bnc#1012382). - ata: SATA_MV should depend on HAS_DMA (bnc#1012382). - ath10k: convert warning about non-existent OTP board id to debug message (git-fixes). - ath10k: fix a warning during channel switch with multiple vaps (bsc#1031717). - ath10k: fix board data fetch error message (bsc#1031717). - ath10k: fix diag_read to collect data for larger memory (bsc#1031717). - ath10k: fix incorrect txpower set by P2P_DEVICE interface (bnc#1012382). - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() (bnc#1012382). - ath10k: free cached fw bin contents when get board id fails (bsc#1031717). - ath10k: ignore configuring the incorrect board_id (bnc#1012382). - ath10k: set CTS protection VDEV param only if VDEV is up (bnc#1012382). - ath9k_htc: check for underflow in ath9k_htc_rx_msg() (bsc#1031717). - ath9k: off by one in ath9k_hw_nvram_read_array() (bsc#1031717). - audit: log 32-bit socketcalls (bnc#1012382). - autofs: do not fail mount for transient error (bsc#1065180). - backlight: adp5520: Fix error handling in adp5520_bl_probe() (bnc#1012382). - backlight: lcd: Fix race condition during register (bnc#1012382). - bcache: check ca->alloc_thread initialized before wake up it (bnc#1012382). - block: Fix a race between blk_cleanup_queue() and timeout handling (FATE#319965, bsc#964944). - bluetooth: btusb: fix QCA Rome suspend/resume (bnc#1012382). - bnxt_en: Call firmware to approve the random VF MAC address (bsc#963575 FATE#320144). - bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps() (bsc#963575 FATE#320144). - bnxt_en: Fix possible corrupted NVRAM parameters from firmware response (bsc#963575 FATE#320144). - bnxt_en: Fix VF PCIe link speed and width logic (bsc#963575 FATE#320144). - bnxt_en: Re-arrange bnxt_hwrm_func_qcaps() (bsc#963575 FATE#320144). - bnxt_en: use eth_hw_addr_random() (bsc#963575 FATE#320144). - bonding: discard lowest hash bit for 802.3ad layer3+4 (bnc#1012382). - bpf: one perf event close won't free bpf program attached by another perf event (bnc#1012382). - bpf/verifier: reject BPF_ALU64|BPF_END (bnc#1012382). - brcmfmac: add length check in brcmf_cfg80211_escan_handler() (bnc#1012382). - brcmfmac: remove setting IBSS mode when stopping AP (bnc#1012382). - brcmfmac: setup passive scan if requested by user-space (bnc#1012382). - brcmsmac: make some local variables 'static const' to reduce stack size (bnc#1012382). - bridge: netlink: register netdevice before executing changelink (bnc#1012382). - bt8xx: fix memory leak (bnc#1012382). - btrfs: add a node counter to each of the rbtrees (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: add cond_resched() calls when resolving backrefs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: allow backref search checks for shared extents (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, add tracepoints for prelim_ref insertion and merging (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, add unode_aux_to_inode_list helper (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, cleanup __ namespace abuse (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: backref, constify some arguments (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: btrfs_check_shared should manage its own transaction (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: clean up extraneous computations in add_delayed_refs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: constify tracepoint arguments (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: convert prelimary reference tracking to use rbtrees (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: fix leak and use-after-free in resolve_indirect_refs (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: Fix typo in may_commit_transaction Rather than comparing the result of the percpu comparison I was comparing the value of the percpu counter against 0 or 1. - btrfs: remove ref_tree implementation from backref.c (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - btrfs: return the actual error value from from btrfs_uuid_tree_iterate (bnc#1012382). - btrfs: struct-funcs, constify readers (bsc#974590 bsc#1030061 bsc#1022914 bsc#1017461). - bus: mbus: fix window size calculation for 4GB windows (bnc#1012382). - can: c_can: do not indicate triple sampling support for D_CAN (bnc#1012382). - can: esd_usb2: Fix can_dlc value for received RTR, frames (bnc#1012382). - can: gs_usb: fix busy loop if no more TX context is available (bnc#1012382). - can: kvaser_usb: Correct return value in printout (bnc#1012382). - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages (bnc#1012382). - can: sun4i: fix loopback mode (bnc#1012382). - can: sun4i: handle overrun in RX FIFO (bnc#1012382). - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices (bnc#1012382). - ceph: avoid panic in create_session_open_msg() if utsname() returns NULL (bsc#1061451). - ceph: check negative offsets in ceph_llseek() (bsc#1061451). - ceph: clean up unsafe d_parent accesses in build_dentry_path (bnc#1012382). - ceph: unlock dangling spinlock in try_flush_caps() (bsc#1065639). - cgroup, net_cls: iterate the fds of only the tasks which are being migrated (bnc#1064926). - cifs: add build_path_from_dentry_optional_prefix() (fate#323482) - cifs: Add capability to decrypt big read responses (FATE#324404). Allow to decrypt transformed packets that are bigger than the big buffer size. In particular it is used for read responses that can only exceed the big buffer size. - cifs: Add capability to transform requests before sending (FATE#324404). This will allow us to do protocol specific tranformations of packets before sending to the server. For SMB3 it can be used to support encryption. - cifs: Add copy into pages callback for a read operation (FATE#324404). Since we have two different types of reads (pagecache and direct) we need to process such responses differently after decryption of a packet. The change allows to specify a callback that copies a read payload data into preallocated pages. - cifs: Add mid handle callback (FATE#324404). We need to process read responses differently because the data should go directly into preallocated pages. This can be done by specifying a mid handle callback. - cifs: Add soft dependencies (FATE#324404). List soft dependencies of cifs so that mkinitrd and dracut can include the required helper modules. - cifs: Add transform header handling callbacks (FATE#324404). We need to recognize and parse transformed packets in demultiplex thread to find a corresponsing mid and process it further. - cifs: add use_ipc flag to SMB2_ioctl() (fate#323482) - cifs: Allow to switch on encryption with seal mount option (FATE#324404). This allows users to inforce encryption for SMB3 shares if a server supports it. - cifs: check MaxPathNameComponentLength != 0 before using it (bnc#1012382). - cifs: Decrypt and process small encrypted packets (FATE#324404). Allow to decrypt transformed packets, find a corresponding mid and process as usual further. - cifs: do not bother with kmap on read_pages side (FATE#324404). just do ITER_BVEC recvmsg - cifs: Enable encryption during session setup phase (FATE#324404). In order to allow encryption on SMB connection we need to exchange a session key and generate encryption and decryption keys. - cifs: Encrypt SMB3 requests before sending (FATE#324404). This change allows to encrypt packets if it is required by a server for SMB sessions or tree connections. - cifs: fix circular locking dependency (bsc#1064701). - cifs: Fix some return values in case of error in 'crypt_message' (fate#324404). - cifs: Fix sparse warnings (fate#323482) - cifs: implement get_dfs_refer for SMB2+ (fate#323482) - cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482) - cifs: Make send_cancel take rqst as argument (FATE#324404). - cifs: Make SendReceive2() takes resp iov (FATE#324404). Now SendReceive2 frees the first iov and returns a response buffer in it that increases a code complexity. Simplify this by making a caller responsible for freeing request buffer itself and returning a response buffer in a separate iov. - cifs: move DFS response parsing out of SMB1 code (fate#323482) - cifs: no need to wank with copying and advancing iovec on recvmsg side either (FATE#324404). - cifs: Only select the required crypto modules (FATE#324404). The sha256 and cmac crypto modules are only needed for SMB2+, so move the select statements to config CIFS_SMB2. Also select CRYPTO_AES there as SMB2+ needs it. - cifs: Prepare for encryption support (first part). Add decryption and encryption key generation. (FATE#324404). - cifs_readv_receive: use cifs_read_from_socket() (FATE#324404). - cifs: Reconnect expired SMB sessions (bnc#1012382). - cifs: remove any preceding delimiter from prefix_path (fate#323482) - cifs: Send RFC1001 length in a separate iov (FATE#324404). In order to simplify further encryption support we need to separate RFC1001 length and SMB2 header when sending a request. Put the length field in iov[0] and the rest of the packet into following iovs. - cifs: Separate RFC1001 length processing for SMB2 read (FATE#324404). Allocate and initialize SMB2 read request without RFC1001 length field to directly call cifs_send_recv() rather than SendReceive2() in a read codepath. - cifs: Separate SMB2 header structure (FATE#324404). In order to support compounding and encryption we need to separate RFC1001 length field and SMB2 header structure because the protocol treats them differently. This change will allow to simplify parsing of such complex SMB2 packets further. - cifs: Separate SMB2 sync header processing (FATE#324404). Do not process RFC1001 length in smb2_hdr_assemble() because it is not a part of SMB2 header. This allows to cleanup the code and adds a possibility combine several SMB2 packets into one for compounding. - cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482) - cifs: Simplify SMB2 and SMB311 dependencies (FATE#324404). - clk: ti: dra7-atl-clock: fix child-node lookups (bnc#1012382). - clk: ti: dra7-atl-clock: Fix of_node reference counting (bnc#1012382). - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bnc#1012382). - cma: fix calculation of aligned offset (VM Functionality, bsc#1050060). - coda: fix 'kernel memory exposure attempt' in fsync (bnc#1012382). - cpufreq: CPPC: add ACPI_PROCESSOR dependency (bnc#1012382). - crypto: shash - Fix zero-length shash ahash digest crash (bnc#1012382). - crypto: vmx - disable preemption to enable vsx in aes_ctr.c (bnc#1012382). - crypto: x86/sha1-mb - fix panic due to unaligned access (bnc#1012382). - crypto: xts - Add ECB dependency (bnc#1012382). - cx231xx: Fix I2C on Internal Master 3 Bus (bnc#1012382). - cxgb4: Fix error codes in c4iw_create_cq() (bsc#1021424). - cxl: Fix DAR check & use REGION_ID instead of opencoding (bsc#1066223). - cxl: Fix leaking pid refs in some error paths (bsc#1066223). - cxl: Force context lock during EEH flow (bsc#1066223). - cxl: Prevent adapter reset if an active context exists (bsc#1066223). - cxl: Route eeh events to all drivers in cxl_pci_error_detected() (bsc#1066223). - direct-io: Prevent NULL pointer access in submit_page_section (bnc#1012382). - Disable patches.kernel.org/4.4.93-022-fix-unbalanced-page-refcounting-in-bio_map_use.patch (bsc#1070767) - dmaengine: dmatest: warn user when dma test times out (bnc#1012382). - dmaengine: edma: Align the memcpy acnt array size with the transfer (bnc#1012382). - dmaengine: zx: set DMA_CYCLIC cap_mask bit (bnc#1012382). - dm bufio: fix integer overflow when limiting maximum cache size (bnc#1012382). - dm: fix race between dm_get_from_kobject() and __dm_destroy() (bnc#1012382). - driver core: platform: Do not read past the end of 'driver_override' buffer (bnc#1012382). - drivers: dma-mapping: Do not leave an invalid area->pages pointer in dma_common_contiguous_remap() (Git-fixes, bsc#1065692). - drivers: firmware: psci: drop duplicate const from psci_of_match (bnc#1012382). - drivers: hv: fcopy: restore correct transfer length (bnc#1012382). - drm/amdgpu: when dpm disabled, also need to stop/start vce (bnc#1012382). - drm/amdkfd: fix improper return value on error (bnc#1012382). - drm/amdkfd: NULL dereference involving create_process() (bsc#1031717). - drm: Apply range restriction after color adjustment when allocation (bnc#1012382). - drm/armada: Fix compile fail (bnc#1012382). - drm: bridge: add DT bindings for TI ths8135 (bnc#1012382). - drm: drm_minor_register(): Clean up debugfs on failure (bnc#1012382). - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define (bnc#1012382). - drm: gma500: fix logic error (bsc#1031717). - drm/i915/bios: ignore HDMI on port A (bnc#1012382). - drm/i915/bxt: set min brightness from VBT (bsc#1031717). - drm/i915: Do not try indexed reads to alternate slave addresses (bsc#1031717). - drm/i915: fix backlight invert for non-zero minimum brightness (bsc#1031717). - drm/i915: Prevent zero length 'index' write (bsc#1031717). - drm/i915: Read timings from the correct transcoder in intel_crtc_mode_get() (bsc#1031717). - drm/msm: fix an integer overflow test (bnc#1012382). - drm/msm: Fix potential buffer overflow issue (bnc#1012382). - drm/nouveau/bsp/g92: disable by default (bnc#1012382). - drm/nouveau/gr: fallback to legacy paths during firmware lookup (bsc#1031717). - drm/nouveau/mmu: flush tlbs before deleting page tables (bnc#1012382). - drm/omap: Fix error handling path in 'omap_dmm_probe()' (bsc#1031717). - drm/panel: simple: Add missing panel_simple_unprepare() calls (bsc#1031717). - drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache (bnc#1012382). - drm/vc4: Fix leak of HDMI EDID (bsc#1031717). - drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue (bnc#1012382). - e1000e: Fix error path in link detection (bnc#1012382). - e1000e: Fix return value test (bnc#1012382). - e1000e: Separate signaling for link check/link up (bnc#1012382). - ecryptfs: fix dereference of NULL user_key_payload (bnc#1012382). - eCryptfs: use after free in ecryptfs_release_messaging() (bsc#1012829). - epoll: avoid calling ep_call_nested() from ep_poll_safewake() (bsc#1056427). - epoll: remove ep_call_nested() from ep_eventpoll_poll() (bsc#1056427). - ext4: cleanup goto next group (bsc#1066285). - ext4: do not allow encrypted operations without keys (bnc#1012382). patches.drivers/0001-iwlwifi-nvm-fix-up-phy-section-when-reading-it.patch. - ext4: do not use stripe_width if it is not set (bnc#1012382). - ext4: fix interaction between i_size, fallocate, and delalloc after a crash (bnc#1012382). - ext4: fix stripe-unaligned allocations (bnc#1012382). - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets (bnc#1012382). - ext4: reduce lock contention in __ext4_new_inode (bsc#1066285). - extcon: axp288: Use vbus-valid instead of -present to determine cable presence (bnc#1012382). - extcon: palmas: Check the parent instance to prevent the NULL (bnc#1012382). - exynos4-is: fimc-is: Unmap region obtained by of_iomap() (bnc#1012382). - exynos-gsc: Do not swap cb/cr for semi planar formats (bnc#1012382). - f2fs crypto: add missing locking for keyring_key access (bnc#1012382). - f2fs crypto: replace some BUG_ON()'s with error checks (bnc#1012382). - f2fs: do not wait for writeback in write_begin (bnc#1012382). - fealnx: Fix building error on MIPS (bnc#1012382). - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bnc#1012382). - Fix serial console on SNI RM400 machines (bsc#1031717). - Fix tracing sample code warning (bnc#1012382). - fix unbalanced page refcounting in bio_map_user_iov (bnc#1012382). - fix whitespace according to upstream commit - fm10k: request reset when mbx->state changes (bnc#1012382). - fm10k: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - fs/9p: Compare qid.path in v9fs_test_inode (bsc#1012829). - fs-cache: fix dereference of NULL user_key_payload (bnc#1012382). - fscrypt: fix dereference of NULL user_key_payload (bnc#1012382). - fscrypt: lock mutex before checking for bounce page pool (bnc#1012382). - fscrypto: require write access to mount to set encryption policy (bnc#1012382). - fs/epoll: cache leftmost node (bsc#1056427). - ftrace: Fix kmemleak in unregister_ftrace_graph (bnc#1012382). - fuse: fix READDIRPLUS skipping an entry (bnc#1012382). - gfs2: Fix reference to ERR_PTR in gfs2_glock_iter_next (bnc#1012382). - gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap (bnc#1012382). - hid: elo: clear BTN_LEFT mapping (bsc#1065866). - hid: i2c-hid: allocate hid buffers for real worst case (bnc#1012382). - hid: usbhid: fix out-of-bounds bug (bnc#1012382). - hpsa: correct lun data caching bitmap definition (bsc#1028971). - hsi: ssi_protocol: double free in ssip_pn_xmit() (bsc#1031717). - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes (bnc#1012382). - i2c: at91: ensure state is restored after suspending (bnc#1012382). - i2c: cadance: fix ctrl/addr reg write order (bsc#1031717). - i2c: imx: Use correct function to write to register (bsc#1031717). - i2c: ismt: Separate I2C block read from SMBus block read (bnc#1012382). - i2c: meson: fix wrong variable usage in meson_i2c_put_data (bnc#1012382). - i2c: riic: correctly finish transfers (bnc#1012382). - i2c: riic: fix restart condition (git-fixes). - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40e: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - i40evf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - i40iw: Add missing memory barriers (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix port number for query QP (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/core: Fix calculation of maximum RoCE MTU (bsc#1022595 FATE#322350). - ib/core: Fix for core panic (bsc#1022595 FATE#322350). - ib/core: Fix the validations of a multicast LID in attach or detach operations (bsc#1022595 FATE#322350). - ib/core: Namespace is mandatory input for address resolution (bsc#1022595 FATE#322350). - ib/i40iw: Fix error code in i40iw_create_cq() (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/ipoib: Change list_del to list_del_init in the tx object (bnc#1012382). - ib/ipoib: Clean error paths in add port (bsc#1022595 FATE#322350). - ib/ipoib: Fix deadlock over vlan_mutex (bnc#1012382). - ib/ipoib: Prevent setting negative values to max_nonsrq_conn_qp (bsc#1022595 FATE#322350). - ib/ipoib: Remove double pointer assigning (bsc#1022595 FATE#322350). - ib/ipoib: Replace list_del of the neigh->list with list_del_init (bnc#1012382). - ib/ipoib: rtnl_unlock can not come after free_netdev (bnc#1012382). - ib/ipoib: Set IPOIB_NEIGH_TBL_FLUSH after flushed completion initialization (bsc#1022595 FATE#322350). - ib/mlx5: Fix Raw Packet QP event handler assignment (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ib/mlx5: Fix RoCE Address Path fields (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: Add netdev_dbg output for debugging (fate#323285). - ibmvnic: Add vnic client data to login buffer (bsc#1069942). - ibmvnic: Convert vnic server reported statistics to cpu endian (fate#323285). - ibmvnic: Enable scatter-gather support (bsc#1066382). - ibmvnic: Enable TSO support (bsc#1066382). - ibmvnic: Feature implementation of Vital Product Data (VPD) for the ibmvnic driver (bsc#1069942). - ibmvnic: Fix calculation of number of TX header descriptors (bsc#1066382). - ibmvnic: fix dma_mapping_error call (bsc#1069942). - ibmvnic: Fix failover error path for non-fatal resets (bsc#1066382). - ibmvnic: Implement .get_channels (fate#323285). - ibmvnic: Implement .get_ringparam (fate#323285). - ibmvnic: Implement per-queue statistics reporting (fate#323285). - ibmvnic: Let users change net device features (bsc#1066382). - ibmvnic: Set state UP (bsc#1062962). - ibmvnic: Update reset infrastructure to support tunable parameters (bsc#1066382). - ib/qib: fix false-postive maybe-uninitialized warning (bnc#1012382). - ib/srp: Avoid that a cable pull can trigger a kernel crash (bsc#1022595 FATE#322350). - ib/srpt: Do not accept invalid initiator port names (bnc#1012382). - ib/uverbs: Fix device cleanup (bsc#1022595 FATE#322350). - ib/uverbs: Fix NULL pointer dereference during device removal (bsc#1022595 FATE#322350). - igb: close/suspend race in netif_device_detach (bnc#1012382). - igb: Fix hw_dbg logging in igb_update_flash_i210 (bnc#1012382). - igb: re-assign hw address pointer on reset after PCI error (bnc#1012382). - igb: reset the PHY before reading the PHY ID (bnc#1012382). - igb: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - igbvf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - iio: ad7793: Fix the serial interface reset (bnc#1012382). - iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications (bnc#1012382). - iio: adc: hx711: Add DT binding for avia,hx711 (bnc#1012382). - iio: adc: mcp320x: Fix oops on module unload (bnc#1012382). - iio: adc: mcp320x: Fix readout of negative voltages (bnc#1012382). - iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' (bnc#1012382). - iio: adc: xilinx: Fix error handling (bnc#1012382). - iio: ad_sigma_delta: Implement a dedicated reset function (bnc#1012382). - iio: core: Return error for failed read_reg (bnc#1012382). - iio: dummy: events: Add missing break (bsc#1031717). - iio: light: fix improper return value (bnc#1012382). - iio: trigger: free trigger resource correctly (bnc#1012382). - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS (bnc#1012382). - input: ar1021_i2c - fix too long name in driver's device table (bsc#1031717). - input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree (bsc#1031717). - input: elan_i2c - add ELAN060C to the ACPI table (bnc#1012382). - input: elan_i2c - add ELAN0611 to the ACPI table (bnc#1012382). - input: gtco - fix potential out-of-bound access (bnc#1012382). - input: mpr121 - handle multiple bits change of status register (bnc#1012382). - input: mpr121 - set missing event capability (bnc#1012382). - input: ti_am335x_tsc - fix incorrect step config for 5 wire touchscreen (bsc#1031717). - input: twl4030-pwrbutton - use correct device for irq request (bsc#1031717). - input: ucb1400_ts - fix suspend and resume handling (bsc#1031717). - input: uinput - avoid crash when sending FF request to device going away (bsc#1031717). - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bnc#1012382). - iommu/arm-smmu-v3: Clear prior settings when updating STEs (bnc#1012382). - iommu/io-pgtable-arm: Check for leaf entry before dereferencing it (bnc#1012382). - iommu/vt-d: Do not register bus-notifier under dmar_global_lock (bsc#1069793). - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err (bnc#1012382). - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header (bnc#1012382). - ipip: only increase err_count for some certain type icmp in ipip_err (bnc#1012382). - ipmi: Disable IPMI fix patches due to regression (bsc#1071833) - ipmi: fix unsigned long underflow (bnc#1012382). - ipmi: Pick up slave address from SMBIOS on an ACPI device (bsc#1070006). - ipmi: Prefer ACPI system interfaces over SMBIOS ones (bsc#1070006). - ipmi_si: Clean up printks (bsc#1070006). - ipmi_si: fix memory leak on new_smi (bsc#1070006). - ipsec: do not ignore crypto err in ah4 input (bnc#1012382). - ipv6: flowlabel: do not leave opt->tot_len with garbage (bnc#1012382). - ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER (bnc#1012382). - ipvs: make drop_entry protection effective for SIP-pe (bsc#1056365). - irqchip/crossbar: Fix incorrect type of local variables (bnc#1012382). - isa: Prevent NULL dereference in isa_bus driver callbacks (bsc#1031717). - iscsi-target: Fix non-immediate TMR reference leak (bnc#1012382). - isdn/i4l: fetch the ppp_write buffer in one shot (bnc#1012382). - isofs: fix timestamps beyond 2027 (bnc#1012382). - iwlwifi: add workaround to disable wide channels in 5GHz (bnc#1012382). - iwlwifi: mvm: fix the coex firmware API (bsc#1031717). - iwlwifi: mvm: return -ENODATA when reading the temperature with the FW down (bsc#1031717). - iwlwifi: mvm: set the RTS_MIMO_PROT bit in flag mask when sending sta to fw (bsc#1031717). - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD (bnc#1012382). - iwlwifi: split the regulatory rules when the bandwidth flags require it (bsc#1031717). - ixgbe: add mask for 64 RSS queues (bnc#1012382). - ixgbe: do not disable FEC from the driver (bnc#1012382). - ixgbe: fix AER error handling (bnc#1012382). - ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - ixgbe: Fix skb list corruption on Power systems (bnc#1012382). - ixgbe: handle close/suspend race with netif_device_detach/present (bnc#1012382). - ixgbe: Reduce I2C retry count on X550 devices (bnc#1012382). - ixgbevf: Use smp_rmb rather than read_barrier_depends (bnc#1012382). - kABI: protect struct l2tp_tunnel (kabi). - kABI: protect struct regulator_dev (kabi). - kABI: protect struct rm_data_op (kabi). - kABI: protect struct sdio_func (kabi). - kABI: protect structs rt_rq+root_domain (kabi). - kABI: protect typedef rds_rdma_cookie_t (kabi). - kernel-docs: unpack the source instead of using kernel-source (bsc#1057199). - kernel/sysctl.c: remove duplicate UINT_MAX check on do_proc_douintvec_conv() (bsc#1066470). - kernel/watchdog: Prevent false positives with turbo modes (bnc#1063516). - keys: do not let add_key() update an uninstantiated key (bnc#1012382). - keys: do not revoke uninstantiated key in request_key_auth_new() (bsc#1031717). - keys: encrypted: fix dereference of NULL user_key_payload (bnc#1012382). - keys: fix cred refcount leak in request_key_auth_new() (bsc#1031717). - keys: fix key refcount leak in keyctl_assume_authority() (bsc#1031717). - keys: fix key refcount leak in keyctl_read_key() (bsc#1031717). - keys: fix NULL pointer dereference during ASN.1 parsing [ver #2] (bnc#1012382). - keys: fix out-of-bounds read during ASN.1 parsing (bnc#1012382). - keys: Fix race between updating and finding a negative key (bnc#1012382). - keys: return full count in keyring_read() if buffer is too small (bnc#1012382). - keys: trusted: fix writing past end of buffer in trusted_read() (bnc#1012382). - keys: trusted: sanitize all key material (bnc#1012382). - kvm: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (bnc#1012382). - kvm: nVMX: set IDTR and GDTR limits when loading L1 host state (bnc#1012382). - kvm: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter (bnc#1012382). - kvm: SVM: obey guest PAT (bnc#1012382). - l2tp: Avoid schedule while atomic in exit_net (bnc#1012382). - l2tp: check ps->sock before running pppol2tp_session_ioctl() (bnc#1012382). - l2tp: fix race condition in l2tp_tunnel_delete (bnc#1012382). - libata: transport: Remove circular dependency at free time (bnc#1012382). - lib/digsig: fix dereference of NULL user_key_payload (bnc#1012382). - libertas: Fix lbs_prb_rsp_limit_set() (bsc#1031717). - lib/mpi: call cond_resched() from mpi_powm() loop (bnc#1012382). - libnvdimm, namespace: fix label initialization to use valid seq numbers (bnc#1012382). - libnvdimm, namespace: make 'resource' attribute only readable by root (bnc#1012382). - libnvdimm, pfn: make 'resource' attribute only readable by root (FATE#319858). - lib/ratelimit.c: use deferred printk() version (bsc#979928). - locking/lockdep: Add nest_lock integrity test (bnc#1012382). - lsm: fix smack_inode_removexattr and xattr_getsecurity memleak (bnc#1012382). - mac80211: agg-tx: call drv_wake_tx_queue in proper context (bsc#1031717). - mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472). - mac80211: do not send SMPS action frame in AP mode when not needed (bsc#1031717). - mac80211: Fix addition of mesh configuration element (git-fixes). - mac80211: Fix BW upgrade for TDLS peers (bsc#1031717). - mac80211: fix mgmt-tx abort cookie and leak (bsc#1031717). - mac80211: fix power saving clients handling in iwlwifi (bnc#1012382). - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length (bnc#1012382). - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() (bsc#1031717). - mac80211: Remove invalid flag operations in mesh TSF synchronization (bnc#1012382). - mac80211: Remove unused 'beaconint_us' variable (bsc#1031717). - mac80211: Remove unused 'i' variable (bsc#1031717). - mac80211: Remove unused 'len' variable (bsc#1031717). - mac80211: Remove unused 'rates_idx' variable (bsc#1031717). - mac80211: Remove unused 'sband' and 'local' variables (bsc#1031717). - mac80211: Remove unused 'struct ieee80211_rx_status' ptr (bsc#1031717). - mac80211: Suppress NEW_PEER_CANDIDATE event if no room (bnc#1012382). - mac80211: TDLS: always downgrade invalid chandefs (bsc#1031717). - mac80211: TDLS: change BW calculation for WIDER_BW peers (bsc#1031717). - mac80211: use constant time comparison with keys (bsc#1066471). - md/linear: shutup lockdep warnning (bnc#1012382). - md/raid10: submit bio directly to replacement disk (bnc#1012382). - media: au0828: fix RC_CORE dependency (bsc#1031717). - media: Do not do DMA on stack for firmware upload in the AS102 driver (bnc#1012382). - media: em28xx: calculate left volume level correctly (bsc#1031717). - media: mceusb: fix memory leaks in error path (bsc#1031717). - media: rc: check for integer overflow (bnc#1012382). - media: v4l2-ctrl: Fix flags field on Control events (bnc#1012382). - megaraid_sas: Do not fire MR_DCMD_PD_LIST_QUERY to controllers which do not support it (bsc#1027301). - mei: return error on notification request to a disconnected client (bnc#1012382). - mfd: ab8500-sysctrl: Handle probe deferral (bnc#1012382). - mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped (bnc#1012382). - misc: panel: properly restore atomic counter on error path (bnc#1012382). - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms array (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - mm/backing-dev.c: fix an error handling path in 'cgwb_create()' (bnc#1063475). - mmc: block: return error on failed mmc_blk_get() (bsc#1031717). - mmc: core/mmci: restore pre/post_req behaviour (bsc#1031717). - mmc: dw_mmc: rockchip: Set the drive phase properly (bsc#1031717). - mm: check the return value of lookup_page_ext for all call sites (bnc#1068982). - mmc: host: omap_hsmmc: avoid possible overflow of timeout value (bsc#1031717). - mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() (bsc#1031717). - mmc: mediatek: Fixed size in dma_free_coherent (bsc#1031717). - mm,compaction: serialize waitqueue_active() checks (for real) (bsc#971975). - mmc: s3cmci: include linux/interrupt.h for tasklet_struct (bnc#1012382). - mmc: sdio: fix alignment issue in struct sdio_func (bnc#1012382). - mmc: sd: limit SD card power limit according to cards capabilities (bsc#1031717). - mm: discard memblock data later (bnc#1063460). - mm, hwpoison: fixup 'mm: check the return value of lookup_page_ext for all call sites' (bnc#1012382). - mm/madvise.c: fix madvise() infinite loop under special circumstances (bnc#1070964). - mm/memblock.c: reversed logic in memblock_discard() (bnc#1063460). - mm: meminit: mark init_reserved_page as __meminit (bnc#1063509). - mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function (bnc#1063501). - mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long (bnc#1063520). - mm/page_alloc.c: broken deferred calculation (bnc#1068980). - mm, page_alloc: fix potential false positive in __zone_watermark_ok (Git-fixes, bsc#1068978). - mm/page_ext.c: check if page_ext is not prepared (bnc#1068982). - mm/page_owner: avoid null pointer dereference (bnc#1068982). - mm/pagewalk.c: report holes in hugetlb ranges (bnc#1012382). - net: 3com: typhoon: typhoon_init_one: fix incorrect return values (bnc#1012382). - net: 3com: typhoon: typhoon_init_one: make return values more specific (bnc#1012382). - net/9p: Switch to wait_event_killable() (bnc#1012382). - net: Allow IP_MULTICAST_IF to set index to L3 slave (bnc#1012382). - net: cdc_ether: fix divide by 0 on bad descriptors (bnc#1012382). - net: cdc_ncm: GetNtbFormat endian fix (git-fixes). - net: core: Prevent from dereferencing null pointer when releasing SKB (bnc#1012382). - net: dsa: select NET_SWITCHDEV (bnc#1012382). - net: emac: Fix napi poll list corruption (bnc#1012382). - netfilter: invoke synchronize_rcu after set the _hook_ to NULL (bnc#1012382). - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed (bnc#1012382). - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value (bnc#1012382). - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max (bnc#1012382). - netfilter: nf_tables: fix oob access (bnc#1012382). - netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family (bnc#1012382). - netfilter: nft_queue: use raw_smp_processor_id() (bnc#1012382). - net: ibm: ibmvnic: constify vio_device_id (fate#323285). - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs (bnc#1012382). - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bnc#1012382). - net/mlx5e: Fix wrong delay calculation for overflow check scheduling (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Schedule overflow check work to mlx5e workqueue (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Skip mlx5_unload_one if mlx5_load_one fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mvpp2: release reference to txq_cpu[] entry after unmapping (bnc#1012382). - net/packet: check length in getsockopt() called with PACKET_HDRLEN (bnc#1012382). - net: qmi_wwan: fix divide by 0 on bad descriptors (bnc#1012382). - net/sctp: Always set scope_id in sctp_inet6_skb_msgname (bnc#1012382). - net: Set sk_prot_creator when cloning sockets to the right proto (bnc#1012382). - net/unix: do not show information about sockets from other namespaces (bnc#1012382). - nfc: fix device-allocation error return (bnc#1012382). - nfsd/callback: Cleanup callback cred on shutdown (bnc#1012382). - nfsd: deal with revoked delegations appropriately (bnc#1012382). - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261). - nfs: Fix typo in nomigration mount option (bnc#1012382). - nfs: Fix ugly referral attributes (bnc#1012382). - nilfs2: fix race condition that causes file system corruption (bnc#1012382). - nl80211: Define policy for packet pattern attributes (bnc#1012382). - nvme: Fix memory order on async queue deletion (bnc#1012382). - nvme: protect against simultaneous shutdown invocations (FATE#319965 bnc#1012382 bsc#964944). - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (bnc#1012382). - ocfs2: should wait dio before inode lock in ocfs2_setattr() (bnc#1012382). - packet: avoid panic in packet_getsockopt() (bnc#1012382). - packet: only test po->has_vnet_hdr once in packet_snd (bnc#1012382). - parisc: Avoid trashing sr2 and sr3 in LWS code (bnc#1012382). - parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels (bnc#1012382). - parisc: Fix validity check of pointer size argument in new CAS implementation (bnc#1012382). - parisc: perf: Fix potential NULL pointer dereference (bnc#1012382). - partitions/efi: Fix integer overflow in GPT size calculation (bnc#1012382). - pci: Apply _HPX settings only to relevant devices (bnc#1012382). - pci: mvebu: Handle changes to the bridge windows while enabled (bnc#1012382). - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bnc#1012382). - perf tools: Fix build failure on perl script context (bnc#1012382). - perf tools: Only increase index if perf_evsel__new_idx() succeeds (bnc#1012382). - perf/x86/intel/bts: Fix exclusive event reference leak (git-fixes d2878d642a4ed). - phy: increase size of MII_BUS_ID_SIZE and bus_id (bnc#1012382). - pkcs#7: fix unitialized boolean 'want' (bnc#1012382). - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set (bnc#1012382). - platform/x86: acer-wmi: setup accelerometer when ACPI device was found (bsc#1031717). - platform/x86: hp-wmi: Do not shadow error values (bnc#1012382). - platform/x86: hp-wmi: Fix detection for dock and tablet mode (bnc#1012382). - platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state (bnc#1012382). - platform/x86: intel_mid_thermal: Fix module autoload (bnc#1012382). - platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() (bsc#1031717). - pm / OPP: Add missing of_node_put(np) (bnc#1012382). - power: bq27xxx_battery: Fix bq27541 AveragePower register address (bsc#1031717). - power: bq27xxx: fix reading for bq27000 and bq27010 (bsc#1031717). - powerCap: Fix an error code in powercap_register_zone() (bsc#1031717). - power: ipaq-micro-battery: freeing the wrong variable (bsc#1031717). - powerpc/64: Fix race condition in setting lock bit in idle/wakeup code (bsc#1066223). - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le (bsc#1066223). - powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 (bnc#1012382). - powerpc: Correct instruction code for xxlor instruction (bsc#1066223). - powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC (bsc#1066223). - powerpc/mm: Fix check of multiple 16G pages from device tree (bsc#1066223). - powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash (bsc#1066223). - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config (bsc#1010201, bsc#1066223). - powerpc/mm/hash: Free the subpage_prot_table correctly (bsc#1066223). - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1066223). - powerpc/numa: Fix whitespace in hot_add_drconf_memory_max() (bsc#1066223). - powerpc/opal: Fix EBUSY bug in acquiring tokens (bsc#1066223). - powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8 (bsc#1066223). - powerpc/powernv/ioda: Fix endianness when reading TCEs (bsc#1066223). - powerpc/powernv: Make opal_event_shutdown() callable from IRQ context (bsc#1066223). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888). - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister (bsc#1067888). - powerpc/signal: Properly handle return value from uprobe_deny_signal() (bsc#1066223). - powerpc/sysrq: Fix oops whem ppmu is not registered (bsc#1066223). - power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520 ('bsc#1069270'). - power: supply: isp1704: Fix unchecked return value of devm_kzalloc (bsc#1031717). - power: supply: lp8788: prevent out of bounds array access (bsc#1031717). - power_supply: tps65217-charger: Fix NULL deref during property export (bsc#1031717). - ppp: fix race in ppp device destruction (bnc#1012382). - printk/console: Always disable boot consoles that use init memory before it is freed (bsc#1063026). - printk/console: Enhance the check for consoles using init memory (bsc#1063026). - printk: include <asm/sections.h> instead of <asm-generic/sections.h> (bsc#1063026). - printk: only unregister boot consoles when necessary (bsc#1063026). - qed: Fix stack corruption on probe (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - quota: Check for register_shrinker() failure (bsc#1012829). - r8169: Do not increment tx_dropped in TX ring cleaning (bsc#1031717). - rbd: use GFP_NOIO for parent stat and data requests (bnc#1012382). - rcu: Allow for page faults in NMI handlers (bnc#1012382). - rdma/uverbs: Prevent leak of reserved field (bsc#1022595 FATE#322350). - rds: ib: add error handle (bnc#1012382). - rds: rdma: Fix the composite message user notification (bnc#1012382). - rds: rdma: return appropriate error on rdma map failures (bnc#1012382). - regulator: core: Limit propagation of parent voltage count and list (bsc#1070145). - regulator: fan53555: fix I2C device ids (bnc#1012382). - Revert 'bpf: one perf event close won't free bpf program attached by another perf event' (kabi). - Revert 'bsg-lib: do not free job in bsg_prepare_job' (bnc#1012382). - Revert 'crypto: xts - Add ECB dependency' (bnc#1012382). - Revert 'drm: bridge: add DT bindings for TI ths8135' (bnc#1012382). - Revert 'KEYS: Fix race between updating and finding a negative key' (kabi). - Revert 'phy: increase size of MII_BUS_ID_SIZE and bus_id' (kabi). - Revert 'sctp: do not peel off an assoc from one netns to another one' (bnc#1012382). - Revert 'tty: goldfish: Fix a parameter of a call to free_irq' (bnc#1012382). - Revert 'uapi: fix linux/rds.h userspace compilation errors' (bnc#1012382). - rpm/kernel-binary.spec.in: add the kernel-binary dependencies to kernel-binary-base (bsc#1060333). - rpm/kernel-binary.spec.in: Correct supplements for recent SLE products (bsc#1067494) - rpm/kernel-binary.spec.in: only rewrite modules.dep if non-zero in size (bsc#1056979). - rtc: ds1307: Fix relying on reset value for weekday (bsc#1031717). - rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks (bsc#1031717). - rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL (bsc#1031717). - rtc: rtc-nuc900: fix loop timeout test (bsc#1031717). - rtc: sa1100: fix unbalanced clk_prepare_enable/clk_disable_unprepare (bsc#1031717). - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time (bnc#1012382). - rtlwifi: rtl8192ee: Fix memory leak when loading firmware (bnc#1012382). - rtlwifi: rtl8821ae: Fix connection lost problem (bnc#1012382). - rtlwifi: rtl8821ae: Fix HW_VAR_NAV_UPPER operation (bsc#1031717). - s390/dasd: check for device error pointer within state change interrupts (bnc#1012382). - s390/disassembler: add missing end marker for e7 table (bnc#1012382). - s390/disassembler: correct disassembly lines alignment (bsc#1070825). - s390/disassembler: increase show_code buffer size (bnc#1012382). - s390: fix transactional execution control register handling (bnc#1012382). - s390/kbuild: enable modversions for symbols exported from asm (bnc#1012382). - s390/qeth: issue STARTLAN as first IPA command (bnc#1012382). - s390/runtime instrumention: fix possible memory corruption (bnc#1012382). - sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task() (bnc#1012382). - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs (bnc#1012382). - sched: Make resched_cpu() unconditional (bnc#1012382). - sched/rt: Simplify the IPI based RT balancing logic (bnc#1012382). - scsi: aacraid: Process Error for response I/O (bnc#1012382). - scsi_devinfo: cleanly zero-pad devinfo strings (bsc#1062941). - scsi: hpsa: add 'ctlr_num' sysfs attribute (bsc#1028971). - scsi: hpsa: bump driver version (bsc#1022600 fate#321928). - scsi: hpsa: change driver version (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Check for null device pointers (bsc#1028971). - scsi: hpsa: Check for null devices in ioaccel (bsc#1028971). - scsi: hpsa: Check for vpd support before sending (bsc#1028971). - scsi: hpsa: cleanup reset handler (bsc#1022600 fate#321928). - scsi: hpsa: correct call to hpsa_do_reset (bsc#1028971). - scsi: hpsa: correct logical resets (bsc#1028971). - scsi: hpsa: correct queue depth for externals (bsc#1022600 fate#321928). - scsi: hpsa: correct resets on retried commands (bsc#1022600 fate#321928). - scsi: hpsa: correct scsi 6byte lba calculation (bsc#1028971). - scsi: hpsa: Determine device external status earlier (bsc#1028971). - scsi: hpsa: do not get enclosure info for external devices (bsc#1022600 fate#321928). - scsi: hpsa: do not reset enclosures (bsc#1022600 fate#321928). - scsi: hpsa: do not timeout reset operations (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: fallback to use legacy REPORT PHYS command (bsc#1028971). - scsi: hpsa: fix volume offline state (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: limit outstanding rescans (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: Prevent sending bmic commands to externals (bsc#1028971). - scsi: hpsa: remove abort handler (bsc#1022600 fate#321928). - scsi: hpsa: remove coalescing settings for ioaccel2 (bsc#1028971). - scsi: hpsa: remove memory allocate failure message (bsc#1028971). - scsi: hpsa: Remove unneeded void pointer cast (bsc#1028971). - scsi: hpsa: rescan later if reset in progress (bsc#1022600 fate#321928). - scsi: hpsa: send ioaccel requests with 0 length down raid path (bsc#1022600 fate#321928). - scsi: hpsa: separate monitor events from rescan worker (bsc#1022600 fate#321928). - scsi: hpsa: update check for logical volume status (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update identify physical device structure (bsc#1022600 fate#321928). - scsi: hpsa: update pci ids (bsc#1022600 bsc#1028971 fate#321928). - scsi: hpsa: update reset handler (bsc#1022600 fate#321928). - scsi: hpsa: use designated initializers (bsc#1028971). - scsi: hpsa: use %phN for short hex dumps (bsc#1028971). - scsi: ipr: Fix scsi-mq lockdep issue (bsc#1066213). - scsi: ipr: Set no_report_opcodes for RAID arrays (bsc#1066213). - scsi: libfc: fix a deadlock in fc_rport_work (bsc#1063695). - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1056003). - scsi: lpfc: Add missing memory barrier (bnc#1012382). - scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload (bnc#1012382). - scsi: lpfc: Correct host name in symbolic_name field (bnc#1012382). - scsi: lpfc: Correct issue leading to oops during link reset (bnc#1012382). - scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort (bnc#1012382). - scsi: reset wait for IO completion (bsc#996376). - scsi: scsi_devinfo: fixup string compare (bsc#1062941). updated patches.fixes/scsi_devinfo-fixup-string-compare.patch to the version merged upstream. - scsi: scsi_devinfo: handle non-terminated strings (bsc#1062941). - scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bnc#1012382). - scsi: scsi_transport_fc: Also check for NOTPRESENT in fc_remote_port_add() (bsc#1037890). - scsi: scsi_transport_fc: set scsi_target_id upon rescan (bsc#1058135). - scsi: sd: Do not override max_sectors_kb sysfs setting (bsc#1025461). - scsi: sd: Remove LBPRZ dependency for discards (bsc#1060985). - scsi: sg: close race condition in sg_remove_sfp_usercontext() (bsc#1064206). - scsi: sg: do not return bogus Sg_requests (bsc#1064206). - scsi: sg: only check for dxfer_len greater than 256M (bsc#1064206). - scsi: sg: Re-fix off by one in sg_fill_request_table() (bnc#1012382). - scsi: ufs: add capability to keep auto bkops always enabled (bnc#1012382). - scsi: ufs-qcom: Fix module autoload (bnc#1012382). - scsi: virtio_scsi: let host do exception handling (bsc#1060682). - scsi: zfcp: fix erp_action use-before-initialize in REC action trace (bnc#1012382). - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect (bnc#1012382). - sctp: do not peel off an assoc from one netns to another one (bnc#1012382). - sctp: do not peel off an assoc from one netns to another one (bnc#1012382). - sctp: potential read out of bounds in sctp_ulpevent_type_enabled() (bnc#1012382). - sctp: reset owner sk for data chunks on out queues when migrating a sock (bnc#1012382). - security/keys: add CONFIG_KEYS_COMPAT to Kconfig (bnc#1012382). - selftests: firmware: add empty string and async tests (bnc#1012382). - selftests: firmware: send expected errors to /dev/null (bnc#1012382). - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() (bsc#1031717). - serial: 8250_uniphier: fix serial port index in private data (bsc#1031717). - serial: omap: Fix EFR write on RTS deassertion (bnc#1012382). - serial: Remove unused port type (bsc#1066045). - serial: sh-sci: Fix register offsets for the IRDA serial port (bnc#1012382). - sh_eth: use correct name for ECMR_MPDE bit (bnc#1012382). - slub: do not merge cache if slub_debug contains a never-merge flag (bnc#1012382). - smb3: parsing for new snapshot timestamp mount parm (FATE#324404). New mount option 'snapshot=<time>' to allow mounting an earlier version of the remote volume (if such a snapshot exists on the server). Note that eventually specifying a snapshot time of 1 will allow the user to mount the oldest snapshot. A subsequent patch add the processing for that and another for actually specifying the 'time warp' create context on SMB2/SMB3 open. Check to make sure SMB2 negotiated, and ensure that we use a different tcon if mount same share twice but with different snaphshot times - sparc64: Migrate hvcons irq to panicked cpu (bnc#1012382). - spi: SPI_FSL_DSPI should depend on HAS_DMA (bnc#1012382). - spi: uapi: spidev: add missing ioctl header (bnc#1012382). - staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack (bnc#1012382). - staging: iio: cdc: fix improper return value (bnc#1012382). - staging: lustre: hsm: stack overrun in hai_dump_data_field (bnc#1012382). - staging: lustre: llite: do not invoke direct_IO for the EOF case (bnc#1012382). - staging: lustre: ptlrpc: skip lock if export failed (bnc#1012382). - staging: r8712u: Fix Sparse warning in rtl871x_xmit.c (bnc#1012382). - staging: rtl8188eu: fix incorrect ERROR tags from logs (bnc#1012382). - staging: rtl8712: fixed little endian problem (bnc#1012382). - staging: rtl8712u: Fix endian settings for structs describing network packets (bnc#1012382). - stm class: Fix a use-after-free (bnc#1012382). - sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (bnc#1012382). - supported.conf: mark hid-multitouch as supported (FATE#323670) - target: fix ALUA state file path truncation (bsc#1071231). - target: Fix node_acl demo-mode + uncached dynamic shutdown regression (bnc#1012382). - target: fix PR state file path truncation (bsc#1071231). - target: Fix QUEUE_FULL + SCSI task attribute handling (bnc#1012382). - target/iscsi: Fix iSCSI task reassignment handling (bnc#1012382). - target/iscsi: Fix unsolicited data seq_end_offset calculation (bnc#1012382). - tcp/dccp: fix ireq->opt races (bnc#1012382). - tcp/dccp: fix lockdep splat in inet_csk_route_req() (bnc#1012382). - tcp/dccp: fix other lockdep splats accessing ireq_opt (bnc#1012382). - tcp: do not mangle skb->cb[] in tcp_make_synack() (bnc#1012382). - tcp: fix tcp_mtu_probe() vs highest_sack (bnc#1012382). - team: call netdev_change_features out of team lock (bsc#1055567). - team: fix memory leaks (bnc#1012382). - test: firmware_class: report errors properly on failure (bnc#1012382). - timer: Prevent timer value 0 for MWAITX (bsc#1065717). - tipc: fix link attribute propagation bug (bnc#1012382). - tipc: use only positive error codes in messages (bnc#1012382). - tools: firmware: check for distro fallback udev cancel rule (bnc#1012382). - tpm_tis: Do not fall back to a hardcoded address for TPM2 (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048). - tracing/samples: Fix creation and deletion of simple_thread_fn creation (bnc#1012382). - ttpci: address stringop overflow warning (bnc#1012382). - tty: goldfish: Fix a parameter of a call to free_irq (bnc#1012382). - tun: allow positive return values on dev_get_valid_name() call (bnc#1012382). - tun: bail out from tun_get_user() if the skb is empty (bnc#1012382). - tun: call dev_get_valid_name() before register_netdevice() (bnc#1012382). - tun/tap: sanitize TUNSETSNDBUF input (bnc#1012382). - uapi: fix linux/mroute6.h userspace compilation errors (bnc#1012382). - uapi: fix linux/rds.h userspace compilation error (bnc#1012382). - uapi: fix linux/rds.h userspace compilation errors (bnc#1012382). - uapi: fix linux/rds.h userspace compilation errors (bnc#1012382). - udpv6: Fix the checksum computation when HW checksum does not apply (bnc#1012382). - usb: Add delay-init quirk for Corsair K70 LUX keyboards (bnc#1012382). - usb: cdc_acm: Add quirk for Elatec TWN3 (bnc#1012382). - usb: chipidea: vbus event may exist before starting gadget (bnc#1012382). - usb: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (bnc#1012382). - usb: core: harden cdc_parse_cdc_header (bnc#1012382). - usb: devio: Do not corrupt user memory (bnc#1012382). - usb: devio: Revert 'USB: devio: Do not corrupt user memory' (bnc#1012382). - usb: dummy-hcd: fix connection failures (wrong speed) (bnc#1012382). - usb: dummy-hcd: Fix deadlock caused by disconnect detection (bnc#1012382). - usb: dummy-hcd: Fix erroneous synchronization change (bnc#1012382). - usb: dummy-hcd: fix infinite-loop resubmission bug (bnc#1012382). - usb: fix out-of-bounds in usb_set_configuration (bnc#1012382). - usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options (bnc#1012382). - usb: gadgetfs: fix copy_to_user while holding spinlock (bnc#1012382). - usb: gadgetfs: Fix crash caused by inadequate synchronization (bnc#1012382). - usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write (bnc#1012382). - usb: gadget: mass_storage: set msg_registered after msg registered (bnc#1012382). - usb: gadget: udc: atmel: set vbus irqflags explicitly (bnc#1012382). - usb: g_mass_storage: Fix deadlock when driver is unbound (bnc#1012382). - usb: hcd: initialize hcd->flags to 0 when rm hcd (bnc#1012382). - usb: hub: Allow reset retry for USB2 devices on connect bounce (bnc#1012382). - usb: Increase quirk delay for USB devices (bnc#1012382). - usb: musb: Check for host-mode using is_host_active() on reset interrupt (bnc#1012382). - usb: musb: sunxi: Explicitly release USB PHY on exit (bnc#1012382). - usb: pci-quirks.c: Corrected timeout values used in handshake (bnc#1012382). - usb: plusb: Add support for PL-27A1 (bnc#1012382). - usb: quirks: add quirk for WORLDE MINI MIDI keyboard (bnc#1012382). - usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet (bnc#1012382). - usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe (bnc#1012382). - usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction (bnc#1012382). - usb: serial: console: fix use-after-free after failed setup (bnc#1012382). - usb: serial: cp210x: add support for ELV TFD500 (bnc#1012382). - usb: serial: ftdi_sio: add id for Cypress WICED dev board (bnc#1012382). - usb: serial: garmin_gps: fix I/O after failed probe and remove (bnc#1012382). - usb: serial: garmin_gps: fix memory leak on probe errors (bnc#1012382). - usb: serial: metro-usb: add MS7820 device id (bnc#1012382). - usb: serial: mos7720: fix control-message error handling (bnc#1012382). - usb: serial: mos7840: fix control-message error handling (bnc#1012382). - usb: serial: option: add support for TP-Link LTE module (bnc#1012382). - usb: serial: qcserial: add Dell DW5818, DW5819 (bnc#1012382). - usb: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update (bnc#1012382). - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives (bnc#1012382). - usb: uas: fix bug in handling of alternate settings (bnc#1012382). - usb: usbfs: compute urb->actual_length for isochronous (bnc#1012382). - usb: usbtest: fix NULL pointer dereference (bnc#1012382). - usb: xhci: Handle error condition in xhci_stop_device() (bnc#1012382). - uwb: ensure that endpoint is interrupt (bnc#1012382). - uwb: properly check kthread_run return value (bnc#1012382). - vfs: expedite unmount (bsc#1024412). - video: fbdev: pmag-ba-fb: Remove bad `__init' annotation (bnc#1012382). - video: udlfb: Fix read EDID timeout (bsc#1031717). - vlan: fix a use-after-free in vlan_device_event() (bnc#1012382). - vsock: use new wait API for vsock_stream_sendmsg() (bnc#1012382). - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit (bnc#1012382). - watchdog: kempld: fix gcc-4.3 build (bnc#1012382). - workqueue: Fix NULL pointer dereference (bnc#1012382). - workqueue: replace pool->manager_arb mutex with a flag (bnc#1012382). - x86/alternatives: Fix alt_max_short macro to really be a max() (bnc#1012382). - x86/decoder: Add new TEST instruction pattern (bnc#1012382). - x86/MCE/AMD: Always give panic severity for UC errors in kernel context (git-fixes bf80bbd7dcf5). - x86/microcode/AMD: Add support for fam17h microcode loading (bsc#1068032). - x86/microcode/intel: Disable late loading on model 79 (bnc#1012382). - x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context (bnc#1012382). - x86/uaccess, sched/preempt: Verify access_ok() context (bnc#1012382). - xen: do not print error message in case of missing Xenstore entry (bnc#1012382). - xen/events: events_fifo: Do not use {get,put}_cpu() in xen_evtchn_fifo_init() (bnc#1065600). - xen: fix booting ballooned down hvm guest (bnc#1065600). - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() (bnc#1012382). - xen/manage: correct return value check on xenbus_scanf() (bnc#1012382). - xen-netback: fix error handling output (bnc#1065600). - xen: x86: mark xen_find_pt_base as __init (bnc#1065600). - xen: xenbus driver must not accept invalid transaction ids (bnc#1012382). - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863). - xfs: remove kmem_zalloc_greedy (bnc#1012382). - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bnc#1012382). - zd1211rw: fix NULL-deref at probe (bsc#1031717). Important SUSE bug 1010201 SUSE bug 1012382 SUSE bug 1012829 SUSE bug 1017461 SUSE bug 1020645 SUSE bug 1021424 SUSE bug 1022595 SUSE bug 1022600 SUSE bug 1022914 SUSE bug 1024412 SUSE bug 1025461 SUSE bug 1027301 SUSE bug 1028971 SUSE bug 1030061 SUSE bug 1031717 SUSE bug 1034048 SUSE bug 1037890 SUSE bug 1046107 SUSE bug 1050060 SUSE bug 1050231 SUSE bug 1053919 SUSE bug 1055567 SUSE bug 1056003 SUSE bug 1056365 SUSE bug 1056427 SUSE bug 1056979 SUSE bug 1057199 SUSE bug 1058135 SUSE bug 1059863 SUSE bug 1060333 SUSE bug 1060682 SUSE bug 1060985 SUSE bug 1061451 SUSE bug 1061756 SUSE bug 1062520 SUSE bug 1062941 SUSE bug 1062962 SUSE bug 1063026 SUSE bug 1063460 SUSE bug 1063475 SUSE bug 1063501 SUSE bug 1063509 SUSE bug 1063516 SUSE bug 1063520 SUSE bug 1063695 SUSE bug 1064206 SUSE bug 1064701 SUSE bug 1064926 SUSE bug 1065180 SUSE bug 1065600 SUSE bug 1065639 SUSE bug 1065692 SUSE bug 1065717 SUSE bug 1065866 SUSE bug 1066045 SUSE bug 1066192 SUSE bug 1066213 SUSE bug 1066223 SUSE bug 1066285 SUSE bug 1066382 SUSE bug 1066470 SUSE bug 1066471 SUSE bug 1066472 SUSE bug 1066573 SUSE bug 1066606 SUSE bug 1066629 SUSE bug 1067105 SUSE bug 1067132 SUSE bug 1067494 SUSE bug 1067888 SUSE bug 1068671 SUSE bug 1068978 SUSE bug 1068980 SUSE bug 1068982 SUSE bug 1069270 SUSE bug 1069793 SUSE bug 1069942 SUSE bug 1069996 SUSE bug 1070006 SUSE bug 1070145 SUSE bug 1070535 SUSE bug 1070767 SUSE bug 1070771 SUSE bug 1070805 SUSE bug 1070825 SUSE bug 1070964 SUSE bug 1071231 SUSE bug 1071693 SUSE bug 1071694 SUSE bug 1071695 SUSE bug 1071833 SUSE bug 963575 SUSE bug 964944 SUSE bug 966170 SUSE bug 966172 SUSE bug 966186 SUSE bug 966191 SUSE bug 966316 SUSE bug 966318 SUSE bug 969474 SUSE bug 969475 SUSE bug 969476 SUSE bug 969477 SUSE bug 971975 SUSE bug 974590 SUSE bug 979928 SUSE bug 989261 SUSE bug 996376 CVE-2017-1000410 CVE-2017-11600 CVE-2017-12193 CVE-2017-15115 CVE-2017-15265 CVE-2017-16528 CVE-2017-16536 CVE-2017-16537 CVE-2017-16645 CVE-2017-16646 CVE-2017-16994 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-7482 CVE-2017-8824 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-ibm fixes the following issues: Security issues fixed: - Security update to version 8.0.5.5 (bsc#1070162) * CVE-2017-10346 CVE-2017-10285 CVE-2017-10388 CVE-2017-10309 CVE-2017-10356 CVE-2017-10293 CVE-2016-9841 CVE-2016-10165 CVE-2017-10355 CVE-2017-10357 CVE-2017-10348 CVE-2017-10349 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 Important SUSE bug 1070162 CVE-2016-10165 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10309 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sles:12:sp2 Security update for evince (Important) SUSE Linux Enterprise Server 12 SP2 This update for evince fixes the following issues: Security issue fixed: - CVE-2017-1000083: Remove support for tar and tar-like commands in comics backend (bsc#1046856). Important SUSE bug 1046856 CVE-2017-1000083 cpe:/o:suse:sles:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for wireshark fixes the following issues: - CVE-2017-17083: NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. (bsc#1070727) - CVE-2017-17084: IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. (bsc#1070727) - CVE-2017-17085: the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. (bsc#1070727) Moderate SUSE bug 1070727 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 cpe:/o:suse:sles:12:sp2 Security update for gdk-pixbuf (Low) SUSE Linux Enterprise Server 12 SP2 This update for gdk-pixbuf provides the following fixes: - Add overflow checks when creating pixbuf structures in general - Fix arithmetic overflow in the BMP loader (bsc#1053417) - Adds support for BMPv3 with bitmasks (bsc#1053417) Low SUSE bug 1053417 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_1-ibm fixes the following issues: - Security update to version 7.1.4.15 [bsc#1070162] * CVE-2017-10349: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10348: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10388: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2016-9841: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10293: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10345: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10350: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10356: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10357: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10347: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10355: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10285: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10281: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10295: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2017-10346: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' * CVE-2016-10165: 'Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).' Important SUSE bug 1070162 CVE-2016-10165 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2 MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991): * MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818) * MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821) * MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823) * MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819) * MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820) * MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824) * MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814) * MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817) * MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822) Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/ for more information. Important SUSE bug 1021814 SUSE bug 1021817 SUSE bug 1021818 SUSE bug 1021819 SUSE bug 1021820 SUSE bug 1021821 SUSE bug 1021822 SUSE bug 1021823 SUSE bug 1021824 SUSE bug 1021991 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396 cpe:/o:suse:sles:12:sp2 Security update for opus (Important) SUSE Linux Enterprise Server 12 SP2 This update for opus fixes the following issues: - CVE-2017-0381: Fixed a remote code execution vulnerability in silk/NLSF_stabilize.c when playing certain media files (bsc#1020102) Important SUSE bug 1020102 CVE-2017-0381 cpe:/o:suse:sles:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Security issues fixed: - CVE-2016-7055: The x86_64 optimized montgomery multiplication may produce incorrect results (bsc#1009528) - CVE-2017-3731: Truncated packet could crash via OOB read (bsc#1022085) - CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64 (bsc#1022086) - Degrade the 3DES cipher to MEDIUM in SSLv2 (bsc#1001912) Non-security issues fixed: - fix crash in openssl speed (bsc#1000677) - fix X509_CERT_FILE path (bsc#1022271) - AES XTS key parts must not be identical in FIPS mode (bsc#1019637) Moderate SUSE bug 1000677 SUSE bug 1001912 SUSE bug 1009528 SUSE bug 1019637 SUSE bug 1021641 SUSE bug 1022085 SUSE bug 1022086 SUSE bug 1022271 CVE-2016-7055 CVE-2017-3731 CVE-2017-3732 cpe:/o:suse:sles:12:sp2 Security update for tiff (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tiff fixes the following issues: - A crafted TIFF image could cause a crash and potential code execution when processed by the 'tiffcp' utility (CVE-2017-5225, bsc#1019611). Also a regression from the version update to 4.0.7 was fixed in handling TIFFTAG_FAXRECVPARAMS. (bsc#1022103) Moderate SUSE bug 1019611 SUSE bug 1022103 CVE-2017-5225 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-ibm to version 8.0-4.0 fixes a lot of security issues (bsc#1024218): Following CVEs are fixed: CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2016-2183 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2017-3252 More information can be found on: https://developer.ibm.com/javasdk/support/security-vulnerabilities/ Important SUSE bug 1024218 CVE-2016-2183 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 cpe:/o:suse:sles:12:sp2 Security update for libXpm (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libXpm fixes the following issues: - A heap overflow in XPM handling could be used by attackers supplying XPM files to crash or potentially execute code. (bsc#1021315) Moderate SUSE bug 1021315 CVE-2016-10164 cpe:/o:suse:sles:12:sp2 Security update for gd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gd fixes the following security issues: - CVE-2016-6906: An out-of-bounds read in TGA decompression was fixed which could have lead to crashes. (bsc#1022553) - CVE-2016-6912: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) allowed remote attackers to have unspecified impact via large width and height values. (bsc#1022284) - CVE-2016-9317: The gdImageCreate function in the GD Graphics Library (aka libgd) allowed remote attackers to cause a denial of service (system hang) via an oversized image. (bsc#1022283) - CVE-2016-10166: A potential unsigned underflow in gd interpolation functions could lead to memory corruption in the GD Graphics Library (aka libgd) (bsc#1022263) - CVE-2016-10167: A denial of service problem in gdImageCreateFromGd2Ctx() could lead to libgd running out of memory even on small files. (bsc#1022264) - CVE-2016-10168: A signed integer overflow in the GD Graphics Library (aka libgd) could lead to memory corruption (bsc#1022265) Moderate SUSE bug 1022263 SUSE bug 1022264 SUSE bug 1022265 SUSE bug 1022283 SUSE bug 1022284 SUSE bug 1022553 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-6906 CVE-2016-6912 CVE-2016-9317 cpe:/o:suse:sles:12:sp2 Security update for ppp (Moderate) SUSE Linux Enterprise Server 12 SP2 The ppp package was updated to fix the following security issue: - CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841). Moderate SUSE bug 927841 CVE-2015-3310 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_0-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 (bsc#1020905): * Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution - S8156804, CVE-2017-3241: Better constraint checking - S8158406: Limited Parameter Processing - S8158997: JNDI Protocols Switch - S8159507: RuntimeVisibleAnnotation validation - S8161218: Better bytecode loading - S8161743, CVE-2017-3252: Provide proper login context - S8162577: Standardize logging levels - S8162973: Better component components - S8164143, CVE-2017-3260: Improve components for menu items - S8164147, CVE-2017-3261: Improve streaming socket output - S8165071, CVE-2016-2183: Expand TLS support - S8165344, CVE-2017-3272: Update concurrency support - S8166988, CVE-2017-3253: Improve image processing performance - S8167104, CVE-2017-3289: Additional class construction refinements - S8167223, CVE-2016-5552: URL handling improvements - S8168705, CVE-2016-5547: Better ObjectIdentifier validation - S8168714, CVE-2016-5546: Tighten ECDSA validation - S8168728, CVE-2016-5548: DSA signing improvments - S8168724, CVE-2016-5549: ECDSA signing improvments - S6253144: Long narrowing conversion should describe the algorithm used and implied 'risks' - S6328537: Improve javadocs for Socket class by adding references to SocketOptions - S6978886: javadoc shows stacktrace after print error resulting from disk full - S6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory - S6996372: synchronizing handshaking hash - S7027045: (doc) java/awt/Window.java has several typos in javadoc - S7054969: Null-check-in-finally pattern in java/security documentation - S7072353: JNDI libraries do not build with javac -Xlint:all -Werror - S7075563: Broken link in 'javax.swing.SwingWorker' - S7077672: jdk8_tl nightly fail in step-2 build on 8/10/11 - S7088502: Security libraries don't build with javac -Werror - S7092447: Clarify the default locale used in each locale sensitive operation - S7093640: Enable client-side TLS 1.2 by default - S7103570: AtomicIntegerFieldUpdater does not work when SecurityManager is installed - S7117360: Warnings in java.util.concurrent.atomic package - S7117465: Warning cleanup for IMF classes - S7187144: JavaDoc for ScriptEngineFactory.getProgram() contains an error - S8000418: javadoc should used a standard 'generated by javadoc' string - S8000666: javadoc should write directly to Writer instead of composing strings - S8000673: remove dead code from HtmlWriter and subtypes - S8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK - S8001669: javadoc internal DocletAbortException should set cause when appropriate - S8008949: javadoc stopped copying doc-files - S8011402: Move blacklisting certificate logic from hard code to data - S8011547: Update XML Signature implementation to Apache Santuario 1.5.4 - S8012288: XML DSig API allows wrong tag names and extra elements in SignedInfo - S8016217: More javadoc warnings - S8017325: Cleanup of the javadoc <code> tag in java.security.cert - S8017326: Cleanup of the javadoc <code> tag in java.security.spec - S8019772: Fix doclint issues in javax.crypto and javax.security subpackages - S8020557: javadoc cleanup in javax.security - S8020688: Broken links in documentation at http://docs.oracle.com/javase/6/docs/api/index. - S8021108: Clean up doclint warnings and errors in java.text package - S8021417: Fix doclint issues in java.util.concurrent - S8021833: javadoc cleanup in java.net - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods fails - S8022175: Fix doclint warnings in javax.print - S8022406: Fix doclint issues in java.beans - S8022746: List of spelling errors in API doc - S8024779: [macosx] SwingNode crashes on exit - S8025085: [javadoc] some errors in javax/swing - S8025218: [javadoc] some errors in java/awt classes - S8025249: [javadoc] fix some javadoc errors in javax/swing/ - S8025409: Fix javadoc comments errors and warning reported by doclint report - S8026021: more fix of javadoc errors and warnings reported by doclint, see the description - S8037099: [macosx] Remove all references to GC from native OBJ-C code - S8038184: XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String - S8038349: Signing XML with DSA throws Exception when key is larger than 1024 bits - S8049244: XML Signature performance issue caused by unbuffered signature data - S8049432: New tests for TLS property jdk.tls.client.protocols - S8050893: (smartcardio) Invert reset argument in tests in sun/security/smartcardio - S8059212: Modify regression tests so that they do not just fail if no cardreader found - S8068279: (typo in the spec) javax.script.ScriptEngineFactory.getLanguageName - S8068491: Update the protocol for references of docs.oracle.com to HTTPS. - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 - S8076369: Introduce the jdk.tls.client.protocols system property for JDK 7u - S8139565: Restrict certificates with DSA keys less than 1024 bits - S8140422: Add mechanism to allow non default root CAs to be not subject to algorithm restrictions - S8140587: Atomic*FieldUpdaters should use Class.isInstance instead of direct class check - S8143959: Certificates requiring blacklisting - S8145984: [macosx] sun.lwawt.macosx.CAccessible leaks - S8148516: Improve the default strength of EC in JDK - S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks - S8151893: Add security property to configure XML Signature secure validation mode - S8155760: Implement Serialization Filtering - S8156802: Better constraint checking - S8161228: URL objects with custom protocol handlers have port changed after deserializing - S8161571: Verifying ECDSA signatures permits trailing bytes - S8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar - S8164908: ReflectionFactory support for IIOP and custom serialization - S8165230: RMIConnection addNotificationListeners failing with specific inputs - S8166393: disabledAlgorithms property should not be strictly parsed - S8166591: [macos 10.12] Trackpad scrolling of text on OS X 10.12 Sierra is very fast (Trackpad, Retina only) - S8166739: Improve extensibility of ObjectInputFilter information passed to the filter - S8166875: (tz) Support tzdata2016g - S8166878: Connection reset during TLS handshake - S8167356: Follow up fix for jdk8 backport of 8164143. Changes for CMenuComponent.m were missed - S8167459: Add debug output for indicating if a chosen ciphersuite was legacy - S8167472: Chrome interop regression with JDK-8148516 - S8167591: Add MD5 to signed JAR restrictions - S8168861: AnchorCertificates uses hardcoded password for cacerts keystore - S8168993: JDK8u121 L10n resource file update - S8169191: (tz) Support tzdata2016i - S8169688: Backout (remove) MD5 from jdk.jar.disabledAlgorithms for January CPU - S8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304 - S8170131: Certificates not being blocked by jdk.tls.disabledAlgorithms property - S8170268: 8u121 L10n resource file update - msgdrop 20 - S8173622: Backport of 7180907 is incomplete - S8173849: Fix use of java.util.Base64 in test cases - S8173854: [TEST] Update DHEKeySizing test case following 8076328 & 8081760 - CVE-2017-3259 Vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. * Backports - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on __APPLE__and _LLP64 systems. - S8000351, PR3316, RH1390708: Tenuring threshold should be unsigned - S8153711, PR3315, RH1284948: [REDO] GlobalRefs never deleted when processing invokeMethod command - S8170888, PR3316, RH1390708: [linux] support for cgroup memory limits in container (ie Docker) environments * Bug fixes - PR3318: Replace 'infinality' with 'improved font rendering' (--enable-improved-font-rendering) - PR3318: Fix compatibility with vanilla Fontconfig - PR3318: Fix glyph y advance - PR3318: Always round glyph advance in 26.6 space - PR3318: Simplify glyph advance handling - PR3324: Fix NSS_LIBDIR substitution in make_generic_profile.sh broken by PR1989 * AArch64 port - S8165673, PR3320: AArch64: Fix JNI floating point argument handling Important SUSE bug 1020905 CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 cpe:/o:suse:sles:12:sp2 Security update for jasper (Important) SUSE Linux Enterprise Server 12 SP2 This update for jasper fixes the following issues: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec. (bsc#1012530) - CVE-2016-9395: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010977) - CVE-2016-9398: Invalid jasper files could lead to abort of the library caused by attacker provided image. (bsc#1010979) - CVE-2016-9560: Stack-based buffer overflow in jpc_tsfb_getbands2. (bsc#1011830) - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy. (bsc#1015993) Important SUSE bug 1010977 SUSE bug 1010979 SUSE bug 1011830 SUSE bug 1012530 SUSE bug 1015993 CVE-2016-8654 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9591 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation (bsc#1017308) - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped (bsc#1017310) - CVE-2016-10049: Corrupt RLE files could have overflowed a buffer due to a incorrect length calculation (bsc#1017311) - CVE-2016-10050: Corrupt RLE files could have overflowed a heap buffer due to a missing offset check (bsc#1017312) - CVE-2016-10051: Fixed use after free when reading PWP files (bsc#1017313) - CVE-2016-10052: Added bound check to exif parsing of JPEG files (bsc#1017314) - CVE-2016-10059: Unchecked calculation when reading TIFF files could have lead to a buffer overflow (bsc#1017318) - CVE-2016-10060: Improved error handling when writing files to not mask errors (bsc#1017319) - CVE-2016-10061: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10062: Improved error handling when writing files to not mask errors (bsc#1017319). - CVE-2016-10063: Check validity of extend during TIFF file reading (bsc#1017320) - CVE-2016-10064: Improved checks for buffer overflow when reading TIFF files (bsc#1017321) - CVE-2016-10065: Unchecked calculations when reading VIFF files could have lead to out of bound reads (bsc#1017322) - CVE-2016-10068: Prevent NULL pointer access when using the MSL interpreter (bsc#1017324) - CVE-2016-10069: Add check for invalid mat file (bsc#1017325). - CVE-2016-10070: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10071: Prevent allocating the wrong amount of memory when reading mat files (bsc#1017326) - CVE-2016-10144: Added a check after allocating memory when parsing IPL files (bsc#1020433) - CVE-2016-10145: Fixed of-by-one in string copy operation when parsing WPG files (bsc#1020435) - CVE-2016-10146: Captions and labels were handled incorrectly, causing a memory leak that could have lead to DoS (bsc#1020443) - CVE-2017-5506: Missing offset check leading to a double-free (bsc#1020436) - CVE-2017-5507: Fixed a memory leak when reading MPC files allowing for DoS (bsc#1020439) - CVE-2017-5508: Increase the amount of memory allocated for TIFF pixels to prevent a heap buffer-overflow (bsc#1020441) - CVE-2017-5510: Prevent out-of-bounds write when reading PSD files (bsc#1020446). - CVE-2017-5511: A missing cast when reading PSD files could have caused memory corruption by a heap overflow (bsc#1020448) This update removes the fix for CVE-2016-9773. ImageMagick-6 was not affected by CVE-2016-9773 and it caused a regression (at least in GraphicsMagick) (bsc#1017421). Moderate SUSE bug 1017308 SUSE bug 1017310 SUSE bug 1017311 SUSE bug 1017312 SUSE bug 1017313 SUSE bug 1017314 SUSE bug 1017318 SUSE bug 1017319 SUSE bug 1017320 SUSE bug 1017321 SUSE bug 1017322 SUSE bug 1017324 SUSE bug 1017325 SUSE bug 1017326 SUSE bug 1017421 SUSE bug 1020433 SUSE bug 1020435 SUSE bug 1020436 SUSE bug 1020439 SUSE bug 1020441 SUSE bug 1020443 SUSE bug 1020446 SUSE bug 1020448 CVE-2016-10046 CVE-2016-10048 CVE-2016-10049 CVE-2016-10050 CVE-2016-10051 CVE-2016-10052 CVE-2016-10059 CVE-2016-10060 CVE-2016-10061 CVE-2016-10062 CVE-2016-10063 CVE-2016-10064 CVE-2016-10065 CVE-2016-10068 CVE-2016-10069 CVE-2016-10070 CVE-2016-10071 CVE-2016-10144 CVE-2016-10145 CVE-2016-10146 CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5510 CVE-2017-5511 cpe:/o:suse:sles:12:sp2 Security update for util-linux (Important) SUSE Linux Enterprise Server 12 SP2 This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041). This non-security issues were fixed: - lscpu: Implement WSL detection and work around crash (bsc#1019332) - fstrim: De-duplicate btrfs sub-volumes for 'fstrim -a' and bind mounts (bsc#1020077) - Fix regressions in safe loop re-use patch set for libmount (bsc#1012504) - Disable ro checks for mtab (bsc#1012632) - Ensure that the option 'users,exec,dev,suid' work as expected on NFS mounts (bsc#1008965) - Fix empty slave detection to prevent 100% CPU load in some cases (bsc#1020985) Important SUSE bug 1008965 SUSE bug 1012504 SUSE bug 1012632 SUSE bug 1019332 SUSE bug 1020077 SUSE bug 1020985 SUSE bug 1023041 CVE-2017-2616 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024834). - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004). - A malicious guest could have, by frequently rebooting over extended periods of time, run the host system out of memory, resulting in a Denial of Service (DoS) (bsc#1022871) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1015169 These non-security issues were fixed: - bsc#1000195: Prevent panic on CPU0 while booting on SLES 11 SP3 - bsc#1002496: Added support for reloading clvm in block-dmmd block-dmmd - bsc#1005028: Fixed building Xen RPMs from Sources Important SUSE bug 1000195 SUSE bug 1002496 SUSE bug 1005028 SUSE bug 1012651 SUSE bug 1014298 SUSE bug 1014300 SUSE bug 1015169 SUSE bug 1016340 SUSE bug 1022871 SUSE bug 1023004 SUSE bug 1024834 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that was mishandled during error processing (bnc#1003077). - CVE-2017-5576: Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call (bnc#1021294). - CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel did not set an errno value upon certain overflow detections, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call (bnc#1021294). - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (bnc#1021258). - CVE-2017-2583: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel improperly emulated a 'MOV SS, NULL selector' instruction, which allowed guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application (bnc#1020602). - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851). - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states 'there is no kernel bug here' (bnc#1010933). - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540). - CVE-2017-5897: fixed a bug in the Linux kernel IPv6 implementation which allowed remote attackers to trigger an out-of-bounds access, leading to a denial-of-service attack (bnc#1023762). - CVE-2017-5970: Fixed a possible denial-of-service that could have been triggered by sending bad IP options on a socket (bsc#1024938). - CVE-2017-5986: an application could have triggered a BUG_ON() in sctp_wait_for_sndbuf() if the socket TX buffer was full, a thread was waiting on it to queue more data, and meanwhile another thread peeled off the association being used by the first thread (bsc#1025235). The following non-security bugs were fixed: - 8250: fintek: rename IRQ_MODE macro (boo#1009546). - acpi: nfit, libnvdimm: fix / harden ars_status output length handling (bsc#1023175). - acpi: nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175). - acpi: nfit: validate ars_status output buffer size (bsc#1023175). - arm64: numa: fix incorrect log for memory-less node (bsc#1019631). - asoc: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690). - asoc: rt5670: add HS ground control (bsc#1016250). - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260). - bcache: partition support: add 16 minors per bcacheN device (bsc#1019784). - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817). - blk-mq: Always schedule hctx->next_cpu (bsc#1020817). - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817). - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817). - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817). - blk-mq: improve warning for running a queue on the wrong CPU (bsc#1020817). - block: Change extern inline to static inline (bsc#1023175). - bluetooth: btmrvl: fix hung task warning dump (bsc#1018813). - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214). - brcmfmac: Change error print on wlan0 existence (bsc#1000092). - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975). - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100). - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls (bsc#1018100). - btrfs: fix inode leak on failure to setup whiteout inode in rename (bsc#1020975). - btrfs: fix lockdep warning about log_mutex (bsc#1021455). - btrfs: fix lockdep warning on deadlock against an inode's log mutex (bsc#1021455). - btrfs: fix number of transaction units for renames with whiteout (bsc#1020975). - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709). - btrfs: incremental send, fix invalid paths for rename operations (bsc#1018316). - btrfs: incremental send, fix premature rmdir operations (bsc#1018316). - btrfs: pin log earlier when renaming (bsc#1020975). - btrfs: pin logs earlier when doing a rename exchange operation (bsc#1020975). - btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709). - btrfs: send, add missing error check for calls to path_loop() (bsc#1018316). - btrfs: send, avoid incorrect leaf accesses when sending utimes operations (bsc#1018316). - btrfs: send, fix failure to move directories with the same name around (bsc#1018316). - btrfs: send, fix invalid leaf accesses due to incorrect utimes operations (bsc#1018316). - btrfs: send, fix warning due to late freeing of orphan_dir_info structures (bsc#1018316). - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192). - btrfs: unpin log if rename operation fails (bsc#1020975). - btrfs: unpin logs if rename exchange operation fails (bsc#1020975). - ceph: fix bad endianness handling in parse_reply_info_extra (bsc#1020488). - clk: xgene: Add PMD clock (bsc#1019351). - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351). - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351). - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038) - config: enable Ceph kernel client modules for ppc64le - config: enable Ceph kernel client modules for s390x - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913). - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913). - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913). - crypto: qat - fix bar discovery for c62x (bsc#1021251). - crypto: qat - zero esram only for DH85x devices (bsc#1021248). - crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913). - crypto: xts - consolidate sanity check for keys (bsc#1018913). - crypto: xts - fix compile errors (bsc#1018913). - cxl: fix potential NULL dereference in free_adapter() (bsc#1016517). - dax: fix deadlock with DAX 4k holes (bsc#1012829). - dax: fix device-dax region base (bsc#1023175). - device-dax: check devm_nsio_enable() return value (bsc#1023175). - device-dax: fail all private mapping attempts (bsc#1023175). - device-dax: fix percpu_ref_exit ordering (bsc#1023175). - driver core: fix race between creating/querying glue dir and its cleanup (bnc#1008742). - drivers: hv: Introduce a policy for controlling channel affinity. - drivers: hv: balloon: Add logging for dynamic memory operations. - drivers: hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not set. - drivers: hv: balloon: Fix info request to show max page count. - drivers: hv: balloon: Use available memory value in pressure report. - drivers: hv: balloon: account for gaps in hot add regions. - drivers: hv: balloon: keep track of where ha_region starts. - drivers: hv: balloon: replace ha_region_mutex with spinlock. - drivers: hv: cleanup vmbus_open() for wrap around mappings. - drivers: hv: do not leak memory in vmbus_establish_gpadl(). - drivers: hv: get rid of id in struct vmbus_channel. - drivers: hv: get rid of redundant messagecount in create_gpadl_header(). - drivers: hv: get rid of timeout in vmbus_open(). - drivers: hv: make VMBus bus ids persistent. - drivers: hv: ring_buffer: count on wrap around mappings in get_next_pkt_raw() (v2). - drivers: hv: ring_buffer: use wrap around mappings in hv_copy{from, to}_ringbuffer(). - drivers: hv: ring_buffer: wrap around mappings for ring buffers. - drivers: hv: utils: Check VSS daemon is listening before a hot backup. - drivers: hv: utils: Continue to poll VSS channel after handling requests. - drivers: hv: utils: Fix the mapping between host version and protocol to use. - drivers: hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout. - drivers: hv: vmbus: Base host signaling strictly on the ring state. - drivers: hv: vmbus: Enable explicit signaling policy for NIC channels. - drivers: hv: vmbus: Implement a mechanism to tag the channel for low latency. - drivers: hv: vmbus: Make mmio resource local. - drivers: hv: vmbus: On the read path cleanup the logic to interrupt the host. - drivers: hv: vmbus: On write cleanup the logic to interrupt the host. - drivers: hv: vmbus: Reduce the delay between retries in vmbus_post_msg(). - drivers: hv: vmbus: finally fix hv_need_to_signal_on_read(). - drivers: hv: vmbus: fix the race when querying and updating the percpu list. - drivers: hv: vmbus: suppress some 'hv_vmbus: Unknown GUID' warnings. - drivers: hv: vss: Improve log messages. - drivers: hv: vss: Operation timeouts should match host expectation. - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351). - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351). - drivers: net: xgene: Add change_mtu function (bsc#1019351). - drivers: net: xgene: Add flow control configuration (bsc#1019351). - drivers: net: xgene: Add flow control initialization (bsc#1019351). - drivers: net: xgene: Add helper function (bsc#1019351). - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351). - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351). - drivers: net: xgene: Fix MSS programming (bsc#1019351). - drivers: net: xgene: fix build after change_mtu function change (bsc#1019351). - drivers: net: xgene: fix: Coalescing values for v2 hardware (bsc#1019351). - drivers: net: xgene: fix: Disable coalescing on v1 hardware (bsc#1019351). - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351). - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351). - drivers: net: xgene: uninitialized variable in xgene_enet_free_pagepool() (bsc#1019351). - drm: Delete previous two fixes for i915 (bsc#1019061). These upstream fixes brought some regressions, so better to revert for now. - drm: Disable patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The patch seems leading to the instability on Wyse box (bsc#1015367). - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358). - drm: Use u64 for intermediate dotclock calculations (bnc#1006472). - drm: i915: Do not init hpd polling for vlv and chv from runtime_suspend() (bsc#1014120). - drm: i915: Fix PCODE polling during CDCLK change notification (bsc#1015367). - drm: i915: Fix watermarks for VLV/CHV (bsc#1011176). - drm: i915: Force VDD off on the new power seqeuencer before starting to use it (bsc#1009674). - drm: i915: Mark CPU cache as dirty when used for rendering (bsc#1015367). - drm: i915: Mark i915_hpd_poll_init_work as static (bsc#1014120). - drm: i915: Prevent PPS stealing from a normal DP port on VLV/CHV (bsc#1019061). - drm: i915: Prevent enabling hpd polling in late suspend (bsc#1014120). - drm: i915: Restore PPS HW state from the encoder resume hook (bsc#1019061). - drm: i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061). - drm: vc4: Fix an integer overflow in temporary allocation layout (bsc#1021294). - drm: vc4: Return -EINVAL on the overflow checks failing (bsc#1021294). - drm: virtio-gpu: get the fb from the plane state for atomic updates (bsc#1023101). - edac: xgene: Fix spelling mistake in error messages (bsc#1019351). - efi: libstub: Move Graphics Output Protocol handling to generic code (bnc#974215). - fbcon: Fix vc attr at deinit (bsc#1000619). - fs: nfs: avoid including 'mountproto=' with no protocol in /proc/mounts (bsc#1019260). - gpio: xgene: make explicitly non-modular (bsc#1019351). - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels(). - hv: change clockevents unbind tactics. - hv: do not reset hv_context.tsc_page on crash. - hv_netvsc: Add handler for physical link speed change. - hv_netvsc: Add query for initial physical link speed. - hv_netvsc: Implement batching of receive completions. - hv_netvsc: Revert 'make inline functions static'. - hv_netvsc: Revert 'report vmbus name in ethtool'. - hv_netvsc: add ethtool statistics for tx packet issues. - hv_netvsc: count multicast packets received. - hv_netvsc: dev hold/put reference to VF. - hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf(). - hv_netvsc: fix comments. - hv_netvsc: fix rtnl locking in callback. - hv_netvsc: improve VF device matching. - hv_netvsc: init completion during alloc. - hv_netvsc: make RSS hash key static. - hv_netvsc: make device_remove void. - hv_netvsc: make inline functions static. - hv_netvsc: make netvsc_destroy_buf void. - hv_netvsc: make variable local. - hv_netvsc: rearrange start_xmit. - hv_netvsc: refactor completion function. - hv_netvsc: remove VF in flight counters. - hv_netvsc: remove excessive logging on MTU change. - hv_netvsc: report vmbus name in ethtool. - hv_netvsc: simplify callback event code. - hv_netvsc: style cleanups. - hv_netvsc: use ARRAY_SIZE() for NDIS versions. - hv_netvsc: use RCU to protect vf_netdev. - hv_netvsc: use consume_skb. - hv_netvsc: use kcalloc. - hyperv: Fix spelling of HV_UNKOWN. - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while holding the punit semaphore (bsc#1011913). - i2c: designware: Implement support for SMBus block read and write (bsc#1019351). - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351). - i2c: xgene: Fix missing code of DTB support (bsc#1019351). - i40e: Be much more verbose about what we can and cannot offload (bsc#985561). - ibmveth: calculate gso_segs for large packets (bsc#1019148). - ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148). - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148). - ibmveth: set correct gso_size and gso_type (bsc#1019148). - igb: Workaround for igb i210 firmware issue (bsc#1009911). - igb: add i211 to i210 PHY workaround (bsc#1009911). - input: i8042: Trust firmware a bit more when probing on X86 (bsc#1011660). - intel_idle: Add KBL support (bsc#1016884). - ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897, bsc#1023762). - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918). - iwlwifi: Expose the default fallback ucode API to module info (boo#1021082, boo#1023884). - kgraft: iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612). - kgraft: xen: Do not block kGraft in xenbus kthread (bsc#1017410). - libnvdimm: pfn: fix align attribute (bsc#1023175). - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351). - md linear: fix a race between linear_add() and linear_congested() (bsc#1018446). - md-cluster: convert the completion to wait queue. - md-cluster: protect md_find_rdev_nr_rcu with rcu lock. - md: ensure md devices are freed before module is unloaded (bsc#1022304). - md: fix refcount problem on mddev when stopping array (bsc#1022304). - misc: genwqe: ensure zero initialization. - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim progress (bnc#1013000). - mm: memcg: do not retry precharge charges (bnc#1022559). - mm: page_alloc: fix check for NULL preferred_zone (bnc#971975 VM performance -- page allocator). - mm: page_alloc: fix fast-path race with cpuset update or removal (bnc#971975 VM performance -- page allocator). - mm: page_alloc: fix premature OOM when racing with cpuset mems update (bnc#971975 VM performance -- page allocator). - mm: page_alloc: keep pcp count and list contents in sync if struct page is corrupted (bnc#971975 VM performance -- page allocator). - mm: page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM performance -- page allocator). - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for sdhci-arasan4.9a (bsc#1019351). - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813). - mwifiex: fix IBSS data path issue (bsc#1018813). - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813). - net: af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945, LTC#150566). - net: ethernet: apm: xgene: use phydev from struct net_device (bsc#1019351). - net: ethtool: Initialize buffer when querying device channel settings (bsc#969479). - net: hyperv: avoid uninitialized variable. - net: implement netif_cond_dbg macro (bsc#1019168). - net: remove useless memset's in drivers get_stats64 (bsc#1019351). - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351). - net: xgene: fix backward compatibility fix (bsc#1019351). - net: xgene: fix error handling during reset (bsc#1019351). - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351). - netvsc: Remove mistaken udp.h inclusion. - netvsc: add rcu_read locking to netvsc callback. - netvsc: fix checksum on UDP IPV6. - netvsc: reduce maximum GSO size. - nfit: fail DSMs that return non-zero status by default (bsc#1023175). - nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410). - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410). - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175). - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685). - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock() (bnc#921494). - pci: Add devm_request_pci_bus_resources() (bsc#1019351). - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630). - pci: hv: Allocate physically contiguous hypercall params buffer. - pci: hv: Fix hv_pci_remove() for hot-remove. - pci: hv: Handle hv_pci_generic_compl() error case. - pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg(). - pci: hv: Make unnecessarily global IRQ masking functions static. - pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device. - pci: hv: Use list_move_tail() instead of list_del() + list_add_tail(). - pci: hv: Use pci_function_description in struct definitions. - pci: hv: Use the correct buffer size in new_pcichild_device(). - pci: hv: Use zero-length array in struct pci_packet. - pci: include header file (bsc#964944). - pci: xgene: Add local struct device pointers (bsc#1019351). - pci: xgene: Add register accessors (bsc#1019351). - pci: xgene: Free bridge resource list on failure (bsc#1019351). - pci: xgene: Make explicitly non-modular (bsc#1019351). - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351). - pci: xgene: Remove unused platform data (bsc#1019351). - pci: xgene: Request host bridge window resources (bsc#1019351). - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351). - phy: xgene: rename 'enum phy_mode' to 'enum xgene_phy_mode' (bsc#1019351). - power: reset: xgene-reboot: Unmap region obtained by of_iomap (bsc#1019351). - powerpc: fadump: Fix the race in crash_fadump() (bsc#1022971). - qeth: check not more than 16 SBALEs on the completion queue (bnc#1009718, LTC#148203). - raid1: Fix a regression observed during the rebuilding of degraded MDRAID VDs (bsc#1020048). - raid1: ignore discard error (bsc#1017164). - reiserfs: fix race in prealloc discard (bsc#987576). - rpm: kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422) - rpm: kernel-binary.spec.in: Fix installation of /etc/uefi/certs (bsc#1019594) - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429). - rtc: cmos: Do not enable interrupts in the middle of the interrupt handler (bsc#1022429). - rtc: cmos: Restore alarm after resume (bsc#1022429). - rtc: cmos: avoid unused function warning (bsc#1022429). - s390: Fix invalid domain response handling (bnc#1009718). - s390: cpuinfo: show maximum thread id (bnc#1009718, LTC#148580). - s390: sysinfo: show partition extended name and UUID if available (bnc#1009718, LTC#150160). - s390: time: LPAR offset handling (bnc#1009718, LTC#146920). - s390: time: move PTFF definitions (bnc#1009718, LTC#146920). - sched: Allow hotplug notifiers to be setup early (bnc#1022476). - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476). - sched: core, x86/topology: Fix NUMA in package topology bug (bnc#1022476). - sched: core: Fix incorrect utilization accounting when switching to fair class (bnc#1022476). - sched: core: Fix set_user_nice() (bnc#1022476). - sched: cputime: Add steal time support to full dynticks CPU time accounting (bnc#1022476). - sched: cputime: Fix prev steal time accouting during CPU hotplug (bnc#1022476). - sched: deadline: Always calculate end of period on sched_yield() (bnc#1022476). - sched: deadline: Fix a bug in dl_overflow() (bnc#1022476). - sched: deadline: Fix lock pinning warning during CPU hotplug (bnc#1022476). - sched: deadline: Fix wrap-around in DL heap (bnc#1022476). - sched: fair: Avoid using decay_load_missed() with a negative value (bnc#1022476). - sched: fair: Fix fixed point arithmetic width for shares and effective load (bnc#1022476). - sched: fair: Fix load_above_capacity fixed point arithmetic width (bnc#1022476). - sched: fair: Fix min_vruntime tracking (bnc#1022476). - sched: fair: Fix the wrong throttled clock time for cfs_rq_clock_task() (bnc#1022476). - sched: fair: Improve PELT stuff some more (bnc#1022476). - sched: rt, sched/dl: Do not push if task's scheduling class was changed (bnc#1022476). - sched: rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476). - sched: rt: Kick RT bandwidth timer immediately on start up (bnc#1022476). - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469). - scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469). - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273). - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels. - scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910). - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986, bsc#1025235). - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792). - serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly, too. Also, the corresponding entry got removed from supported.conf. - serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546). - serial: Update metadata for serial fixes (bsc#1013001) - ses: Fix SAS device detection in enclosure (bsc#1016403). - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168). - sfc: refactor debug-or-warnings printks (bsc#1019168). - sunrpc: Fix reconnection timeouts (bsc#1014410). - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410). - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail (bsc#1018813) - supported.conf: delete xilinx/ll_temac (bsc#1011602) - target: add XCOPY target/segment desc sense codes (bsc#991273). - target: bounds check XCOPY segment descriptor list (bsc#991273). - target: bounds check XCOPY total descriptor list length (bsc#991273). - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170). - target: check for XCOPY parameter truncation (bsc#991273). - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273). - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273). - target: support XCOPY requests without parameters (bsc#991273). - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273). - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170). - tools: hv: Enable network manager for bonding scripts on RHEL. - tools: hv: fix a compile warning in snprintf. - tools: hv: kvp: configurable external scripts path. - tools: hv: kvp: ensure kvp device fd is closed on exec. - tools: hv: remove unnecessary header files and netlink related code. - tools: hv: remove unnecessary link flag. - tty: n_hdlc, fix lockdep false positive (bnc#1015840). - uvcvideo: uvc_scan_fallback() for webcams with broken chain (bsc#1021474). - vmbus: make sysfs names consistent with PCI. - x86: MCE: Dump MCE to dmesg if no consumers (bsc#1013994). - x86: hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic. - xfs: don't allow di_size with high bit set (bsc#1024234). - xfs: exclude never-released buffers from buftarg I/O accounting (bsc#1024508). - xfs: fix broken multi-fsb buffer logging (bsc#1024081). - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056). - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888). - xfs: track and serialize in-flight async buffers against unmount (bsc#1024508). - xfs: track and serialize in-flight async buffers against unmount - kABI (bsc#1024508). Important SUSE bug 1000092 SUSE bug 1000619 SUSE bug 1003077 SUSE bug 1005918 SUSE bug 1006469 SUSE bug 1006472 SUSE bug 1007729 SUSE bug 1008742 SUSE bug 1009546 SUSE bug 1009674 SUSE bug 1009718 SUSE bug 1009911 SUSE bug 1010612 SUSE bug 1010690 SUSE bug 1010933 SUSE bug 1011176 SUSE bug 1011602 SUSE bug 1011660 SUSE bug 1011913 SUSE bug 1012382 SUSE bug 1012422 SUSE bug 1012829 SUSE bug 1012910 SUSE bug 1013000 SUSE bug 1013001 SUSE bug 1013273 SUSE bug 1013540 SUSE bug 1013792 SUSE bug 1013994 SUSE bug 1014120 SUSE bug 1014410 SUSE bug 1015038 SUSE bug 1015367 SUSE bug 1015840 SUSE bug 1016250 SUSE bug 1016403 SUSE bug 1016517 SUSE bug 1016884 SUSE bug 1016979 SUSE bug 1017164 SUSE bug 1017170 SUSE bug 1017410 SUSE bug 1018100 SUSE bug 1018316 SUSE bug 1018358 SUSE bug 1018446 SUSE bug 1018813 SUSE bug 1018913 SUSE bug 1019061 SUSE bug 1019148 SUSE bug 1019168 SUSE bug 1019260 SUSE bug 1019351 SUSE bug 1019594 SUSE bug 1019630 SUSE bug 1019631 SUSE bug 1019784 SUSE bug 1019851 SUSE bug 1020048 SUSE bug 1020214 SUSE bug 1020488 SUSE bug 1020602 SUSE bug 1020685 SUSE bug 1020817 SUSE bug 1020945 SUSE bug 1020975 SUSE bug 1021082 SUSE bug 1021248 SUSE bug 1021251 SUSE bug 1021258 SUSE bug 1021260 SUSE bug 1021294 SUSE bug 1021455 SUSE bug 1021474 SUSE bug 1022304 SUSE bug 1022429 SUSE bug 1022476 SUSE bug 1022547 SUSE bug 1022559 SUSE bug 1022971 SUSE bug 1023101 SUSE bug 1023175 SUSE bug 1023762 SUSE bug 1023884 SUSE bug 1023888 SUSE bug 1024081 SUSE bug 1024234 SUSE bug 1024508 SUSE bug 1024938 SUSE bug 1025235 SUSE bug 921494 SUSE bug 959709 SUSE bug 964944 SUSE bug 969476 SUSE bug 969477 SUSE bug 969479 SUSE bug 971975 SUSE bug 974215 SUSE bug 981709 SUSE bug 982783 SUSE bug 985561 SUSE bug 987192 SUSE bug 987576 SUSE bug 989056 SUSE bug 991273 SUSE bug 998106 CVE-2015-8709 CVE-2016-7117 CVE-2016-9806 CVE-2017-2583 CVE-2017-2584 CVE-2017-5551 CVE-2017-5576 CVE-2017-5577 CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 cpe:/o:suse:sles:12:sp2 Security update for bind (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for bind fixes the following issues: - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Moderate SUSE bug 1024130 CVE-2017-3135 cpe:/o:suse:sles:12:sp2 Security update for libquicktime (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libquicktime fixes the following issues: - A crafted MP4 file could have caused libquicktime to crash or lead to undefined behaviour (bsc#1022805, CVE-2016-2399) Moderate SUSE bug 1022805 CVE-2016-2399 cpe:/o:suse:sles:12:sp2 Security update for tigervnc (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tigervnc provides the following fixes: - Prevent malicious server from crashing a server via a buffer overflow, a similar flaw as the LibVNCServer issues CVE-2016-9941 and CVE-2016-9942. (bsc#1019274) - CVE-2016-10207: Prevent potential crash due to insufficient clean-up after failure to establish TLS connection. (bsc#1023012) Moderate SUSE bug 1019274 SUSE bug 1023012 CVE-2016-10207 CVE-2016-9941 CVE-2016-9942 cpe:/o:suse:sles:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2 This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907). - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073). - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081). - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084). - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195). - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481). - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589). - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491). - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583) - XHCI fixes (bsc#977027) - Fixed rare race during s390x guest reboot - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) Important SUSE bug 1014702 SUSE bug 1015169 SUSE bug 1016779 SUSE bug 1017081 SUSE bug 1017084 SUSE bug 1020491 SUSE bug 1020589 SUSE bug 1020928 SUSE bug 1021129 SUSE bug 1021195 SUSE bug 1021481 SUSE bug 1022541 SUSE bug 1023004 SUSE bug 1023053 SUSE bug 1023073 SUSE bug 1023907 SUSE bug 1024972 SUSE bug 1026583 SUSE bug 977027 CVE-2016-10028 CVE-2016-10029 CVE-2016-10155 CVE-2016-9921 CVE-2016-9922 CVE-2017-2615 CVE-2017-2620 CVE-2017-5525 CVE-2017-5526 CVE-2017-5552 CVE-2017-5578 CVE-2017-5667 CVE-2017-5856 CVE-2017-5857 CVE-2017-5898 cpe:/o:suse:sles:12:sp2 Recommended update for dbus-1 (Low) SUSE Linux Enterprise Server 12 SP2 This update for dbus-1 fixes the following issues: Security issues fixed: - Symlink attack in nonce-tcp transport. (bsc#1025950) - Symlink attack in unit tests. (bsc#1025951) Bugfixes: - Remove sysvinit script, not used under systemd. (bsc#974092) Low SUSE bug 1025950 SUSE bug 1025951 SUSE bug 974092 cpe:/o:suse:sles:12:sp2 Security update for open-vm-tools (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for open-vm-tools to 10.1.0 stable brings features, fixes bugs and security issues: - New vmware-namespace-cmd command line utility - GTK3 support - Common Agent Framework (CAF) - Guest authentication with xmlsec1 - Sub-command to push updated network information to the host on demand - Fix for quiesced snapshot failure leaving guest file system quiesced (bsc#1006796) - Fix for CVE-2015-5191 (bsc#1007600) - Report SLES for SAP 12 guest OS as SLES 12 (bsc#1013496) - Add udev rule to increase VMware virtual disk timeout values (bsc#994598) - Fix vmtoolsd init script to run vmtoolsd in background (bsc#971031) Moderate SUSE bug 1006796 SUSE bug 1007600 SUSE bug 1011057 SUSE bug 1013496 SUSE bug 1024200 SUSE bug 971031 SUSE bug 994598 CVE-2015-5191 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2 This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed (bsc#1028391): - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5401: Memory Corruption when handling ErrorResult - CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5404: Use-after-free working with ranges in selections - CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5408: Cross-origin reading of video captions in violation of CORS - CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Important SUSE bug 1028391 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5409 CVE-2017-5410 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_1-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (bsc#1027038) Moderate SUSE bug 1027038 CVE-2016-2183 cpe:/o:suse:sles:12:sp2 Security update for sane-backends (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for sane-backends fixes the following issues: - saned could have leaked uninitialized memory back to its requesters for some opcodes, allowing for information disclosure of saned memory (CVE-2017-6318, bsc#1027197). Moderate SUSE bug 1027197 CVE-2017-6318 cpe:/o:suse:sles:12:sp2 Security update for freeradius-server (Important) SUSE Linux Enterprise Server 12 SP2 This update of freeradius-server fixes several issues. Security issue fixed: - CVE-2015-4680: Fixed Insufficent CRL application for intermediate certificates (bsc#935573) Non security issues fixed: - Allows FreeRadius Server to start on SUSE Linux Enterprise Server 12 SP2 systems by relaxing a too strict openssl version check. (bsc#1013311) - Fixed radclient error free() invalid pointer (bsc#911886) - Fixed failing rebuild of freeradius-server package (bsc#951404) Important SUSE bug 1013311 SUSE bug 911886 SUSE bug 935573 SUSE bug 951404 CVE-2015-4680 cpe:/o:suse:sles:12:sp2 Security update for rrdtool (Low) SUSE Linux Enterprise Server 12 SP2 This update for rrdtool provides the following fixes: - CVE-2013-2131: Enhance imginfo format validation checks to prevent crashes. (bsc#828003) - Add rrdtool-cached sub-package to SLE 12-SP1. (bsc#967671) Low SUSE bug 828003 SUSE bug 967671 CVE-2013-2131 cpe:/o:suse:sles:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for apache2 fixes the following security issues: Security issues fixed: - CVE-2016-0736: Protect mod_session_crypto data with a MAC to prevent padding oracle attacks (bsc#1016712). - CVE-2016-2161: Malicious input to mod_auth_digest could have caused the server to crash, resulting in DoS (bsc#1016714). - CVE-2016-8743: Added new directive 'HttpProtocolOptions Strict' to avoid proxy chain misinterpretation (bsc#1016715). Bugfixes: - Add missing copy of hcuri and hcexpr from the worker to the health check worker (bsc#1019380). Moderate SUSE bug 1016712 SUSE bug 1016714 SUSE bug 1016715 SUSE bug 1019380 CVE-2016-0736 CVE-2016-2161 CVE-2016-8743 cpe:/o:suse:sles:12:sp2 Security update for wget (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for wget fixes the following issues: Security issue fixed: - CVE-2017-6508: (url_parse): Reject control characters in host part of URL (bsc#1028301). Moderate SUSE bug 1028301 CVE-2017-6508 cpe:/o:suse:sles:12:sp2 Security update for virglrenderer (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for virglrenderer fixes the following issues: Security issues fixed: - CVE-2017-6386: memory leakage while in vrend_create_vertex_elements_state (bsc#1027376) - CVE-2017-6355: integer overflow while creating shader object (bsc#1027108) - CVE-2017-6317: fix memory leak in add shader program (bsc#1026922) - CVE-2017-6210: null pointer dereference in vrend_decode_reset (bsc#1026725) - CVE-2017-6209: stack buffer oveflow in parse_identifier (bsc#1026723) - CVE-2017-5994: out-of-bounds access in vrend_create_vertex_elements_state (bsc#1025507) - CVE-2017-5993: host memory leakage when initialising blitter context (bsc#1025505) - CVE-2017-5957: stack overflow in vrend_decode_set_framebuffer_state (bsc#1024993) - CVE-2017-5956: OOB access while in vrend_draw_vbo (bsc#1024992) - CVE-2017-5937: null pointer dereference in vrend_clear (bsc#1024232) - CVE-2017-5580: OOB access while parsing texture instruction (bsc#1021627) - CVE-2016-10214: host memory leak issue in virgl_resource_attach_backing (bsc#1024244) - CVE-2016-10163: host memory leakage when creating decode context (bsc#1021616) Moderate SUSE bug 1021616 SUSE bug 1021627 SUSE bug 1024232 SUSE bug 1024244 SUSE bug 1024992 SUSE bug 1024993 SUSE bug 1025505 SUSE bug 1025507 SUSE bug 1026723 SUSE bug 1026725 SUSE bug 1026922 SUSE bug 1027108 SUSE bug 1027376 CVE-2016-10163 CVE-2016-10214 CVE-2017-5580 CVE-2017-5937 CVE-2017-5956 CVE-2017-5957 CVE-2017-5993 CVE-2017-5994 CVE-2017-6209 CVE-2017-6210 CVE-2017-6317 CVE-2017-6355 CVE-2017-6386 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (bsc#1027038) Bugfixes: - Require the main pkg in post phase of devel (bsc#1025506) Moderate SUSE bug 1025506 SUSE bug 1027038 CVE-2016-2183 cpe:/o:suse:sles:12:sp2 Security update for libpng16 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Moderate SUSE bug 1017646 CVE-2016-10087 cpe:/o:suse:sles:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes: - Force usage of ncurses6-config thru NCURSES_CONFIG env var (bsc#1023847). - Add missing ldb module directory (bsc#1012092). - Don't package man pages for VFS modules that aren't built (bsc#993707). - sync_req: make async_connect_send() 'reentrant'; (bso#12105); (bsc#1024416). - Document 'winbind: ignore domains' parameter; (bsc#1019416). - Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692). Important SUSE bug 1012092 SUSE bug 1019416 SUSE bug 1023847 SUSE bug 1024416 SUSE bug 1027147 SUSE bug 993692 SUSE bug 993707 CVE-2017-2619 cpe:/o:suse:sles:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issues: Security issues fixed: - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes: - Don't package man pages for VFS modules that aren't built (bsc#993707). - sync_req: make async_connect_send() 'reentrant'; (bso#12105); (bsc#1024416). - Document 'winbind: ignore domains' parameter; (bsc#1019416). - Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692). Important SUSE bug 1019416 SUSE bug 1024416 SUSE bug 1027147 SUSE bug 993692 SUSE bug 993707 CVE-2017-2619 cpe:/o:suse:sles:12:sp2 Security update for libpng12 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libpng12 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 kernel was updated to fix the following security bugs: - CVE-2017-7184: The Linux kernel allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017 (bnc#1030573, bnc#1028372). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565). Important SUSE bug 1027565 SUSE bug 1028372 SUSE bug 1030573 CVE-2017-2636 CVE-2017-7184 cpe:/o:suse:sles:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2 This update for bind fixes the following issues: - Fix a potential assertion failure that could have been triggered by a malformed response to an ANY query, thereby facilitating a denial-of-service attack. [CVE-2016-9131, bsc#1018700, bsc#1018699] - Fix a potential assertion failure that could have been triggered by responding to a query with inconsistent DNSSEC information, thereby facilitating a denial-of-service attack. [CVE-2016-9147, bsc#1018701, bsc#1018699] - Fix potential assertion failure that could have been triggered by DNS responses that contain unusually-formed DS resource records, facilitating a denial-of-service attack. [CVE-2016-9444, bsc#1018702, bsc#1018699] Important SUSE bug 1018699 SUSE bug 1018700 SUSE bug 1018701 SUSE bug 1018702 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 cpe:/o:suse:sles:12:sp2 Security update for audiofile (Low) SUSE Linux Enterprise Server 12 SP2 This audiofile update fixes the following issue: Security issues fixed: - CVE-2015-7747: Fixed buffer overflow issue when changing both number of channels and sample format. (bsc#949399) - CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979) - CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980) - CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981) - CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982) - CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983) - CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984) - CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985) - CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986) - CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988) - CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987) - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978) Low SUSE bug 1026978 SUSE bug 1026979 SUSE bug 1026980 SUSE bug 1026981 SUSE bug 1026982 SUSE bug 1026983 SUSE bug 1026984 SUSE bug 1026985 SUSE bug 1026986 SUSE bug 1026987 SUSE bug 1026988 SUSE bug 949399 CVE-2015-7747 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 cpe:/o:suse:sles:12:sp2 Security update for dracut (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for dracut fixes the following issues: Security issues fixed: - CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk. (bsc#1008340) Non security issues fixed: - Remove zlib module as requirement. (bsc#1020063) - Unlimit TaskMax for xfs_repair in emergency shell. (bsc#1019938) - Resolve symbolic links for -i and -k parameters. (bsc#902375) - Enhance purge-kernels script to handle kgraft patches. (bsc#1017141) - Allow booting from degraded MD arrays with systemd. (bsc#1017695) - Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687) - Start multipath services before local-fs-pre.target. (bsc#1005410, bsc#1006118, bsc#1007925) - Fix /sbin/installkernel to handle kernel packages built with 'make bin-rpmpkg'. (bsc#1008648) Moderate SUSE bug 1005410 SUSE bug 1006118 SUSE bug 1007925 SUSE bug 1008340 SUSE bug 1008648 SUSE bug 1017141 SUSE bug 1017695 SUSE bug 1019938 SUSE bug 1020063 SUSE bug 1021687 SUSE bug 902375 CVE-2016-8637 cpe:/o:suse:sles:12:sp2 Security update for libpng15 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libpng15 fixes the following issues: Security issues fixed: - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Moderate SUSE bug 1017646 SUSE bug 958791 CVE-2015-8540 CVE-2016-10087 cpe:/o:suse:sles:12:sp2 Security update for jasper (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder (bsc#1018088) - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) (bsc#1029497) - CVE-2017-5498: left-shift undefined behaviour (bsc#1020353) - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868) - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400) Moderate SUSE bug 1015400 SUSE bug 1018088 SUSE bug 1020353 SUSE bug 1021868 SUSE bug 1029497 CVE-2016-10251 CVE-2016-9583 CVE-2016-9600 CVE-2017-5498 CVE-2017-6850 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-plugins-bad (Low) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed: - CVE-2017-5843: set stream tags to NULL after unrefing (bsc#1024044). - CVE-2017-5848: rewrite PSM parsing to add bounds checking (bsc#1024068). Low SUSE bug 1024044 SUSE bug 1024068 CVE-2017-5843 CVE-2017-5848 cpe:/o:suse:sles:12:sp2 Security update for gstreamer (Low) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer fixes the following security issues: - A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838) Low SUSE bug 1024051 CVE-2017-5838 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen to version 4.7.2 fixes the following issues: These security issues were fixed: - CVE-2017-7228: Broken check in memory_exchange() permited PV guest breakout (bsc#1030442). - XSA-206: Unprivileged guests issuing writes to xenstore were able to stall progress of the control domain or driver domain, possibly leading to a Denial of Service (DoS) of the entire host (bsc#1030144). - CVE-2017-6505: The ohci_service_ed_list function in hw/usb/hcd-ohci.c allowed local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors (bsc#1028235). These non-security issues were fixed: - bsc#1015348: libvirtd didn't not start during boot - bsc#1014136: kdump couldn't dump a kernel on SLES12-SP2 with Xen hypervisor. - bsc#1026236: Fixed paravirtualized performance - bsc#1022555: Timeout in 'execution of /etc/xen/scripts/block add' - bsc#1029827: Forward port xenstored - bsc#1029128: Make xen to really produce xen.efi with gcc48 Important SUSE bug 1014136 SUSE bug 1015348 SUSE bug 1022555 SUSE bug 1026236 SUSE bug 1027519 SUSE bug 1028235 SUSE bug 1029128 SUSE bug 1029827 SUSE bug 1030144 SUSE bug 1030442 CVE-2017-6505 CVE-2017-7228 cpe:/o:suse:sles:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2 This update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. One additional non-security bug was fixed: The default umask was changed to 077. (bsc#1020983) Important SUSE bug 1020983 SUSE bug 1033466 SUSE bug 1033467 SUSE bug 1033468 SUSE bug 987866 SUSE bug 989528 CVE-2016-2775 CVE-2016-6170 CVE-2017-3136 CVE-2017-3137 CVE-2017-3138 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-0_10-plugins-base (Low) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-0_10-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) Low SUSE bug 1024076 SUSE bug 1024079 CVE-2017-5837 CVE-2017-5844 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-plugins-good (Low) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-plugins-good fixes the following issues: - A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198) - A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199) - A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840) - A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (bsc#1024030, CVE-2017-5841) - A crafted avi file could have caused an invalid read access resulting in denial of service (bsc#1024062, CVE-2017-5845) Low SUSE bug 1024014 SUSE bug 1024017 SUSE bug 1024030 SUSE bug 1024034 SUSE bug 1024062 CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841 CVE-2017-5845 cpe:/o:suse:sles:12:sp2 Security update for gstreamer-plugins-base (Low) SUSE Linux Enterprise Server 12 SP2 This update for gstreamer-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) - A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839) - A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842) Low SUSE bug 1024041 SUSE bug 1024047 SUSE bug 1024076 SUSE bug 1024079 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 cpe:/o:suse:sles:12:sp2 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libsndfile fixes the following security issues: - CVE-2017-7586: A stack-based buffer overflow via a specially crafted FLAC file was fixed (error in the 'header_read()' function) (bsc#1033053) - CVE-2017-7585,CVE-2017-7741, CVE-2017-7742: Several stack-based buffer overflows via a specially crafted FLAC file (error in the 'flac_buffer_copy()' function) were fixed (bsc#1033054,bsc#1033915,bsc#1033914). Moderate SUSE bug 1033053 SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 CVE-2017-7585 CVE-2017-7586 CVE-2017-7741 CVE-2017-7742 cpe:/o:suse:sles:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for curl fixes the following issues: Security issue fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712). Moderate SUSE bug 1015332 SUSE bug 1027712 SUSE bug 1032309 CVE-2016-9586 CVE-2017-7407 cpe:/o:suse:sles:12:sp2 Security update for tiff (Important) SUSE Linux Enterprise Server 12 SP2 This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'WRITE of size 2048' and libtiff/tif_next.c:64:9 (bsc#1031247). - CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 1' and libtiff/tif_fax3.c:413:13 (bsc#1031249). - CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22 (bsc#1031250). - CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2 (bsc#1031254). - CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255). - CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8 (bsc#1031262). - CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (bsc#1031263). Important SUSE bug 1031247 SUSE bug 1031249 SUSE bug 1031250 SUSE bug 1031254 SUSE bug 1031255 SUSE bug 1031262 SUSE bug 1031263 CVE-2016-10266 CVE-2016-10267 CVE-2016-10268 CVE-2016-10269 CVE-2016-10270 CVE-2016-10271 CVE-2016-10272 cpe:/o:suse:sles:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2 This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed (bsc#1030050): - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential Overflows in ctl_put() functions - CVE-2017-6451: Improper use of snprintf() in mx4200_send() - CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist - CVE-2016-9042: 0rigin (zero origin) DoS. - ntpq_stripquotes() returns incorrect Value - ereallocarray()/eallocarray() underused - Copious amounts of Unused Code - Off-by-one in Oncore GPS Receiver - Makefile does not enforce Security Flags Bugfixes: - Remove spurious log messages (bsc#1014172). - clang scan-build findings - Support for openssl-1.1.0 without compatibility modes - Bugfix 3072 breaks multicastclient - forking async worker: interrupted pipe I/O - (...) time_pps_create: Exec format error - Incorrect Logic for Peer Event Limiting - Change the process name of forked DNS worker - Trap Configuration Fail - Nothing happens if minsane < maxclock < minclock - allow -4/-6 on restrict line with mask - out-of-bound pointers in ctl_putsys and decode_bitflags - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates. Moderate SUSE bug 1014172 SUSE bug 1030050 CVE-2016-9042 CVE-2017-6451 CVE-2017-6458 CVE-2017-6460 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464 cpe:/o:suse:sles:12:sp2 Security update for ruby2.1 (Important) SUSE Linux Enterprise Server 12 SP2 This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (bsc#1018808) - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495) - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032) - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974) - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes: - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863) - Segmentation fault after pack & ioctl & unpack (bsc#909695) - Ruby:HTTP Header injection in 'net/http' (bsc#986630) ChangeLog: - http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog Important SUSE bug 1014863 SUSE bug 1018808 SUSE bug 887877 SUSE bug 909695 SUSE bug 926974 SUSE bug 936032 SUSE bug 959495 SUSE bug 986630 CVE-2014-4975 CVE-2015-1855 CVE-2015-3900 CVE-2015-7551 CVE-2016-2339 cpe:/o:suse:sles:12:sp2 Security update for minicom (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for minicom fixes the following issue: This security issue was fixed: - CVE-2017-7467: Invalid cursor coordinates and scroll regions could lead to code execution (bsc#1033783). Moderate SUSE bug 1033783 CVE-2017-7467 cpe:/o:suse:sles:12:sp2 Security update for tigervnc (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tigervnc provides the several fixes. These security issues were fixed: - CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886) - CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877) - CVE-2017-7394: Client can crash or block VNC server (bsc#1031879) - CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875) - Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880) These non-security issues were fixed: - Prevent client disconnection caused by invalid cursor manipulation. (bsc#1024929, bsc#1031045) - Readd index.vnc. (bsc#1026833) - Crop operations to visible screen. (bnc#1032272) Moderate SUSE bug 1024929 SUSE bug 1026833 SUSE bug 1031045 SUSE bug 1031875 SUSE bug 1031877 SUSE bug 1031879 SUSE bug 1031886 SUSE bug 1032272 SUSE bug 1032880 CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 cpe:/o:suse:sles:12:sp2 Security update for tcpdump, libpcap (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tcpdump to version 4.9.0 and libpcap to version 1.8.1 fixes the several issues. These security issues were fixed in tcpdump: - CVE-2016-7922: The AH parser in tcpdump had a buffer overflow in print-ah.c:ah_print() (bsc#1020940). - CVE-2016-7923: The ARP parser in tcpdump had a buffer overflow in print-arp.c:arp_print() (bsc#1020940). - CVE-2016-7924: The ATM parser in tcpdump had a buffer overflow in print-atm.c:oam_print() (bsc#1020940). - CVE-2016-7925: The compressed SLIP parser in tcpdump had a buffer overflow in print-sl.c:sl_if_print() (bsc#1020940). - CVE-2016-7926: The Ethernet parser in tcpdump had a buffer overflow in print-ether.c:ethertype_print() (bsc#1020940). - CVE-2016-7927: The IEEE 802.11 parser in tcpdump had a buffer overflow in print-802_11.c:ieee802_11_radio_print() (bsc#1020940). - CVE-2016-7928: The IPComp parser in tcpdump had a buffer overflow in print-ipcomp.c:ipcomp_print() (bsc#1020940). - CVE-2016-7929: The Juniper PPPoE ATM parser in tcpdump had a buffer overflow in print-juniper.c:juniper_parse_header() (bsc#1020940). - CVE-2016-7930: The LLC/SNAP parser in tcpdump had a buffer overflow in print-llc.c:llc_print() (bsc#1020940). - CVE-2016-7931: The MPLS parser in tcpdump had a buffer overflow in print-mpls.c:mpls_print() (bsc#1020940). - CVE-2016-7932: The PIM parser in tcpdump had a buffer overflow in print-pim.c:pimv2_check_checksum() (bsc#1020940). - CVE-2016-7933: The PPP parser in tcpdump had a buffer overflow in print-ppp.c:ppp_hdlc_if_print() (bsc#1020940). - CVE-2016-7934: The RTCP parser in tcpdump had a buffer overflow in print-udp.c:rtcp_print() (bsc#1020940). - CVE-2016-7935: The RTP parser in tcpdump had a buffer overflow in print-udp.c:rtp_print() (bsc#1020940). - CVE-2016-7936: The UDP parser in tcpdump had a buffer overflow in print-udp.c:udp_print() (bsc#1020940). - CVE-2016-7937: The VAT parser in tcpdump had a buffer overflow in print-udp.c:vat_print() (bsc#1020940). - CVE-2016-7938: The ZeroMQ parser in tcpdump had an integer overflow in print-zeromq.c:zmtp1_print_frame() (bsc#1020940). - CVE-2016-7939: The GRE parser in tcpdump had a buffer overflow in print-gre.c, multiple functions (bsc#1020940). - CVE-2016-7940: The STP parser in tcpdump had a buffer overflow in print-stp.c, multiple functions (bsc#1020940). - CVE-2016-7973: The AppleTalk parser in tcpdump had a buffer overflow in print-atalk.c, multiple functions (bsc#1020940). - CVE-2016-7974: The IP parser in tcpdump had a buffer overflow in print-ip.c, multiple functions (bsc#1020940). - CVE-2016-7975: The TCP parser in tcpdump had a buffer overflow in print-tcp.c:tcp_print() (bsc#1020940). - CVE-2016-7983: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2016-7984: The TFTP parser in tcpdump had a buffer overflow in print-tftp.c:tftp_print() (bsc#1020940). - CVE-2016-7985: The CALM FAST parser in tcpdump had a buffer overflow in print-calm-fast.c:calm_fast_print() (bsc#1020940). - CVE-2016-7986: The GeoNetworking parser in tcpdump had a buffer overflow in print-geonet.c, multiple functions (bsc#1020940). - CVE-2016-7992: The Classical IP over ATM parser in tcpdump had a buffer overflow in print-cip.c:cip_if_print() (bsc#1020940). - CVE-2016-7993: A bug in util-print.c:relts_print() in tcpdump could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM) (bsc#1020940). - CVE-2016-8574: The FRF.15 parser in tcpdump had a buffer overflow in print-fr.c:frf15_print() (bsc#1020940). - CVE-2016-8575: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482 (bsc#1020940). - CVE-2017-5202: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2017-5203: The BOOTP parser in tcpdump had a buffer overflow in print-bootp.c:bootp_print() (bsc#1020940). - CVE-2017-5204: The IPv6 parser in tcpdump had a buffer overflow in print-ip6.c:ip6_print() (bsc#1020940). - CVE-2017-5205: The ISAKMP parser in tcpdump had a buffer overflow in print-isakmp.c:ikev2_e_print() (bsc#1020940). - CVE-2017-5341: The OTV parser in tcpdump had a buffer overflow in print-otv.c:otv_print() (bsc#1020940). - CVE-2017-5342: In tcpdump a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print() (bsc#1020940). - CVE-2017-5482: The Q.933 parser in tcpdump had a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575 (bsc#1020940). - CVE-2017-5483: The SNMP parser in tcpdump had a buffer overflow in print-snmp.c:asn1_parse() (bsc#1020940). - CVE-2017-5484: The ATM parser in tcpdump had a buffer overflow in print-atm.c:sig_print() (bsc#1020940). - CVE-2017-5485: The ISO CLNS parser in tcpdump had a buffer overflow in addrtoname.c:lookup_nsap() (bsc#1020940). - CVE-2017-5486: The ISO CLNS parser in tcpdump had a buffer overflow in print-isoclns.c:clnp_print() (bsc#1020940). - CVE-2015-3138: Fixed potential denial of service in print-wb.c (bsc#927637). - CVE-2015-0261: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value (bsc#922220). - CVE-2015-2153: The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU) (bsc#922221). - CVE-2015-2154: The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump allowed remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value (bsc#922222). - CVE-2015-2155: The force printer in tcpdump allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors (bsc#922223). - CVE-2014-8767: Integer underflow in the olsr_print function in tcpdump 3.9.6 when in verbose mode, allowed remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame (bsc#905870). - CVE-2014-8768: Multiple Integer underflows in the geonet_print function in tcpdump when run in verbose mode, allowed remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame (bsc#905871). - CVE-2014-8769: tcpdump might have allowed remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access (bsc#905872). These non-security issues were fixed in tcpdump: - PPKI to Router Protocol: Fix Segmentation Faults and other problems - RPKI to Router Protocol: print strings with fn_printn() - Added a short option '#', same as long option '--number' - nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes - M3UA decode added. - Added bittok2str(). - A number of unaligned access faults fixed - The -A flag does not consider CR to be printable anymore - fx.lebail took over coverity baby sitting - Default snapshot size increased to 256K for accomodate USB captures These non-security issues were fixed in libpcap: - Provide a -devel-static subpackage that contains the static libraries and all the extra dependencies which are not needed for dynamic linking. - Fix handling of packet count in the TPACKET_V3 inner loop - Filter out duplicate looped back CAN frames. - Fix the handling of loopback filters for IPv6 packets. - Add a link-layer header type for RDS (IEC 62106) groups. - Handle all CAN captures with pcap-linux.c, in cooked mode. - Removes the need for the 'host-endian' link-layer header type. - Have separate DLTs for big-endian and host-endian SocketCAN headers. - Properly check for sock_recv() errors. - Re-impose some of Winsock's limitations on sock_recv(). - Replace sprintf() with pcap_snprintf(). - Fix signature of pcap_stats_ex_remote(). - Have rpcap_remoteact_getsock() return a SOCKET and supply an 'is active' flag. - Clean up {DAG, Septel, Myricom SNF}-only builds. - pcap_create_interface() needs the interface name on Linux. - Clean up hardware time stamp support: the 'any' device does not support any time stamp types. - Recognize 802.1ad nested VLAN tag in vlan filter. - Support for filtering Geneve encapsulated packets. - Fix handling of zones for BPF on Solaris - Added bpf_filter1() with extensions - EBUSY can now be returned by SNFv3 code. - Don't crash on filters testing a non-existent link-layer type field. - Fix sending in non-blocking mode on Linux with memory-mapped capture. - Fix timestamps when reading pcap-ng files on big-endian machines. - Fixes for byte order issues with NFLOG captures - Handle using cooked mode for DLT_NETLINK in activate_new(). Moderate SUSE bug 1020940 SUSE bug 1035686 SUSE bug 905870 SUSE bug 905871 SUSE bug 905872 SUSE bug 922220 SUSE bug 922221 SUSE bug 922222 SUSE bug 922223 SUSE bug 927637 CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2015-3138 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 cpe:/o:suse:sles:12:sp2 Security update for perl-DBD-mysql (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for perl-DBD-mysql fixes the following issues: - CVE-2016-1251: A use-after-free when used with mysql_server_prepare=1 (bsc#1012546). - CVE-2016-1246: Buffer overflow allowed context-dependent attackers to cause a denial of service (crash) via vectors related to an error message (bsc#1002626). - CVE-2016-1249: Out-of-bounds read when using server-side prepared statement support (bsc#1010457). Moderate SUSE bug 1002626 SUSE bug 1010457 SUSE bug 1012546 CVE-2016-1246 CVE-2016-1249 CVE-2016-1251 cpe:/o:suse:sles:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2 This update for ghostscript fixes the following security vulnerabilities: CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) Important SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032114 SUSE bug 1032120 SUSE bug 1036453 CVE-2016-10220 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen fixes several issues. These security issues were fixed: - A malicious 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks by placing a IRET hypercall in the middle of a multicall batch (XSA-213, bsc#1034843) - A malicious pair of guests may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks because of a missing check when transfering pages via GNTTABOP_transfer (XSA-214, bsc#1034844). - CVE-2017-7718: hw/display/cirrus_vga_rop.h allowed local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions (bsc#1034994). - CVE-2016-9603: A privileged user within the guest VM could have caused a heap overflow in the device model process, potentially escalating their privileges to that of the device model process (bsc#1028655) These non-security issues were fixed: - bsc#1029827: Additional xenstore patch - bsc#1036146: Xen VM dumped core to wrong path - bsc#1022703: Prevent Xen HVM guest with OVMF to hang with unattached CDRom Important SUSE bug 1022703 SUSE bug 1028655 SUSE bug 1029827 SUSE bug 1030144 SUSE bug 1034843 SUSE bug 1034844 SUSE bug 1034994 SUSE bug 1036146 CVE-2016-9603 CVE-2017-7718 cpe:/o:suse:sles:12:sp2 Security update for graphite2 (Important) SUSE Linux Enterprise Server 12 SP2 This update for graphite2 fixes one issue. This security issues was fixed: - CVE-2017-5436: An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution (bsc#1035204). Important SUSE bug 1035204 CVE-2017-5436 cpe:/o:suse:sles:12:sp2 Security update for apparmor (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for apparmor provides the following fixes: This security issue was fixed: - CVE-2017-6507: Preserve unknown profiles when reloading apparmor.service (bsc#1029696) These non-security issues were fixed: - Add tunables/kernelvars abstraction. (bsc#1031529) - Update flags of ntpd profile. (bsc#1022610) - Force AppArmor to start after /var/lib mounts. (bsc#1016259) - Update mlmmj profiles. (bsc#1000201) Moderate SUSE bug 1000201 SUSE bug 1016259 SUSE bug 1022610 SUSE bug 1029696 SUSE bug 1031529 CVE-2017-6507 cpe:/o:suse:sles:12:sp2 Security update for squid (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for squid fixes the following issues: - CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker (proxy user) to discover private and sensitive information about another user (bsc#1016169). - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached (bsc#1016168). - CVE-2014-9749: Prevent nonce replay in Digest authentication, preventing the reuse of stale auth tokens (bsc#949942). Moderate SUSE bug 1016168 SUSE bug 1016169 SUSE bug 949942 CVE-2014-9749 CVE-2016-10002 CVE-2016-10003 cpe:/o:suse:sles:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2 qemu was updated to fix several issues. These security issues were fixed: - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number (bsc#1014256). - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values writing to them (bsc#1007454). - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285). - CVE-2016-9845: The Virtio GPU Device emulator support as vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1013767). - CVE-2016-9846: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while updating the cursor data in update_cursor_data_virgl. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1013764). - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109). - CVE-2016-9908: The Virtio GPU Device emulator support was vulnerable to an information leakage issue while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could have used this flaw to leak contents of the host memory (bsc#1014514). - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111). - CVE-2016-9912: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could have used this flaw to leak host memory bytes, resulting in DoS for the host (bsc#1014112). - CVE-2016-9913: VirtFS was vulnerable to memory leakage issue via its '9p-handle' or '9p-proxy' backend drivers. A privileged user inside guest could have used this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host (bsc#1014110). These non-security issues were fixed: - Fixed uint64 property parsing and add regression tests (bsc#937125) - Added a man page for kvm_stat - Fix crash in vte (bsc#1008519) - Various upstream commits targeted towards stable releases (bsc#1013341) Important SUSE bug 1007454 SUSE bug 1008519 SUSE bug 1009109 SUSE bug 1013285 SUSE bug 1013341 SUSE bug 1013764 SUSE bug 1013767 SUSE bug 1014109 SUSE bug 1014110 SUSE bug 1014111 SUSE bug 1014112 SUSE bug 1014256 SUSE bug 1014514 SUSE bug 1016779 SUSE bug 937125 CVE-2016-9102 CVE-2016-9103 CVE-2016-9381 CVE-2016-9776 CVE-2016-9845 CVE-2016-9846 CVE-2016-9907 CVE-2016-9908 CVE-2016-9911 CVE-2016-9912 CVE-2016-9913 CVE-2016-9921 CVE-2016-9922 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive various security and bugfixes. Notable new/improved features: - Improved support for Hyper-V - Support for Matrox G200eH3 - Support for tcp_westwood The following security bugs were fixed: - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely (bnc#1032006). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel had incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179). - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842). - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulated the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). The following non-security bugs were fixed: - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819). - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819). - ACPI: Remove platform devices from a bus on removal (bsc#1028819). - HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL (bsc#1022340). - NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041). - NFS: flush out dirty data on file fput() (bsc#1021762). - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal (bug#1028217). - PCI: hv: Use device serial number as PCI domain (bug#1028217). - RAID1: a new I/O barrier implementation to remove resync window (bsc#998106,bsc#1020048,bsc#982783). - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#998106,bsc#1020048,bsc#982783). - Revert 'RDMA/core: Fix incorrect structure packing for booleans' (kabi). - Revert 'give up on gcc ilog2() constant optimizations' (kabi). - Revert 'net/mlx4_en: Avoid unregister_netdev at shutdown flow' (bsc#1028017). - Revert 'net: introduce device min_header_len' (kabi). - Revert 'nfit, libnvdimm: fix interleave set cookie calculation' (kabi). - Revert 'target: Fix NULL dereference during LUN lookup + active I/O shutdown' (kabi). - acpi, nfit: fix acpi_nfit_flush_probe() crash (bsc#1031717). - acpi, nfit: fix extended status translations for ACPI DSMs (bsc#1031717). - arm64: Use full path in KBUILD_IMAGE definition (bsc#1010032). - arm64: hugetlb: fix the wrong address for several functions (bsc#1032681). - arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags (bsc#1032681). - arm64: hugetlb: remove the wrong pmd check in find_num_contig() (bsc#1032681). - arm: Use full path in KBUILD_IMAGE definition (bsc#1010032). - bnx2x: allow adding VLANs while interface is down (bsc#1027273). - bonding: fix 802.3ad aggregator reselection (bsc#1029514). - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614). - btrfs: allow unlink to exceed subvolume quota (bsc#1019614). - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641). - btrfs: incremental send, do not delay rename when parent inode is new (bsc#1028325). - btrfs: incremental send, do not issue invalid rmdir operations (bsc#1028325). - btrfs: qgroup: Move half of the qgroup accounting time out of commit trans (bsc#1017461). - btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1019614). - btrfs: send, fix failure to rename top level inode due to name collision (bsc#1028325). - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844 bsc#1024015) - cgroup/pids: remove spurious suspicious RCU usage warning (bnc#1031831). - crypto: algif_hash - avoid zero-sized array (bnc#1007962). - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692). - device-dax: fix private mapping restriction, permit read-only (bsc#1031717). - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913). - drm/i915: Fix crash after S3 resume with DP MST mode change (bsc#1029634). - drm/i915: Listen for PMIC bus access notifications (bsc#1011913). - drm/i915: Only enable hotplug interrupts if the display interrupts are enabled (bsc#1031717). - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959) - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986). - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755). - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755). - hv: export current Hyper-V clocksource (bsc#1031206). - hv: util: do not forget to init host_ts.lock (bsc#1031206). - hv: vmbus: Prevent sending data on a rescinded channel (bug#1028217). - hv_utils: implement Hyper-V PTP source (bsc#1031206). - i2c-designware: increase timeout (bsc#1011913). - i2c: designware-baytrail: Acquire P-Unit access on bus acquire (bsc#1011913). - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain (bsc#1011913). - i2c: designware-baytrail: Fix race when resetting the semaphore (bsc#1011913). - i2c: designware-baytrail: Only check iosf_mbi_available() for shared hosts (bsc#1011913). - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM method (bsc#1011913). - i2c: designware: Never suspend i2c-busses used for accessing the system PMIC (bsc#1011913). - i2c: designware: Rename accessor_flags to flags (bsc#1011913). - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off (bsc#1031208). - kABI: protect struct iscsi_conn (kabi). - kABI: protect struct se_node_acl (kabi). - kABI: restore can_rx_register parameters (kabi). - kgr/module: make a taint flag module-specific - kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662). - kgr: remove all arch-specific kgraft header files - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415). - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415). - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415). - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415). - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415). - l2tp: lock socket before checking flags in connect() (bsc#1028415). - libnvdimm, pfn: fix memmap reservation size versus 4K alignment (bsc#1031717). - locking/semaphore: Add down_interruptible_timeout() (bsc#1031662). - md/raid1: Refactor raid1_make_request (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: add rcu protection to rdev in fix_read_error (References: bsc#998106,bsc#1020048,bsc#982783). - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783). - md/raid1: handle flush request correctly (bsc#998106,bsc#1020048,bsc#982783). - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118). - mm/memblock.c: fix memblock_next_valid_pfn() (bnc#1031200). - mm/page_alloc: Remove useless parameter of __free_pages_boot_core (bnc#1027195). - mm: fix set pageblock migratetype in deferred struct page init (bnc#1027195). - mm: page_alloc: skip over regions of invalid pfns where possible (bnc#1031200). - module: move add_taint_module() to a header file - net/ena: change condition for host attribute configuration (bsc#1026509). - net/ena: change driver's default timeouts (bsc#1026509). - net/ena: fix NULL dereference when removing the driver after device reset failed (bsc#1026509). - net/ena: fix RSS default hash configuration (bsc#1026509). - net/ena: fix ethtool RSS flow configuration (bsc#1026509). - net/ena: fix potential access to freed memory during device reset (bsc#1026509). - net/ena: fix queues number calculation (bsc#1026509). - net/ena: reduce the severity of ena printouts (bsc#1026509). - net/ena: refactor ena_get_stats64 to be atomic context safe (bsc#1026509). - net/ena: remove ntuple filter support from device feature list (bsc#1026509). - net/ena: update driver version to 1.1.2 (bsc#1026509). - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509). - net/mlx4_core: Avoid command timeouts during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Avoid delays during VF driver device shutdown (bsc#1028017). - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017). - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#1028017). - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#1028017). - net/mlx4_en: Fix bad WQE issue (bsc#1028017). - net: ena: Fix error return code in ena_device_init() (bsc#1026509). - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509). - net: ena: change the return type of ena_set_push_mode() to be void (bsc#1026509). - net: ena: remove superfluous check in ena_remove() (bsc#1026509). - net: ena: use setup_timer() and mod_timer() (bsc#1026509). - netfilter: allow logging from non-init namespaces (bsc#970083). - nvme: Do not suspend admin queue that wasn't created (bsc#1026505). - nvme: Suspend all queues before deletion (bsc#1026505). - ping: implement proper locking (bsc#1031003). - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895). - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data (bsc#1026462). - s390/kmsg: add missing kmsg descriptions (bnc#1025683). - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683). - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419). - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#1027054). - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910). - softirq: Let ksoftirqd do its job (bsc#1019618). - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405). - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866). - x86/ioapic: Change prototype of acpi_ioapic_add() (bsc#1027153, bsc#1027616). - x86/ioapic: Fix IOAPIC failing to request resource (bsc#1027153, bsc#1027616). - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources() (bsc#1027153, bsc#1027616). - x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd (bsc#1027153, bsc#1027616). - x86/ioapic: Fix setup_res() failing to get resource (bsc#1027153, bsc#1027616). - x86/ioapic: Ignore root bridges without a companion ACPI device (bsc#1027153, bsc#1027616). - x86/ioapic: Simplify ioapic_setup_resources() (bsc#1027153, bsc#1027616). - x86/ioapic: Support hot-removal of IOAPICs present during boot (bsc#1027153, bsc#1027616). - x86/ioapic: fix kABI (hide added include) (bsc#1027153, bsc#1027616). - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994). - x86/mce: Fix copy/paste error in exception table entries - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405). - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866). - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866). - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866). - x86/platform/UV: Clean up the NMI code to match current coding style (bsc#1023866). - x86/platform/UV: Clean up the UV APIC code (bsc#1023866). - x86/platform/UV: Ensure uv_system_init is called when necessary (bsc#1023866). - x86/platform/UV: Fix 2 socket config problem (bsc#1023866). - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866). - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source (bsc#1023866). - x86/platform/UV: Verify NMI action is valid, default is standard (bsc#1023866). - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier (bsc#1011913). - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913). - x86/platform: Remove warning message for duplicate NMI handlers (bsc#1029220). - x86/ras/therm_throt: Do not log a fake MCE for thermal events (bsc#1028027). - xen-blkfront: correct maximum segment accounting (bsc#1018263). - xen-blkfront: do not call talk_to_blkback when already connected to blkback. - xen-blkfront: free resources if xlvbd_alloc_gendisk fails. - xen/blkfront: Fix crash if backend does not follow the right states. - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163). - xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV (bsc#1014136) - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation (bsc#1015609). - xgene_enet: remove bogus forward declarations (bsc#1032673). Important SUSE bug 1007959 SUSE bug 1007962 SUSE bug 1008842 SUSE bug 1010032 SUSE bug 1011913 SUSE bug 1012382 SUSE bug 1012910 SUSE bug 1013994 SUSE bug 1014136 SUSE bug 1015609 SUSE bug 1017461 SUSE bug 1017641 SUSE bug 1018263 SUSE bug 1018419 SUSE bug 1019163 SUSE bug 1019614 SUSE bug 1019618 SUSE bug 1020048 SUSE bug 1021762 SUSE bug 1022340 SUSE bug 1022785 SUSE bug 1023866 SUSE bug 1024015 SUSE bug 1025683 SUSE bug 1026024 SUSE bug 1026405 SUSE bug 1026462 SUSE bug 1026505 SUSE bug 1026509 SUSE bug 1026692 SUSE bug 1026722 SUSE bug 1027054 SUSE bug 1027066 SUSE bug 1027153 SUSE bug 1027179 SUSE bug 1027189 SUSE bug 1027190 SUSE bug 1027195 SUSE bug 1027273 SUSE bug 1027616 SUSE bug 1028017 SUSE bug 1028027 SUSE bug 1028041 SUSE bug 1028158 SUSE bug 1028217 SUSE bug 1028325 SUSE bug 1028415 SUSE bug 1028819 SUSE bug 1028895 SUSE bug 1029220 SUSE bug 1029514 SUSE bug 1029634 SUSE bug 1029986 SUSE bug 1030118 SUSE bug 1030213 SUSE bug 1031003 SUSE bug 1031052 SUSE bug 1031200 SUSE bug 1031206 SUSE bug 1031208 SUSE bug 1031440 SUSE bug 1031481 SUSE bug 1031579 SUSE bug 1031660 SUSE bug 1031662 SUSE bug 1031717 SUSE bug 1031831 SUSE bug 1032006 SUSE bug 1032673 SUSE bug 1032681 SUSE bug 897662 SUSE bug 951844 SUSE bug 968697 SUSE bug 969755 SUSE bug 970083 SUSE bug 977572 SUSE bug 977860 SUSE bug 978056 SUSE bug 980892 SUSE bug 981634 SUSE bug 982783 SUSE bug 987899 SUSE bug 988281 SUSE bug 991173 SUSE bug 998106 CVE-2016-10200 CVE-2016-2117 CVE-2016-9191 CVE-2017-2596 CVE-2017-2671 CVE-2017-6074 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6353 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7308 CVE-2017-7374 cpe:/o:suse:sles:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2 This update for tomcat fixes the following issues: - CVE-2017-5647 Pipelined requests could lead to information disclosure (bsc#1033448) - CVE-2017-5648 Untrusted application could retain listener leading to information disclosure (bsc#1033447) - CVE-2016-8745 shared Processor on Connector code could lead to information disclosure (bsc#1015119) Important SUSE bug 1015119 SUSE bug 1033447 SUSE bug 1033448 CVE-2016-8745 CVE-2017-5647 CVE-2017-5648 cpe:/o:suse:sles:12:sp2 Security update for dovecot22 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for dovecot22 to version 2.2.29.1 fixes the following issues: This security issue was fixed: - CVE-2017-2669: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS (bsc#1032248) Additionally stronger SSL default ciphers are now used. This non-security issue was fixed: - Remove all references /etc/ssl/certs/. It should not be used anymore (bsc#932386) More changes are available in the changelog. Please make sure you read README.SUSE after installing this update. Moderate SUSE bug 1032248 SUSE bug 854512 SUSE bug 932386 CVE-2017-2669 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR >= 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for 'export' grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2 protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a 'slot' into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. This update also contains java-1_8_0-openjdk that needed to be rebuilt against the new mozilla-nss version. Important SUSE bug 1015499 SUSE bug 1015547 SUSE bug 1021636 SUSE bug 1026102 SUSE bug 1030071 SUSE bug 1035082 SUSE bug 983639 CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 cpe:/o:suse:sles:12:sp2 Security update for libxslt (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page (bsc#1035905). - CVE-2016-4738: Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string (bsc#1005591). - CVE-2015-9019: Properly initialize random generator (bsc#934119). - CVE-2015-7995: Vulnerability in function xsltStylePreCompute' in preproc.c could cause a type confusion leading to DoS. (bsc#952474) Moderate SUSE bug 1005591 SUSE bug 1035905 SUSE bug 934119 SUSE bug 952474 CVE-2015-7995 CVE-2015-9019 CVE-2016-4738 CVE-2017-5029 cpe:/o:suse:sles:12:sp2 Security update for bash (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr(1) inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. Moderate SUSE bug 1010845 SUSE bug 1035371 CVE-2016-9401 cpe:/o:suse:sles:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2 This update for mariadb fixes the following issues: - update to MariaDB 10.0.30 GA * notable changes: * XtraDB updated to 5.6.35-80.0 * TokuDB updated to 5.6.35-80.0 * PCRE updated to 8.40 * MDEV-11027: better InnoDB crash recovery progress reporting * MDEV-11520: improvements to how InnoDB data files are extended * Improvements to InnoDB startup/shutdown to make it more robust * MDEV-11233: fix for FULLTEXT index crash * MDEV-6143: MariaDB Linux binary tarballs will now always untar to directories that match their filename * release notes and changelog: * https://kb.askmonty.org/en/mariadb-10030-release-notes * https://kb.askmonty.org/en/mariadb-10030-changelog * fixes the following CVEs: CVE-2017-3313: unspecified vulnerability affecting the MyISAM component [bsc#1020890] CVE-2017-3302: Use after free in libmysqlclient.so [bsc#1022428] - set the default umask to 077 in mysql-systemd-helper [bsc#1020976] - [bsc#1034911] - tracker bug * fixes also [bsc#1020868] Important SUSE bug 1020868 SUSE bug 1020890 SUSE bug 1020976 SUSE bug 1022428 SUSE bug 1034911 SUSE bug 996821 CVE-2017-3302 CVE-2017-3313 cpe:/o:suse:sles:12:sp2 Security update for libtirpc (Important) SUSE Linux Enterprise Server 12 SP2 This update for libtirpc fixes the following issues: - CVE-2017-8779: crafted UDP packaged could lead rpcbind to denial-of-service (bsc#1037559) Important SUSE bug 1037559 CVE-2017-8779 cpe:/o:suse:sles:12:sp2 Security update for rpcbind (Important) SUSE Linux Enterprise Server 12 SP2 This update for rpcbind fixes the following issues: - CVE-2017-8779: A crafted UDP package could lead rcpbind to remote denial-of-service (bsc#1037559) Important SUSE bug 1037559 CVE-2017-8779 cpe:/o:suse:sles:12:sp2 Security update for kdelibs4 (Important) SUSE Linux Enterprise Server 12 SP2 This update for kdelibs4 fixes the following issues: - CVE-2017-8422: This update fixes problem in the DBUS authentication of the kauth framework that could be used to escalate privileges depending on bugs or misimplemented dbus services. (boo#1036244) Important SUSE bug 1036244 CVE-2017-8422 cpe:/o:suse:sles:12:sp2 Security update for git (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for git fixes the following issues: - git 2.12.3: * CVE-2017-8386: Fix git-shell not to escape with the starting dash name (bsc#1038395) * Fix for potential segv introduced in v2.11.0 and later * Misc fixes and cleanups. - git 2.12.2: * CLI output fixes * 'Dump http' transport fixes * various fixes for internal code paths * Trailer 'Cc:' RFC fix - git 2.12.1: * Reduce authentication round-trip over HTTP when the server supports just a single authentication method. * 'git add -i' patch subcommand fixed to have a path selection * various path verification fixes * fix 'git log -L...' buffer overrun Moderate SUSE bug 1038395 CVE-2017-8386 cpe:/o:suse:sles:12:sp2 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libsndfile fixes the following issues: - CVE-2017-8361: Global buffer overflow in flac_buffer_copy. (bsc#1036946) - CVE-2017-8362: Invalid memory read in flac_buffer_copy. (bsc#1036943) - CVE-2017-8363: Heap-based buffer overflow in flac_buffer_copy. (bsc#1036945) - CVE-2017-7585, CVE-2017-7741, CVE-2017-7742: Stack-based buffer overflows via specially crafted FLAC files. (bsc#1033054) Moderate SUSE bug 1033054 SUSE bug 1033914 SUSE bug 1033915 SUSE bug 1036943 SUSE bug 1036944 SUSE bug 1036945 SUSE bug 1036946 SUSE bug 1038856 CVE-2017-7585 CVE-2017-7741 CVE-2017-7742 CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-ibm fixes the following issues: Version update bsc#1038505: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-3544: OpenJDK: newline injection in the SMTP client - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data Important SUSE bug 1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_1-ibm fixes the following issues: - Version update to 7.1-4.5 bsc#1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number - CVE-2016-9843: zlib: Big-endian out-of-bounds pointer - CVE-2017-1289: IBM JDK: XML External Entity Injection (XXE) error when processing XML data - CVE-2017-3509: OpenJDK: improper re-use of NTLM authenticated connections - CVE-2017-3511: OpenJDK: untrusted extension directories search path in Launcher - CVE-2017-3539: OpenJDK: MD5 allowed for jar verification - CVE-2017-3533: OpenJDK: newline injection in the FTP client - CVE-2017-3544: OpenJDK: newline injection in the SMTP client Important SUSE bug 1038505 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-1289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sles:12:sp2 Security update for libplist (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libplist fixes the following issues: - CVE-2017-5209: The base64decode function in libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data (bsc#1019531). - CVE-2017-5545: The main function in plistutil.c in libimobiledevice libplist allowed attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short. (bsc#1021610). - CVE-2017-5836: A type inconsistency in bplist.c was fixed. (bsc#1023807) - CVE-2017-5835: A memory allocation error leading to DoS was fixed. (bsc#1023822) - CVE-2017-5834: A heap-buffer overflow in parse_dict_node was fixed. (bsc#1023848) - CVE-2017-6440: Ensure that sanity checks work on 32-bit platforms. (bsc#1029631) - CVE-2017-7982: Add some safety checks, backported from upstream (bsc#1035312). - CVE-2017-5836: A maliciously crafted file could cause the application to crash. (bsc#1023807). - CVE-2017-5835: Malicious crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU (bsc#1023822) - CVE-2017-5834: Maliciou crafted file could cause a heap buffer overflow or segmentation fault (bsc#1023848) Moderate SUSE bug 1019531 SUSE bug 1021610 SUSE bug 1023807 SUSE bug 1023822 SUSE bug 1023848 SUSE bug 1029631 SUSE bug 1035312 CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6440 CVE-2017-7982 cpe:/o:suse:sles:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Important SUSE bug 1038231 CVE-2017-7494 cpe:/o:suse:sles:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. [CVE-2017-7494, bso#12780, bsc#1038231] Important SUSE bug 1038231 CVE-2017-7494 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.10 - OpenJDK 7u141 (bsc#1034849) * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR3347: jstack.stp should support AArch64 * Import of OpenJDK 7 u141 build 0 - S4717864: setFont() does not update Fonts of Menus already on screen - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6518907: cleanup IA64 specific code in Hotspot - S6869327: Add new C2 flag to keep safepoints in counted loops. - S7112912: Message 'Error occurred during initialization of VM' on boxes with lots of RAM - S7124213: [macosx] pack() does ignore size of a component; doesn't on the other platforms - S7124219: [macosx] Unable to draw images to fullscreen - S7124552: [macosx] NullPointerException in getBufferStrategy() - S7148275: [macosx] setIconImages() not working correctly (distorted icon when minimized) - S7154841: [macosx] Popups appear behind taskbar - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7160627: [macosx] TextArea has wrong initial size - S7167293: FtpURLConnection connection leak on FileNotFoundException - S7168851: [macosx] Netbeans crashes in CImage.nativeCreateNSImageFromArray - S7197203: sun/misc/URLClassPath/ClassnameCharTest.sh failed, compile error - S8005255: [macosx] Cleanup warnings in sun.lwawt - S8006088: Incompatible heap size flags accepted by VM - S8007295: Reduce number of warnings in awt classes - S8010722: assert: failed: heap size is too big for compressed oops - S8011059: [macosx] Support automatic @2x images loading on Mac OS X - S8014058: Regression tests for 8006088 - S8014489: tests/gc/arguments/Test(Serial|CMS|Parallel|G1)HeapSizeFlags jtreg tests invoke wrong class - S8016302: Change type of the number of GC workers to unsigned int (2) - S8024662: gc/arguments/TestUseCompressedOopsErgo.java does not compile. - S8024669: Native OOME when allocating after changes to maximum heap supporting Coops sizing on sparcv9 - S8024926: [macosx] AquaIcon HiDPI support - S8025974: l10n for policytool - S8027025: [macosx] getLocationOnScreen returns 0 if parent invisible - S8028212: Custom cursor HiDPI support - S8028471: PPC64 (part 215): opto: Extend ImplicitNullCheck optimization. - S8031573: [macosx] Checkmarks of JCheckBoxMenuItems aren't rendered in high resolution on Retina - S8033534: [macosx] Get MultiResolution image from native system - S8033786: White flashing when opening Dialogs and Menus using Nimbus with dark background - S8035568: [macosx] Cursor management unification - S8041734: JFrame in full screen mode leaves empty workspace after close - S8059803: Update use of GetVersionEx to get correct Windows version in hs_err files - S8066504: GetVersionEx in java.base/windows/native/libjava/java_props_md.c might not get correct Windows version 0 - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8080729: [macosx] java 7 and 8 JDialogs on multiscreen jump to parent frame on focus - S8130769: The new menu can't be shown on the menubar after clicking the 'Add' button. - S8133357: 8u65 l10n resource file translation update - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993: G1 crashes if active_processor_count changes during startup - S8162603: Unrecognized VM option 'UseCountedLoopSafepoints' - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with 'Error while cleaning up threads after test' - S8167179: Make XSL generated namespace prefixes local to transformation process - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8175087: [bsd] Fix build after '8024900: PPC64: Enable new build on AIX (jdk part)' - S8175163: [bsd] Fix build after '8005629: javac warnings compiling java.awt.EventDispatchThread...' - S8176044: (tz) Support tzdata2017a * Import of OpenJDK 7 u141 build 1 - S8043723: max_heap_for_compressed_oops() declared with size_t, but defined with uintx * Import of OpenJDK 7 u141 build 2 - S8011123: serialVersionUID of java.awt.dnd.InvalidDnDOperationException changed in JDK8-b82 * Backports - S6515172, PR3362: Runtime.availableProcessors() ignores Linux taskset command - S8022284, PR3209: Hide internal data structure in PhaseCFG - S8023003, PR3209: Cleanup the public interface to PhaseCFG - S8023691, PR3209: Create interface for nodes in class Block - S8023988, PR3209: Move local scheduling of nodes to the CFG creation and code motion phase (PhaseCFG) - S8043780, PR3369: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8157306, PR3209: Random infrequent null pointer exceptions in javac - S8173783, PR3329: IllegalArgumentException: jdk.tls.namedGroups - S8173941, PR3330: SA does not work if executable is DSO - S8174729, PR3361: Race Condition in java.lang.reflect.WeakCache * Bug fixes - PR3349: Architectures unsupported by SystemTap tapsets throw a parse error - PR3370: Disable ARM32 JIT by default in jdk_generic_profile.sh - PR3379: Perl should be mandatory - PR3390: javac.in and javah.in should use @PERL@ rather than a hardcoded path * CACAO - PR2732: Raise javadoc memory limits for CACAO again! * AArch64 port - S8177661, PR3367: Correct ad rule output register types from iRegX to iRegXNoSp - Get ecj.jar path from gcj, use the gcc variant that provides Java to build C code to make sure jni.h is available. - S8167104, CVE-2017-3289: Additional class construction - S6253144: Long narrowing conversion should describe the - S6328537: Improve javadocs for Socket class by adding - S6978886: javadoc shows stacktrace after print error - S6995421: Eliminate the static dependency to - S7027045: (doc) java/awt/Window.java has several typos in - S7054969: Null-check-in-finally pattern in java/security - S7072353: JNDI libraries do not build with javac -Xlint:all - S7092447: Clarify the default locale used in each locale - S7103570: AtomicIntegerFieldUpdater does not work when - S7187144: JavaDoc for ScriptEngineFactory.getProgram() - S8000418: javadoc should used a standard 'generated by - S8000666: javadoc should write directly to Writer instead of - S8000970: break out auxiliary classes that will prevent - S8001669: javadoc internal DocletAbortException should set - S8011402: Move blacklisting certificate logic from hard code - S8011547: Update XML Signature implementation to Apache - S8012288: XML DSig API allows wrong tag names and extra - S8017325: Cleanup of the javadoc <code> tag in - S8017326: Cleanup of the javadoc <code> tag in - S8019772: Fix doclint issues in javax.crypto and - S8020688: Broken links in documentation at - S8021108: Clean up doclint warnings and errors in java.text - S8022120: JCK test api/javax_xml/crypto/dsig/TransformService/index_ParamMethods - S8025409: Fix javadoc comments errors and warning reported by - S8026021: more fix of javadoc errors and warnings reported by - S8037099: [macosx] Remove all references to GC from native - S8038184: XMLSignature throws StringIndexOutOfBoundsException - S8038349: Signing XML with DSA throws Exception when key is - S8049244: XML Signature performance issue caused by - S8050893: (smartcardio) Invert reset argument in tests in - S8059212: Modify sun/security/smartcardio manual regression - S8068279: (typo in the spec) - S8068491: Update the protocol for references of - S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs - S8076369: Introduce the jdk.tls.client.protocols system - S8139565: Restrict certificates with DSA keys less than 1024 - S8140422: Add mechanism to allow non default root CAs to be - S8140587: Atomic*FieldUpdaters should use Class.isInstance - S8149029: Secure validation of XML based digital signature - S8151893: Add security property to configure XML Signature - S8161228: URL objects with custom protocol handlers have port - S8163304: jarsigner -verbose -verify should print the - S8164908: ReflectionFactory support for IIOP and custom - S8165230: RMIConnection addNotificationListeners failing with - S8166393: disabledAlgorithms property should not be strictly - S8166591: [macos 10.12] Trackpad scrolling of text on OS X - S8166739: Improve extensibility of ObjectInputFilter - S8167356: Follow up fix for jdk8 backport of 8164143. Changes - S8167459: Add debug output for indicating if a chosen - S8168861: AnchorCertificates uses hardcoded password for - S8169688: Backout (remove) MD5 from - S8169911: Enhanced tests for jarsigner -verbose -verify after - S8170131: Certificates not being blocked by - S8173854: [TEST] Update DHEKeySizing test case following - S7102489, PR3316, RH1390708: RFE: cleanup jlong typedef on - S8000351, PR3316, RH1390708: Tenuring threshold should be - S8153711, PR3315, RH1284948: [REDO] JDWP: Memory Leak: - S8170888, PR3316, RH1390708: [linux] Experimental support for - PR3318: Replace 'infinality' with 'improved font rendering' - PR3324: Fix NSS_LIBDIR substitution in - S8165673, PR3320: AArch64: Fix JNI floating point argument + S6604109, PR3162: - Add -fno-delete-null-pointer-checks -fno-lifetime-dse to try to directory to be specified versions of IcedTea Important SUSE bug 1034849 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sles:12:sp2 Security update for pam (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for pam fixes the following issues: - CVE-2015-3238: pam_unix in conjunction with SELinux allowed for DoS attacks (bsc#934920). - log a hint to syslog if /etc/nologin is present, but empty (bsc#1015565). - If /etc/nologin is present, but empty, log a hint to syslog. (bsc#1015565) - Added support for libowcrypt.so, if present, to configure support for BLOWFISH (bsc#1037824) Moderate SUSE bug 1015565 SUSE bug 1037824 SUSE bug 934920 CVE-2015-3238 cpe:/o:suse:sles:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2 This update for ghostscript fixes the following security vulnerabilities: - CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were exploited in the wild. (bsc#1036453) - CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause a Denial-of-Service. (bsc#1018128) - CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers to cause a Denial-of-Service. (bsc#1032120) - CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1032114) - CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service via a crafted PostScript document. (bsc#1030263) This is a reissue of the previous update to also include SUSE Linux Enterprise 12 GA LTSS packages. Important SUSE bug 1018128 SUSE bug 1030263 SUSE bug 1032114 SUSE bug 1032120 SUSE bug 1036453 CVE-2016-10220 CVE-2016-9601 CVE-2017-5951 CVE-2017-7207 CVE-2017-8291 cpe:/o:suse:sles:12:sp2 Security update for squidGuard (Moderate) SUSE Linux Enterprise Server 12 SP2 squidGuard was updated to fix one security issue: - CVE-2015-8936: Reflected cross site scripting vulnerability because of insufficient escaping (bsc#985612). Moderate SUSE bug 985612 CVE-2015-8936 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption. (bsc#1013531). - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701). The following non-security bugs were fixed: - 8250_pci: Fix potential use-after-free in error path (bsc#1013001). - acpi / PAD: do not register acpi_pad driver if running as Xen dom0 (bnc#995278). - Add mainline tags to various hyperv patches - alsa: fm801: detect FM-only card earlier (bsc#1005917). - alsa: fm801: explicitly free IRQ line (bsc#1005917). - alsa: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1005917). - alsa: hda - Bind with i915 only when Intel graphics is present (bsc#1012767). - alsa: hda - Clear the leftover component assignment at snd_hdac_i915_exit() (bsc#1012767). - alsa: hda - Degrade i915 binding failure message (bsc#1012767). - alsa: hda - Fix yet another i915 pointer leftover in error path (bsc#1012767). - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365). - alsa: hda - Turn off loopback mixing as default (bsc#1001462). - apparmor: add missing id bounds check on dfa verification (bsc#1000304). - apparmor: check that xindex is in trans_table bounds (bsc#1000304). - apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304). - apparmor: do not expose kernel stack (bsc#1000304). - apparmor: ensure the target profile name is always audited (bsc#1000304). - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304). - apparmor: fix audit full profile hname on successful load (bsc#1000304). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - apparmor: fix disconnected bind mnts reconnection (bsc#1000304). - apparmor: fix log failures for all profiles in a set (bsc#1000304). - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304). - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304). - apparmor: fix put() parent ref after updating the active ref (bsc#1000304). - apparmor: fix refcount bug in profile replacement (bsc#1000304). - apparmor: fix refcount race when finding a child profile (bsc#1000304). - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304). - apparmor: fix uninitialized lsm_audit member (bsc#1000304). - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304). - apparmor: internal paths should be treated as disconnected (bsc#1000304). - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304). - arm64: Call numa_store_cpu_info() earlier. - arm64/efi: Enable runtime call flag checking (bsc#1005745). - arm64/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - arm64: Refuse to install 4k kernel on 64k system - arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576) - arm: bcm2835: add CPU node for ARM core (boo#1012094). - arm: bcm2835: Split the DT for peripherals from the DT for the CPU (boo#1012094). - asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690). - asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690). - asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690). - asoc: fsl_ssi: mark SACNT register volatile (bsc#1005917). - asoc: imx-spdif: Fix crash on suspend (bsc#1005917). - asoc: intel: add function stub when ACPI is not enabled (bsc#1010690). - asoc: Intel: add fw name to common dsp context (bsc#1010690). - asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail (bsc#1010690). - asoc: Intel: Add module tags for common match module (bsc#1010690). - asoc: Intel: add NULL test (bsc#1010690). - AsoC: Intel: Add quirks for MinnowBoard MAX (bsc#1010690). - asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690). - asoc: Intel: Atom: add 24-bit support for media playback and capture (bsc#1010690). - ASoc: Intel: Atom: add deep buffer definitions for atom platforms (bsc#1010690). - asoc: Intel: Atom: add definitions for modem/SSP0 interface (bsc#1010690). - asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690). - asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690). - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690). - asoc: Intel: Atom: add support for RT5642 (bsc#1010690). - asoc: Intel: Atom: add terminate entry for dmi_system_id tables (bsc#1010690). - asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690). - asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690). - asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690). - asoc: Intel: atom: fix 0-day warnings (bsc#1010690). - asoc: Intel: Atom: fix boot warning (bsc#1010690). - asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690). - asoc: Intel: atom: fix missing breaks that would cause the wrong operation to execute (bsc#1010690). - asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690). - asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690). - asoc: Intel: atom: Make some messages to debug level (bsc#1010690). - asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690). - asoc: Intel: atom: statify cht_quirk (bsc#1010690). - asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW (bsc#1010690). - asoc: Intel: boards: align pin names between byt-rt5640 drivers (bsc#1010690). - asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver (bsc#1010690). - asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690). - asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690). - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690). - asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690). - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet (bsc#1010690). - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690). - asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR (bsc#1010690). - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690). - asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690). - asoc: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled (bsc#1010690). - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690). - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690). - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690). - asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690). - asoc: Intel: cht: fix uninit variable warning (bsc#1010690). - asoc: Intel: common: add translation from HID to codec-name (bsc#1010690). - asoc: Intel: common: filter ACPI devices with _STA return value (bsc#1010690). - asoc: Intel: common: increase the loglevel of 'FW Poll Status' (bsc#1010690). - asoc: Intel: Create independent acpi match module (bsc#1010690). - asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690). - asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690). - asoc: Intel: Load the atom DPCM driver only (bsc#1010690). - asoc: intel: make function stub static (bsc#1010690). - asoc: Intel: Move apci find machine routines (bsc#1010690). - asoc: Intel: pass correct parameter in sst_alloc_stream_mrfld() (bsc#1005917). - asoc: intel: Replace kthread with work (bsc#1010690). - asoc: Intel: Skylake: Always acquire runtime pm ref on unload (bsc#1005917). - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue (bsc#1010690). - asoc: rt5640: add ASRC support (bsc#1010690). - asoc: rt5640: add internal clock source support (bsc#1010690). - asoc: rt5640: add master clock handling for rt5640 (bsc#1010690). - asoc: rt5640: add supplys for dac power (bsc#1010690). - asoc: rt5640: remove unused variable (bsc#1010690). - asoc: rt5640: Set PLL src according to source (bsc#1010690). - asoc: rt5645: add DAC1 soft volume func control (bsc#1010690). - asoc: rt5645: Add dmi_system_id 'Google Setzer' (bsc#1010690). - asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690). - asoc: rt5645: fix reg-2f default value (bsc#1010690). - asoc: rt5645: improve headphone pop when system resumes from S3 (bsc#1010690). - asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690). - asoc: rt5645: merge DMI tables of google projects (bsc#1010690). - asoc: rt5645: patch reg-0x8a (bsc#1010690). - asoc: rt5645: polling jd status in all conditions (bsc#1010690). - asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690). - asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690). - asoc: rt5645: use polling to support HS button (bsc#1010690). - asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work and cancel_delayed_work_sync (bsc#1010690). - asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690). - asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040 (bsc#1010690). - asoc: rt5670: fix HP Playback Volume control (bsc#1010690). - asoc: rt5670: patch reg-0x8a (bsc#1010690). - asoc: simple-card: do not fail if sysclk setting is not supported (bsc#1005917). - asoc: tegra_alc5632: check return value (bsc#1005917). - asoc: wm8960: Fix WM8960_SYSCLK_PLL mode (bsc#1005917). - autofs: fix multiple races (bsc#997639). - autofs: use dentry flags to block walks during expire (bsc#997639). - blacklist.conf: Add dup / unapplicable commits (bsc#1005545). - blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367) - blacklist.conf: add inapplicable / duped commits (bsc#1005917) - blacklist.conf: ignore commit bfe6c8a89e03 ('arm64: Fix NUMA build error when !CONFIG_ACPI') - blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The code layout upstream that motivated this patch is completely different to what is in SLE 12 SP2 as schedutil was not backported. - block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557). - bna: Add synchronization for tx ring (bsc#993739). - btrfs: allocate root item at snapshot ioctl time (bsc#1012452). - btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452). - btrfs: Check metadata redundancy on balance (bsc#1012452). - btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452). - btrfs: cleanup, stop casting for extent_map->lookup everywhere (bsc#1012452). - btrfs: cleanup, use enum values for btrfs_path reada (bsc#1012452). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: do an allocation earlier during snapshot creation (bsc#1012452). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: do not leave dangling dentry if symlink creation failed (bsc#1012452). - btrfs: do not use slab cache for struct btrfs_delalloc_work (bsc#1012452). - btrfs: drop duplicate prefix from scrub workqueues (bsc#1012452). - btrfs: drop unused parameter from lock_extent_bits (bsc#1012452). - btrfs: Enhance chunk validation check (bsc#1012452). - btrfs: Enhance super validation check (bsc#1012452). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Expoert and move leaf/subtree qgroup helpers to qgroup.c (bsc983087, bsc986255). - btrfs: fix endless loop in balancing block groups (bsc#1006804). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix locking bugs when defragging leaves (bsc#1012452). - btrfs: fix memory leaks after transaction is aborted (bsc#1012452). - btrfs: fix output of compression message in btrfs_parse_options() (bsc#1012452). - btrfs: fix race between free space endio workers and space cache writeout (bsc#1012452). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - btrfs: fix race when finishing dev replace leading to transaction abort (bsc#1012452). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: fix typo in log message when starting a balance (bsc#1012452). - btrfs: fix unprotected list operations at btrfs_write_dirty_block_groups (bsc#1012452). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: make btrfs_close_one_device static (bsc#1012452). - btrfs: make clear_extent_bit helpers static inline (bsc#1012452). - btrfs: make clear_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make end_extent_writepage return void (bsc#1012452). - btrfs: make extent_clear_unlock_delalloc return void (bsc#1012452). - btrfs: make extent_range_clear_dirty_for_io return void (bsc#1012452). - btrfs: make extent_range_redirty_for_io return void (bsc#1012452). - btrfs: make lock_extent static inline (bsc#1012452). - btrfs: make set_extent_bit helpers static inline (bsc#1012452). - btrfs: make set_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make set_range_writeback return void (bsc#1012452). - btrfs: preallocate path for snapshot creation at ioctl time (bsc#1012452). - btrfs: put delayed item hook into inode (bsc#1012452). - btrfs: qgroup: Add comments explaining how btrfs qgroup works (bsc983087, bsc986255). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc983087, bsc986255). - btrfs: qgroup: Rename functions to make it follow reserve, trace, account steps (bsc983087, bsc986255). - btrfs: remove a trivial helper btrfs_set_buffer_uptodate (bsc#1012452). - btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns (bsc#1007653). - btrfs: remove unused inode argument from uncompress_inline() (bsc#1012452). - btrfs: remove wait from struct btrfs_delalloc_work (bsc#1012452). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - btrfs: sink parameter wait to btrfs_alloc_delalloc_work (bsc#1012452). - btrfs: Support convert to -d dup for btrfs-convert (bsc#1012452). - btrfs: use GFP_KERNEL for allocations in ioctl handlers (bsc#1012452). - btrfs: use GFP_KERNEL for allocations of workqueues (bsc#1012452). - btrfs: use GFP_KERNEL for xattr and acl allocations (bsc#1012452). - btrfs: use smaller type for btrfs_path locks (bsc#1012452). - btrfs: use smaller type for btrfs_path lowest_level (bsc#1012452). - btrfs: use smaller type for btrfs_path reada (bsc#1012452). - btrfs: verbose error when we find an unexpected item in sys_array (bsc#1012452). - cdc-acm: added sanity checking for probe() (bsc#993891). - cxgbi: fix uninitialized flowi6 (bsc#963904 FATE#320115). - Delete patches.fixes/apparmor-initialize-common_audit_data.patch (bsc#1000304) It'll be fixed in the upcoming apparmor fix series from upstream. - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052). - dell-wmi: Check if Dell WMI descriptor structure is valid (bsc#1004052). - dell-wmi: Clean up hotkey table size check (bsc#1004052). - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052). - dell-wmi: Improve unknown hotkey handling (bsc#1004052). - dell-wmi: Process only one event on devices with interface version 0 (bsc#1004052). - dell-wmi: Stop storing pointers to DMI tables (bsc#1004052). - dell-wmi: Support new hotkeys on the XPS 13 9350 (Skylake) (bsc#1004052). - dell_wmi: Use a C99-style array for bios_to_linux_keycode (bsc#1004052). - Drivers: hv: utils: fix a race on userspace daemons registration (bnc#1014392). - drm/amdgpu: Do not leak runtime pm ref on driver load (bsc#1005545). - drm/amdgpu: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/i915: Acquire audio powerwell for HD-Audio registers (bsc#1005545). - drm/i915: add helpers for platform specific revision id range checks (bsc#1015367). - drm/i915: Add missing ring_mask to Pineview (bsc#1005917). - drm/i915: Apply broader WaRsDisableCoarsePowerGating for guc also (bsc#1015367). - drm/i915/bxt: add revision id for A1 stepping and use it (bsc#1015367). - drm/i915: Calculate watermark related members in the crtc_state, v4 (bsc#1011176). - drm/i915: Call intel_dp_mst_resume() before resuming displays (bsc#1015359). - drm/i915: call kunmap_px on pt_vaddr (bsc#1005545). - drm/i915: Cleaning up DDI translation tables (bsc#1014392). - drm/i915: Clean up L3 SQC register field definitions (bsc#1014392). - drm/i915/dsi: fix CHV dsi encoder hardware state readout on port C (bsc#1015367). - drm/i915: Enable polling when we do not have hpd (bsc#1014120). - drm/i915: Exit cherryview_irq_handler() after one pass (bsc#1015367). - drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2 (bsc#1014392). - drm/i915: Fix system resume if PCI device remained enabled (bsc#1015367). - drm/i915: fix the SDE irq dmesg warnings properly (bsc#1005545). - drm/i915: Fix VBT backlight Hz to PWM conversion for PNV (bsc#1005545). - drm/i915: Fix vbt PWM max setup for CTG (bsc#1005545). - drm/i915: Force ringbuffers to not be at offset 0 (bsc#1015367). - drm/i915/gen9: Add WaInPlaceDecompressionHang (bsc#1014392). - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to atomic check (bsc#1011176). - drm/i915: Kill intel_runtime_pm_disable() (bsc#1005545). - drm/i915: Make plane fb tracking work correctly, v2 (bsc#1004048). - drm/i915: Make prepare_plane_fb fully interruptible (bsc#1004048). - drm/i915: Move disable_cxsr to the crtc_state (bsc#1011176). - drm/i915: On fb alloc failure, unref gem object where it gets refed (bsc#1005545). - drm/i915: Only call commit_planes when there are things to commit (bsc#1004048). - drm/i915: Only commit active planes when updating planes during reset (bsc#1004048). - drm/i915: Only run commit when crtc is active, v2 (bsc#1004048). - drm/i915: remove parens around revision ids (bsc#1015367). - drm/i915: Set crtc_state->lane_count for HDMI (bsc#1005545). - drm/i915/skl: Add WaDisableGafsUnitClkGating (bsc#1014392). - drm/i915/skl: Fix rc6 based gpu/system hang (bsc#1015367). - drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs (bsc#1015367). - drm/i915/skl: Update DDI translation tables for SKL (bsc#1014392). - drm/i915/skl: Update watermarks before the crtc is disabled (bsc#1015367). - drm/i915: suppress spurious !wm_changed warning (bsc#1006267). - drm/i915: Unconditionally flush any chipset buffers before execbuf (bsc#1005545). - drm/i915: Update legacy primary state outside the commit hook, v2 (bsc#1004048). - drm/i915: Update Skylake DDI translation table for DP (bsc#1014392). - drm/i915: Update Skylake DDI translation table for HDMI (bsc#1014392). - drm/i915/userptr: Hold mmref whilst calling get-user-pages (bsc#1015367). - drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (bsc#1014120). - drm/i915/vlv: Make intel_crt_reset() per-encoder (bsc#1014120). - drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init() (bsc#1014120). - drm/i915: Wait for power cycle delay after turning off DSI panel power (bsc#1005545). - drm/i915: Wait up to 3ms for the pcu to ack the cdclk change request on SKL (bsc#1005545). - drm/layerscape: reduce excessive stack usage (bsc#1005545). - drm/mgag200: fix error return code in mgag200fb_create() (bsc#1005917). - drm/nouveau: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/radeon: Also call cursor_move_locked when the cursor size changes (bsc#1000433). - drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values (bsc#1000433). - drm/radeon/ci add comment to document intentionally unreachable code (bsc#1005545). - drm/radeon: Do not leak runtime pm ref on driver load (bsc#1005545). - drm/radeon: Do not leak runtime pm ref on driver unload (bsc#1005545). - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on (bsc#998054) - drm/radeon: Hide the HW cursor while it's out of bounds (bsc#1000433). - drm/radeon: Switch to drm_vblank_on/off (bsc#998054). - drm/rockchip: fix a couple off by one bugs (bsc#1005545). - drm/tegra: checking for IS_ERR() instead of NULL (bsc#1005545). - edac/mce_amd: Add missing SMCA error descriptions (fate#320474, bsc#1013700). - edac/mce_amd: Use SMCA prefix for error descriptions arrays (fate#320474, bsc#1013700). - efi/arm64: Do not apply MEMBLOCK_NOMAP to UEFI memory map mapping (bsc#986987). - efi: ARM: avoid warning about phys_addr_t cast. - efi/runtime-wrappers: Add {__,}efi_call_virt() templates (bsc#1005745). - efi/runtime-wrappers: Detect firmware IRQ flag corruption (bsc#1005745). - efi/runtime-wrappers: Remove redundant #ifdefs (bsc#1005745). - ext4: fix data exposure after a crash (bsc#1012829). - Fix kabi change cause by adding flock_owner to open_context (bsc#998689). - Fixup UNMAP calculation (bsc#1005327) - fs, block: force direct-I/O for dax-enabled block devices (bsc#1012992). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fs/select: add vmalloc fallback for select(2) (bsc#1000189). - genirq: Add untracked irq handler (bsc#1006827). - genirq: Use a common macro to go through the actions list (bsc#1006827). - gpio: generic: make bgpio_pdata always visible. - gpio: Restore indentation of parent device setup. - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - gro_cells: mark napi struct as not busy poll candidates (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - group-source-files.pl: mark arch/*/scripts as devel make[2]: /usr/src/linux-4.6.4-2/arch/powerpc/scripts/gcc-check-mprofile-kernel.sh: Command not found - hpsa: fallback to use legacy REPORT PHYS command (bsc#1006175). - hpsa: use bus '3' for legacy HBA devices (bsc#1010665). - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665). - hv: do not lose pending heartbeat vmbus packets (bnc#1006918). - i2c: designware-baytrail: Add support for cherrytrail (bsc#1011913). - i2c: designware-baytrail: Pass dw_i2c_dev into helper functions (bsc#1011913). - i2c: designware-baytrail: Work around Cherry Trail semaphore errors (bsc#1011913). - i2c: designware: Prevent runtime suspend during adapter registration (bsc#1011913). - i2c: designware: retry transfer on transient failure (bsc#1011913). - i2c: designware: Use transfer timeout from ioctl I2C_TIMEOUT (bsc#1011913). - i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and *_BAYTRAIL (bsc#1010690) Realtek codecs on CHT platform require this i2c bus driver. - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576). - i40e: fix an uninitialized variable bug (bsc#969476 FATE#319648). - i40e: fix broken i40e_config_rss_aq function (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40e: Remove redundant memset (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Add missing check for interface already open (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Add missing NULL check for MPA private data (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Avoid writing to freed memory (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Change mem_resources pointer to a u8 (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Do not set self-referencing pointer to NULL after kfree (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Fix double free of allocated_buffer (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Protect req_resource_num update (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Receive notification events correctly (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Send last streaming mode message for loopback connections (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - i40iw: Update hw_iwarp_state (bsc#974842 FATE#319831 bsc#974843 FATE#319832). - ib/core: Fix possible memory leak in cma_resolve_iboe_route() (bsc#966191 FATE#320230 bsc#966186 FATE#320228). - ib/mlx5: Fix iteration overrun in GSI qps (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ib/mlx5: Fix steering resource leak (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ib/mlx5: Set source mac address in FTE (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - ibmvnic: convert to use simple_open() (bsc#1015416). - ibmvnic: Driver Version 1.0.1 (bsc#1015416). - ibmvnic: drop duplicate header seq_file.h (bsc#1015416). - ibmvnic: fix error return code in ibmvnic_probe() (bsc#1015416). - ibmvnic: Fix GFP_KERNEL allocation in interrupt context (bsc#1015416). - ibmvnic: Fix missing brackets in init_sub_crq_irqs (bsc#1015416). - ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context (bsc#1015416). - ibmvnic: Fix size of debugfs name buffer (bsc#1015416). - ibmvnic: Handle backing device failover and reinitialization (bsc#1015416). - ibmvnic: Start completion queue negotiation at server-provided optimum values (bsc#1015416). - ibmvnic: Unmap ibmvnic_statistics structure (bsc#1015416). - ibmvnic: Update MTU after device initialization (bsc#1015416). - input: ALPS - add touchstick support for SS5 hardware (bsc#987703). - input: ALPS - allow touchsticks to report pressure (bsc#987703). - input: ALPS - handle 0-pressure 1F events (bsc#987703). - input: ALPS - set DualPoint flag for 74 03 28 devices (bsc#987703). - iommu/arm-smmu: Add support for 16 bit VMID (fate#319978). - iommu/arm-smmu: Workaround for ThunderX erratum #27704 (fate#319978). - ipc/sem.c: add cond_resched in exit_sme (bsc#979378). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - ixgbe: Do not clear RAR entry when clearing VMDq for SAN MAC (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (bsc#969474 FATE#319812 bsc#969475 FATE#319814). - kABI: protect struct dw_mci. - kABI: protect struct mmc_packed (kabi). - kABI: reintroduce iov_iter_fault_in_multipages_readable. - kABI: reintroduce sk_filter (kabi). - kABI: reintroduce strtobool (kabi). - kABI: restore ip_cmsg_recv_offset parameters (kabi). - kabi/severities: Ignore kABI for asoc Intel SST drivers (bsc#1010690) These drivers are self-contained, not for 3rd party drivers. - kabi/severities: Whitelist libceph and rbd (bsc#988715). Like SLE12-SP1. - kernel-module-subpackage: Properly quote flavor in expressions That fixes a parse error if the flavor starts with a digit or contains other non-alphabetic characters. - kgr: ignore zombie tasks during the patching (bnc#1008979). - kvm: arm/arm64: Fix occasional warning from the timer work function (bsc#988524). - kvm: x86: correctly reset dest_map->vector when restoring LAPIC state (bsc#966471). - libceph: enable large, variable-sized OSD requests (bsc#988715). - libceph: make r_request msg_size calculation clearer (bsc#988715). - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op (bsc#988715). - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715). - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715). - lib/mpi: avoid assembler warning (bsc#1003581). - lib/mpi: mpi_read_buffer(): fix buffer overflow (bsc#1003581). - lib/mpi: mpi_read_buffer(): optimize skipping of leading zero limbs (bsc#1003581). - lib/mpi: mpi_read_buffer(): replace open coded endian conversion (bsc#1003581). - lib/mpi: mpi_write_sgl(): fix out-of-bounds stack access (bsc#1003581). - lib/mpi: mpi_write_sgl(): fix style issue with lzero decrement (bsc#1003581). - lib/mpi: mpi_write_sgl(): purge redundant pointer arithmetic (bsc#1003581). - lib/mpi: mpi_write_sgl(): replace open coded endian conversion (bsc#1003581). - lib/mpi: use 'static inline' instead of 'extern inline' (bsc#1003581). - locking/pv-qspinlock: Use cmpxchg_release() in __pv_queued_spin_unlock() (bsc#969756). - locking/rtmutex: Prevent dequeue vs. unlock race (bsc#1015212). - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() (bsc#1015212). - mailbox/xgene-slimpro: Checking for IS_ERR instead of NULL. - md/raid1: fix: IO can block resync indefinitely (bsc#1001310). - mlx4: Do not BUG_ON() if device reset failed (bsc#1001888). - mm: do not use radix tree writeback tags for pages in swap cache (bnc#971975 VM performance -- swap). - mm: filemap: do not plant shadow entries without radix tree node (bnc#1005929). - mm: filemap: fix mapping->nrpages double accounting in fuse (bnc#1005929). - mm/filemap: generic_file_read_iter(): check for zero reads unconditionally (bnc#1007955). - mm/mprotect.c: do not touch single threaded PTEs which are on the right node (bnc#971975 VM performance -- numa balancing). - mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page() (bnc#1005929). - mm/zswap: use workqueue to destroy pool (VM Functionality, bsc#1005923). - net: icmp6_send should use dst dev to determine L3 domain (bsc#1014701). - net: ipv6: tcp reset, icmp need to consider L3 domain (bsc#1014701). - net/mlx4_en: Fix panic on xmit while port is down (bsc#966191 FATE#320230). - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (bsc#1006809). - net/mlx5: Add error prints when validate ETS failed (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Avoid setting unused var when modifying vport node GUID (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Use correct flow dissector key on flower offloading (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix autogroups groups num not decreasing (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix teardown errors that happen in pci error handler (bsc#1001169). - net/mlx5: Keep autogroups list ordered (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net_sched: fix a typo in tc_for_each_action() (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: sctp, forbid negative length (bnc#1005921). - netvsc: fix incorrect receive checksum offloading (bnc#1006915). - nfs: nfs4_fl_prepare_ds must be careful about reporting success (bsc#1000776). - nfsv4: add flock_owner to open context (bnc#998689). - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689). - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689). - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689). - oom: print nodemask in the oom report (bnc#1003866). - overlayfs: allow writing on read-only btrfs subvolumes (bsc#1010158) - pci/acpi: Allow all PCIe services on non-ACPI host bridges (bsc#1006827). - pci: Allow additional bus numbers for hotplug bridges (bsc#1006827). - pci: correctly cast mem_base in pci_read_bridge_mmio_pref() (bsc#1001888). - pci: Do not set RCB bit in LNKCTL if the upstream bridge hasn't (bsc#1001888). - pci: Fix BUG on device attach failure (bnc#987641). - pci: pciehp: Allow exclusive userspace control of indicators (bsc#1006827). - pci: Remove return values from pcie_port_platform_notify() and relatives (bsc#1006827). - perf/x86: Add perf support for AMD family-17h processors (fate#320473). - pm / hibernate: Fix 2G size issue of snapshot image verification (bsc#1004252). - pm / sleep: declare __tracedata symbols as char rather than char (bnc#1005895). - powercap/intel_rapl: Add support for Kabylake (bsc#1003566). - powercap / RAPL: add support for Denverton (bsc#1003566). - powercap / RAPL: Add support for Ivy Bridge server (bsc#1003566). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - powerpc/xmon: Add xmon command to dump process/task similar to ps(1) (fate#322020). - proc: much faster /proc/vmstat (bnc#971975 VM performance -- vmstat). - qede: Correctly map aggregation replacement pages (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qed: FLR of active VFs might lead to FW assert (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841). - qla2xxx: Fix NULL pointer deref in QLA interrupt (bsc#1003068). - qla2xxx: setup data needed in ISR before setting up the ISR (bsc#1006528). - rbd: truncate objects on cmpext short reads (bsc#988715). - Revert 'ACPI / LPSS: allow to use specific PM domain during ->probe()' (bsc#1005917). - Revert 'can: dev: fix deadlock reported after bus-off'. - Revert 'fix minor infoleak in get_user_ex()' (p.k.o). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (p.k.o). - rpm/config.sh: Build against SP2 in the OBS as well - rpm/constraints.in: increase disk for kernel-syzkaller The kernel-syzkaller build now consumes around 30G. This causes headache in factory where the package rebuilds over and over. Require 35G disk size to successfully build the flavor. - rpm/kernel-binary.spec.in: Build the -base package unconditionally (bsc#1000118) - rpm/kernel-binary.spec.in: Do not create KMPs with CONFIG_MODULES=n - rpm/kernel-binary.spec.in: Only build -base and -extra with CONFIG_MODULES (bsc#1000118) - rpm/kernel-binary.spec.in: Simplify debug info switch Any CONFIG_DEBUG_INFO sub-options are answered in the configs nowadays. - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - rpm/package-descriptions: Add 64kb kernel flavor description - rpm/package-descriptions: add kernel-syzkaller - rpm/package-descriptions: pv has been merged into -default (fate#315712) - rpm/package-descriptions: the flavor is 64kb, not 64k - s390/mm: fix gmap tlb flush issues (bnc#1005925). - sched/core: Optimize __schedule() (bnc#978907 Scheduler performance -- context switch). - sched/fair: Fix incorrect task group ->load_avg (bsc#981825). - sched/fair: Optimize find_idlest_cpu() when there is no choice (bnc#978907 Scheduler performance -- idle search). - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989) - serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001). - serial: 8250_port: fix runtime PM use in __do_stop_tx_rs485() (bsc#983152). - sunrpc: fix refcounting problems with auth_gss messages (boo#1011250). - supported.conf: add hid-logitech-hidpp (bsc#1002322 bsc#1002786) - supported.conf: Add overlay.ko to -base (fate#321903) Also, delete the stale entry for the old overlayfs. - supported.conf: Mark vmx-crypto as supported (fate#319564) - supported.conf: xen-netfront should be in base packages, just like its non-pvops predecessor. (bsc#1002770) - target: fix tcm_rbd_gen_it_nexus for emulated XCOPY state (bsc#1003606). - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#963609 FATE#320143). - time: Avoid undefined behaviour in ktime_add_safe() (bnc#1006103). - Update config files: select new CONFIG_SND_SOC_INTEL_SST_* helpers - Update patches.suse/btrfs-8401-fix-qgroup-accounting-when-creating-snap.patch (bsc#972993). - usb: gadget: composite: Clear reserved fields of SSP Dev Cap (FATE#319959). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - Using BUG_ON() as an assert() is _never_ acceptable (bnc#1005929). - vmxnet3: Wake queue from reset work (bsc#999907). - Whitelist KVM KABI changes resulting from adding a hcall. caused by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected as result of changing KVM KABI so whitelisting for now. If we get some additional input from IBM we can back out the patch. - writeback: initialize inode members that track writeback history (bsc#1012829). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - x86/efi: Enable runtime call flag checking (bsc#1005745). - x86/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - x86/hpet: Reduce HPET counter read contention (bsc#1014710). - x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types (fate#320474, bsc#1013700). Exclude removed symbols from kABI check. They're AMD Zen relevant only and completely useless to other modules - only edac_mce_amd.ko. - x86/mce/AMD: Increase size of the bank_map type (fate#320474, bsc#1013700). - x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks (fate#320474, bsc#1013700). - x86/mce/AMD: Update sysfs bank names for SMCA systems (fate#320474, bsc#1013700). - x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks() (fate#320474, bsc#1013700). - x86/pci: VMD: Attach VMD resources to parent domain's resource tree (bsc#1006827). - x86/pci: VMD: Document code for maintainability (bsc#1006827). - x86/pci: VMD: Fix infinite loop executing irq's (bsc#1006827). - x86/pci: VMD: Initialize list item in IRQ disable (bsc#1006827). - x86/pci: VMD: Request userspace control of PCIe hotplug indicators (bsc#1006827). - x86/pci: VMD: Select device dma ops to override (bsc#1006827). - x86/pci: VMD: Separate MSI and MSI-X vector sharing (bsc#1006827). - x86/pci: VMD: Set bus resource start to 0 (bsc#1006827). - x86/pci: VMD: Synchronize with RCU freeing MSI IRQ descs (bsc#1006827). - x86/pci: VMD: Use lock save/restore in interrupt enable path (bsc#1006827). - x86/pci/VMD: Use untracked irq handler (bsc#1006827). - x86/pci: VMD: Use x86_vector_domain as parent domain (bsc#1006827). - x86, powercap, rapl: Add Skylake Server model number (bsc#1003566). - x86, powercap, rapl: Reorder CPU detection table (bsc#1003566). - x86, powercap, rapl: Use Intel model macros intead of open-coding (bsc#1003566). - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (bnc#1005169). - zram: Fix unbalanced idr management at hot removal (bsc#1010970). Important SUSE bug 1000118 SUSE bug 1000189 SUSE bug 1000287 SUSE bug 1000304 SUSE bug 1000433 SUSE bug 1000776 SUSE bug 1001169 SUSE bug 1001171 SUSE bug 1001310 SUSE bug 1001462 SUSE bug 1001486 SUSE bug 1001888 SUSE bug 1002322 SUSE bug 1002770 SUSE bug 1002786 SUSE bug 1003068 SUSE bug 1003566 SUSE bug 1003581 SUSE bug 1003606 SUSE bug 1003813 SUSE bug 1003866 SUSE bug 1003964 SUSE bug 1004048 SUSE bug 1004052 SUSE bug 1004252 SUSE bug 1004365 SUSE bug 1004517 SUSE bug 1005169 SUSE bug 1005327 SUSE bug 1005545 SUSE bug 1005666 SUSE bug 1005745 SUSE bug 1005895 SUSE bug 1005917 SUSE bug 1005921 SUSE bug 1005923 SUSE bug 1005925 SUSE bug 1005929 SUSE bug 1006103 SUSE bug 1006175 SUSE bug 1006267 SUSE bug 1006528 SUSE bug 1006576 SUSE bug 1006804 SUSE bug 1006809 SUSE bug 1006827 SUSE bug 1006915 SUSE bug 1006918 SUSE bug 1007197 SUSE bug 1007615 SUSE bug 1007653 SUSE bug 1007955 SUSE bug 1008557 SUSE bug 1008979 SUSE bug 1009062 SUSE bug 1009969 SUSE bug 1010040 SUSE bug 1010158 SUSE bug 1010444 SUSE bug 1010478 SUSE bug 1010507 SUSE bug 1010665 SUSE bug 1010690 SUSE bug 1010970 SUSE bug 1011176 SUSE bug 1011250 SUSE bug 1011913 SUSE bug 1012060 SUSE bug 1012094 SUSE bug 1012452 SUSE bug 1012767 SUSE bug 1012829 SUSE bug 1012992 SUSE bug 1013001 SUSE bug 1013479 SUSE bug 1013531 SUSE bug 1013700 SUSE bug 1014120 SUSE bug 1014392 SUSE bug 1014701 SUSE bug 1014710 SUSE bug 1015212 SUSE bug 1015359 SUSE bug 1015367 SUSE bug 1015416 SUSE bug 799133 SUSE bug 914939 SUSE bug 922634 SUSE bug 963609 SUSE bug 963655 SUSE bug 963904 SUSE bug 964462 SUSE bug 966170 SUSE bug 966172 SUSE bug 966186 SUSE bug 966191 SUSE bug 966316 SUSE bug 966318 SUSE bug 966325 SUSE bug 966471 SUSE bug 969474 SUSE bug 969475 SUSE bug 969476 SUSE bug 969477 SUSE bug 969756 SUSE bug 971975 SUSE bug 971989 SUSE bug 972993 SUSE bug 974313 SUSE bug 974842 SUSE bug 974843 SUSE bug 978907 SUSE bug 979378 SUSE bug 979681 SUSE bug 981825 SUSE bug 983087 SUSE bug 983152 SUSE bug 983318 SUSE bug 985850 SUSE bug 986255 SUSE bug 986987 SUSE bug 987641 SUSE bug 987703 SUSE bug 987805 SUSE bug 988524 SUSE bug 988715 SUSE bug 990384 SUSE bug 992555 SUSE bug 993739 SUSE bug 993841 SUSE bug 993891 SUSE bug 994881 SUSE bug 995278 SUSE bug 997059 SUSE bug 997639 SUSE bug 997807 SUSE bug 998054 SUSE bug 998689 SUSE bug 999907 SUSE bug 999932 CVE-2015-1350 CVE-2015-8964 CVE-2016-7039 CVE-2016-7042 CVE-2016-7425 CVE-2016-7913 CVE-2016-7917 CVE-2016-8645 CVE-2016-8666 CVE-2016-9083 CVE-2016-9084 CVE-2016-9793 CVE-2016-9919 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u131 (icedtea 3.4.0) - bsc#1034849 * Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-3514: Windows peering issue - S8168699: Validate special case invocations - S8169011, CVE-2017-3526: Resizing XML parse trees - S8170222, CVE-2017-3533: Better transfers of files - S8171121, CVE-2017-3539: Enhancing jar checking - S8171533, CVE-2017-3544: Better email transfer - S8172299: Improve class processing * New features - PR1969: Add AArch32 JIT port - PR3297: Allow Shenandoah to be used on AArch64 - PR3340: jstack.stp should support AArch64 * Import of OpenJDK 8 u131 build 11 - S6474807: (smartcardio) CardTerminal.connect() throws CardException instead of CardNotPresentException - S6515172, PR3346: Runtime.availableProcessors() ignores Linux taskset command - S7155957: closed/java/awt/MenuBar/MenuBarStress1/MenuBarStress1.java hangs on win 64 bit with jdk8 - S7167293: FtpURLConnection connection leak on FileNotFoundException - S8035568: [macosx] Cursor management unification - S8079595: Resizing dialog which is JWindow parent makes JVM crash - S8130769: The new menu can't be shown on the menubar after clicking the 'Add' button. - S8146602: jdk/test/sun/misc/URLClassPath/ClassnameCharTest.java test fails with NullPointerException - S8147842: IME Composition Window is displayed at incorrect location - S8147910, PR3346: Cache initial active_processor_count - S8150490: Update OS detection code to recognize Windows Server 2016 - S8160951: [TEST_BUG] javax/xml/bind/marshal/8134111/UnmarshalTest.java should be added into :needs_jre group - S8160958: [TEST_BUG] java/net/SetFactoryPermission/SetFactoryPermission.java should be added into :needs_compact2 group - S8161147: jvm crashes when -XX:+UseCountedLoopSafepoints is enabled - S8161195: Regression: closed/javax/swing/text/FlowView/LayoutTest.java - S8161993, PR3346: G1 crashes if active_processor_count changes during startup - S8162876: [TEST_BUG] sun/net/www/protocol/http/HttpInputStream.java fails intermittently - S8162916: Test sun/security/krb5/auto/UnboundSSL.java fails - S8164533: sun/security/ssl/SSLSocketImpl/CloseSocket.java failed with 'Error while cleaning up threads after test' - S8167179: Make XSL generated namespace prefixes local to transformation process - S8168774: Polymorhic signature method check crashes javac - S8169465: Deadlock in com.sun.jndi.ldap.pool.Connections - S8169589: [macosx] Activating a JDialog puts to back another dialog - S8170307: Stack size option -Xss is ignored - S8170316: (tz) Support tzdata2016j - S8170814: Reuse cache entries (part II) - S8170888, PR3314, RH1284948: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments - S8171388: Update JNDI Thread contexts - S8171949: [macosx] AWT_ZoomFrame Automated tests fail with error: The bitwise mask Frame.ICONIFIED is not setwhen the frame is in ICONIFIED state - S8171952: [macosx] AWT_Modality/Automated/ModalExclusion/NoExclusion/ModelessDialog test fails as DummyButton on Dialog did not gain focus when clicked. - S8173030: Temporary backout fix #8035568 from 8u131-b03 - S8173031: Temporary backout fix #8171952 from 8u131-b03 - S8173783, PR3328: IllegalArgumentException: jdk.tls.namedGroups - S8173931: 8u131 L10n resource file update - S8174844: Incorrect GPL header causes RE script to miss swap to commercial header for licensee source bundle - S8174985: NTLM authentication doesn't work with IIS if NTLM cache is disabled - S8176044: (tz) Support tzdata2017a * Backports - S6457406, PR3335: javadoc doesn't handle <a href='http://...'> properly in producing index pages - S8030245, PR3335: Update langtools to use try-with-resources and multi-catch - S8030253, PR3335: Update langtools to use strings-in-switch - S8030262, PR3335: Update langtools to use foreach loops - S8031113, PR3337: TEST_BUG: java/nio/channels/AsynchronousChannelGroup/Basic.java fails intermittently - S8031625, PR3335: javadoc problems referencing inner class constructors - S8031649, PR3335: Clean up javadoc tests - S8031670, PR3335: Remove unneeded -source options in javadoc tests - S8032066, PR3335: Serialized form has broken links to non private inner classes of package private - S8034174, PR2290: Remove use of JVM_* functions from java.net code - S8034182, PR2290: Misc. warnings in java.net code - S8035876, PR2290: AIX build issues after '8034174: Remove use of JVM_* functions from java.net code' - S8038730, PR3335: Clean up the way JavadocTester is invoked, and checks for errors. - S8040903, PR3335: Clean up use of BUG_ID in javadoc tests - S8040904, PR3335: Ensure javadoc tests do not overwrite results within tests - S8040908, PR3335: javadoc test TestDocEncoding should use -notimestamp - S8041150, PR3335: Avoid silly use of static methods in JavadocTester - S8041253, PR3335: Avoid redundant synonyms of NO_TEST - S8043780, PR3368: Use open(O_CLOEXEC) instead of fcntl(FD_CLOEXEC) - S8061305, PR3335: Javadoc crashes when method name ends with 'Property' - S8072452, PR3337: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits - S8075565, PR3337: Define @intermittent jtreg keyword and mark intermittently failing jdk tests - S8075670, PR3337: Remove intermittent keyword from some tests - S8078334, PR3337: Mark regression tests using randomness - S8078880, PR3337: Mark a few more intermittently failuring security-libs - S8133318, PR3337: Exclude intermittent failing PKCS11 tests on Solaris SPARC 11.1 and earlier - S8144539, PR3337: Update PKCS11 tests to run with security manager - S8144566, PR3352: Custom HostnameVerifier disables SNI extension - S8153711, PR3313, RH1284948: [REDO] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command - S8155049, PR3352: New tests from 8144566 fail with 'No expected Server Name Indication' - S8173941, PR3326: SA does not work if executable is DSO - S8174164, PR3334, RH1417266: SafePointNode::_replaced_nodes breaks with irreducible loops - S8174729, PR3336, RH1420518: Race Condition in java.lang.reflect.WeakCache - S8175097, PR3334, RH1417266: [TESTBUG] 8174164 fix missed the test * Bug fixes - PR3348: Architectures unsupported by SystemTap tapsets throw a parse error - PR3378: Perl should be mandatory - PR3389: javac.in and javah.in should use @PERL@ rather than a hardcoded path * AArch64 port - S8168699, PR3372: Validate special case invocations [AArch64 support] - S8170100, PR3372: AArch64: Crash in C1-compiled code accessing References - S8172881, PR3372: AArch64: assertion failure: the int pressure is incorrect - S8173472, PR3372: AArch64: C1 comparisons with null only use 32-bit instructions - S8177661, PR3372: Correct ad rule output register types from iRegX to iRegXNoSp * AArch32 port - PR3380: Zero should not be enabled by default on arm with the AArch32 HotSpot build - PR3384, S8139303, S8167584: Add support for AArch32 architecture to configure and jdk makefiles - PR3385: aarch32 does not support -Xshare:dump - PR3386, S8164652: AArch32 jvm.cfg wrong for C1 build - PR3387: Installation fails on arm with AArch32 port as INSTALL_ARCH_DIR is arm, not aarch32 - PR3388: Wrong path for jvm.cfg being used on arm with AArch32 build * Shenandoah - Fix Shenandoah argument checking on 32bit builds. - Import from Shenandoah tag aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-02-20 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-06 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-09 - Import from Shenandoah tag aarch64-shenandoah-jdk8u121-b14-shenandoah-merge-2017-03-23 Important SUSE bug 1034849 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 cpe:/o:suse:sles:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2 Wireshark was updated to version 2.2.6, which brings several new features, enhancements and bug fixes. Thses security issues were fixed: - CVE-2017-7700: In Wireshark the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size (bsc#1033936) - CVE-2017-7701: In Wireshark the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type (bsc#1033937) - CVE-2017-7702: In Wireshark the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation (bsc#1033938) - CVE-2017-7703: In Wireshark the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly (bsc#1033939) - CVE-2017-7704: In Wireshark the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value (bsc#1033940) - CVE-2017-7705: In Wireshark the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset (bsc#1033941) - CVE-2017-7745: In Wireshark the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check (bsc#1033942) - CVE-2017-7746: In Wireshark the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length (bsc#1033943) - CVE-2017-7747: In Wireshark the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree (bsc#1033944) - CVE-2017-7748: In Wireshark the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check (bsc#1033945) - CVE-2017-6014: In Wireshark a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory (bsc#1025913) - CVE-2017-5596: In Wireshark the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow (bsc#1021739) - CVE-2017-5597: In Wireshark the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow (bsc#1021739) - CVE-2016-9376: In Wireshark the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large (bsc#1010735) - CVE-2016-9375: In Wireshark the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful (bsc#1010740) - CVE-2016-9374: In Wireshark the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable (bsc#1010752) - CVE-2016-9373: In Wireshark the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings (bsc#1010754) - CVE-2016-7180: epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark did not properly consider whether a string is constant, which allowed remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet (bsc#998800) - CVE-2016-7179: Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark allowed remote attackers to cause a denial of service (application crash) via a crafted packet (bsc#998963) - CVE-2016-7178: epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark did not ensure that memory is allocated for certain data structures, which allowed remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet (bsc#998964) - CVE-2016-7177: epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark did not restrict the number of channels, which allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet (bsc#998763) - CVE-2016-7176: epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark called snprintf with one of its input buffers as the output buffer, which allowed remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet (bsc#998762) - CVE-2016-7175: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark mishandled MAC address data, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet (bsc#998761) - CVE-2016-6354: Heap-based buffer overflow in the yy_get_next_buffer function in Flex might have allowed context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read (bsc#990856). Moderate SUSE bug 1002981 SUSE bug 1010735 SUSE bug 1010740 SUSE bug 1010752 SUSE bug 1010754 SUSE bug 1010911 SUSE bug 1021739 SUSE bug 1025913 SUSE bug 1026507 SUSE bug 1027692 SUSE bug 1027998 SUSE bug 1033936 SUSE bug 1033937 SUSE bug 1033938 SUSE bug 1033939 SUSE bug 1033940 SUSE bug 1033941 SUSE bug 1033942 SUSE bug 1033943 SUSE bug 1033944 SUSE bug 1033945 SUSE bug 990856 SUSE bug 998761 SUSE bug 998762 SUSE bug 998763 SUSE bug 998800 SUSE bug 998963 SUSE bug 998964 CVE-2016-6354 CVE-2016-7175 CVE-2016-7176 CVE-2016-7177 CVE-2016-7178 CVE-2016-7179 CVE-2016-7180 CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 CVE-2017-5596 CVE-2017-5597 CVE-2017-6014 CVE-2017-7700 CVE-2017-7701 CVE-2017-7702 CVE-2017-7703 CVE-2017-7704 CVE-2017-7705 CVE-2017-7745 CVE-2017-7746 CVE-2017-7747 CVE-2017-7748 cpe:/o:suse:sles:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2 This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for hostname. [bsc#1024145] - Filter netgroups, they aren't handled by SSSD. [bsc#1015351] - Fix problems related to 'krb5_ccname' option [bsc#981124] Important SUSE bug 1015351 SUSE bug 1024145 SUSE bug 1039361 SUSE bug 981124 CVE-2017-1000367 cpe:/o:suse:sles:12:sp2 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libxml2 fixes the following issues: - CVE-2017-9047, CVE-2017-9048: The function xmlSnprintfElementContent in valid.c was vulnerable to a stack buffer overflow (bsc#1039063, bsc#1039064) - CVE-2017-9049: The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-based buffer over-read. (bsc#1039066) - CVE-2017-9050: The function xmlDictAddString was vulnerable to a heap-based buffer over-read (bsc#1039661) - CVE-2016-1839: heap-based buffer overflow (xmlDictAddString func) (bnc#1039069) Moderate SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 SUSE bug 981114 CVE-2016-1839 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 cpe:/o:suse:sles:12:sp2 Security update for strongswan (Important) SUSE Linux Enterprise Server 12 SP2 This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service (bsc#1039514) - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service (bsc#1039515) - IKEv1 protocol is vulnerable to DoS amplification attack (bsc#985012) Important SUSE bug 1039514 SUSE bug 1039515 SUSE bug 985012 CVE-2017-9022 CVE-2017-9023 cpe:/o:suse:sles:12:sp2 Security update for libnettle (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libnettle fixes the following issues: - CVE-2016-6489: * Reject invalid RSA keys with even modulo. * Check for invalid keys, with even p, in dsa_sign(). * Use function mpz_powm_sec() instead of mpz_powm() (bsc#991464). Moderate SUSE bug 991464 CVE-2016-6489 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2017-6502: Possible file-descriptor leak in libmagickcore that could be triggered via a specially crafted webp file (bsc#1028075). - CVE-2017-7943: The ReadSVGImage function in svg.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034870). Note that this only impacts the built-in SVG implementation. As we use the librsgv implementation, we are not affected. - CVE-2017-7942: The ReadAVSImage function in avs.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034872). - CVE-2017-7941: The ReadSGIImage function in sgi.c allowed remote attackers to consume an amount of available memory via a crafted file (bsc#1034876). - CVE-2017-8351: ImageMagick, GraphicsMagick: denial of service (memory leak) via a crafted file (ReadPCDImage func in pcd.c) (bsc#1036986). - CVE-2017-8352: denial of service (memory leak) via a crafted file (ReadXWDImage func in xwd.c) (bsc#1036987) - CVE-2017-8349: denial of service (memory leak) via a crafted file (ReadSFWImage func in sfw.c) (bsc#1036984) - CVE-2017-8350: denial of service (memory leak) via a crafted file (ReadJNGImage function in png.c) (bsc#1036985) - CVE-2017-8347: denial of service (memory leak) via a crafted file (ReadEXRImage func in exr.c) (bsc#1036982) - CVE-2017-8348: denial of service (memory leak) via a crafted file (ReadMATImage func in mat.c) (bsc#1036983) - CVE-2017-8345: denial of service (memory leak) via a crafted file (ReadMNGImage func in png.c) (bsc#1036980) - CVE-2017-8346: denial of service (memory leak) via a crafted file (ReadDCMImage func in dcm.c) (bsc#1036981) - CVE-2017-8353: denial of service (memory leak) via a crafted file (ReadPICTImage func in pict.c) (bsc#1036988) - CVE-2017-8354: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c) (bsc#1036989) - CVE-2017-8830: denial of service (memory leak) via a crafted file (ReadBMPImage func in bmp.c:1379) (bsc#1038000) - CVE-2017-7606: denial of service (application crash) or possibly have unspecified other impact via a crafted image (bsc#1033091) - CVE-2017-8765: memory leak vulnerability via a crafted ICON file (ReadICONImage in coders\icon.c) (bsc#1037527) - CVE-2017-8356: denial of service (memory leak) via a crafted file (ReadSUNImage function in sun.c) (bsc#1036991) - CVE-2017-8355: denial of service (memory leak) via a crafted file (ReadMTVImage func in mtv.c) (bsc#1036990) - CVE-2017-8344: denial of service (memory leak) via a crafted file (ReadPCXImage func in pcx.c) (bsc#1036978) - CVE-2017-8343: denial of service (memory leak) via a crafted file (ReadAAIImage func in aai.c) (bsc#1036977) - CVE-2017-8357: denial of service (memory leak) via a crafted file (ReadEPTImage func in ept.c) (bsc#1036976) - CVE-2017-9098: uninitialized memory usage in the ReadRLEImage RLE decoder function coders/rle.c (bsc#1040025) - CVE-2017-9141: Missing checks in the ReadDDSImage function in coders/dds.c could lead to a denial of service (assertion) (bsc#1040303) - CVE-2017-9142: Missing checks in theReadOneJNGImage function in coders/png.c could lead to denial of service (assertion) (bsc#1040304) - CVE-2017-9143: A possible denial of service attack via crafted .art file in ReadARTImage function in coders/art.c (bsc#1040306) - CVE-2017-9144: A crafted RLE image can trigger a crash in coders/rle.c could lead to a denial of service (crash) (bsc#1040332) Moderate SUSE bug 1028075 SUSE bug 1033091 SUSE bug 1034870 SUSE bug 1034872 SUSE bug 1034876 SUSE bug 1036976 SUSE bug 1036977 SUSE bug 1036978 SUSE bug 1036980 SUSE bug 1036981 SUSE bug 1036982 SUSE bug 1036983 SUSE bug 1036984 SUSE bug 1036985 SUSE bug 1036986 SUSE bug 1036987 SUSE bug 1036988 SUSE bug 1036989 SUSE bug 1036990 SUSE bug 1036991 SUSE bug 1037527 SUSE bug 1038000 SUSE bug 1040025 SUSE bug 1040303 SUSE bug 1040304 SUSE bug 1040306 SUSE bug 1040332 CVE-2017-6502 CVE-2017-7606 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9098 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 cpe:/o:suse:sles:12:sp2 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libxml2 fixes the following security issues: * CVE-2017-9050: A heap-based buffer over-read in xmlDictAddString (bsc#1039069, bsc#1039661) * CVE-2017-9049: A heap-based buffer overflow in xmlDictComputeFastKey (bsc#1039066) * CVE-2017-9048: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039063) * CVE-2017-9047: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039064) Moderate SUSE bug 1039063 SUSE bug 1039064 SUSE bug 1039066 SUSE bug 1039069 SUSE bug 1039661 CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 cpe:/o:suse:sles:12:sp2 Security update for openldap2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764) Non security bugs fixed: - Let OpenLDAP read system-wide certificates by default and don't hide the error if the user-specified CA location cannot be read. (bsc#1009470) - Fix an uninitialised variable that causes startup failure (bsc#1037396) - Fix an issue with transaction management that can cause server crash (bsc#972331) Moderate SUSE bug 1009470 SUSE bug 1037396 SUSE bug 1041764 SUSE bug 972331 CVE-2017-9287 cpe:/o:suse:sles:12:sp2 Security update for jakarta-taglibs-standard (Important) SUSE Linux Enterprise Server 12 SP2 This update for jakarta-taglibs-standard fixes the following issues: - CVE-2015-0254: Apache Standard Taglibs allowed remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) x:parse or (2) x:transform JSTL XML tag. (bsc#920813) Important SUSE bug 920813 CVE-2015-0254 cpe:/o:suse:sles:12:sp2 Security update for libmicrohttpd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libmicrohttpd fixes the following issues: - CVE-2013-7038: The MHD_http_unescape function in libmicrohttpd might have allowed remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. (bsc#854443) - CVE-2013-7039: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. (bsc#854443) - Fixed various bugs found during a 2017 audit, which are more hardening measures and not security issues. (bsc#1041216) Moderate SUSE bug 1041216 SUSE bug 854443 CVE-2013-7038 CVE-2013-7039 cpe:/o:suse:sles:12:sp2 Security update for libqt5-qtbase, libqt5-qtdeclarative (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libqt5-qtbase and libqt5-qtdeclarative fixes the following issues: This security issue was fixed: - Prevent potential information leak due to race condition in QSaveFile (bsc#1034005). These non-security issues were fixed: - Fixed crash in QPlainTextEdit - Fixed Burmese rendering issue - Fixed reuse of C++-owned QObjects by different QML engines that could lead to crashes in kwin (bsc#1034402) - Make libqt5-qtquickcontrols available in SUSE Linux Enterprise. Moderate SUSE bug 1013095 SUSE bug 1034005 SUSE bug 1034402 cpe:/o:suse:sles:12:sp2 Security update for netpbm (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for netpbm fixes the following issues: Security bugs: * CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images. [bsc#1024292] * CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287] * CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294] Moderate SUSE bug 1024287 SUSE bug 1024292 SUSE bug 1024294 CVE-2017-2581 CVE-2017-2586 CVE-2017-2587 cpe:/o:suse:sles:12:sp2 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. (bsc#1042326) - Don't require secure memory for the fips selftests, this prevents the 'Oops, secure memory pool already initialized' warning. (bsc#931932) Moderate SUSE bug 1042326 SUSE bug 931932 CVE-2017-9526 cpe:/o:suse:sles:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for apache2 fixes the following issues: - CVE-2016-8740 Server memory can be exhausted and service denied when HTTP/2 is used [bsc#1013648] Moderate SUSE bug 1013648 CVE-2016-8740 cpe:/o:suse:sles:12:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 12 SP2 This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] Important SUSE bug 1039357 SUSE bug 1040043 CVE-2017-1000366 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Critical) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000364: The default stack guard page was too small and could be 'jumped over' by userland programs using more than one page of stack in functions and so lead to memory corruption. This update extends the stack guard page to 1 MB (for 4k pages) and 16 MB (for 64k pages) to reduce this attack vector. This is not a kernel bugfix, but a hardening measure against this kind of userland attack.(bsc#1039348) The following non-security bugs were fixed: - There was a load failure in the sha-mb encryption implementation (bsc#1037384). Critical SUSE bug 1037384 SUSE bug 1039348 CVE-2017-1000364 cpe:/o:suse:sles:12:sp2 Security update for openvpn (Important) SUSE Linux Enterprise Server 12 SP2 This update for openvpn fixes the following issues: - CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374) - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709) - CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711) - Hardening measures found by internal audit (bsc#1038713) Important SUSE bug 1038709 SUSE bug 1038711 SUSE bug 1038713 SUSE bug 995374 CVE-2016-6329 CVE-2017-7478 CVE-2017-7479 cpe:/o:suse:sles:12:sp2 Security update for gd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gd fixes one issues. This security issue was fixed: - CVE-2017-6362: Prevent double-free in gdImagePngPtr() that potentially allowed for DoS or remote code execution (bsc#1056993). Moderate SUSE bug 1056993 CVE-2017-6362 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for xmltooling (Important) SUSE Linux Enterprise Server 12 SP2 This update for xmltooling fixes the following issues: - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD (bsc#1075975) Important SUSE bug 1075975 CVE-2018-0486 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. (bsc#1085447). - CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs (bsc#1090368). - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090646). - bsc#1083125: Fixed kgraft: small race in reversion code - CVE-2018-1087: kernel KVM was vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest (bsc#1090869) before Important SUSE bug 1083125 SUSE bug 1085447 SUSE bug 1090368 SUSE bug 1090646 SUSE bug 1090869 CVE-2017-13166 CVE-2018-1087 CVE-2018-8781 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: - CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1090036). Important SUSE bug 1090036 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Important SUSE bug 1090036 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) Non security bugs fixed: - Fix crash in resolver on memory allocation failure (bsc#1086690) Important SUSE bug 1086690 SUSE bug 1094150 SUSE bug 1094154 SUSE bug 1094161 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 cpe:/o:suse:sles-ltss:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for git fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Important SUSE bug 1095218 SUSE bug 1095219 CVE-2018-11233 CVE-2018-11235 cpe:/o:suse:sles-ltss:12:sp2 Security update for kernel-firmware (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Moderate SUSE bug 1095735 CVE-2017-5715 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753 / 'SpecŧreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor on updated firmware or BIOS images regarding this issue. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option. - CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory, an attack similar to CVE-2017-5753. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'. Note that this is only done on affected platforms. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options. Also the following unrelated security bugs were fixed: - CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The following non-security bugs were fixed: - Add undefine _unique_build_ids (bsc#964063) - Always sign validate_negotiate_info reqs (bsc#1071009, fate#324404). - apei / ERST: Fix missing error handling in erst_reader() (bsc#1072556). - arm: Hide finish_arch_post_lock_switch() from modules (bsc#1068032). - autofs: fix careless error in recent commit (bnc#1012382 bsc#1065180). - bpf: prevent speculative execution in eBPF interpreter (bnc#1068032). - carl9170: prevent speculative execution (bnc#1068032). - Check cmdline_find_option() retval properly and use boot_cpu_has(). - cw1200: prevent speculative execution (bnc#1068032). - e1000e: Avoid receiver overrun interrupt bursts (bsc#969470 FATE#319819). - e1000e: Fix e1000_check_for_copper_link_ich8lan return value (bsc#1073809). - Fix leak of validate_negotiate_info resp (bsc#1071009, fate#324404). - Fix NULL pointer deref in SMB2_tcon() (bsc#1071009, fate#324404). - Fix validate_negotiate_info uninitialized mem (bsc#1071009, fate#324404). - fs: prevent speculative execution (bnc#1068032). - genwqe: Take R/W permissions into account when dealing with memory pages (bsc#1073090). - ibmvnic: Include header descriptor support for ARP packets (bsc#1073912). - ibmvnic: Increase maximum number of RX/TX queues (bsc#1073912). - ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (bsc#1073912). - ipv6: prevent speculative execution (bnc#1068032). - kaiser: add 'nokaiser' boot option, using ALTERNATIVE. - kaiser: align addition to x86/mm/Makefile. - kaiser: asm/tlbflush.h handle noPGE at lower level. - kaiser: cleanups while trying for gold link. - kaiser: Disable on Xen PV. - kaiser: do not set _PAGE_NX on pgd_none. - kaiser: drop is_atomic arg to kaiser_pagetable_walk(). - kaiser: enhanced by kernel and user PCIDs. - kaiser: ENOMEM if kaiser_pagetable_walk() NULL. - kaiser: fix build and FIXME in alloc_ldt_struct(). - kaiser: fix perf crashes. - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER. - kaiser: fix unlikely error in alloc_ldt_struct(). - kaiser: KAISER depends on SMP. - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID. - kaiser: kaiser_remove_mapping() move along the pgd. - kaiser: Kernel Address Isolation. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush. - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user. - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET. - kaiser: paranoid_entry pass cr3 need to paranoid_exit. - kaiser: PCID 0 for kernel and 128 for user. - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls. - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE. - kaiser: tidied up asm/kaiser.h somewhat. - kaiser: tidied up kaiser_add/remove_mapping slightly. - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush. - kaiser: vmstat show NR_KAISERTABLE as nr_overhead. - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user. - kvm: SVM: Do not intercept new speculative control MSRs (bsc#1068032). - kvm: x86: Add speculative control CPUID support for guests (bsc#1068032). - locking/barriers: introduce new memory barrier gmb() (bnc#1068032). - mm/mmu_context, sched/core: Fix mmu_context.h assumption (bsc#1068032). - net: mpls: prevent speculative execution (bnc#1068032). - nfs: revalidate '.' etc correctly on 'open' (bsc#1068951). - nfs: revalidate '.' etc correctly on 'open' (git-fixes). Fix References tag. - nfsv4: always set NFS_LOCK_LOST when a lock is lost (bsc#1068951). - p54: prevent speculative execution (bnc#1068032). - powerpc/barrier: add gmb. - powerpc: Secure memory rfi flush (bsc#1068032). - ptrace: Add a new thread access check (bsc#1068032). - qla2xxx: prevent speculative execution (bnc#1068032). - Redo encryption backport to fix pkt signing (bsc#1071009, fate#324404). - s390: add ppa to system call and program check path (bsc#1068032). - s390: introduce CPU alternatives. - s390: introduce CPU alternatives (bsc#1068032). - s390/spinlock: add gmb memory barrier - s390/spinlock: add gmb memory barrier (bsc#1068032). - s390/spinlock: add ppa to system call path Signoff the s390 patches. - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (bsc#1068032). - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (bsc#1068032). - scsi_dh_alua: skip RTPG for devices only supporting active/optimized (bsc#1064311). - scsi_scan: Exit loop if TUR to LUN0 fails with 0x05/0x25 (bsc#1063043). This is specific to FUJITSU ETERNUS_DX* targets. They can return 'Illegal Request - Logical unit not supported' and processing should leave the timeout loop in this case. - scsi: ses: check return code from ses_recv_diag() (bsc#1039616). - scsi: ses: Fixup error message 'failed to get diagnostic page 0xffffffea' (bsc#1039616). - scsi: ses: Fix wrong page error (bsc#1039616). - scsi: ses: make page2 support optional (bsc#1039616). - Thermal/int340x: prevent speculative execution (bnc#1068032). - udf: prevent speculative execution (bnc#1068032). - Update config files: enable KAISER. - usb: host: fix incorrect updating of offset (bsc#1047487). - userns: prevent speculative execution (bnc#1068032). - uvcvideo: prevent speculative execution (bnc#1068032). - vxlan: correctly handle ipv6.disable module parameter (bsc#1072962). - x86/boot: Add early cmdline parsing for options with arguments. - x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032). - x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032). - x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature (bsc#1068032). - x86/CPU: Check speculation control CPUID bit (bsc#1068032). - x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032). - x86/entry: Add a function to overwrite the RSB (bsc#1068032). - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032). - x86/entry: Use IBRS on entry to kernel space (bsc#1068032). - x86/feature: Enable the x86 feature to control Speculation (bsc#1068032). - x86/idle: Disable IBRS when offlining a CPU and re-enable on wakeup (bsc#1068032). - x86/idle: Toggle IBRS when going idle (bsc#1068032). - x86/kaiser: Check boottime cmdline params. - x86/kaiser: Move feature detection up (bsc#1068032). - x86/kaiser: Reenable PARAVIRT. - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling. - x86/kvm: Add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm (bsc#1068032). - x86/kvm: Flush IBP when switching VMs (bsc#1068032). - x86/kvm: Pad RSB on VM transition (bsc#1068032). - x86/kvm: Toggle IBRS on VM entry and exit (bsc#1068032). - x86/mm/64: Fix reboot interaction with CR4.PCIDE (bsc#1068032). - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (bsc#1068032). - x86/mm: Add INVPCID helpers (bsc#1068032). - x86/mm: Add the 'nopcid' boot option to turn off PCID (bsc#1068032). - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (bsc#1068032). - x86/mm: Enable CR4.PCIDE on supported systems (bsc#1068032). - x86/mm: Fix INVPCID asm constraint (bsc#1068032). - x86/mm: If INVPCID is available, use it to flush global mappings (bsc#1068032). - x86/mm: Make flush_tlb_mm_range() more predictable (bsc#1068032). - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (bsc#1068032). - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (bsc#1068032). - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (bsc#1068032). - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (bsc#1068032). - x86/mm, sched/core: Turn off IRQs in switch_mm() (bsc#1068032). - x86/mm, sched/core: Uninline switch_mm() (bsc#1068032). - x86/mm: Set IBPB upon context switch (bsc#1068032). - x86/MSR: Move native_*msr(.. u64) to msr.h (bsc#1068032). - x86/paravirt: Dont patch flush_tlb_single (bsc#1068032). - x86/spec: Add IBRS control functions (bsc#1068032). - x86/spec: Add 'nospec' chicken bit (bsc#1068032). - x86/spec: Check CPUID direclty post microcode reload to support IBPB feature (bsc#1068032). - x86/spec_ctrl: Add an Indirect Branch Predictor barrier (bsc#1068032). - x86/spec_ctrl: Check whether IBPB is enabled before using it (bsc#1068032). - x86/spec_ctrl: Check whether IBRS is enabled before using it (bsc#1068032). - x86/svm: Add code to clear registers on VM exit (bsc#1068032). - x86/svm: Clobber the RSB on VM exit (bsc#1068032). - x86/svm: Set IBPB when running a different VCPU (bsc#1068032). - x86/svm: Set IBRS value on VM entry and exit (bsc#1068032). Important SUSE bug 1012382 SUSE bug 1039616 SUSE bug 1047487 SUSE bug 1063043 SUSE bug 1064311 SUSE bug 1065180 SUSE bug 1068032 SUSE bug 1068951 SUSE bug 1071009 SUSE bug 1072556 SUSE bug 1072962 SUSE bug 1073090 SUSE bug 1073792 SUSE bug 1073809 SUSE bug 1073874 SUSE bug 1073912 SUSE bug 964063 SUSE bug 969470 CVE-2017-17805 CVE-2017-17806 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 cpe:/o:suse:sles:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through (bsc#1092885) Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: Update to version 20180425 (bsc#1091836) Fix provided for: - GLK B0 6-7a-1/01 0000001e->00000022 Pentium Silver N/J5xxx, Celeron N/J4xxx - Name microcodes which are not allowed to load late with a *.early suffix Moderate SUSE bug 1091836 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Important SUSE bug 1087066 SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_0-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent classloading + S8190478: Improved interface method selection + S8190877: Better handling of abstract classes + S8191696: Better mouse positioning + S8192030: Better MTSchema support + S8193409: Improve AES supporting classes + S8193414: Improvements in MethodType lookups + S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries + S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability + S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability + S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability + S8189989, CVE-2018-2798, bsc#1090028: Improve container portability + S8189993, CVE-2018-2799, bsc#1090029: Improve document portability + S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms + S8192025, CVE-2018-2814, bsc#1090032: Less referential references + S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation + S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For additional changes please consult the changelog. Important SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:sles-ltss:12:sp2 Security update for gpg2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed: - bsc#1086039 - Dom0 does not represent DomU cpu flags Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1086039 SUSE bug 1092631 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 cpe:/o:suse:sles-ltss:12:sp2 Security update for rsync (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for rsync fixes one issues. This security issue was fixed: - CVE-2018-5764: The parse_arguments function in options.c did not prevent multiple --protect-args uses, which allowed remote attackers to bypass an argument-sanitization protection mechanism (bsc#1076503). Moderate SUSE bug 1076503 CVE-2018-5764 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 cpe:/o:suse:sles-ltss:12:sp2 Security update for procmail (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for procmail fixes the following issues: - CVE-2017-16844: Heap-based buffer overflow in loadbuf function could lead to remote denial of service (bsc#1068648) Moderate SUSE bug 1068648 CVE-2017-16844 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449]: Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 cpe:/o:suse:sles-ltss:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update is a reissue of the previous update with LTSS channels included. Moderate SUSE bug 1077445 SUSE bug 1082063 SUSE bug 1082210 SUSE bug 1083417 SUSE bug 1083420 SUSE bug 1083422 SUSE bug 1083424 SUSE bug 1083426 CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:sles-ltss:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2-LTSS MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes: * PCRE updated to 8.42 * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] * MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE * MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state * MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index * MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record * fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10035-release-notes * https://kb.askmonty.org/en/mariadb-10035-changelog Important SUSE bug 1088681 SUSE bug 1090518 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095). - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650). - CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962). - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Fix excessive newline in /proc/*/status (bsc#1094823). - Fix the patch content (bsc#1085185) - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). Important SUSE bug 1068032 SUSE bug 1079152 SUSE bug 1082962 SUSE bug 1083650 SUSE bug 1083900 SUSE bug 1085185 SUSE bug 1086400 SUSE bug 1087007 SUSE bug 1087012 SUSE bug 1087036 SUSE bug 1087086 SUSE bug 1087095 SUSE bug 1089895 SUSE bug 1090534 SUSE bug 1090955 SUSE bug 1092497 SUSE bug 1092552 SUSE bug 1092813 SUSE bug 1092904 SUSE bug 1094033 SUSE bug 1094353 SUSE bug 1094823 SUSE bug 1095042 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1096728 SUSE bug 1097356 SUSE bug 973378 CVE-2017-13305 CVE-2017-18241 CVE-2017-18249 CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 cpe:/o:suse:sles-ltss:12:sp2 Security update for libvpx (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libvpx fixes one issues. This security issue was fixed: - CVE-2017-13194: Fixed incorrect memory allocation related to odd frame width (bsc#1075992). Moderate SUSE bug 1075992 CVE-2017-13194 cpe:/o:suse:sles:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/o:suse:sles-ltss:12:sp2 Recommended update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1096141 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] Important SUSE bug 1068565 SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1082234 SUSE bug 1096718 CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:sles-ltss:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for wireshark to version 2.2.12 fixes the following issues: - CVE-2018-5334: IxVeriWave file could crash (bsc#1075737) - CVE-2018-5335: WCP dissector could crash (bsc#1075738) - CVE-2018-5336: Multiple dissector crashes (bsc#1075739) - CVE-2017-17935: Incorrect handling of '\n' in file_read_line function could have lead to denial of service (bsc#1074171) This release no longer enables the Linux kernel BPF JIT compiler via the net.core.bpf_jit_enable sysctl, as this would make systems more vulnerable to Spectre variant 1 CVE-2017-5753 - (bsc#1075748) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Moderate SUSE bug 1074171 SUSE bug 1075737 SUSE bug 1075738 SUSE bug 1075739 SUSE bug 1075748 CVE-2017-17935 CVE-2018-5334 CVE-2018-5335 CVE-2018-5336 cpe:/o:suse:sles:12:sp2 Security update for shadow (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Important SUSE bug 1099310 CVE-2016-6252 cpe:/o:suse:sles-ltss:12:sp2 Security update for libexif (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libexif fixes several issues. These security issues were fixed: - CVE-2016-6328: Fixed integer overflow in parsing MNOTE entry data of the input file (bsc#1055857) - CVE-2017-7544: Fixed out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure (bsc#1059893) Moderate SUSE bug 1055857 SUSE bug 1059893 CVE-2016-6328 CVE-2017-7544 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: - security update (xcf.c): * CVE-2017-14343: Memory leak vulnerability in ReadXCFImage could lead to denial of service via a crafted file. CVE-2017-12691: The ReadOneLayer function in coders/xcf.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. [bsc#1058422] - security update (pnm.c): * CVE-2017-14042: A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c and could lead to remote denial of service [bsc#1056550] - security update (psd.c): * CVE-2017-15281: ReadPSDImage allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file [bsc#1063049] * CVE-2017-13061: A length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. [bsc#1055063] * CVE-2017-12563: A Memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. [bsc#1052460] * CVE-2017-14174: Due to a lack of an EOF check (End of File) in ReadPSDLayersInternal could cause huge CPU consumption, when a crafted PSD file, which claims a large 'length' field in the header but does not contain sufficient backing data, is provided, the loop over \'length\' would consume huge CPU resources, since there is no EOF check inside the loop.[bsc#1057723] - security update (meta.c): * CVE-2017-13062: Amemory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file [bsc#1055053] - security update (gif.c): * CVE-2017-15277: ReadGIFImage in coders/gif.c leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.[bsc#1063050] Important SUSE bug 1052460 SUSE bug 1055053 SUSE bug 1055063 SUSE bug 1056550 SUSE bug 1057723 SUSE bug 1058422 SUSE bug 1063049 SUSE bug 1063050 CVE-2017-12563 CVE-2017-12691 CVE-2017-13061 CVE-2017-13062 CVE-2017-14042 CVE-2017-14174 CVE-2017-14343 CVE-2017-15277 CVE-2017-15281 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes: - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Important SUSE bug 1027519 SUSE bug 1087289 SUSE bug 1094725 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1097523 CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for libevent (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libevent fixes the following security issues: - CVE-2016-10195: DNS remote stack overread vulnerability (bsc#1022917) - CVE-2016-10196: stack/buffer overflow in evutil_parse_sockaddr_port() (bsc#1022918) - CVE-2016-10197: out-of-bounds read in search_make_new() (bsc#1022919) Moderate SUSE bug 1022917 SUSE bug 1022918 SUSE bug 1022919 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Important SUSE bug 1090338 SUSE bug 1096740 CVE-2018-3665 cpe:/o:suse:sles-ltss:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for curl fixes one issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects (bsc#1077001) Moderate SUSE bug 1077001 CVE-2018-1000007 cpe:/o:suse:sles:12:sp2 Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libvorbis fixes the following issues: - CVE-2017-14633: out-of-bounds array read vulnerability exists in function mapping0_forward() could lead to remote denial of service (bsc#1059811) - CVE-2017-14632: Remote Code Execution upon freeing uninitialized memory in function vorbis_analysis_headerout(bsc#1059809) Moderate SUSE bug 1059809 SUSE bug 1059811 CVE-2017-14632 CVE-2017-14633 cpe:/o:suse:sles:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2 This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of 'high' resolution time to 1ms. + bsc#1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown (CVE-2017-5753 and CVE-2017-5715). Update to version 2.18.4: + Make WebDriver implementation more spec compliant. + Fix a bug when trying to remove cookies before a web process is spawned. + WebKitWebDriver process no longer links to libjavascriptcoregtk. + Fix several memory leaks in GStreamer media backend. + bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. Update to version 2.18.3: + Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. + Fix handling of null capabilities in WebDriver implementation. + Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803. Update to version 2.18.2: + Fix rendering of arabic text. + Fix a crash in the web process when decoding GIF images. + Fix rendering of wind in Windy.com. + Fix several crashes and rendering issues. Update to version 2.18.1: + Improve performance of GIF animations. + Fix garbled display in GMail. + Fix rendering of several material design icons when using the web font. + Fix flickering when resizing the window in Wayland. + Prevent default kerberos authentication credentials from being used in ephemeral sessions. + Fix a crash when webkit_web_resource_get_data() is cancelled. + Correctly handle touchmove and touchend events in WebKitWebView. + Fix the build with enchant 2.1.1. + Fix the build in HPPA and Alpha. + Fix several crashes and rendering issues. + Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. - Enable gold linker on s390/s390x on SLE15/Tumbleweed. Important SUSE bug 1020950 SUSE bug 1024749 SUSE bug 1050469 SUSE bug 1066892 SUSE bug 1069925 SUSE bug 1073654 SUSE bug 1075419 CVE-2016-4692 CVE-2016-4743 CVE-2016-7586 CVE-2016-7587 CVE-2016-7589 CVE-2016-7592 CVE-2016-7598 CVE-2016-7599 CVE-2016-7610 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-13788 CVE-2017-13798 CVE-2017-13803 CVE-2017-13856 CVE-2017-13866 CVE-2017-13870 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2539 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7006 CVE-2017-7011 CVE-2017-7012 CVE-2017-7018 CVE-2017-7019 CVE-2017-7020 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7038 CVE-2017-7039 CVE-2017-7040 CVE-2017-7041 CVE-2017-7042 CVE-2017-7043 CVE-2017-7046 CVE-2017-7048 CVE-2017-7049 CVE-2017-7052 CVE-2017-7055 CVE-2017-7056 CVE-2017-7059 CVE-2017-7061 CVE-2017-7064 CVE-2017-7081 CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7094 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7099 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 CVE-2017-7142 CVE-2017-7156 CVE-2017-7157 cpe:/o:suse:sles:12:sp2 Security update for transfig (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for transfig fixes the following issues: Security issue fixed: - CVE-2017-16899: Fix array index error in the fig2dev program (bsc#1069257). Moderate SUSE bug 1069257 CVE-2017-16899 cpe:/o:suse:sles:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) The following other bugs were fixed: - Fix libnss_wins.so.2 link libreplace with rpath (bsc#1054849) Important SUSE bug 1054849 SUSE bug 1103411 CVE-2018-10858 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/o:suse:sles-ltss:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Moderate SUSE bug 1082858 SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 cpe:/o:suse:sles-ltss:12:sp2 Security update to ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Moderate SUSE bug 1081741 SUSE bug 1103411 CVE-2018-1050 CVE-2018-10858 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5390 aka 'SegmentSmack': The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-9385: When printing the 'driver_override' option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: do not attach backing with duplicate UUID (bsc#1076110). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix for allocator and register thread race (bsc#1076110). - bcache: fix for data collapse after re-attaching an attached device (bsc#1076110). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: properly set task state in bch_writeback_thread() (bsc#1064232). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: return attach error when no cache set exist (bsc#1076110). - bcache: segregate flash only volume write streams (bsc#1076110). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - ext4: fix unsupported feature message formatting (bsc#1098435). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc@1097140). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: use atomic bitwise operations when handling reset requests (bsc#1101557). - kabi/severities: add PASS to drivers/md/bcache/*, no one uses bcache kernel module. - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - signals: avoid unnecessary taking of sighand->siglock (bsc#1096130). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/grant-table: log the lack of grants (bnc#1085042). Important SUSE bug 1064232 SUSE bug 1076110 SUSE bug 1083635 SUSE bug 1085042 SUSE bug 1086652 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1090123 SUSE bug 1091171 SUSE bug 1094248 SUSE bug 1096130 SUSE bug 1096480 SUSE bug 1096978 SUSE bug 1097140 SUSE bug 1097551 SUSE bug 1098016 SUSE bug 1098425 SUSE bug 1098435 SUSE bug 1099924 SUSE bug 1100089 SUSE bug 1100416 SUSE bug 1100418 SUSE bug 1100491 SUSE bug 1101557 SUSE bug 1102340 SUSE bug 1102851 SUSE bug 1103097 SUSE bug 1103119 SUSE bug 1103580 CVE-2017-18344 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-5814 CVE-2018-9385 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_85 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 SUSE bug 1103203 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 SUSE bug 1103203 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2017-11600: net/xfrm/xfrm_policy.c did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bsc#1096564) - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1096564 SUSE bug 1097108 SUSE bug 1099306 SUSE bug 1103203 CVE-2017-11600 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 SUSE bug 1103203 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 SUSE bug 1103203 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Important SUSE bug 1027519 SUSE bug 1091107 SUSE bug 1103276 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 SUSE bug 1103203 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bsc#1103203). before 4.14.8 - CVE-2018-10853: A flaw was found in kvm. In which certain instructions such as sgdt/sidt call segmented_write_std didn't propagate access correctly. As such, during userspace induced exception, the guest can incorrectly assume that the exception happened in the kernel and panic. (bsc#1097108). Important SUSE bug 1097108 SUSE bug 1099306 SUSE bug 1103203 CVE-2017-18344 CVE-2018-10853 CVE-2018-3646 cpe:/o:suse:sles-ltss:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2 This update for clamav fixes the following issues: - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - update upstream keys in the keyring - provide and obsolete clamav-nodb to trigger it's removal in Leap bsc#1040662 Important SUSE bug 1040662 SUSE bug 1049423 SUSE bug 1052448 SUSE bug 1052449 SUSE bug 1052466 SUSE bug 1077732 CVE-2017-11423 CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 cpe:/o:suse:sles:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Moderate SUSE bug 1076957 CVE-2016-10708 cpe:/o:suse:sles-ltss:12:sp2 Security update for gd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for gd fixes one issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) Moderate SUSE bug 1076391 CVE-2018-5711 cpe:/o:suse:sles:12:sp2 Recommended update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for apache2 fixes several issues. These security issues were fixed: - CVE-2017-9789: When under stress (closing many connections) the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour (bsc#1048575). - CVE-2017-7659: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process (bsc#1045160). These non-security issues were fixed: - Use the full path to a2enmod and a2dismod in the apache-22-24-upgrade script (bsc#1042037) - Fall back to 'localhost' as hostname in gensslcert (bsc#1057406) Moderate SUSE bug 1042037 SUSE bug 1045160 SUSE bug 1048575 SUSE bug 1057406 CVE-2017-7659 CVE-2017-9789 cpe:/o:suse:sles:12:sp2 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) These non-security issues were fixed: - bsc#1100112: schema: allow any strings in smbios entry qemu: escape smbios entry strings - bsc#1091427: libxl: fix segfault in libxlReconnectDomain - bsc#959329: libxl: don't set hasManagedSave when performing save Moderate SUSE bug 1079869 SUSE bug 1091427 SUSE bug 1094325 SUSE bug 1094725 SUSE bug 1100112 SUSE bug 959329 CVE-2017-5715 cpe:/o:suse:sles-ltss:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) Important SUSE bug 1082828 CVE-2017-15130 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018). Important SUSE bug 1104668 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_92 fixes one issue. The following security issue was fixed: - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bsc#1097108). Important SUSE bug 1097108 CVE-2018-10853 cpe:/o:suse:sles-ltss:12:sp2 Security update for libzypp, zypper (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML <install-summary> attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) - do not recommend cron (bsc#1079334) - Improve signature check callback messages (bsc#1045735) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735) Important SUSE bug 1036304 SUSE bug 1045735 SUSE bug 1049825 SUSE bug 1070851 SUSE bug 1076192 SUSE bug 1079334 SUSE bug 1088705 SUSE bug 1091624 SUSE bug 1092413 SUSE bug 1096803 SUSE bug 1099847 SUSE bug 1100028 SUSE bug 1101349 SUSE bug 1102429 CVE-2017-9269 CVE-2018-7685 cpe:/o:suse:sles-ltss:12:sp2 Security update for openslp (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles-ltss:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the 'Location' or other outbound header key or value. (bsc#1104826) Moderate SUSE bug 1016715 SUSE bug 1104826 CVE-2016-4975 CVE-2016-8743 cpe:/o:suse:sles-ltss:12:sp2 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Moderate SUSE bug 1047002 SUSE bug 1105437 SUSE bug 1105459 SUSE bug 1105460 CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668) - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668) - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668) - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668) - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) Moderate SUSE bug 1104668 CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1102682 SUSE bug 1103203 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1102682 SUSE bug 1103203 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1102682 SUSE bug 1103203 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1102682 SUSE bug 1103203 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_85 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1102682 SUSE bug 1103203 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1096723 SUSE bug 1102682 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1096723 SUSE bug 1102682 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1096723 SUSE bug 1102682 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1096723 SUSE bug 1102682 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1096723 SUSE bug 1102682 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1096723 SUSE bug 1102682 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Important SUSE bug 1096723 SUSE bug 1102682 SUSE bug 1105323 SUSE bug 1106191 CVE-2018-1000026 CVE-2018-10902 CVE-2018-10938 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for wireshark to version 2.4.9 fixes the following issues: Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Moderate SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 SUSE bug 1106514 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 cpe:/o:suse:sles-ltss:12:sp2 Security update for smt, yast2-smt (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) Important SUSE bug 1006984 SUSE bug 1006989 SUSE bug 1037811 SUSE bug 1097560 SUSE bug 1097824 SUSE bug 1103809 SUSE bug 1103810 SUSE bug 1104076 SUSE bug 977043 CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 cpe:/o:suse:sles-ltss:12:sp2 Security update for yast2-smt (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update fixes the following issues in yast2-smt: - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Added missing translation marks (bsc#1037811) - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. Important SUSE bug 1037811 SUSE bug 1097560 SUSE bug 977043 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Moderate SUSE bug 1089039 SUSE bug 1101246 SUSE bug 1101470 SUSE bug 1104789 SUSE bug 1106197 SUSE bug 997043 CVE-2018-0737 cpe:/o:suse:sles-ltss:12:sp2 Security update for ncurses (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ncurses fixes several issues. These security issues were fixed: - CVE-2017-13734: Prevent illegal address access in the _nc_safe_strcat function in strings.c that might have lead to a remote denial of service attack (bsc#1056126). - CVE-2017-13733: Prevent illegal address access in the fmt_entry function in progs/dump_entry.c that might have lead to a remote denial of service attack (bsc#1056127). - CVE-2017-13732: Prevent illegal address access in the function dump_uses() in progs/dump_entry.c that might have lead to a remote denial of service attack (bsc#1056128). - CVE-2017-13731: Prevent illegal address access in the function postprocess_termcap() in parse_entry.c that might have lead to a remote denial of service attack (bsc#1056129). - CVE-2017-13730: Prevent illegal address access in the function _nc_read_entry_source() in progs/tic.c that might have lead to a remote denial of service attack (bsc#1056131). - CVE-2017-13729: Prevent illegal address access in the _nc_save_str function in alloc_entry.c that might have lead to a remote denial of service attack (bsc#1056132). - CVE-2017-13728: Prevent infinite loop in the next_char function in comp_scan.c that might have lead to a remote denial of service attack (bsc#1056136). Moderate SUSE bug 1056126 SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 cpe:/o:suse:sles:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Moderate SUSE bug 1092885 SUSE bug 1096223 SUSE bug 1098735 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the 'CS' and 'SC' PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in 'ztype' could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect 'restoration of privilege' checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Important SUSE bug 1106171 SUSE bug 1106172 SUSE bug 1106173 SUSE bug 1106195 SUSE bug 1107410 SUSE bug 1107411 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107422 SUSE bug 1107423 SUSE bug 1107426 SUSE bug 1107581 SUSE bug 1108027 SUSE bug 1109105 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 cpe:/o:suse:sles-ltss:12:sp2 Security update for systemd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for systemd fixes several issues. This security issue was fixed: - CVE-2018-1049: Prevent race that can lead to DoS when using automounts (bsc#1076308). These non-security issues were fixed: - core: don't choke if a unit another unit triggers vanishes during reload - delta: don't ignore PREFIX when the given argument is PREFIX/SUFFIX - delta: extend skip logic to work on full directory paths (prefix+suffix) (bsc#1070428) - delta: check if a prefix needs to be skipped only once - delta: skip symlink paths when split-usr is enabled (#4591) - sysctl: use raw file descriptor in sysctl_write (#7753) - sd-netlink: don't take possesion of netlink fd from caller on failure (bsc#1074254) - Fix the regexp used to detect broken by-id symlinks in /etc/crypttab It was missing the following case: '/dev/disk/by-id/cr_-xxx'. - sysctl: disable buffer while writing to /proc (bsc#1071558) - Use read_line() and LONG_LINE_MAX to read values configuration files. (bsc#1071558) - sysctl: no need to check for eof twice - def: add new constant LONG_LINE_MAX - fileio: add new helper call read_line() as bounded getline() replacement - service: Don't stop unneeded units needed by restarted service (#7526) (bsc#1066156) - gpt-auto-generator: fix the handling of the value returned by fstab_has_fstype() in add_swap() (#6280) - gpt-auto-generator: disable gpt auto logic for swaps if at least one is defined in fstab (bsc#897422) - fstab-util: introduce fstab_has_fstype() helper - fstab-generator: ignore root=/dev/nfs (#3591) - fstab-generator: don't process root= if it happens to be 'gpt-auto' (#3452) - virt: use XENFEAT_dom0 to detect the hardware domain (#6442, #6662) (#7581) (bsc#1048510) - analyze: replace --no-man with --man=no in the man page (bsc#1068251) - udev: net_setup_link: don't error out when we couldn't apply link config (#7328) - Add missing /etc/systemd/network directory - Fix parsing of features in detect_vm_xen_dom0 (#7890) (bsc#1048510) - sd-bus: use -- when passing arguments to ssh (#6706) - systemctl: make sure we terminate the bus connection first, and then close the pager (#3550) - sd-bus: bump message queue size (bsc#1075724) - tmpfiles: downgrade warning about duplicate line Moderate SUSE bug 1048510 SUSE bug 1065276 SUSE bug 1066156 SUSE bug 1068251 SUSE bug 1070428 SUSE bug 1071558 SUSE bug 1074254 SUSE bug 1075724 SUSE bug 1076308 SUSE bug 897422 CVE-2017-15908 CVE-2018-1049 cpe:/o:suse:sles:12:sp2 Security update for openslp (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to '&#xa;' - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1106812 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 cpe:/o:suse:sles-ltss:12:sp2 Security update for qpdf (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for qpdf fixes the following issues: qpdf was updated to 7.1.1. Security issues fixed: - CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577). - CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579). - CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578). - CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581). - CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960). - CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312). - CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313). - CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311). * Check release notes for detailed bug fixes. * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes Moderate SUSE bug 1040311 SUSE bug 1040312 SUSE bug 1040313 SUSE bug 1050577 SUSE bug 1050578 SUSE bug 1050579 SUSE bug 1050581 SUSE bug 1055960 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a 'x.y' format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Moderate SUSE bug 1108308 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-10938: A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw (bnc#1106016). - CVE-2018-10940: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bnc#1092903). - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-13093: There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13094: An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-13095: A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-14678: The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges (bnc#1102715). - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 (bnc#1107689). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). The following security bugs were fixed: - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863). The following non-security bugs were fixed: - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - kABI: protect struct x86_emulate_ops (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: MMU: always terminate page walks at level 1 (bsc#1062604). - kvm: MMU: simplify last_pte_bitmap (bsc#1062604). - kvm: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108239). - net: ena: fix device destruction to gracefully free resources (bsc#1108239). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239). - net: ena: fix incorrect usage of memory barriers (bsc#1108239). - net: ena: fix missing calls to READ_ONCE (bsc#1108239). - net: ena: fix missing lock during device destruction (bsc#1108239). - net: ena: fix potential double ena_destroy_device() (bsc#1108239). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108239). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382 bsc#1100152). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfs: Use an appropriate work queue for direct-write completion (bsc#1082519). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - provide special timeout module parameters for EC2 (bsc#1065364). - stop_machine: Atomically queue and wake stopper threads (git-fixes). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86: Drop kernel trampoline stack. It is involved in breaking kdump/kexec infrastucture. (bsc#1099597) - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Important SUSE bug 1012382 SUSE bug 1042286 SUSE bug 1062604 SUSE bug 1064232 SUSE bug 1065364 SUSE bug 1082519 SUSE bug 1082863 SUSE bug 1084536 SUSE bug 1085042 SUSE bug 1088810 SUSE bug 1089066 SUSE bug 1092903 SUSE bug 1094466 SUSE bug 1095344 SUSE bug 1096547 SUSE bug 1097104 SUSE bug 1099597 SUSE bug 1099811 SUSE bug 1099813 SUSE bug 1099844 SUSE bug 1099845 SUSE bug 1099846 SUSE bug 1099849 SUSE bug 1099863 SUSE bug 1099864 SUSE bug 1099922 SUSE bug 1099993 SUSE bug 1099999 SUSE bug 1100000 SUSE bug 1100001 SUSE bug 1100152 SUSE bug 1102517 SUSE bug 1102715 SUSE bug 1102870 SUSE bug 1103445 SUSE bug 1104319 SUSE bug 1104495 SUSE bug 1105292 SUSE bug 1105296 SUSE bug 1105322 SUSE bug 1105348 SUSE bug 1105396 SUSE bug 1105536 SUSE bug 1106016 SUSE bug 1106095 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1106512 SUSE bug 1106594 SUSE bug 1107689 SUSE bug 1107735 SUSE bug 1107966 SUSE bug 1108239 SUSE bug 1108399 SUSE bug 1109333 CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14617 CVE-2018-14678 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 CVE-2018-7480 CVE-2018-7757 CVE-2018-9363 cpe:/o:suse:sles-ltss:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2 This update for bind fixes several issues. This security issue was fixed: - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118). These non-security issues were fixed: - Updated named.root file (bsc#1040039) - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184) Important SUSE bug 1040039 SUSE bug 1047184 SUSE bug 1076118 CVE-2017-3145 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_85 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-ltss:12:sp2 Security update for openvswitch (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openvswitch fixes the following issues: * CVE-2017-9263: While parsing an OpenFlow role status message, there is a call to the abort() functio for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. (bsc#1041470) * CVE-2017-9265: Buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.(bsc#1041447) * CVE-2017-9214: While parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. (bsc#1040543) * CVE-2017-14970: In lib/ofp-util.c, there are multiple memory leaks while parsing malformed OpenFlow group mod messages.(bsc#1061310) Moderate SUSE bug 1040543 SUSE bug 1041447 SUSE bug 1041470 SUSE bug 1061310 CVE-2017-14970 CVE-2017-9214 CVE-2017-9263 CVE-2017-9265 cpe:/o:suse:sles:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a 'SECTION' type that has a '0' value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to 'no'. - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add '-z undefs' command line option as the inverse of the '-z defs' option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during 'objdump -D' execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). Moderate SUSE bug 1029907 SUSE bug 1029908 SUSE bug 1029909 SUSE bug 1030296 SUSE bug 1030297 SUSE bug 1030298 SUSE bug 1030584 SUSE bug 1030585 SUSE bug 1030588 SUSE bug 1030589 SUSE bug 1031590 SUSE bug 1031593 SUSE bug 1031595 SUSE bug 1031638 SUSE bug 1031644 SUSE bug 1031656 SUSE bug 1037052 SUSE bug 1037057 SUSE bug 1037061 SUSE bug 1037066 SUSE bug 1037273 SUSE bug 1044891 SUSE bug 1044897 SUSE bug 1044901 SUSE bug 1044909 SUSE bug 1044925 SUSE bug 1044927 SUSE bug 1065643 SUSE bug 1065689 SUSE bug 1065693 SUSE bug 1068640 SUSE bug 1068643 SUSE bug 1068887 SUSE bug 1068888 SUSE bug 1068950 SUSE bug 1069176 SUSE bug 1069202 SUSE bug 1074741 SUSE bug 1077745 SUSE bug 1079103 SUSE bug 1079741 SUSE bug 1080556 SUSE bug 1081527 SUSE bug 1083528 SUSE bug 1083532 SUSE bug 1085784 SUSE bug 1086608 SUSE bug 1086784 SUSE bug 1086786 SUSE bug 1086788 SUSE bug 1090997 SUSE bug 1091015 SUSE bug 1091365 SUSE bug 1091368 CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 cpe:/o:suse:sles-ltss:12:sp2 Security update for libXfont (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libXfont fixes several issues. These security issues were fixed: - CVE-2017-13720: Improper check for end of string in PatterMatch caused invalid reads (bsc#1054285) - CVE-2017-13722: Malformed PCF file could have caused DoS or leak information (bsc#1049692) - Prevent the X server from accessing arbitrary files as root. It is not possible to leak information, but special files can be touched allowing for causing side effects (bsc#1050459) Moderate SUSE bug 1049692 SUSE bug 1050459 SUSE bug 1054285 CVE-2017-13720 CVE-2017-13722 cpe:/o:suse:sles:12:sp2 Security update for ecryptfs-utils (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ecryptfs-utils fixes the following issues: - CVE-2015-8946: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning (bsc#989121) - CVE-2016-6224: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive (bsc#989122) Moderate SUSE bug 989121 SUSE bug 989122 CVE-2015-8946 CVE-2016-6224 cpe:/o:suse:sles:12:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) Non security issues fixed: - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Moderate SUSE bug 1094508 SUSE bug 1103276 SUSE bug 1111014 CVE-2018-15468 CVE-2018-17963 cpe:/o:suse:sles-ltss:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql96 to 9.6.10 fixes the following issues: These security issues were fixed: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199) - CVE-2018-10925: Add missing authorization check on certain statements involved with 'INSERT ... ON CONFLICT DO UPDATE'. An attacker with 'CREATE TABLE' privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain 'INSERT' and limited 'UPDATE' privileges to a particular table, they could have exploited this to update other columns in the same table (bsc#1104202) For addition details please see https://www.postgresql.org/docs/current/static/release-9-6-10.html Important SUSE bug 1104199 SUSE bug 1104202 CVE-2018-10915 CVE-2018-10925 cpe:/o:suse:sles-ltss:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-18027: Prevent memory leak vulnerability in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076051) - CVE-2017-18029: Prevent memory leak in the function ReadMATImage which allowed remote attackers to cause a denial of service via a crafted file (bsc#1076021) - CVE-2017-17681: Prevent infinite loop in the function ReadPSDChannelZip in coders/psd.c, which allowed attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file (bsc#1072901). - CVE-2017-18008: Prevent memory Leak in ReadPWPImage which allowed attackers to cause a denial of service via a PWP file (bsc#1074309). - CVE-2018-5685: Prevent infinite loop and application hang in the ReadBMPImage function. Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value (bsc#1075939) - CVE-2017-11639: Prevent heap-based buffer over-read in the WriteCIPImage() function, related to the GetPixelLuma function in MagickCore/pixel-accessor.h (bsc#1050635) - CVE-2017-11525: Prevent memory consumption in the ReadCINImage function that allowed remote attackers to cause a denial of service (bsc#1050098) - CVE-2017-9262: The ReadJNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043353). - CVE-2017-9261: The ReadMNGImage function in coders/png.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1043354). - CVE-2017-10995: The mng_get_long function in coders/png.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image (bsc#1047908). - CVE-2017-11539: Prevent memory leak in the ReadOnePNGImage() function in coders/png.c (bsc#1050037). - CVE-2017-11505: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050072). - CVE-2017-11526: The ReadOneMNGImage function in coders/png.c allowed remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file (bsc#1050100). - CVE-2017-11750: The ReadOneJNGImage function in coders/png.c allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1051442). - CVE-2017-12565: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052470). - CVE-2017-12676: Prevent memory leak in the function ReadOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052708). - CVE-2017-12673: Prevent memory leak in the function ReadOneMNGImage in coders/png.c, which allowed attackers to cause a denial of service (bsc#1052717). - CVE-2017-12671: Added NULL assignment in coders/png.c to prevent an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allowed attackers to cause a denial of service (bsc#1052721). - CVE-2017-12643: Prevent a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052768). - CVE-2017-12641: Prevent a memory leak vulnerability in ReadOneJNGImage in coders\png.c (bsc#1052777). - CVE-2017-12640: Prevent an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c (bsc#1052781). - CVE-2017-12935: The ReadMNGImage function in coders/png.c mishandled large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c (bsc#1054600). - CVE-2017-13059: Prevent memory leak in the function WriteOneJNGImage in coders/png.c, which allowed attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file (bsc#1055068). - CVE-2017-13147: Prevent allocation failure in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value (bsc#1055374). - CVE-2017-13142: Added additional checks for short files to prevent a crafted PNG file from triggering a crash (bsc#1055455). - CVE-2017-13141: Prevent memory leak in ReadOnePNGImage in coders/png.c (bsc#1055456). - CVE-2017-14103: The ReadJNGImage and ReadOneJNGImage functions in coders/png.c did not properly manage image pointers after certain error conditions, which allowed remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call (bsc#1057000). - CVE-2017-14649: ReadOneJNGImage in coders/png.c did not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash) (bsc#1060162). - CVE-2017-15218: Prevent memory leak in ReadOneJNGImage in coders/png.c (bsc#1062752). - CVE-2017-17504: Prevent heap-based buffer over-read via a crafted file in Magick_png_read_raw_profile, related to ReadOneMNGImage (bsc#1072362). - CVE-2017-17884: Prevent memory leak in the function WriteOnePNGImage in coders/png.c, which allowed attackers to cause a denial of service via a crafted PNG image file (bsc#1074120). - CVE-2017-17879: Prevent heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error (bsc#1074125). - CVE-2017-17914: Prevent crafted files to cause a large loop in ReadOneMNGImage (bsc#1074185). Moderate SUSE bug 1043353 SUSE bug 1043354 SUSE bug 1047908 SUSE bug 1050037 SUSE bug 1050072 SUSE bug 1050098 SUSE bug 1050100 SUSE bug 1050635 SUSE bug 1051442 SUSE bug 1052470 SUSE bug 1052708 SUSE bug 1052717 SUSE bug 1052721 SUSE bug 1052768 SUSE bug 1052777 SUSE bug 1052781 SUSE bug 1054600 SUSE bug 1055068 SUSE bug 1055374 SUSE bug 1055455 SUSE bug 1055456 SUSE bug 1057000 SUSE bug 1060162 SUSE bug 1062752 SUSE bug 1072362 SUSE bug 1072901 SUSE bug 1074120 SUSE bug 1074125 SUSE bug 1074185 SUSE bug 1074309 SUSE bug 1075939 SUSE bug 1076021 SUSE bug 1076051 CVE-2017-10995 CVE-2017-11505 CVE-2017-11525 CVE-2017-11526 CVE-2017-11539 CVE-2017-11639 CVE-2017-11750 CVE-2017-12565 CVE-2017-12640 CVE-2017-12641 CVE-2017-12643 CVE-2017-12671 CVE-2017-12673 CVE-2017-12676 CVE-2017-12935 CVE-2017-13059 CVE-2017-13141 CVE-2017-13142 CVE-2017-13147 CVE-2017-14103 CVE-2017-14649 CVE-2017-15218 CVE-2017-17504 CVE-2017-17681 CVE-2017-17879 CVE-2017-17884 CVE-2017-17914 CVE-2017-18008 CVE-2017-18027 CVE-2017-18029 CVE-2017-9261 CVE-2017-9262 CVE-2018-5246 CVE-2018-5685 cpe:/o:suse:sles:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sles-ltss:12:sp2 Security update for net-snmp (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Important SUSE bug 1027353 SUSE bug 1081164 SUSE bug 1102775 SUSE bug 1111122 CVE-2018-18065 cpe:/o:suse:sles-ltss:12:sp2 Security update for libsndfile (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libsndfile fixes the following issues: - CVE-2017-16942: Divide-by-zero in the function wav_w64_read_fmt_chunk(), which may lead to Denial of service (bsc#1069874). - CVE-2017-6892: Fixed an out-of-bounds read memory access in the aiff_read_chanmap() (bsc#1043978). - CVE-2017-14634: In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. (bsc#1059911) - CVE-2017-14245: An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. (bsc#1059912) - CVE-2017-14246: An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.(bsc#1059913) Moderate SUSE bug 1043978 SUSE bug 1059911 SUSE bug 1059912 SUSE bug 1059913 SUSE bug 1069874 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-16942 CVE-2017-6892 cpe:/o:suse:sles:12:sp2 Security update for smt (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Moderate SUSE bug 1104076 SUSE bug 1111056 CVE-2018-12472 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Important SUSE bug 1102682 SUSE bug 1107832 CVE-2018-14633 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Important SUSE bug 1109961 CVE-2018-11763 cpe:/o:suse:sles-ltss:12:sp2 Security update for wireshark (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Important SUSE bug 1111647 CVE-2018-12086 CVE-2018-18227 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T?BİTAK UEKAE K?k Sertifika Hizmet Sağlayıcısı - S?r?m 3 ACEDICOM Root Certinomis - Autorit? Racine T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı PSCProcert CA 沃通根证书, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Important SUSE bug 1012260 SUSE bug 1021577 SUSE bug 1026191 SUSE bug 1041469 SUSE bug 1041894 SUSE bug 1049703 SUSE bug 1061204 SUSE bug 1064786 SUSE bug 1065464 SUSE bug 1066489 SUSE bug 1073210 SUSE bug 1078436 SUSE bug 1091551 SUSE bug 1092697 SUSE bug 1094767 SUSE bug 1096515 SUSE bug 1107343 SUSE bug 1108771 SUSE bug 1108986 SUSE bug 1109363 SUSE bug 1109465 SUSE bug 1110506 SUSE bug 1110507 SUSE bug 703591 SUSE bug 839074 SUSE bug 857131 SUSE bug 893359 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 cpe:/o:suse:sles-ltss:12:sp2 Security update for libjpeg-turbo (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libjpeg-turbo fixes the following issues: Feature update: - Update from version 1.3.1 to version 1.5.2 (fate#324061). Security issue fixed: - CVE-2017-15232: Fix NULL pointer dereference in jdpostct.c and jquant1.c (bsc#1062937). Moderate SUSE bug 1062937 CVE-2017-15232 cpe:/o:suse:sles:12:sp2 security update for spice-vdagent (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for spice-vdagent provides the following fixes: This security issue was fixed: - CVE-2017-15108: Properly escape save directory that is passed to the shell to prevent local attacker with access to the session the agent runs from injecting arbitrary commands to be executed (bsc#1070724). This non-security issue was fixed: - Implement endian swapping, required for big-endian guests to connect to the spice client successfully. (bsc#1012215) Moderate SUSE bug 1012215 SUSE bug 1070724 CVE-2017-15108 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2 This update for MozillaFirefox to version 52.6 several issues. These security issues were fixed: - CVE-2018-5091: Use-after-free with DTMF timers (bsc#1077291). - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (bsc#1077291). - CVE-2018-5096: Use-after-free while editing form elements (bsc#1077291). - CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (bsc#1077291). - CVE-2018-5098: Use-after-free while manipulating form input elements (bsc#1077291). - CVE-2018-5099: Use-after-free with widget listener (bsc#1077291). - CVE-2018-5104: Use-after-free during font face manipulation (bsc#1077291). - CVE-2018-5089: Fixed several memory safety bugs (bsc#1077291). - CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (bsc#1077291). - CVE-2018-5102: Use-after-free in HTML media elements (bsc#1077291). - CVE-2018-5103: Use-after-free during mouse event handling (bsc#1077291). Important SUSE bug 1077291 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 cpe:/o:suse:sles-ltss:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for 'add support for sector-size= option' - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. Important SUSE bug 1106923 SUSE bug 1108835 SUSE bug 1109252 SUSE bug 1110445 SUSE bug 1111278 SUSE bug 1112024 SUSE bug 1113083 SUSE bug 1113632 SUSE bug 1113665 CVE-2018-15686 CVE-2018-15688 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bsc#1107832). - CVE-2018-5390: Fixed the possiblilty that the kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102682). Important SUSE bug 1102682 SUSE bug 1107832 CVE-2018-14633 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). - CVE-2018-18386: The drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bsc#1112039). Important SUSE bug 1103098 SUSE bug 1112039 CVE-2018-18386 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). - CVE-2018-18386: The drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bsc#1112039). Important SUSE bug 1103098 SUSE bug 1112039 CVE-2018-18386 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). - CVE-2018-18386: The drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bsc#1112039). Important SUSE bug 1103098 SUSE bug 1112039 CVE-2018-18386 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_85 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-ltss:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2 This update for qemu fixes the following issues: This update for qemu fixes the following issues: A mitigation for a security flaw has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling branch prediction features in the Intel CPU. (bsc#1068032) Important SUSE bug 1068032 CVE-2017-5715 cpe:/o:suse:sles:12:sp2 Security update for mariadb (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for mariadb to version 10.0.33 fixes several issues. These security issues were fixed: - CVE-2017-10378: Vulnerability in subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server (bsc#1064115). - CVE-2017-10268: Vulnerability in subcomponent: Server: Replication. Difficult to exploit vulnerability allowed high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data (bsc#1064101). These non-security issues were fixed: - CHECK TABLE no longer returns an error when run on a CONNECT table - 'Undo log record is too big.' error occurring in very narrow range of string lengths - Race condition between INFORMATION_SCHEMA.INNODB_SYS_TABLESTATS and ALTER/DROP/TRUNCATE TABLE - Wrong result after altering a partitioned table fixed bugs in InnoDB FULLTEXT INDEX - InnoDB FTS duplicate key error - InnoDB crash after failed ADD INDEX and table_definition_cache eviction - fts_create_doc_id() unnecessarily allocates 8 bytes for every inserted row - IMPORT TABLESPACE may corrupt ROW_FORMAT=REDUNDANT tables For additional details please see https://kb.askmonty.org/en/mariadb-10033-changelog Moderate SUSE bug 1058722 SUSE bug 1064101 SUSE bug 1064115 SUSE bug 1076505 CVE-2017-10268 CVE-2017-10378 cpe:/o:suse:sles:12:sp2 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libvirt provides several fixes. This security issue was fixed: - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead() method which allowed to cause DoS (bsc#1076500). These security issues were fixed: - Add a qemu hook script providing functionality similar to Xen's block-dmmd script. (fate#324177) - schema: Make disk driver name attribute optional. (bsc#1073973) - virt-create-rootfs: Handle all SLE 12 versions. (bsc#1072887) - libvirt-guests: Fix the 'stop' operation when action is 'suspend'. (bsc#1070130) Moderate SUSE bug 1070130 SUSE bug 1072887 SUSE bug 1073973 SUSE bug 1076500 CVE-2018-5748 cpe:/o:suse:sles:12:sp2 Security update for libxml2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libxml2 fixes one issue. This security issue was fixed: - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993) - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813) - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806) Moderate SUSE bug 1077993 SUSE bug 1078806 SUSE bug 1078813 CVE-2016-5131 CVE-2017-15412 CVE-2017-5130 cpe:/o:suse:sles:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Moderate SUSE bug 1112209 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles-ltss:12:sp2 Security update for rpm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Important SUSE bug 943457 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ghostscript fixes several issues. These security issues were fixed: - CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1050879). - CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c which allowed for DoS (bsc#1040643). - CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document (bsc#1032230). - CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050891). - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050889). - CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050888). - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document (bsc#1050887). - CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state structure, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184). - CVE-2016-10219: The intersect function in base/gxfill.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file (bsc#1032138). Moderate SUSE bug 1032138 SUSE bug 1032230 SUSE bug 1040643 SUSE bug 1050879 SUSE bug 1050887 SUSE bug 1050888 SUSE bug 1050889 SUSE bug 1050891 SUSE bug 1051184 CVE-2016-10219 CVE-2016-10317 CVE-2017-11714 CVE-2017-9216 CVE-2017-9612 CVE-2017-9726 CVE-2017-9727 CVE-2017-9739 CVE-2017-9835 cpe:/o:suse:sles:12:sp2 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql94 to 9.4.19 fixes the following security issue: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape() functions to malfunction (bsc#1104199). A dump/restore is not required for this update unless you use the functions query_to_xml, cursor_to_xml, cursor_to_xmlschema, query_to_xmlschema, and query_to_xml_and_xmlschema. In this case please see the first entry of https://www.postgresql.org/docs/9.4/static/release-9-4-18.html Important SUSE bug 1104199 CVE-2018-10915 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 964336 CVE-2018-15473 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). The following non-security bugs were fixed: - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382). - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382). - ARC: uaccess: dont use 'l' gcc inline asm constraint modifier (bnc#1012382). - Fix EX_SIZE. We do not have the patches that shave off parts of the exception data. - Fix build error in vma.c (bnc#1012382). - Fix mishandling of cases with MSR not being present (writing to MSR even though _state == -1). - Fix return value from ib[rs|pb]_enabled() - Input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382). - KVM: s390: Enable all facility bits that are known good for passthrough (bsc#1076806). - Kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076806). - Move RFI sysfs to a separate patch - Move the RFI debug code into separate patch. - Re-enable fixup detection by CPU type in case hypervisor call fails. - Revert 'Bluetooth: btusb: driver to enable the usb-wakeup feature' (bnc#1012382). - Revert 'Re-enable fixup detection by CPU type in case hypervisor call fails.' The firmware update is required for the existing instructions to also do the cache flush. - Revert 'arm64: alternatives: add enable parameter to conditional asm macros' (bsc#1068032). - Revert 'drm/armada: Fix compile fail' (bnc#1012382). - Revert 'drm/radeon: dont switch vt on suspend' (bnc#1012382). - Revert 'ipsec: Fix aborted xfrm policy dump crash' (kabi). - Revert 'kaiser: vmstat show NR_KAISERTABLE as nr_overhead' (kabi). - Revert 'lib/genalloc.c: make the avail variable an atomic_long_t' (kabi). - Revert 'module: Add retpoline tag to VERMAGIC' (bnc#1012382 kabi). - Revert 'netlink: add a start callback for starting a netlink dump' (kabi). - Revert 'ocfs2: should wait dio before inode lock in ocfs2_setattr()' (bnc#1012382). - Revert 's390/kbuild: enable modversions for symbols exported from asm' (bnc#1012382). - Revert 'sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks' (kabi). - Revert 'scsi: libsas: align sata_device's rps_resp on a cacheline' (kabi). - Revert 'spi: SPI_FSL_DSPI should depend on HAS_DMA' (bnc#1012382). - Revert 'userfaultfd: selftest: vm: allow to build in vm/ directory' (bnc#1012382). - Revert 'x86/efi: Build our own page table structures' (bnc#1012382). - Revert 'x86/efi: Hoist page table switching code into efi_call_virt()' (bnc#1012382). - Revert 'x86/mm/pat: Ensure cpa->pfn only contains page frame numbers' (bnc#1012382). - SMB2: Fix share type handling (bnc#1074392). - Set supported_modules_check 1 (bsc#1072163). - Update patches.suse/powerpc-Secure-memory-rfi-flush-SLE12SP3.patch (bsc#1068032, bsc#1075087). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382). - af_key: fix buffer overread in verify_address_len() (bnc#1012382). - afs: Adjust mode bits processing (bnc#1012382). - afs: Connect up the CB.ProbeUuid (bnc#1012382). - afs: Fix afs_kill_pages() (bnc#1012382). - afs: Fix missing put_page() (bnc#1012382). - afs: Fix page leak in afs_write_begin() (bnc#1012382). - afs: Fix the maths in afs_fs_store_data() (bnc#1012382). - afs: Flush outstanding writes when an fd is closed (bnc#1012382). - afs: Migrate vlocation fields to 64-bit (bnc#1012382). - afs: Populate and use client modification time (bnc#1012382). - afs: Populate group ID from vnode status (bnc#1012382). - afs: Prevent callback expiry timer overflow (bnc#1012382). - alpha: fix build failures (bnc#1012382). - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717). - alsa: aloop: Release cable upon open error path (bsc#1031717). - alsa: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds (bsc#1031717). - alsa: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines (bsc#1031717). - alsa: hda - Add mute led support for HP EliteBook 840 G3 (bsc#1031717). - alsa: hda - Add mute led support for HP ProBook 440 G4 (bsc#1031717). - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717). - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717). - alsa: hda - Fix click noises on Samsung Ativ Book 8 (bsc#1031717). - alsa: hda - Fix headset microphone detection for ASUS N551 and N751 (bsc#1031717). - alsa: hda - Fix mic regression by ASRock mobo fixup (bsc#1031717). - alsa: hda - Fix missing COEF init for ALC225/295/299 (bsc#1031717). - alsa: hda - Fix surround output pins for ASRock B150M mobo (bsc#1031717). - alsa: hda - On-board speaker fixup on ACER Veriton (bsc#1031717). - alsa: hda - Skip Realtek SKU check for Lenovo machines (bsc#1031717). - alsa: hda - add support for docking station for HP 820 G2 (bsc#1031717). - alsa: hda - add support for docking station for HP 840 G3 (bsc#1031717). - alsa: hda - change the location for one mic on a Lenovo machine (bsc#1031717). - alsa: hda - fix headset mic detection issue on a Dell machine (bsc#1031717). - alsa: hda - fix headset mic problem for Dell machines with alc274 (bsc#1031717). - alsa: hda/realtek - ALC891 headset mode for Dell (bsc#1031717). - alsa: hda/realtek - Add ALC256 HP depop function (bsc#1031717). - alsa: hda/realtek - Add default procedure for suspend and resume state (bsc#1031717). - alsa: hda/realtek - Add support for ALC1220 (bsc#1031717). - alsa: hda/realtek - Add support for Acer Aspire E5-475 headset mic (bsc#1031717). - alsa: hda/realtek - Add support for headset MIC for ALC622 (bsc#1031717). - alsa: hda/realtek - Enable jack detection function for Intel ALC700 (bsc#1031717). - alsa: hda/realtek - Fix ALC275 no sound issue (bsc#1031717). - alsa: hda/realtek - Fix Dell AIO LineOut issue (bsc#1031717). - alsa: hda/realtek - Fix headset and mic on several Asus laptops with ALC256 (bsc#1031717). - alsa: hda/realtek - Fix headset mic and speaker on Asus X441SA/X441UV (bsc#1031717). - alsa: hda/realtek - Fix headset mic on several Asus laptops with ALC255 (bsc#1031717). - alsa: hda/realtek - Fix pincfg for Dell XPS 13 9370 (bsc#1031717). - alsa: hda/realtek - Fix speaker support for Asus AiO ZN270IE (bsc#1031717). - alsa: hda/realtek - Fix typo of pincfg for Dell quirk (bsc#1031717). - alsa: hda/realtek - New codec device ID for ALC1220 (bsc#1031717). - alsa: hda/realtek - New codec support for ALC257 (bsc#1031717). - alsa: hda/realtek - New codec support of ALC1220 (bsc#1031717). - alsa: hda/realtek - New codecs support for ALC215/ALC285/ALC289 (bsc#1031717). - alsa: hda/realtek - No loopback on ALC225/ALC295 codec (bsc#1031717). - alsa: hda/realtek - Remove ALC285 device ID (bsc#1031717). - alsa: hda/realtek - Support Dell headset mode for ALC3271 (bsc#1031717). - alsa: hda/realtek - Support headset mode for ALC234/ALC274/ALC294 (bsc#1031717). - alsa: hda/realtek - There is no loopback mixer in the ALC234/274/294 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC225 (bsc#1031717). - alsa: hda/realtek - Update headset mode for ALC298 (bsc#1031717). - alsa: hda/realtek - change the location for one of two front microphones (bsc#1031717). - alsa: hda/realtek - fix headset mic detection for MSI MS-B120 (bsc#1031717). - alsa: hda: Drop useless WARN_ON() (bsc#1031717). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717). - alsa: pcm: prevent UAF in snd_pcm_info (bsc#1031717). - alsa: rawmidi: Avoid racy info ioctl via ctl device (bsc#1031717). - alsa: seq: Remove spurious WARN_ON() at timer check (bsc#1031717). - alsa: usb-audio: Add check return value for usb_string() (bsc#1031717). - alsa: usb-audio: Fix out-of-bound error (bsc#1031717). - alsa: usb-audio: Fix the missing ctl name suffix at parsing SU (bsc#1031717). - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382). - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032). - arm64: Add hypervisor safe helper for checking constant capabilities (bsc#1068032). - arm64: Add macros to read/write system registers (bsc#1068032). - arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032). - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032). - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032). - arm64: Disable kpti for non broadcast TLB HW (bsc#1068032). - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032). - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032). - arm64: Fix circular include of asm/lse.h through linux/jump_label.h (bsc#1068032). - arm64: Fix compilation (bsc#1068032). - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032). - arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032). - arm64: Initialise high_memory global variable earlier (bnc#1012382). - arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 (bsc#1068032). - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032). - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032). - arm64: Mask all exceptions during kernel_exit (bsc#1068032). - arm64: Move BP hardening to check_and_switch_context (bsc#1068032). - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032). - arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032). - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032). - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032). - arm64: Store struct thread_info in sp_el0 (bsc#1068032). - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032). - arm64: Use static keys for CPU features (bsc#1068032). - arm64: add macro to extract ESR_ELx.EC (bsc#1068032). - arm64: alternative: add auto-nop infrastructure (bsc#1068032). - arm64: barriers: introduce nops and __nops macros for NOP sequences (bsc#1068032). - arm64: cpu_errata: Allow an erratum to be match for all revisions of a core (bsc#1068032). - arm64: cpufeature: Add scope for capability check (bsc#1068032). - arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032). - arm64: debug: remove unused local_dbg_{enable, disable} macros (bsc#1068032). - arm64: do not pull uaccess.h into *.S (bsc#1068032). - arm64: entry.S convert el0_sync (bsc#1068032). - arm64: entry.S: Remove disable_dbg (bsc#1068032). - arm64: entry.S: convert el1_sync (bsc#1068032). - arm64: entry.S: convert elX_irq (bsc#1068032). - arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032). - arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032). - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032). - arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032). - arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032). - arm64: entry: remove pointless SPSR mode check (bsc#1068032). - arm64: explicitly mask all exceptions (bsc#1068032). - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032). - arm64: factor out entry stack manipulation (bsc#1068032). - arm64: factor work_pending state machine to C (bsc#1068032). - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382). - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032). - arm64: introduce an order for exceptions (bsc#1068032). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032). - arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032). - arm64: kill ESR_LNX_EXEC (bsc#1068032). - arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032). - arm64: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bnc#1012382). - arm64: kvm: Survive unknown traps from guests (bnc#1012382). - arm64: kvm: Use per-CPU vector when BP hardening is enabled (bsc#1068032). - arm64: kvm: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032). - arm64: mm: Allocate ASIDs in pairs (bsc#1068032). - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032). - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032). - arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032). - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032). - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032). - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Use non-global mappings for kernel space (bsc#1068032). - arm64: mm: hardcode rodata=true (bsc#1068032). - arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032). - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032). - arm64: sysreg: allow write_sysreg to use XZR (bsc#1068032). - arm64: tlbflush.h: add __tlbi() macro (bsc#1068032). - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032). - arm64: use RET instruction for exiting the trampoline (bsc#1068032). - arm64: use alternative auto-nop (bsc#1068032). - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032). - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382). - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382). - arm: OMAP2+: Fix device node reference counts (bnc#1012382). - arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382). - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382). - arm: avoid faulting on qemu (bnc#1012382). - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382). - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382). - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382). - arm: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio (bnc#1012382). - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382). - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382). - arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382). - arm: kvm: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm: kvm: Survive unknown traps from guests (bnc#1012382). - asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes). - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382). - asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382). - asoc: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure (bsc#1031717). - asoc: twl4030: fix child-node lookup (bsc#1031717). - asoc: wm_adsp: Fix validation of firmware and coeff lengths (bsc#1031717). - ath9k: fix tx99 potential info leak (bnc#1012382). - atm: horizon: Fix irq release error (bnc#1012382). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382). - axonram: Fix gendisk handling (bnc#1012382). - backlight: pwm_bl: Fix overflow condition (bnc#1012382). - bcache.txt: standardize document format (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: Fix building error on MIPS (bnc#1012382). - bcache: Remove deprecated create_workqueue (bsc#1076110). - bcache: Remove redundant block_size assignment (bsc#1076110). - bcache: Remove redundant parameter for cache_alloc() (bsc#1076110). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: debug: avoid accessing .bi_io_vec directly (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bnc#1012382). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix wrong cache_misses statistics (bnc#1012382). - bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110). - bcache: pr_err: more meaningful error message when nr_stripes is invalid (bsc#1076110). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652). - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085, bsc#1019784). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache: switch to using blk_queue_write_cache() (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: update document info (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - be2net: restore properly promisc mode after queues reconfiguration (bsc#963844). - block: export bio_free_pages to other modules (bsc#1076110). - block: wake up all tasks blocked in get_request() (bnc#1012382). - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382). - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382). - bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382). - bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382). - btrfs: account for pinned bytes in should_alloc_chunk (bsc#1066842). - btrfs: add missing memset while reading compressed inline extents (bnc#1012382). - btrfs: clear space cache inode generation always (bnc#1012382). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: gs_usb: fix return value of the 'set_bittiming' callback (bnc#1012382). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: kvaser_usb: free buf in error paths (bnc#1012382). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382). - can: peak: fix potential bug in packet fragmentation (bnc#1012382). - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - ceph: drop negative child dentries before try pruning inode's alias (bnc#1012382). - ceph: more accurate statfs (bsc#1077068). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382). - clk: mediatek: add the option for determining PLL source clock (bnc#1012382). - clk: tegra: Fix cclk_lp divisor register (bnc#1012382). - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382). - cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382). - cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382). - crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382). - crypto: chacha20poly1305 - validate the digest size (bnc#1012382). - crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382). - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382). - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382). - crypto: n2 - cure use after free (bnc#1012382). - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382). - crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382). - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382). - cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223). - dax: Pass detailed error code from __dax_fault() (bsc#1072484). - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382). - delay: add poll_event_interruptible (bsc#1048585). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382). - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382). - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() (bnc#1012382). - dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382). - dmaengine: pl330: fix double lock (bnc#1012382). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382). - drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032). - drivers/md/bcache/util.h: remove duplicate inclusion of blkdev.h (bsc#1076110). - drivers: base: cacheinfo: fix boot error message when acpi is enabled (bnc#1012382). - drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled (bnc#1012382). - drivers: net: xgene: Fix hardware checksum setting (bsc#1078526). - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382). - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382). - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382). - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382). - drm/radeon/si: add dpm quirk for Oland (bnc#1012382). - drm/radeon: fix atombios on big endian (bnc#1012382). - drm/radeon: reinstate oland workaround for sclk (bnc#1012382). - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382). - drm: extra printk() wrapper macros (bnc#1012382). - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382). - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382). - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382). - edac, sb_edac: Fix missing break in switch (bnc#1012382). - eeprom: at24: check at24_read/write arguments (bnc#1012382). - efi/esrt: Cleanup bad memory map log messages (bnc#1012382). - efi: Move some sysfs files to be read-only by root (bnc#1012382). - eventpoll.h: add missing epoll event masks (bnc#1012382). - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484). - ext4: fix crash when a directory's i_size is too small (bnc#1012382). - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382). - fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382). - fjes: Fix wrong netdevice feature flags (bnc#1012382). - flow_dissector: properly cap thoff field (bnc#1012382). - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382). - fork: clear thread stack upon allocation (bsc#1077560). Conflicts: series.conf - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382). - futex: Prevent overflow by strengthen input validation (bnc#1012382). - gcov: disable for COMPILE_TEST (bnc#1012382). - gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382). - gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382). - hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382). - hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382). - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382). - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382). - i40e: Do not enable NAPI on q_vectors that have no rings (bnc#1012382). - ib/hfi1: Correct defered count after processing qp_wait_list (git-fixes). - ib/hfi1: Fix rnr_timer addition (git-fixes). - ib/hfi1: Handle kzalloc failure in init_pervl_scs (git-fixes). - ib/hfi1: Move iowait_init() to priv allocate (git-fixes). - ib/hfi1: Prevent kernel QP post send hard lockups (git-fixes). - ib/hfi1: Reset QSFP on every run through channel tuning (git-fixes). - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes). - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382). - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382). - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382). - ib/qib: Remove qpt_mask global (git-fixes). - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (git-fixes). - ib/srpt: Disable RDMA access by the initiator (bnc#1012382). - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872). - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066). - ibmvnic: Fix IP offload control buffer (bsc#1076899). - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899). - ibmvnic: Fix pending MAC address changes (bsc#1075627). - ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872). - ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872). - ibmvnic: Wait for device response when changing MAC (bsc#1078681). - igb: check memory allocation failure (bnc#1012382). - ima: fix hash algorithm initialization (bnc#1012382). - inet: frag: release spinlock before calling icmp_send() (bnc#1012382). - input: 88pm860x-ts - fix child-node lookup (bnc#1012382). - input: elantech - add new icbody type 15 (bnc#1012382). - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382). - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382). - input: twl6040-vibra - fix DT node memory management (bnc#1012382). - input: twl6040-vibra - fix child-node lookup (bnc#1012382). - intel_th: pci: Add Gemini Lake support (bnc#1012382). - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382). - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382). - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382). - ipmi: Stop timers before cleaning up the module (bnc#1012382). - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382). - ipv4: igmp: guard against silly MTU values (bnc#1012382). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382). - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382). - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes). - ipv6: mcast: better catch silly mtu values (bnc#1012382). - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382). - ipvlan: fix ipv6 outbound device (bnc#1012382). - ipvlan: remove excessive packet scrubbing (bsc#1070799). - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382). - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382). - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bnc#1012382). - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382). - isdn: kcapi: avoid uninitialized data (bnc#1012382). - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382). - ixgbe: fix use of uninitialized padding (bnc#1012382). - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382). - jump_label: Make it possible for arches to invoke jump_label_init() earlier (bsc#1068032). - jump_labels: Allow array initialisers (bsc#1068032). - kABI: protect struct bpf_map (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect struct t10_alua_tg_pt_gp (kabi). - kabi fix for new hash_cred function (bsc#1012917). - kabi/severities: do not care about stuff_RSB - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382). - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382). - kernel/acct.c: fix the acct->needcheck check in check_free_space() (bnc#1012382). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (bnc#1012382). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (bnc#1012382). - kernel: make groups_sort calling a responsibility group_info allocators (bnc#1012382). - keys: add missing permission check for request_key() destination (bnc#1012382). - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382). - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382). - kpti: Report when enabled (bnc#1012382). - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382). - kvm: VMX: Fix enable VPID conditions (bnc#1012382). - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382). - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382). - kvm: arm/arm64: Fix occasional warning from the timer work function (bnc#1012382 bsc#988524). - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382). - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset (bnc#1012382). - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382). - kvm: s390: wire up bpb feature (bsc#1076806). - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382). - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382). - kvm: x86: Exit to user-mode on #UD intercept when emulator requires (bnc#1012382). - kvm: x86: correct async page present tracepoint (bnc#1012382). - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382). - kvm: x86: inject exceptions produced by x86_decode_insn (bnc#1012382). - kvm: x86: pvclock: Handle first-time write to pvclock-page contains random junk (bnc#1012382). - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382). - lan78xx: Fix failure in USB Full Speed (bnc#1012382). - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012382). - libata: drop WARN from protocol error in ata_sff_qc_issue() (bnc#1012382). - macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382). - md-cluster: free md_cluster_info if node leave cluster (bnc#1012382). - media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382). - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382). - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382). - mfd: twl6040: Fix child-node lookup (bnc#1012382). - mlxsw: reg: Fix SPVM max record count (bnc#1012382). - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382). - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1012382). - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP (bnc#1012382). - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382). - mm: Introduce lm_alias (bsc#1068032). - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers (bnc#1012382). - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382). - mmc: core: Do not leave the block driver in a suspended state (bnc#1012382). - mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382). - module: set __jump_table alignment to 8 (bnc#1012382). - more bio_map_user_iov() leak fixes (bnc#1012382). - mtd: nand: Fix writing mtdoops to nand flash (bnc#1012382). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382). - net/appletalk: Fix kernel memory disclosure (bnc#1012382). - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382). - net/packet: fix a race in packet_bind() and packet_notifier() (bnc#1012382). - net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382). - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces (bnc#1012382). - net: Fix double free and memory corruption in get_net_ns_by_id() (bnc#1012382). - net: Resend IGMP memberships upon peer notification (bnc#1012382). - net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382). - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382). - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values (bnc#1012382). - net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382). - net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (bnc#1012382). - net: core: fix module type in sock_diag_bind (bnc#1012382). - net: fec: fix multicast filtering hardware setup (bnc#1012382). - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382). - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382). - net: initialize msg.msg_flags in recvfrom (bnc#1012382). - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382). - net: mvneta: clear interface link status on port disable (bnc#1012382). - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382). - net: qdisc_pkt_len_init() should be more robust (bnc#1012382). - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382). - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382). - net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382). - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382). - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382). - net: systemport: Pad packet before inserting TSB (bnc#1012382). - net: systemport: Utilize skb_put_padto() (bnc#1012382). - net: tcp: close sock if net namespace is exiting (bnc#1012382). - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382). - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382). - netfilter: do not track fragmented packets (bnc#1012382). - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382). - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382). - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134). - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382). - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table (bnc#1012382). - netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382). - netlink: add a start callback for starting a netlink dump (bnc#1012382). - nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382). - nfs: Fix a typo in nfs_rename() (bnc#1012382). - nfs: improve shinking of access cache (bsc#1012917). - nfsd: Fix another OPEN stateid race (bnc#1012382). - nfsd: Fix stateid races between OPEN and CLOSE (bnc#1012382). - nfsd: Make init_open_stateid() a bit more whole (bnc#1012382). - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382). - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382). - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382). - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382). - nfsv4: Fix client recovery when server reboots multiple times (bnc#1012382). - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bnc#1012382). - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382). - packet: fix crash in fanout_demux_rollover() (bnc#1012382). - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel (bnc#1012382). - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382). - partially revert tipc improve link resiliency when rps is activated (bsc#1068038). - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382). - pci/AER: Report non-fatal errors only to the affected endpoint (bnc#1012382). - pci/PME: Handle invalid data when reading Root Status (bnc#1012382). - pci: Avoid bus reset if bridge itself is broken (bnc#1012382). - pci: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382). - pci: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382). - perf symbols: Fix symbols__fixup_end heuristic for corner cases (bnc#1012382). - perf test attr: Fix ignored test case result (bnc#1012382). - perf: xgene: Add support for SoC PMU version 3 (bsc#1076809). - perf: xgene: Include module.h (bsc#1076809). - perf: xgene: Move PMU leaf functions into function pointer structure (bsc#1076809). - perf: xgene: Parse PMU subnode from the match table (bsc#1076809). - perf: xgene: Remove unnecessary managed resources cleanup (bsc#1076809). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382). - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382). - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075087). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087). - powerpc/ipic: Fix status get and status clear (bnc#1012382). - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382). - powerpc/perf: Dereference BHRB entries safely (bsc#1066223). - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382). - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382). - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075087). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087). - ppp: Destroy the mutex when cleanup (bnc#1012382). - pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382). - pti: unbreak EFI (bsc#1074709). - r8152: fix the list rx_done may be used without initialization (bnc#1012382). - r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382). - r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382). - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382). - ravb: Remove Rx overflow log messages (bnc#1012382). - rbd: set max_segments to USHRT_MAX (bnc#1012382). - rdma/cma: Avoid triggering undefined behavior (bnc#1012382). - rdma/iser: Fix possible mr leak on device removal event (bnc#1012382). - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382). - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382). - rds: null pointer dereference in rds_atomic_free_op (bnc#1012382). - regulator: Try to resolve regulators supplies on registration (bsc#1074847). - regulator: core: Rely on regulator_dev_release to free constraints (bsc#1074847). - regulator: da9063: Return an error code on probe failure (bsc#1074847). - regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087). - ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382). - route: also update fnhe_genid when updating a route cache (bnc#1012382). - route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382). - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592). - rtc: pcf8563: fix output clock rate (bnc#1012382). - rtc: pl031: make interrupt optional (bnc#1012382). - rtc: set the alarm to the next expiring timer (bnc#1012382). - s390/pci: do not require AIS facility (bnc#1012382). - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1012382). - s390/runtime instrumentation: simplify task exit handling (bnc#1012382). - s390: always save and restore all registers on context switch (bnc#1012382). - s390: fix compat system call table (bnc#1012382). - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382). - sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382). - sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382). - sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382). - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382). - sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes). - sched/rt: Do not pull from current CPU if only one CPU to pull (bnc#1022476). - scsi: bfa: integer overflow in debugfs (bnc#1012382). - scsi: check for device state in __scsi_remove_target() (bsc#1072589). - scsi: cxgb4i: fix Tx skb leak (bnc#1012382). - scsi: fixup kernel warning during rmmod() (bsc#1052360). - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382). - scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382). - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382). - scsi: lpfc: Fix PT2PT PRLI reject (bnc#1012382). - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters (bnc#1012382). - scsi: lpfc: Fix secure firmware updates (bnc#1012382). - scsi: lpfc: PLOGI failures during NPIV testing (bnc#1012382). - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382). - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382). - scsi: sd: change manage_start_stop to bool in sysfs interface (bnc#1012382). - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382). - scsi: sr: wait for the medium to become ready (bsc#1048585). - sctp: Replace use of sockets_allocated with specified macro (bnc#1012382). - sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382). - sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382). - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (bnc#1012382). - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382). - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382). - selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382). - selftests/x86: Add test_vsyscall (bnc#1012382). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382). - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382). - series.conf: fix wrong bsc reference - series.conf: whitespace cleanup - sfc: do not warn on successful change of MAC (bnc#1012382). - sh_eth: fix SH7757 GEther initialization (bnc#1012382). - sh_eth: fix TSU resource handling (bnc#1012382). - sit: update frag_off info (bnc#1012382). - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382). - sparc64/mm: set fields in deferred pages (bnc#1012382). - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382). - spi: xilinx: Detect stall with Unknown commands (bnc#1012382). - spi_ks8995: fix 'BUG: key accdaa28 not in .data!' (bnc#1012382). - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (bnc#1012382). - sunrpc: Fix rpc_task_begin trace point (bnc#1012382). - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917). - sunrpc: add auth_unix hash_cred() function (bsc#1012917). - sunrpc: add generic_auth hash_cred() function (bsc#1012917). - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917). - sunrpc: replace generic auth_cred hash with auth-specific function (bsc#1012917). - sunrpc: use supplimental groups in auth hash (bsc#1012917). - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - sysrq : fix Show Regs call trace on ARM (bnc#1012382). - target/file: Do not return error for UNMAP if length is zero (bnc#1012382). - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() (bnc#1012382). - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK (bnc#1012382). - target: Use system workqueue for ALUA transitions (bnc#1012382). - target: fix ALUA transition timeout handling (bnc#1012382). - target: fix race during implicit transition work flushes (bnc#1012382). - target:fix condition return in core_pr_dump_initiator_port() (bnc#1012382). - tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382). - tcp: __tcp_hdrlen() helper (bnc#1012382). - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382). - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382). - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382). - thermal: hisilicon: Handle return value of clk_prepare_enable (bnc#1012382). - tipc: fix cleanup at module unload (bnc#1012382). - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382). - tipc: improve link resiliency when rps is activated (bsc#1068038). - tracing: Allocate mask_str buffer dynamically (bnc#1012382). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012382). - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382). - tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382). - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382). - tty fix oops when rmmod 8250 (bnc#1012382). - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382). - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382). - udf: Avoid overflow when session starts at large offset (bnc#1012382). - um: link vmlinux with -no-pie (bnc#1012382). - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382). - usb: Fix off by one in type-specific length check of BOS SSP capability (git-fixes). - usb: Increase usbfs transfer limit (bnc#1012382). - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382). - usb: core: Add type-specific length check of BOS descriptors (bnc#1012382). - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382). - usb: devio: Prevent integer overflow in proc_do_submiturb() (bnc#1012382). - usb: fix usbmon BUG trigger (bnc#1012382). - usb: gadget: configs: plug memory leak (bnc#1012382). - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382). - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping (bnc#1012382). - usb: gadget: udc: remove pointer dereference after free (bnc#1012382). - usb: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382). - usb: hub: Cycle HUB power when initialization fails (bnc#1012382). - usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382). - usb: musb: da8xx: fix babble condition handling (bnc#1012382). - usb: phy: isp1301: Add OF device ID table (bnc#1012382). - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes). - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382). - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382). - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382). - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382). - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382). - usb: serial: option: add Quectel BG96 id (bnc#1012382). - usb: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382). - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382). - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382). - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bnc#1012382). - usb: usbfs: Filter flags passed in from user space (bnc#1012382). - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382). - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382). - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382). - usbip: Fix implicit fallthrough warning (bnc#1012382). - usbip: Fix potential format overflow in userspace tools (bnc#1012382). - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382). - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (bnc#1012382). - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (bnc#1012382). - usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382). - usbip: prevent leaking socket pointer address in messages (bnc#1012382). - usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382). - usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382). - usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382). - usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382). - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382). - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382). - virtio: release virtio index when fail to device_register (bnc#1012382). - vmxnet3: repair memory leak (bnc#1012382). - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382). - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382). - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382). - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq (bnc#1012382). - writeback: fix memory leak in wb_queue_work() (bnc#1012382). - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078). - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382). - x509: fix printing uninitialized stack memory when OID is empty (bsc#1075078). - x86/Documentation: Add PTI description (bnc#1012382). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (bnc#1012382). - x86/alternatives: Fix optimize_nops() checking (bnc#1012382). - x86/apic/vector: Fix off by one in error path (bnc#1012382). - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382). - x86/cpu: Factor out application of forced CPU caps (bnc#1012382). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/efi-bgrt: Fix kernel panic when mapping BGRT data (bnc#1012382). - x86/efi-bgrt: Replace early_memremap() with memremap() (bnc#1012382). - x86/efi: Build our own page table structures (bnc#1012382). - x86/efi: Hoist page table switching code into efi_call_virt() (bnc#1012382). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bnc#1012382). - x86/hpet: Prevent might sleep splat on resume (bnc#1012382). - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382). - x86/kasan: Write protect kasan zero shadow (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382). - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382). - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (git-fixes). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (bnc#1012382). - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382). - x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382). - x86/pti: Document fix wrong index (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382). - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (bnc#1012382). - xen-netfront: Improve error handling during initialization (bnc#1012382). - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() (bnc#1012382). - xfrm: Copy policy family in clone_policy (bnc#1012382). - xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569). - xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569). - xfs: add 'fail at unmount' error handling configuration (bsc#1068569). - xfs: add configurable error support to metadata buffers (bsc#1068569). - xfs: add configuration handlers for specific errors (bsc#1068569). - xfs: add configuration of error failure speed (bsc#1068569). - xfs: address kabi for xfs buffer retry infrastructure (kabi). - xfs: configurable error behavior via sysfs (bsc#1068569). - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real (bnc#1012382). - xfs: fix log block underflow during recovery cycle verification (bnc#1012382). - xfs: fix up inode32/64 (re)mount handling (bsc#1069160). - xfs: introduce metadata IO error class (bsc#1068569). - xfs: introduce table-based init for error behaviors (bsc#1068569). - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569). - xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382). - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (bnc#1012382). - xhci: plat: Register shutdown for xhci_plat (bnc#1012382). - zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382). Important SUSE bug 1012382 SUSE bug 1012917 SUSE bug 1019784 SUSE bug 1022476 SUSE bug 1031717 SUSE bug 1038078 SUSE bug 1038085 SUSE bug 1043652 SUSE bug 1048585 SUSE bug 1052360 SUSE bug 1060279 SUSE bug 1066223 SUSE bug 1066842 SUSE bug 1068032 SUSE bug 1068038 SUSE bug 1068569 SUSE bug 1068984 SUSE bug 1069160 SUSE bug 1070799 SUSE bug 1072163 SUSE bug 1072484 SUSE bug 1072589 SUSE bug 1073229 SUSE bug 1073928 SUSE bug 1074134 SUSE bug 1074392 SUSE bug 1074488 SUSE bug 1074621 SUSE bug 1074709 SUSE bug 1074839 SUSE bug 1074847 SUSE bug 1075066 SUSE bug 1075078 SUSE bug 1075087 SUSE bug 1075091 SUSE bug 1075428 SUSE bug 1075617 SUSE bug 1075621 SUSE bug 1075627 SUSE bug 1075994 SUSE bug 1076017 SUSE bug 1076110 SUSE bug 1076806 SUSE bug 1076809 SUSE bug 1076872 SUSE bug 1076899 SUSE bug 1077068 SUSE bug 1077560 SUSE bug 1077592 SUSE bug 1078526 SUSE bug 1078681 SUSE bug 963844 SUSE bug 988524 CVE-2017-15129 CVE-2017-17712 CVE-2017-17862 CVE-2017-17864 CVE-2017-18017 CVE-2017-5715 CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333 cpe:/o:suse:sles:12:sp2 Security update for freetype2 (Important) SUSE Linux Enterprise Server 12 SP2 This update for freetype2 fixes the following security issues: - CVE-2016-10244: Make sure that the parse_charstrings function in type1/t1load.c does ensure that a font contains a glyph name to prevent a DoS through a heap-based buffer over-read or possibly have unspecified other impact via a crafted file (bsc#1028103) - CVE-2017-8105: Fix an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.ca (bsc#1035807) - CVE-2017-8287: an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c (bsc#1036457) - Fix several integer overflow issues in truetype/ttinterp.c (bsc#1079600) Important SUSE bug 1028103 SUSE bug 1035807 SUSE bug 1036457 SUSE bug 1079600 CVE-2016-10244 CVE-2017-7864 CVE-2017-8105 CVE-2017-8287 cpe:/o:suse:sles:12:sp2 Security update for ipsec-tools (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ipsec-tools fixes one issue. This security issue was fixed: - CVE-2016-10396: The racoon daemon contained a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments that allowed a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order (bsc#1047443). Moderate SUSE bug 1047443 CVE-2016-10396 cpe:/o:suse:sles:12:sp2 Security update for python-cryptography, python-pyOpenSSL (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) - avoid bad interaction with python-cryptography package. (bsc#1021578) Important SUSE bug 1021578 SUSE bug 1111634 SUSE bug 1111635 CVE-2018-1000807 CVE-2018-1000808 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Important SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117274 SUSE bug 1117313 SUSE bug 1117327 SUSE bug 1117331 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 cpe:/o:suse:sles-ltss:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Important SUSE bug 1110949 CVE-2018-17456 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-ltss:12:sp2 Security update for libqt5-qtbase (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Moderate SUSE bug 1118595 SUSE bug 1118596 CVE-2018-15518 CVE-2018-19873 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Important SUSE bug 1097410 SUSE bug 1106873 SUSE bug 1119069 SUSE bug 1119105 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/o:suse:sles-ltss:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Moderate SUSE bug 1106222 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1114422 CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 cpe:/o:suse:sles-ltss:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Important SUSE bug 1077358 SUSE bug 1099510 SUSE bug 1101288 SUSE bug 925502 SUSE bug 995352 CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 cpe:/o:suse:sles-ltss:12:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 12 SP2 This update for glibc fixes the following issues: Security issues fixed: - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293) Non security bugs fixed: - Release read lock after resetting timeout (bsc#1073990) Important SUSE bug 1037930 SUSE bug 1051791 SUSE bug 1073990 SUSE bug 1074293 SUSE bug 1079036 CVE-2017-12132 CVE-2017-8804 CVE-2018-1000001 CVE-2018-6485 CVE-2018-6551 cpe:/o:suse:sles:12:sp2 Security update for quagga (Important) SUSE Linux Enterprise Server 12 SP2 This update for quagga fixes the security following issues: - The Quagga BGP daemon contained a bug in the AS_PATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. [CVE-2017-16227, bsc#1065641] - The Quagga BGP daemon did not check whether data sent to peers via NOTIFY had an invalid attribute length. It was possible to exploit this issue and cause the bgpd process to leak sensitive information over the network to a configured peer. [CVE-2018-5378, bsc#1079798] - The Quagga BGP daemon used to double-free memory when processing certain forms of UPDATE messages. This issue could be exploited by sending an optional/transitive UPDATE attribute that all conforming eBGP speakers should pass along. Consequently, a single UPDATE message could have affected many bgpd processes across a wide area of a network. Through this vulnerability, attackers could potentially have taken over control of affected bgpd processes remotely. [CVE-2018-5379, bsc#1079799] - It was possible to overrun internal BGP code-to-string conversion tables in the Quagga BGP daemon. Configured peers could have exploited this issue and cause bgpd to emit debug and warning messages into the logs that would contained arbitrary bytes. [CVE-2018-5380, bsc#1079800] - The Quagga BGP daemon could have entered an infinite loop if sent an invalid OPEN message by a configured peer. If this issue was exploited, then bgpd would cease to respond to any other events. BGP sessions would have been dropped and not be reestablished. The CLI interface would have been unresponsive. The bgpd daemon would have stayed in this state until restarted. [CVE-2018-5381, bsc#1079801] Important SUSE bug 1065641 SUSE bug 1079798 SUSE bug 1079799 SUSE bug 1079800 SUSE bug 1079801 CVE-2017-16227 CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 cpe:/o:suse:sles:12:sp2 Security update for p7zip (Important) SUSE Linux Enterprise Server 12 SP2 This update for p7zip fixes the following issues: Security issues fixed: - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650) - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725) - CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978) Important SUSE bug 1077724 SUSE bug 1077725 SUSE bug 1077978 SUSE bug 984650 CVE-2016-1372 CVE-2017-17969 CVE-2018-5996 cpe:/o:suse:sles:12:sp2 Security update for dovecot22 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for dovecot22 fixes one issue. This security issue was fixed: - CVE-2017-15132: An abort of SASL authentication resulted in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion (bsc#1075608). Moderate SUSE bug 1075608 CVE-2017-15132 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen fixes several issues. These security issues were fixed: - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754: Prevent information leaks via side effects of speculative execution, aka 'Spectre' and 'Meltdown' attacks (bsc#1074562, bsc#1068032) - CVE-2017-15595: x86 PV guest OS users were able to cause a DoS (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking (bsc#1061081) - CVE-2017-17566: Prevent PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page (bsc#1070158). - CVE-2017-17563: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode (bsc#1070159). - CVE-2017-17564: Prevent guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode (bsc#1070160). - CVE-2017-17565: Prevent PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P (bsc#1070163). - CVE-2018-5683: The vga_draw_text function allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation (bsc#1076116). - CVE-2017-18030: The cirrus_invalidate_region function allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch (bsc#1076180). These non-security issues were fixed: - bsc#1051729: Prevent invalid symlinks after install of SLES 12 SP2 - bsc#1035442: Increased the value of LIBXL_DESTROY_TIMEOUT from 10 to 100 seconds. If many domUs shutdown in parallel the backends couldn't keep up - bsc#1027519: Added several upstream patches Important SUSE bug 1027519 SUSE bug 1035442 SUSE bug 1051729 SUSE bug 1061081 SUSE bug 1068032 SUSE bug 1070158 SUSE bug 1070159 SUSE bug 1070160 SUSE bug 1070163 SUSE bug 1074562 SUSE bug 1076116 SUSE bug 1076180 CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-5683 cpe:/o:suse:sles:12:sp2 Security update for postgresql96 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for postgresql96 to version 9.6.7 fixes the following issues: - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) A full changelog is available here: https://www.postgresql.org/docs/9.6/static/release-9-6-7.html Moderate SUSE bug 1077983 CVE-2018-1053 cpe:/o:suse:sles:12:sp2 Security update for libdb-4_8 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libdb-4_8 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) Moderate SUSE bug 1043886 cpe:/o:suse:sles:12:sp2 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119). These non-security issues were fixed: - Optimized if and when DNS client context and ports are initted (bsc#1073935) - Relax permission of dhclient-script for libguestfs (bsc#987170) - Modify dhclient-script to handle static route updates (bsc#1023415). - Use only the 12 least significant bits of an inbound packet's TCI value as the VLAN ID to fix some packages being wrongly discarded by the Linux packet filter. (bsc#1059061) Moderate SUSE bug 1023415 SUSE bug 1059061 SUSE bug 1073935 SUSE bug 1076119 SUSE bug 987170 CVE-2017-3144 cpe:/o:suse:sles:12:sp2 Security update for systemd (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for systemd fixes the following issues: Security issue fixed: - CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. This could be used by local attackers to gain privileges (bsc#1077925) Non Security issues fixed: - core: use id unit when retrieving unit file state (#8038) (bsc#1075801) - cryptsetup-generator: run cryptsetup service before swap unit (#5480) - udev-rules: all values can contain escaped double quotes now (#6890) - strv: fix buffer size calculation in strv_join_quoted() - tmpfiles: change ownership of symlinks too - stdio-bridge: Correctly propagate error - stdio-bridge: remove dead code - remove bus-proxyd (bsc#1057974) - core/timer: Prevent timer looping when unit cannot start (bsc#1068588) - Make systemd-timesyncd use the openSUSE NTP servers by default Previously systemd-timesyncd used the Google Public NTP servers time{1..4}.google.com - Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224) But we still ship a copy in /var. Users who want to use tmpfs on /tmp are supposed to add a symlink in /etc/ pointing to the copy shipped in /var. To support the update path we automatically create the symlink if tmp.mount in use is located in /usr. - Enable systemd-networkd on Leap distros only (bsc#1071311) Moderate SUSE bug 1057974 SUSE bug 1068588 SUSE bug 1071224 SUSE bug 1071311 SUSE bug 1075801 SUSE bug 1077925 CVE-2017-18078 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes the following issues: - CVE-2017-9405: A memory leak in the ReadICONImage function was fixed that could lead to DoS via memory exhaustion (bsc#1042911) - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1042824) - CVE-2017-11166: In ReadXWDImage in coders\xwd.c a memoryleak could have caused memory exhaustion via a crafted length (bsc#1048110) - CVE-2017-11170: ReadTGAImage in coders\tga.c allowed for memory exhaustion via invalid colors data in the header of a TGA or VST file (bsc#1048272) - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick allowed remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (bsc#1049375) - CVE-2017-11450: A remote denial of service in coders/jpeg.c was fixed (bsc#1049374) - CVE-2017-11528: ReadDIBImage in coders/dib.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050119) - CVE-2017-11530: ReadEPTImage in coders/ept.c allows remote attackers to cause DoS via memory exhaustion (bsc#1050122) - CVE-2017-11531: When ImageMagick processed a crafted file in convert, it could lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. (bsc#1050126) - CVE-2017-11533: A information leak by 1 byte due to heap-based buffer over-read in the WriteUILImage() in coders/uil.c was fixed (bsc#1050132) - CVE-2017-11537: When ImageMagick processed a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (bsc#1050048) - CVE-2017-11638, CVE-2017-11642: A NULL pointer dereference in theWriteMAPImage() in coders/map.c was fixed which could lead to a crash (bsc#1050617) - CVE-2017-12418: ImageMagick had memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (bsc#1052207) - CVE-2017-12427: ProcessMSLScript coders/msl.c allowed remote attackers to cause a DoS (bsc#1052248) - CVE-2017-12429: A memory exhaustion flaw in ReadMIFFImage in coders/miff.c was fixed, which allowed attackers to cause DoS (bsc#1052251) - CVE-2017-12432: In ImageMagick, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allowed attackers to cause a denial of service. (bsc#1052254) - CVE-2017-12566: A memory leak in ReadMVGImage in coders/mvg.c, could have allowed attackers to cause DoS (bsc#1052472) - CVE-2017-12654: The ReadPICTImage function in coders/pict.c in ImageMagick allowed attackers to cause a denial of service (memory leak) via a crafted file. (bsc#1052761) - CVE-2017-12663: A memory leak in WriteMAPImage in coders/map.c was fixed that could lead to a DoS via memory exhaustion (bsc#1052754) - CVE-2017-12664: ImageMagick had a memory leak vulnerability in WritePALMImage in coders/palm.c. (bsc#1052750) - CVE-2017-12665: ImageMagick had a memory leak vulnerability in WritePICTImage in coders/pict.c. (bsc#1052747) - CVE-2017-12668: ImageMagick had a memory leak vulnerability in WritePCXImage in coders/pcx.c. (bsc#1052688) - CVE-2017-12674: A CPU exhaustion in ReadPDBImage in coders/pdb.c was fixed, which allowed attackers to cause DoS (bsc#1052711) - CVE-2017-13058: In ImageMagick, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allowed attackers to cause a denial of service via a crafted file. (bsc#1055069) - CVE-2017-13131: A memory leak vulnerability was found in thefunction ReadMIFFImage in coders/miff.c, which allowed attackers tocause a denial of service (memory consumption in NewL (bsc#1055229) - CVE-2017-14060: A NULL Pointer Dereference issue in the ReadCUTImage function in coders/cut.c was fixed that could have caused a Denial of Service (bsc#1056768) - CVE-2017-14139: A memory leak vulnerability in WriteMSLImage in coders/msl.c was fixed. (bsc#1057163) - CVE-2017-14224: A heap-based buffer overflow in WritePCXImage in coders/pcx.c could lead to denial of service or code execution. (bsc#1058009) - CVE-2017-17682: A large loop vulnerability was fixed in ExtractPostscript in coders/wpg.c, which allowed attackers to cause a denial of service (CPU exhaustion) (bsc#1072898) - CVE-2017-17885: In ImageMagick, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allowed attackers to cause a denial of service via a crafted PICT image file. (bsc#1074119) - CVE-2017-17934: A memory leak in the function MSLPopImage and ProcessMSLScript could have lead to a denial of service (bsc#1074170) - CVE-2017-18028: A memory exhaustion in the function ReadTIFFImage in coders/tiff.c was fixed. (bsc#1076182) - CVE-2018-5357: ImageMagick had memory leaks in the ReadDCMImage function in coders/dcm.c. (bsc#1075821) - CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allowed remote attackers to cause a denial of service. (bsc#1078433) Moderate SUSE bug 1042824 SUSE bug 1042911 SUSE bug 1048110 SUSE bug 1048272 SUSE bug 1049374 SUSE bug 1049375 SUSE bug 1050048 SUSE bug 1050119 SUSE bug 1050122 SUSE bug 1050126 SUSE bug 1050132 SUSE bug 1050617 SUSE bug 1052207 SUSE bug 1052248 SUSE bug 1052251 SUSE bug 1052254 SUSE bug 1052472 SUSE bug 1052688 SUSE bug 1052711 SUSE bug 1052747 SUSE bug 1052750 SUSE bug 1052754 SUSE bug 1052761 SUSE bug 1055069 SUSE bug 1055229 SUSE bug 1056768 SUSE bug 1057163 SUSE bug 1058009 SUSE bug 1072898 SUSE bug 1074119 SUSE bug 1074170 SUSE bug 1075821 SUSE bug 1076182 SUSE bug 1078433 CVE-2017-11166 CVE-2017-11170 CVE-2017-11448 CVE-2017-11450 CVE-2017-11528 CVE-2017-11530 CVE-2017-11531 CVE-2017-11533 CVE-2017-11537 CVE-2017-11638 CVE-2017-11642 CVE-2017-12418 CVE-2017-12427 CVE-2017-12429 CVE-2017-12432 CVE-2017-12566 CVE-2017-12654 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12668 CVE-2017-12674 CVE-2017-13058 CVE-2017-13131 CVE-2017-14060 CVE-2017-14139 CVE-2017-14224 CVE-2017-17682 CVE-2017-17885 CVE-2017-17934 CVE-2017-18028 CVE-2017-9405 CVE-2017-9407 CVE-2018-5357 CVE-2018-6405 cpe:/o:suse:sles:12:sp2 Security update for openexr (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openexr fixes the following issues: * CVE-2017-9110: In OpenEXR, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. (bsc#1040107) * CVE-2017-9114: In OpenEXR, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. (bsc#1040114) * CVE-2017-12596: In OpenEXR, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it could have resulted in denial of service or possibly unspecified other impact. (bsc#1052522) Moderate SUSE bug 1040107 SUSE bug 1040114 SUSE bug 1052522 CVE-2017-12596 CVE-2017-9110 CVE-2017-9114 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-1000476: A CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allowed attackers to cause a denial of service (bsc#1074610). - CVE-2017-9409: The ReadMPCImage function in mpc.c allowed attackers to cause a denial of service (memory leak) via a crafted file (bsc#1042948). - CVE-2017-1000445: A NULL pointer dereference in the MagickCore component might have lead to denial of service (bsc#1074425). - CVE-2017-17680: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17882) (bsc#1072902). - CVE-2017-17882: Prevent a memory leak in the function ReadXPMImage in coders/xpm.c, which allowed attackers to cause a denial of service via a crafted XPM image file (a different vulnerability than CVE-2017-17680) (bsc#1074122). - CVE-2017-11449: coders/mpc did not enable seekable streams and thus could not validate blob sizes, which allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin (bsc#1049373). - CVE-2017-12430: A memory exhaustion in the function ReadMPCImage in coders/mpc.c allowed attackers to cause DoS (bsc#1052252). - CVE-2017-12642: Prevent a memory leak vulnerability in ReadMPCImage in coders\mpc.c via crafted file allowing for DoS (bsc#1052771). - CVE-2017-14249: A mishandled EOF check in ReadMPCImage in coders/mpc.c that lead to a division by zero in GetPixelCacheTileSize in MagickCore/cache.c allowed remote attackers to cause a denial of service via a crafted file (bsc#1058082). - Prevent memory leak via crafted file in pwp.c allowing for DoS (bsc#1051412) Moderate SUSE bug 1042948 SUSE bug 1049373 SUSE bug 1051412 SUSE bug 1052252 SUSE bug 1052771 SUSE bug 1058082 SUSE bug 1072902 SUSE bug 1074122 SUSE bug 1074425 SUSE bug 1074610 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-11449 CVE-2017-11751 CVE-2017-12430 CVE-2017-12642 CVE-2017-14249 CVE-2017-17680 CVE-2017-17882 CVE-2017-9409 cpe:/o:suse:sles:12:sp2 Security update for cups (Important) SUSE Linux Enterprise Server 12 SP2 This update for cups fixes the following issues: - CVE-2017-18190: Removed localhost.localdomain from list of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP command execution in conjunction with DNS rebinding. (bsc#1081557) Important SUSE bug 1081557 CVE-2017-18190 cpe:/o:suse:sles:12:sp2 Security update for wavpack (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for wavpack fixes the following issues: - CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172: Make sure upper and lower boundaries make sense, to avoid out of bounds memory reads that could lead to crashes or disclosing memory. (bsc#1021483) Moderate SUSE bug 1021483 CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 cpe:/o:suse:sles:12:sp2 Security update for squid (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for squid fixes the following issues: Security issues fixed: - CVE-2018-1000024: DoS fix caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (bsc#1077003). - CVE-2018-1000027: DoS fix caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bsc#1077006). Moderate SUSE bug 1077003 SUSE bug 1077006 CVE-2018-1000024 CVE-2018-1000027 cpe:/o:suse:sles:12:sp2 Security update for augeas (Low) SUSE Linux Enterprise Server 12 SP2 This update for augeas fixes the following issues: Security issue fixed: - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171). Low SUSE bug 1054171 CVE-2017-7555 cpe:/o:suse:sles:12:sp2 Security update for glibc (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for glibc fixes the following issues: - CVE-2017-12133: Avoid use-after-free read access in clntudp_call (bsc#1081556) Moderate SUSE bug 1081556 CVE-2017-12133 cpe:/o:suse:sles:12:sp2 Security update for shadow (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for shadow fixes the following issues: - CVE-2018-7169: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (bsc#1081294) Moderate SUSE bug 1081294 CVE-2018-7169 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-ibm fixes the following issues: - Removed java-1_8_0-ibm-alsa and java-1_8_0-ibm-plugin entries in baselibs.conf due to errors in osc source_validator Version update to 8.0.5.10 [bsc#1082810] * Security fixes: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ02608 Class Libraries: Change of namespace definitions with handlers that implement javax.xml.ws.handler.soap.soaphandler - IJ04280 Class Libraries: Deploy Upgrade to Oracle level 8u161-b12 - IJ03390 Class Libraries: JCL Upgrade to Oracle level 8u161-b12 - IJ04001 Class Libraries: Performance improvement with child process on AIX - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03440 Java Virtual Machine: Assertion failure during class creation - IJ03717 Java Virtual Machine: Assertion for gencon with concurrent scavenger on ZOS64 - IJ03513 Java Virtual Machine: Assertion in concurrent scavenger if initial heap memory size -Xms is set too low - IJ03994 Java Virtual Machine: Class.getmethods() does not return all methods - IJ03413 Java Virtual Machine: Hang creating thread after redefining classes - IJ03852 Java Virtual Machine: ICH408I message when groupaccess is specified with -xshareclasses - IJ03716 Java Virtual Machine: java/lang/linkageerror from sun/misc/unsafe.definean onymousclass() - IJ03116 Java Virtual Machine: java.fullversion string contains an extra space - IJ03347 Java Virtual Machine: java.lang.IllegalStateException in related class MemoryMXBean - IJ03878 Java Virtual Machine: java.lang.StackOverflowError is thrown when custom security manager in place - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ04248 JIT Compiler: ArrayIndexOutOfBoundsException is thrown when converting BigDecimal to String - IJ04250 JIT Compiler: Assertion failure with concurrentScavenge on Z14 - IJ03606 JIT Compiler: Java crashes with -version - IJ04251 JIT Compiler: JIT compiled method that takes advantage of AutoSIMD produces an incorrect result on x86 - IJ03854 JIT Compiler: JVM info message appears in stdout - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ03715 Security: Add additional support for the IBMJCEPlus provider, add support for new IBMJCEPlusFIPS provider - IJ03800 Security: A fix in CMS provider for KDB integrity - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl – Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl – SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE - PI93233 z/OS Extentions: Cipher.doFinal() fails when using AES/GCM/nopadding with AAD data of 13 bytes and a block size of 4081 to 4096 * Fixes in 8.0.5.7: - IJ02605 Class Libraries: Update IBM-1371 charset with new specification support - IJ02541 Java Virtual Machine: Assertions in GC when jvmti runs with Concurrent Scavenger - IJ02443 Java Virtual Machine: Committed eden region size is bigger than maximum eden region size - IJ02378 Java Virtual Machine: Existing signal action for SIG_IGN/SIG_DFL is not detected properly - IJ02758 JIT Compiler: Crash in JIT module during method compilation - IJ02733 JIT Compiler: Crash in jit module when compiling in non-default configuration * Fixes in 8.0.5.6: - IJ02283 Java Virtual Machine: IllegalAccessException due to a missing access check for the same class in MethodHandle apis - IJ02082 Java Virtual Machine: The default value for class unloading kick off threshold is not set - IJ02018 JIT Compiler: Crash or assertion while attempting to acquire VM access - IJ02284 JIT Compiler: Division by zero in JIT compiler - IV88941 JIT Compiler: JIT compiler takes far too long to compile a method - IJ02285 JIT Compiler: Performance degradation during class unloading in Java 8 SR5 - Support Java jnlp files run from Firefox. [bsc#1076390] Important SUSE bug 1076390 SUSE bug 1082810 SUSE bug 929900 SUSE bug 955131 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2638 CVE-2018-2639 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed in OpenJDK 7u171 (January 2018 CPU)(bsc#1076366): - CVE-2018-2579: Improve key keying case - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages - CVE-2018-2603: Improve PKCS usage - CVE-2018-2618: Stricter key generation - CVE-2018-2629: Improve GSS handling - CVE-2018-2633: Improve LDAP lookup robustness - CVE-2018-2634: Improve property negotiations - CVE-2018-2637: Improve JMX supportive features - CVE-2018-2641: Improve GTK initialization - CVE-2018-2663: More refactoring for deserialization cases - CVE-2018-2677: More refactoring for client deserialization cases - CVE-2018-2678: More refactoring for naming Important SUSE bug 1076366 CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/o:suse:sles:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_8_0-openjdk fixes the following issues: Security issues fix in jdk8u161 (icedtea 3.7.0)(bsc#1076366): - CVE-2018-2579: Improve key keying case - CVE-2018-2582: Better interface invocations - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages - CVE-2018-2603: Improve PKCS usage - CVE-2018-2618: Stricter key generation - CVE-2018-2629: Improve GSS handling - CVE-2018-2633: Improve LDAP lookup robustness - CVE-2018-2634: Improve property negotiations - CVE-2018-2637: Improve JMX supportive features - CVE-2018-2641: Improve GTK initialization - CVE-2018-2663: More refactoring for deserialization cases - CVE-2018-2677: More refactoring for client deserialization cases - CVE-2018-2678: More refactoring for naming deserialization cases Important SUSE bug 1076366 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/o:suse:sles:12:sp2 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for postgresql94 fixes the following issues: PostgreSQL was updated to version 9.4.15, the full release notes are here: https://www.postgresql.org/docs/9.4/static/release-9-4-15.html - CVE-2018-1053: Ensure that all temporary files made by pg_upgrade are non-world-readable. (bsc#1077983) Moderate SUSE bug 1077983 CVE-2018-1053 cpe:/o:suse:sles:12:sp2 Security update for kernel-firmware (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for kernel-firmware fixes the following issues: - CVE-2015-1142857: Add 7.13.1.0 bnx2x firmware files to fix a ethernet flow control vulnerability in SRIOV devices (bsc#1077355) Moderate SUSE bug 1077355 CVE-2015-1142857 cpe:/o:suse:sles:12:sp2 Security update for libcdio (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libcdio fixes the following issues: - CVE-2017-18201: Fixed a double free vulnerability (bsc#1082877). Moderate SUSE bug 1082877 CVE-2017-18201 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_1-ibm fixes the following issues: The version was updated to 7.1.4.20 [bsc#1082810] * Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE - IJ02284 JIT Compiler: Division by zero in JIT compiler * SUSE fixes: - Make it possible to run Java jnlp files from Firefox. (bsc#1057460) - Fixed symlinks to policy files on update [bsc#1085018] - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390] - Fix javaws segfaults when java expiration timer has elapsed. [bsc#929900] - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR 110991601735. [bsc#966304] Important SUSE bug 1057460 SUSE bug 1076390 SUSE bug 1082810 SUSE bug 1085018 SUSE bug 929900 SUSE bug 955131 SUSE bug 966304 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/o:suse:sles:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2 This update for mariadb fixes the following issues: MariaDB was updated to 10.0.34 (bsc#1078431) The following security vulnerabilities are fixed: - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. - CVE-2018-2622: Vulnerability in the MySQL Server subcomponent: Server: DDL. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2640: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2665: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2668: Vulnerability in the MySQL Server subcomponent: Server: Optimizer. Easily exploitable vulnerability allowed low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. - CVE-2018-2612: Vulnerability in the MySQL Server subcomponent: InnoDB. Easily exploitable vulnerability allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The MariaDB external release notes and changelog for this release: * https://kb.askmonty.org/en/mariadb-10034-release-notes * https://kb.askmonty.org/en/mariadb-10034-changelog Important SUSE bug 1078431 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 cpe:/o:suse:sles:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2 This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws (boo#1085207 CVE-2017-5715) - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 1000140 - Updates - SNB D2 6-2a-7:12 29->2d - JKT C1 6-2d-6:6d 619->61c - JKT C2 6-2d-7:6d 710->713 - IVB E2 6-3a-9:12 1c->1f - IVT C0 6-3e-4:ed 428->42c - IVT D1 6-3e-7:ed 70d->713 - HSW Cx/Dx 6-3c-3:32 22->24 - HSW-ULT Cx/Dx 6-45-1:72 20->23 - CRW Cx 6-46-1:32 17->19 - HSX C0 6-3f-2:6f 3a->3c - HSX-EX E0 6-3f-4:80 0f->11 - BDW-U/Y E/F 6-3d-4:c0 25->2a - BDW-H E/G 6-47-1:22 17->1d - BDX-DE V0/V1 6-56-2:10 0f->15 - BDW-DE V2 6-56-3:10 700000d->7000012 - BDW-DE Y0 6-56-4:10 f00000a->f000011 - SKL-U/Y D0 6-4e-3:c0 ba->c2 - SKL R0 6-5e-3:36 ba->c2 - KBL-U/Y H0 6-8e-9:c0 62->84 - KBL B0 6-9e-9:2a 5e->84 - CFL D0 6-8e-a:c0 70->84 - CFL U0 6-9e-a:22 70->84 - CFL B0 6-9e-b:02 72->84 - SKX H0 6-55-4:b7 2000035->2000043 Important SUSE bug 1085207 CVE-2017-5715 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform. - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes. - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top. - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack. Important SUSE bug 1068032 CVE-2017-5715 CVE-2017-5753 cpe:/o:suse:sles:12:sp2 Security update for xmltooling (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for xmltooling fixes the following issues: - CVE-2018-0489: Fixed a security bug when xmltooling mishandled digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486. (bsc#1083247) Moderate SUSE bug 1083247 CVE-2018-0486 CVE-2018-0489 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_1-ibm fixes the following issue: The version was updated to 7.1.4.20 [bsc#1082810] * Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 * Defect fixes: - IJ04281 Class Libraries: Startup time increase after applying apar IV96905 - IJ03822 Class Libraries: Update timezone information to tzdata2017c - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01 - IJ04282 Security: Change in location and default of jurisdiction policy files - IJ03853 Security: IBMCAC provider does not support SHA224 - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot specification attribute - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE - IJ02284 JIT Compiler: Division by zero in JIT compiler * SUSE fixes: - Make it possible to run Java jnlp files from Firefox. (bsc#1057460) - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390] - Fix javaws segfaults when java expiration timer has elapsed. [bsc#929900] - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR 110991601735. [bsc#966304] - Ensure that all Java policy files are symlinked into the proper file system locations. Without those symlinks, several OES iManager plugins did not function properly. [bsc#1085018] Important SUSE bug 1057460 SUSE bug 1076390 SUSE bug 1082810 SUSE bug 1085018 SUSE bug 929900 SUSE bug 955131 SUSE bug 966304 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 cpe:/o:suse:sles:12:sp2 Security update for crash (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for crash fixes the following issues: - Exclude openSUSE from RT KMP build (bsc#1013843) This update also rebuilds the crash kernel module packages with retpoline support to mitigate Spectre Variant 2. (bsc#1068032 CVE-2017-5715) Moderate SUSE bug 1013843 SUSE bug 1068032 CVE-2017-5715 cpe:/o:suse:sles:12:sp2 Security update for postgresql96 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for postgresql96 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.6/static/release-9-6-8.html Moderate SUSE bug 1081925 CVE-2018-1058 cpe:/o:suse:sles:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for curl fixes the following issues: Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521). - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524). - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532). Moderate SUSE bug 1084521 SUSE bug 1084524 SUSE bug 1084532 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 cpe:/o:suse:sles:12:sp2 Security update for libvorbis (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for libvorbis fixes the following issues: - CVE-2018-5146: Fixed out of bounds memory write while processing Vorbis audio data (bsc#1085687). Moderate SUSE bug 1085687 CVE-2018-5146 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2 The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver was fixed. (bnc#1072865). - CVE-2017-15951: The KEYS subsystem did not correctly synchronize the actions of updating versus finding a key in the 'negative' state to avoid a race condition, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls (bnc#1062840 bnc#1065615). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). - CVE-2017-17975: Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure (bnc#1074426). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a denial of service (memory consumption) by triggering an out-of-array error case (bnc#1085053). - CVE-2018-1000026: A insufficient input validation vulnerability in the bnx2x network card driver could result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384). - CVE-2018-1068: Insufficient user provided offset checking in the ebtables compat code allowed local attackers to overwrite kernel memory and potentially execute code. (bsc#1085107) The following non-security bugs were fixed: - acpi / bus: Leave modalias empty for devices which are not present (bnc#1012382). - acpi: sbshc: remove raw pointer from printk() message (bnc#1012382). - Add delay-init quirk for Corsair K70 RGB keyboards (bnc#1012382). - add ip6_make_flowinfo helper (bsc#1042286). - ahci: Add Intel Cannon Lake PCH-H PCI ID (bnc#1012382). - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI (bnc#1012382). - ahci: Annotate PCI ids for mobile Intel chipsets as such (bnc#1012382). - alpha: fix crash if pthread_create races with signal delivery (bnc#1012382). - alpha: fix reboot on Avanti platform (bnc#1012382). - alsa: hda/ca0132 - fix possible NULL pointer use (bnc#1012382). - alsa: hda - Fix headset mic detection problem for two Dell machines (bnc#1012382). - alsa: hda/realtek - Add headset mode support for Dell laptop (bsc#1031717). - alsa: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012382). - alsa: hda - Reduce the suspend time consumption for ALC256 (bsc#1031717). - alsa: hda - Use IS_REACHABLE() for dependency on input (bsc#1031717). - alsa: seq: Fix racy pool initializations (bnc#1012382). - alsa: seq: Fix regression by incorrect ioctl_mutex usages (bnc#1012382). - alsa: usb-audio: add implicit fb quirk for Behringer UFX1204 (bnc#1012382). - alsa: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bnc#1012382). - amd-xgbe: Fix unused suspend handlers build warning (bnc#1012382). - arm64: define BUG() instruction without CONFIG_BUG (bnc#1012382). - arm64: Disable unhandled signal log messages by default (bnc#1012382). - arm64: dts: add #cooling-cells to CPU nodes (bnc#1012382). - arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set (bnc#1012382). - arm: 8731/1: Fix csum_partial_copy_from_user() stack mismatch (bnc#1012382). - arm: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function (bnc#1012382). - arm: dts: am4372: Correct the interrupts_properties of McASP (bnc#1012382). - arm: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen (bnc#1012382). - arm: dts: ls1021a: fix incorrect clock references (bnc#1012382). - arm: dts: s5pv210: add interrupt-parent for ohci (bnc#1012382). - arm: dts: STi: Add gpio polarity for 'hdmi,hpd-gpio' property (bnc#1012382). - arm: kvm: Fix SMCCC handling of unimplemented SMC/HVC calls (bnc#1012382). - arm: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context (bnc#1012382). - arm: omap2: hide omap3_save_secure_ram on non-OMAP3 builds (git-fixes). - arm: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012382). - arm: spear13xx: Fix dmas cells (bnc#1012382). - arm: spear13xx: Fix spics gpio controller's warning (bnc#1012382). - arm: spear600: Add missing interrupt-parent of rtc (bnc#1012382). - arm: tegra: select USB_ULPI from EHCI rather than platform (bnc#1012382). - asoc: au1x: Fix timeout tests in au1xac97c_ac97_read() (bsc#1031717). - asoc: Intel: Kconfig: fix build when acpi is not enabled (bnc#1012382). - asoc: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' (bsc#1031717). - asoc: mediatek: add i2c dependency (bnc#1012382). - asoc: nuc900: Fix a loop timeout test (bsc#1031717). - asoc: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - asoc: rockchip: disable clock on error (bnc#1012382). - asoc: rockchip: use __maybe_unused to hide st_irq_syscfg_resume (bnc#1012382). - asoc: rsnd: avoid duplicate free_irq() (bnc#1012382). - asoc: rsnd: do not call free_irq() on Parent SSI (bnc#1012382). - asoc: simple-card: Fix misleading error message (bnc#1012382). - asoc: ux500: add MODULE_LICENSE tag (bnc#1012382). - ata: ahci_xgene: free structure returned by acpi_get_object_info() (bsc#1082979). - b2c2: flexcop: avoid unused function warnings (bnc#1012382). - binder: add missing binder_unlock() (bnc#1012382). - binder: check for binder_thread allocation failure in binder_poll() (bnc#1012382). - binfmt_elf: compat: avoid unused function warning (bnc#1012382). - blacklist.conf: commit fd5f7cde1b85d4c8e09 ('printk: Never set console_may_schedule in console_trylock()') - blktrace: fix unlocked registration of tracepoints (bnc#1012382). - bluetooth: btsdio: Do not bind to non-removable BCM43341 (bnc#1012382). - bluetooth: btusb: Restore QCA Rome suspend/resume fix with a 'rewritten' version (bnc#1012382). - bnx2x: Improve reliability in case of nested PCI errors (bnc#1012382). - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine (bnc#1012382). - bpf: arsh is not supported in 32 bit alu thus reject it (bnc#1012382). - bpf: avoid false sharing of map refcount with max_entries (bnc#1012382). - bpf: fix 32-bit divide by zero (bnc#1012382). - bpf: fix bpf_tail_call() x64 JIT (bnc#1012382). - bpf: fix divides by zero (bnc#1012382). - bpf: introduce BPF_JIT_ALWAYS_ON config (bnc#1012382). - bpf: reject stores into ctx via st and xadd (bnc#1012382). - bridge: implement missing ndo_uninit() (bsc#1042286). - bridge: move bridge multicast cleanup to ndo_uninit (bsc#1042286). - btrfs: copy fsid to super_block s_uuid (bsc#1080774). - btrfs: fix crash due to not cleaning up tree log block's dirty bits (bnc#1012382). - btrfs: fix deadlock in run_delalloc_nocow (bnc#1012382). - btrfs: fix deadlock when writing out space cache (bnc#1012382). - btrfs: fix kernel oops while reading compressed data (bsc#1081671). - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree (bnc#1012382). - btrfs: Fix quota reservation leak on preallocated files (bsc#1079989). - btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012382). - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker (bnc#1012382). - can: flex_can: Correct the checking for frame length in flexcan_start_xmit() (bnc#1012382). - cdrom: turn off autoclose by default (bsc#1080813). - cfg80211: check dev_set_name() return value (bnc#1012382). - cfg80211: fix cfg80211_beacon_dup (bnc#1012382). - cifs: dump IPC tcon in debug proc file (bsc#1071306). - cifs: Fix autonegotiate security settings mismatch (bnc#1012382). - cifs: Fix missing put_xid in cifs_file_strict_mmap (bnc#1012382). - cifs: make IPC a regular tcon (bsc#1071306). - cifs: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (bsc#1071306). - cifs: zero sensitive data when freeing (bnc#1012382). - clk: fix a panic error caused by accessing NULL pointer (bnc#1012382). - console/dummy: leave .con_font_get set to NULL (bnc#1012382). - cpufreq: Add Loongson machine dependencies (bnc#1012382). - crypto: aesni - handle zero length dst buffer (bnc#1012382). - crypto: af_alg - whitelist mask and type (bnc#1012382). - crypto: caam - fix endless loop when DECO acquire fails (bnc#1012382). - crypto: cryptd - pass through absence of ->setkey() (bnc#1012382). - crypto: hash - introduce crypto_hash_alg_has_setkey() (bnc#1012382). - crypto: poly1305 - remove ->setkey() method (bnc#1012382). - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode (bnc#1012382). - crypto: tcrypt - fix S/G table for test_aead_speed() (bnc#1012382). - crypto: x86/twofish-3way - Fix %rbp usage (bnc#1012382). - cw1200: fix bogus maybe-uninitialized warning (bnc#1012382). - dccp: limit sk_filter trim to payload (bsc#1042286). - dell-wmi, dell-laptop: depends DMI (bnc#1012382). - dlm: fix double list_del() (bsc#1082795). - dlm: fix NULL pointer dereference in send_to_sock() (bsc#1082795). - dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved (bnc#1012382). - dmaengine: dmatest: fix container_of member in dmatest_callback (bnc#1012382). - dmaengine: ioat: Fix error handling path (bnc#1012382). - dmaengine: jz4740: disable/unprepare clk if probe fails (bnc#1012382). - dmaengine: zx: fix build warning (bnc#1012382). - dm: correctly handle chained bios in dec_pending() (bnc#1012382). - dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock (bnc#1012382). - do not put symlink bodies in pagecache into highmem (bnc#1012382). - dpt_i2o: fix build warning (bnc#1012382). - driver-core: use 'dev' argument in dev_dbg_ratelimited stub (bnc#1012382). - drivers/net: fix eisa_driver probe section mismatch (bnc#1012382). - drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) (bnc#1012382). - drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode (bnc#1012382). - drm/amdkfd: Fix SDMA oversubsription handling (bnc#1012382). - drm/amdkfd: Fix SDMA ring buffer size calculation (bnc#1012382). - drm/armada: fix leak of crtc structure (bnc#1012382). - drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA (bnc#1012382). - drm/gma500: remove helper function (bnc#1012382). - drm/gma500: Sanity-check pipe index (bnc#1012382). - drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized (bnc#1012382). - drm/nouveau/pci: do a msi rearm on init (bnc#1012382). - drm/radeon: adjust tested variable (bnc#1012382). - drm: rcar-du: Fix race condition when disabling planes at CRTC stop (bnc#1012382). - drm: rcar-du: Use the VBK interrupt for vblank events (bnc#1012382). - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all (bnc#1012382). - drm/ttm: check the return value of kzalloc (bnc#1012382). - drm/vmwgfx: use *_32_bits() macros (bnc#1012382). - e1000: fix disabling already-disabled warning (bnc#1012382). - edac, octeon: Fix an uninitialized variable warning (bnc#1012382). - em28xx: only use mt9v011 if camera support is enabled (bnc#1012382). - enable DST_CACHE in non-vanilla configs except s390x/zfcpdump - ext4: correct documentation for grpid mount option (bnc#1012382). - ext4: do not unnecessarily allocate buffer in recently_deleted() (bsc#1080344). - ext4: Fix data exposure after failed AIO DIO (bsc#1069135 bsc#1082864). - ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012382). - f2fs: fix a bug caused by NULL extent tree (bsc#1082478). While this fs is not supported by SLE it affects opensuse users so let's add it to our kernel for opensuse merging. - fbdev: auo_k190x: avoid unused function warnings (bnc#1012382). - fbdev: s6e8ax0: avoid unused function warnings (bnc#1012382). - fbdev: sis: enforce selection of at least one backend (bnc#1012382). - fbdev: sm712fb: avoid unused function warnings (bnc#1012382). - flow_dissector: Check skb for VLAN only if skb specified (bsc#1042286). - flow_dissector: fix vlan tag handling (bsc#1042286). - flow_dissector: For stripped vlan, get vlan info from skb->vlan_tci (bsc#1042286). - ftrace: Remove incorrect setting of glob search field (bnc#1012382). - geneve: fix populating tclass in geneve_get_v6_dst (bsc#1042286). - genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg (bnc#1012382). - genksyms: Fix segfault with invalid declarations (bnc#1012382). - gianfar: fix a flooded alignment reports because of padding issue (bnc#1012382). - go7007: add MEDIA_CAMERA_SUPPORT dependency (bnc#1012382). - gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE (bnc#1012382). - gpio: intel-mid: Fix build warning when !CONFIG_PM (bnc#1012382). - gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - gpio: xgene: mark PM functions as __maybe_unused (bnc#1012382). - grace: replace BUG_ON by WARN_ONCE in exit_net hook (bnc#1012382). - gre: build header correctly for collect metadata tunnels (bsc#1042286). - gre: do not assign header_ops in collect metadata mode (bsc#1042286). - gre: do not keep the GRE header around in collect medata mode (bsc#1042286). - gre: reject GUE and FOU in collect metadata mode (bsc#1042286). - hdpvr: hide unused variable (bnc#1012382). - hid: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working (bnc#1012382). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bnc#1012382). - hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) (bnc#1012382). - hwmon: (pmbus) Use 64bit math for DIRECT format values (bnc#1012382). - hwrng: exynos - use __maybe_unused to hide pm functions (bnc#1012382). - i2c: remove __init from i2c_register_board_info() (bnc#1012382). - ib/ipoib: Fix race condition in neigh creation (bnc#1012382). - ib/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports (bnc#1012382). - ib/mlx4: Fix mlx4_ib_alloc_mr error flow (bnc#1012382). - ibmvnic: Account for VLAN header length in TX buffers (bsc#1085239). - ibmvnic: Account for VLAN tag in L2 Header descriptor (bsc#1085239). - ibmvnic: Allocate max queues stats buffers (bsc#1081498). - ibmvnic: Allocate statistics buffers during probe (bsc#1082993). - ibmvnic: Check for NULL skb's in NAPI poll routine (bsc#1081134, git-fixes). - ibmvnic: Clean RX pool buffers during device close (bsc#1081134). - ibmvnic: Clean up device close (bsc#1084610). - ibmvnic: Correct goto target for tx irq initialization failure (bsc#1082223). - ibmvnic: Do not attempt to login if RX or TX queues are not allocated (bsc#1082993). - ibmvnic: Do not disable device during failover or partition migration (bsc#1084610). - ibmvnic: Ensure that buffers are NULL after free (bsc#1080014). - ibmvnic: Fix early release of login buffer (bsc#1081134, git-fixes). - ibmvnic: fix empty firmware version and errors cleanup (bsc#1079038). - ibmvnic: fix firmware version when no firmware level has been provided by the VIOS server (bsc#1079038). - ibmvnic: Fix login buffer memory leaks (bsc#1081134). - ibmvnic: Fix NAPI structures memory leak (bsc#1081134). - ibmvnic: Fix recent errata commit (bsc#1085239). - ibmvnic: Fix rx queue cleanup for non-fatal resets (bsc#1080014). - ibmvnic: Fix TX descriptor tracking again (bsc#1082993). - ibmvnic: Fix TX descriptor tracking (bsc#1081491). - ibmvnic: Free and re-allocate scrqs when tx/rx scrqs change (bsc#1081498). - ibmvnic: Free RX socket buffer in case of adapter error (bsc#1081134). - ibmvnic: Generalize TX pool structure (bsc#1085224). - ibmvnic: Handle TSO backing device errata (bsc#1085239). - ibmvnic: Harden TX/RX pool cleaning (bsc#1082993). - ibmvnic: Improve TX buffer accounting (bsc#1085224). - ibmvnic: Keep track of supplementary TX descriptors (bsc#1081491). - ibmvnic: Make napi usage dynamic (bsc#1081498). - ibmvnic: Move active sub-crq count settings (bsc#1081498). - ibmvnic: Pad small packets to minimum MTU size (bsc#1085239). - ibmvnic: queue reset when CRQ gets closed during reset (bsc#1080263). - ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (bsc#1080384). - ibmvnic: Rename active queue count variables (bsc#1081498). - ibmvnic: Reorganize device close (bsc#1084610). - ibmvnic: Report queue stops and restarts as debug output (bsc#1082993). - ibmvnic: Reset long term map ID counter (bsc#1080364). - ibmvnic: Split counters for scrq/pools/napi (bsc#1082223). - ibmvnic: Update and clean up reset TX pool routine (bsc#1085224). - ibmvnic: Update release RX pool routine (bsc#1085224). - ibmvnic: Update TX and TX completion routines (bsc#1085224). - ibmvnic: Update TX pool initialization routine (bsc#1085224). - ibmvnic: Wait until reset is complete to set carrier on (bsc#1081134). - idle: i7300: add PCI dependency (bnc#1012382). - igb: Free IRQs when device is hotplugged (bnc#1012382). - iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels (bnc#1012382). - iio: adis_lib: Initialize trigger before requesting interrupt (bnc#1012382). - iio: buffer: check if a buffer has been set up when poll is called (bnc#1012382). - input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning (bnc#1012382). - input: tca8418_keypad - remove double read of key event register (git-fixes). - iommu/amd: Add align parameter to alloc_irq_index() (bsc#975772). - iommu/amd: Enforce alignment for MSI IRQs (bsc#975772). - iommu/amd: Fix alloc_irq_index() increment (bsc#975772). - iommu/vt-d: Use domain instead of cache fetching (bsc#975772). - ip6mr: fix stale iterator (bnc#1012382). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - ip_tunnel: fix preempt warning in ip tunnel creation/updating (bnc#1012382). - ip_tunnel: replace dst_cache with generic implementation (bnc#1012382). - ipv4: allow local fragmentation in ip_finish_output_gso() (bsc#1042286). - ipv4: fix checksum annotation in udp4_csum_init (bsc#1042286). - ipv4: ipconfig: avoid unused ic_proto_used symbol (bnc#1012382). - ipv4: update comment to document GSO fragmentation cases (bsc#1042286). - ipv6: datagram: Refactor dst lookup and update codes to a new function (bsc#1042286). - ipv6: datagram: Refactor flowi6 init codes to a new function (bsc#1042286). - ipv6: datagram: Update dst cache of a connected datagram sk during pmtu update (bsc#1042286). - ipv6: fix checksum annotation in udp6_csum_init (bsc#1042286). - ipv6: icmp6: Allow icmp messages to be looped back (bnc#1012382). - ipv6/ila: fix nlsize calculation for lwtunnel (bsc#1042286). - ipv6: remove unused in6_addr struct (bsc#1042286). - ipv6: tcp: fix endianness annotation in tcp_v6_send_response (bsc#1042286). - ipv6: udp: Do a route lookup and update during release_cb (bsc#1042286). - ipvlan: Add the skb->mark as flow4's member to lookup route (bnc#1012382). - ipvlan: fix multicast processing (bsc#1042286). - ipvlan: fix various issues in ipvlan_process_multicast() (bsc#1042286). - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() (bnc#1012382). - isdn: eicon: reduce stack size of sig_ind function (bnc#1012382). - isdn: icn: remove a #warning (bnc#1012382). - isdn: sc: work around type mismatch warning (bnc#1012382). - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path (git-fixes). - kABI: protect struct cpuinfo_x86 (kabi). - kABI: protect struct ip_tunnel and reintroduce ip_tunnel_dst_reset_all (kabi). - kABI: reintroduce crypto_poly1305_setkey (kabi). - kabi: restore kabi after 'net: replace dst_cache ip6_tunnel implementation with the generic one' (bsc#1082897). - kabi: restore nft_set_elem_destroy() signature (bsc#1042286). - kabi: restore rhashtable_insert_slow() signature (bsc#1042286). - kabi/severities: add __x86_indirect_thunk_rsp - kabi/severities: as per bsc#1068569 we can ignore XFS kabi The gods have spoken, let there be light. - kabi: uninline sk_receive_skb() (bsc#1042286). - kaiser: fix compile error without vsyscall (bnc#1012382). - kaiser: fix intel_bts perf crashes (bnc#1012382). - kasan: rework Kconfig settings (bnc#1012382). - kernel/async.c: revert 'async: simplify lowest_in_progress()' (bnc#1012382). - kernel: fix rwlock implementation (bnc#1080360, LTC#164371). - kernfs: fix regression in kernfs_fop_write caused by wrong type (bnc#1012382). - keys: encrypted: fix buffer overread in valid_master_desc() (bnc#1012382). - kmemleak: add scheduling point to kmemleak_scan() (bnc#1012382). - kvm: add X86_LOCAL_APIC dependency (bnc#1012382). - kvm: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 (bsc#1079029). - kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types (bnc#1012382). - kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2 (bnc#1012382). - kvm: nVMX: invvpid handling improvements (bnc#1012382). - kvm: nVMX: kmap() can't fail (bnc#1012382). - kvm: nVMX: vmx_complete_nested_posted_interrupt() can't fail (bnc#1012382). - kvm: PPC: Book3S PR: Fix svcpu copying with preemption enabled (bsc#1066223). - kvm: VMX: clean up declaration of VPID/EPT invalidation types (bnc#1012382). - kvm: VMX: Fix rflags cache during vCPU reset (bnc#1012382). - kvm: VMX: Make indirect call speculation safe (bnc#1012382). - kvm: x86: Do not re-execute instruction when not passing CR2 value (bnc#1012382). - kvm: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure (bnc#1012382). - kvm: x86: fix escape of guest dr6 to the host (bnc#1012382). - kvm: X86: Fix operand/address-size during instruction decoding (bnc#1012382). - kvm: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered (bnc#1012382). - kvm: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race (bnc#1012382). - kvm: x86: ioapic: Preserve read-only values in the redirection table (bnc#1012382). - kvm: x86: Make indirect calls in emulator speculation safe (bnc#1012382). - kvm/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods (bnc#1012382). - l2tp: fix use-after-free during module unload (bsc#1042286). - led: core: Fix brightness setting when setting delay_off=0 (bnc#1012382). - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - lib/mpi: Fix umul_ppmm() for MIPS64r6 (bnc#1012382). - livepatch: introduce shadow variable API (bsc#1082299 fate#313296). Shadow variables support. - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c (bsc#1082299 fate#313296). Shadow variables support. - lockd: fix 'list_add double add' caused by legacy signal interface (bnc#1012382). - loop: fix concurrent lo_open/lo_release (bnc#1012382). - mac80211: fix the update of path metric for RANN frame (bnc#1012382). - mac80211: mesh: drop frames appearing to be from us (bnc#1012382). - Make DST_CACHE a silent config option (bnc#1012382). - mdio-sun4i: Fix a memory leak (bnc#1012382). - md/raid1: Use a new variable to count flighting sync requests(bsc#1078609) - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH (bnc#1012382). - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (bnc#1012382). - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (bnc#1012382). - media: r820t: fix r820t_write_reg for KASAN (bnc#1012382). - media: s5k6aa: describe some function parameters (bnc#1012382). - media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - media: ts2020: avoid integer overflows on 32 bit machines (bnc#1012382). - media: usbtv: add a new usbid (bnc#1012382). - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF (bnc#1012382). - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382). - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 (bnc#1012382). - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 (bnc#1012382). - media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382). - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382). - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer (bnc#1012382). - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382). - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs (bnc#1012382). - media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 (bnc#1012382). - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382). - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (bnc#1012382). - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382). - mips: Implement __multi3 for GCC7 MIPS64r6 builds (bnc#1012382). - mmc: bcm2835: Do not overwrite max frequency unconditionally (bsc#983145, git-fixes). - mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep (bnc#1012382). - mm: hide a #warning for COMPILE_TEST (bnc#1012382). - mm/kmemleak.c: make cond_resched() rate-limiting more efficient (git-fixes). - mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500). - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (bnc#1012382). - mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy (bnc#1012382). - modsign: hide openssl output in silent builds (bnc#1012382). - module/retpoline: Warn about missing retpoline in module (bnc#1012382). - mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM (bsc#1078583). - mptfusion: hide unused seq_mpt_print_ioc_summary function (bnc#1012382). - mtd: cfi: convert inline functions to macros (bnc#1012382). - mtd: cfi: enforce valid geometry configuration (bnc#1012382). - mtd: ichxrom: maybe-uninitialized with gcc-4.9 (bnc#1012382). - mtd: maps: add __init attribute (bnc#1012382). - mtd: nand: brcmnand: Disable prefetch by default (bnc#1012382). - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - mtd: nand: Fix nand_do_read_oob() return value (bnc#1012382). - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bnc#1012382). - mtd: nand: sunxi: Fix ECC strength choice (bnc#1012382). - mtd: sh_flctl: pass FIFO as physical address (bnc#1012382). - mvpp2: fix multicast address filter (bnc#1012382). - ncpfs: fix unused variable warning (bnc#1012382). - ncr5380: shut up gcc indentation warning (bnc#1012382). - net: add dst_cache support (bnc#1012382). - net: arc_emac: fix arc_emac_rx() error paths (bnc#1012382). - net: avoid skb_warn_bad_offload on IS_ERR (bnc#1012382). - net: cdc_ncm: initialize drvflags before usage (bnc#1012382). - net: dst_cache_per_cpu_dst_set() can be static (bnc#1012382). - net: ena: add detection and recovery mechanism for handling missed/misrouted MSI-X (bsc#1083548). - net: ena: add new admin define for future support of IPv6 RSS (bsc#1083548). - net: ena: add power management ops to the ENA driver (bsc#1083548). - net: ena: add statistics for missed tx packets (bsc#1083548). - net: ena: fix error handling in ena_down() sequence (bsc#1083548). - net: ena: fix race condition between device reset and link up setup (bsc#1083548). - net: ena: fix rare kernel crash when bar memory remap fails (bsc#1083548). - net: ena: fix wrong max Tx/Rx queues on ethtool (bsc#1083548). - net: ena: improve ENA driver boot time (bsc#1083548). - net: ena: increase ena driver version to 1.3.0 (bsc#1083548). - net: ena: increase ena driver version to 1.5.0 (bsc#1083548). - net: ena: reduce the severity of some printouts (bsc#1083548). - net: ena: remove legacy suspend suspend/resume support (bsc#1083548). - net: ena: Remove redundant unlikely() (bsc#1083548). - net: ena: unmask MSI-X only after device initialization is completed (bsc#1083548). - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (bnc#1012382). - netfilter: drop outermost socket lock in getsockopt() (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107). - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107). - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() (bnc#1012382). - netfilter: ipvs: avoid unused variable warnings (bnc#1012382). - netfilter: nf_queue: Make the queue_handler pernet (bnc#1012382). - netfilter: nf_tables: fix a wrong check to skip the inactive rules (bsc#1042286). - netfilter: nf_tables: fix inconsistent element expiration calculation (bsc#1042286). - netfilter: nf_tables: fix *leak* when expr clone fail (bsc#1042286). - netfilter: nf_tables: fix race when create new element in dynset (bsc#1042286). - netfilter: on sockopt() acquire sock lock only in the required scope (bnc#1012382). - netfilter: tee: select NF_DUP_IPV6 unconditionally (bsc#1042286). - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} (bnc#1012382). - netfilter: x_tables: fix int overflow in xt_alloc_table_info() (bnc#1012382). - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert (bnc#1012382). - netfilter: xt_socket: fix transparent match for IPv6 request sockets (bsc#1042286). - net: gianfar_ptp: move set_fipers() to spinlock protecting area (bnc#1012382). - net: hp100: remove unnecessary #ifdefs (bnc#1012382). - net: igmp: add a missing rcu locking section (bnc#1012382). - net/ipv4: Introduce IPSKB_FRAG_SEGS bit to inet_skb_parm.flags (bsc#1042286). - netlink: fix nla_put_{u8,u16,u32} for KASAN (bnc#1012382). - net: replace dst_cache ip6_tunnel implementation with the generic one (bnc#1012382). - net_sched: red: Avoid devision by zero (bnc#1012382). - net_sched: red: Avoid illegal values (bnc#1012382). - net: vxlan: lwt: Fix vxlan local traffic (bsc#1042286). - net: vxlan: lwt: Use source ip address during route lookup (bsc#1042286). - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779). - nfs: commit direct writes even if they fail partially (bnc#1012382). - nfsd: check for use of the closed special stateid (bnc#1012382). - nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (bnc#1012382). - nfsd: Ensure we check stateid validity in the seqid operation checks (bnc#1012382). - nfs: Do not convert nfs_idmap_cache_timeout to jiffies (git-fixes). - nfs: fix a deadlock in nfs client initialization (bsc#1074198). - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds (bnc#1012382). - nfs: reject request for id_legacy key without auxdata (bnc#1012382). - nfs: Trunking detection should handle ERESTARTSYS/EINTR (bsc#1074198). - nvme: Fix managing degraded controllers (bnc#1012382). - ocfs2: return error when we attempt to access a dirty bh in jbd2 (bsc#1012829). - openvswitch: fix the incorrect flow action alloc size (bnc#1012382). - ovl: fix failure to fsync lower dir (bnc#1012382). - ovs/geneve: fix rtnl notifications on iface deletion (bsc#1042286). - ovs/gre: fix rtnl notifications on iface deletion (bsc#1042286). - ovs/gre,geneve: fix error path when creating an iface (bsc#1042286). - ovs/vxlan: fix rtnl notifications on iface deletion (bsc#1042286). - pci/ASPM: Do not retrain link if ASPM not possible (bnc#1071892). - pci: keystone: Fix interrupt-controller-node lookup (bnc#1012382). - perf bench numa: Fixup discontiguous/sparse numa nodes (bnc#1012382). - perf top: Fix window dimensions change handling (bnc#1012382). - perf/x86: Shut up false-positive -Wmaybe-uninitialized warning (bnc#1012382). - pinctrl: sunxi: Fix A80 interrupt pin bank (bnc#1012382). - pipe: cap initial pipe capacity according to pipe-max-size limit (bsc#1045330). - pktcdvd: Fix pkt_setup_dev() error path (bnc#1012382). - platform/x86: intel_mid_thermal: Fix suspend handlers unused warning (bnc#1012382). - PM / devfreq: Propagate error from devfreq_add_device() (bnc#1012382). - PM / wakeirq: Fix unbalanced IRQ enable for wakeirq (bsc#1031717). - posix-timer: Properly check sigevent->sigev_notify (bnc#1012382). - power: bq27xxx_battery: mark some symbols __maybe_unused (bnc#1012382). - powerpc/64: Fix flush_(d|i)cache_range() called from modules (FATE#315275 LTC#103998 bnc#1012382 bnc#863764). - powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR (bnc#1012382). - powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1075087). - powerpc: Do not preempt_disable() in show_cpuinfo() (bsc#1066223). - powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove (bsc#1081512). - powerpc/perf: Fix oops when grouping different pmu events (bnc#1012382). - powerpc/powernv: Fix MCE handler to avoid trashing CR0/CR1 registers (bsc#1066223). - powerpc/powernv: Move IDLE_STATE_ENTER_SEQ macro to cpuidle.h (bsc#1066223). - powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032, bsc#1075087). - powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1075087). - powerpc: Simplify module TOC handling (bnc#1012382). - power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bnc#1012382). - profile: hide unused functions when !CONFIG_PROC_FS (bnc#1012382). - Provide a function to create a NUL-terminated string from unterminated data (bnc#1012382). - pwc: hide unused label (bnc#1012382). - qla2xxx: asynchronous pci probing (bsc#1034503). - qlcnic: fix deadlock bug (bnc#1012382). - r8169: fix RTL8168EP take too long to complete driver initialization (bnc#1012382). - RDMA/cma: Make sure that PSN is not over max allowed (bnc#1012382). - reiserfs: avoid a -Wmaybe-uninitialized warning (bnc#1012382). - Revert 'Bluetooth: btusb: fix QCA Rome suspend/resume' (bnc#1012382). - Revert 'bpf: avoid false sharing of map refcount with max_entries' (kabi). - Revert 'netfilter: nf_queue: Make the queue_handler pernet' (kabi). - Revert 'net: replace dst_cache ip6_tunnel implementation with the generic one' (kabi bnc#1082897). - Revert 'power: bq27xxx_battery: Remove unneeded dependency in Kconfig' (bnc#1012382). - Revert 'powerpc: Simplify module TOC handling' (kabi). - Revert 'x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0' This reverts commit 89ef3e2aec59362edf7b1cd1c48acc81cd74e319. - Revert 'x86/entry/64: Use a per-CPU trampoline stack for IDT entries' This reverts commit 5812bed1a96b27804bfd1eadbe3e263cb58aafdf. - rfi-flush: Move the logic to avoid a redo into the debugfs code (bsc#1068032, bsc#1075087). - rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1075087). - rhashtable: add rhashtable_lookup_get_insert_key() (bsc#1042286). - rtc-opal: Fix handling of firmware error codes, prevent busy loops (bnc#1012382). - rtlwifi: fix gcc-6 indentation warning (bnc#1012382). - rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012382). - s390/dasd: fix handling of internal requests (bsc#1080809). - s390/dasd: fix wrongly assigned configuration data (bnc#1012382). - s390/dasd: prevent prefix I/O error (bnc#1012382). - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012382). - sched/rt: Up the root domain ref count when passing it around via IPIs (bnc#1012382). - sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() (bnc#1012382). - scripts/kernel-doc: Do not fail with status != 0 if error encountered with -none (bnc#1012382). - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path (bnc#1012382). - scsi: advansys: fix build warning for PCI=n (bnc#1012382). - scsi: advansys: fix uninitialized data access (bnc#1012382). - scsi: csiostor: fix use after free in csio_hw_use_fwconfig() (bsc#1005776). - scsi: fdomain: drop fdomain_pci_tbl when built-in (bnc#1012382). - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info (bnc#1012382). - SCSI: initio: remove duplicate module device table (bnc#1012382). - scsi: mvumi: use __maybe_unused to hide pm functions (bnc#1012382). - scsi: qla2xxx: Fix abort command deadlock due to spinlock (FATE#320146, bsc#966328). - scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout (FATE#320146, bsc#966328). - scsi: return correct blkprep status code in case scsi_init_io() fails (bsc#1082979). - scsi: sim710: fix build warning (bnc#1012382). - scsi: sr: workaround VMware ESXi cdrom emulation bug (bsc#1080813). - scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (bnc#1012382). - scsi: sun_esp: fix device reference leaks (bsc#1082979). - scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg (bnc#1012382). - sctp: make use of pre-calculated len (bnc#1012382). - selinux: ensure the context is NUL terminated in security_context_to_sid_core() (bnc#1012382). - selinux: general protection fault in sock_has_perm (bnc#1012382). - selinux: skip bounded transition processing if the policy isn't loaded (bnc#1012382). - serial: 8250_mid: fix broken DMA dependency (bnc#1012382). - serial: 8250_uniphier: fix error return code in uniphier_uart_probe() (bsc#1031717). - serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS (bnc#1012382). - sget(): handle failures of register_shrinker() (bnc#1012382). - signal/openrisc: Fix do_unaligned_access to send the proper signal (bnc#1012382). - signal/sh: Ensure si_signo is initialized in do_divide_error (bnc#1012382). - SolutionEngine771x: fix Ether platform data (bnc#1012382). - spi: atmel: fixed spin_lock usage inside atmel_spi_remove (bnc#1012382). - spi: imx: do not access registers while clocks disabled (bnc#1012382). - spi: sun4i: disable clocks in the remove function (bnc#1012382). - ssb: mark ssb_bus_register as __maybe_unused (bnc#1012382). - staging: android: ashmem: Fix a race condition in pin ioctls (bnc#1012382). - staging: iio: adc: ad7192: fix external frequency setting (bnc#1012382). - staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID (bnc#1012382). - staging: ste_rmi4: avoid unused function warnings (bnc#1012382). - staging: unisys: visorinput depends on INPUT (bnc#1012382). - staging: wilc1000: fix kbuild test robot error (bnc#1012382). - SUNRPC: Allow connect to return EHOSTUNREACH (bnc#1012382). - tc1100-wmi: fix build warning when CONFIG_PM not enabled (bnc#1012382). - tc358743: fix register i2c_rd/wr function fix (git-fixes). - tc358743: fix register i2c_rd/wr functions (bnc#1012382). - tcp: do not set rtt_min to 1 (bsc#1042286). - tcp: release sk_frag.page in tcp_disconnect (bnc#1012382). - test_bpf: fix the dummy skb after dissector changes (bsc#1042286). - tg3: Add workaround to restrict 5762 MRRS to 2048 (bnc#1012382). - tg3: Enable PHY reset in MTU change path for 5720 (bnc#1012382). - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bnc#1012382). - thermal: spear: use __maybe_unused for PM functions (bnc#1012382). - tlan: avoid unused label with PCI=n (bnc#1012382). - tools build: Add tools tree support for 'make -s' (bnc#1012382). - tty: cyclades: cyz_interrupt is only used for PCI (bnc#1012382). - tty: hvc_xen: hide xen_console_remove when unused (bnc#1012382). - tty: mxser: Remove ASYNC_CLOSING (bnc#1072363). - ubi: block: Fix locking for idr_alloc/idr_remove (bnc#1012382). - udp: restore UDPlite many-cast delivery (bsc#1042286). - usb: build drivers/usb/common/ when USB_SUPPORT is set (bnc#1012382). - USB: cdc-acm: Do not log urb submission errors on disconnect (bnc#1012382). - USB: cdc_subset: only build when one driver is enabled (bnc#1012382). - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bnc#1012382). - usb: f_fs: Prevent gadget unbind if it is already unbound (bnc#1012382). - usb: gadget: do not dereference g until after it has been null checked (bnc#1012382). - usb: gadget: f_fs: Process all descriptors during bind (bnc#1012382). - usb: gadget: uvc: Missing files for configfs interface (bnc#1012382). - usbip: fix 3eee23c3ec14 tcp_socket address still in the status file (bnc#1012382). - usbip: keep usbip_device sockfd state in sync with tcp_socket (bnc#1012382). - usbip: list: do not list devices attached to vhci_hcd (bnc#1012382). - usbip: prevent bind loops on devices attached to vhci_hcd (bnc#1012382). - usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit (bnc#1012382). - usb: ldusb: add PIDs for new CASSY devices supported by this driver (bnc#1012382). - usb: musb/ux500: remove duplicate check for dma_is_compatible (bnc#1012382). - usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() (bnc#1012382). - usb: option: Add support for FS040U modem (bnc#1012382). - usb: phy: msm add regulator dependency (bnc#1012382). - usb: renesas_usbhs: missed the 'running' flag in usb_dmac with rx path (bnc#1012382). - USB: serial: io_edgeport: fix possible sleep-in-atomic (bnc#1012382). - USB: serial: pl2303: new device id for Chilitag (bnc#1012382). - USB: serial: simple: add Motorola Tetra driver (bnc#1012382). - usb: uas: unconditionally bring back host after reset (bnc#1012382). - v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER (bnc#1012382). - vb2: V4L2_BUF_FLAG_DONE is set after DQBUF (bnc#1012382). - vfs: do not do RCU lookup of empty pathnames (bnc#1012382). - vhost_net: stop device during reset owner (bnc#1012382). - video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012382). - video: fbdev/mmp: add MODULE_LICENSE (bnc#1012382). - video: fbdev: sis: remove unused variable (bnc#1012382). - video: fbdev: via: remove possibly unused variables (bnc#1012382). - video: Use bool instead int pointer for get_opt_bool() argument (bnc#1012382). - virtio_balloon: prevent uninitialized variable use (bnc#1012382). - vlan: Check for vlan ethernet types for 8021.q or 802.1ad (bsc#1042286). - vmxnet3: prevent building with 64K pages (bnc#1012382). - vxlan: consolidate csum flag handling (bsc#1042286). - vxlan: consolidate output route calculation (bsc#1042286). - vxlan: consolidate vxlan_xmit_skb and vxlan6_xmit_skb (bsc#1042286). - vxlan: do not allow overwrite of config src addr (bsc#1042286). - watchdog: imx2_wdt: restore previous timeout after suspend+resume (bnc#1012382). - wireless: cw1200: use __maybe_unused to hide pm functions_ (bnc#1012382). - x86: add MULTIUSER dependency for KVM (bnc#1012382). - x86/asm: Fix inline asm call constraints for GCC 4.4 (bnc#1012382). - x86/boot: Avoid warning for zero-filling .bss (bnc#1012382). - x86: bpf_jit: small optimization in emit_bpf_tail_call() (bnc#1012382). - x86/bugs: Drop one 'mitigation' from dmesg (bnc#1012382). - x86/build: Silence the build with 'make -s' (bnc#1012382). - x86/cpu/bugs: Make retpoline module warning conditional (bnc#1012382). - x86/cpu: Change type of x86_cache_size variable to unsigned int (bnc#1012382). - x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0 (bsc#1077560). - x86/entry/64: Use a per-CPU trampoline stack for IDT entries (bsc#1077560). - x86: fix build warnign with 32-bit PAE (bnc#1012382). - x86/fpu/math-emu: Fix possible uninitialized variable use (bnc#1012382). - x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER (bnc#1012382). - x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested (bsc#1081431). - x86/mce: Pin the timer when modifying (bsc#1080851,1076282). - x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug (bnc#1012382). - x86/microcode/AMD: Do not load when running on a hypervisor (bnc#1012382). - x86/microcode: Do the family check first (bnc#1012382). - x86/mm/kmmio: Fix mmiotrace for page unaligned addresses (bnc#1012382). - x86/nospec: Fix header guards names (bnc#1012382). - x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() (bnc#1012382). - x86/paravirt: Remove 'noreplace-paravirt' cmdline option (bnc#1012382). - x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG (bnc#1012382). - x86/platform/olpc: Fix resume handler build warning (bnc#1012382). - x86/pti: Make unpoison of pgd for trusted boot work for real (bnc#1012382). - x86/ras/inject: Make it depend on X86_LOCAL_APIC=y (bnc#1012382). - x86/retpoline: Avoid retpolines for built-in __init functions (bnc#1012382). - x86/retpoline: Remove the esp/rsp thunk (bnc#1012382). - x86/spectre: Check CONFIG_RETPOLINE in command line parser (bnc#1012382). - x86/spectre: Fix an error message (git-fixes). - x86/spectre: Fix spelling mistake: 'vunerable'-> 'vulnerable' (bnc#1012382). - x86/spectre: Remove the out-of-tree RSB stuffing - x86/spectre: Simplify spectre_v2 command line parsing (bnc#1012382). - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (bnc#1012382). - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend (bnc#1065600). - xen/gntdev: Fix off-by-one error when unmapping with holes (bnc#1012382). - xen/gntdev: Fix partial gntdev_mmap() cleanup (bnc#1012382). - xen-netfront: enable device after manual module load (bnc#1012382). - xen-netfront: remove warning when unloading module (bnc#1012382). - xen: XEN_acpi_PROCESSOR is Dom0-only (bnc#1012382). - xfrm: check id proto in validate_tmpl() (bnc#1012382). - xfrm: Fix stack-out-of-bounds read on socket policy lookup (bnc#1012382). - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies (bnc#1012382). - xfrm_user: propagate sec ctx allocation errors (bsc#1042286). - xfs: do not chain ioends during writepage submission (bsc#1077285 bsc#1043441). - xfs: factor mapping out of xfs_do_writepage (bsc#1077285 bsc#1043441). - xfs: Introduce writeback context for writepages (bsc#1077285 bsc#1043441). - xfs: ioends require logically contiguous file offsets (bsc#1077285 bsc#1043441). - xfs: quota: check result of register_shrinker() (bnc#1012382). - xfs: quota: fix missed destroy of qi_tree_lock (bnc#1012382). - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787). - xfs: remove nonblocking mode from xfs_vm_writepage (bsc#1077285 bsc#1043441). - xfs: remove racy hasattr check from attr ops (bsc#1035432). - xfs: remove xfs_cancel_ioend (bsc#1077285 bsc#1043441). - xfs: stop searching for free slots in an inode chunk when there are none (bsc#1072739). - xfs: toggle readonly state around xfs_log_mount_finish (bsc#1073401). - xfs: ubsan fixes (bnc#1012382). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1077513). - xfs: write unmount record for ro mounts (bsc#1073401). - xfs: xfs_cluster_write is redundant (bsc#1077285 bsc#1043441). - xtensa: fix futex_atomic_cmpxchg_inatomic (bnc#1012382). Important SUSE bug 1005776 SUSE bug 1006867 SUSE bug 1012382 SUSE bug 1012829 SUSE bug 1027054 SUSE bug 1031717 SUSE bug 1034503 SUSE bug 1035432 SUSE bug 1042286 SUSE bug 1043441 SUSE bug 1045330 SUSE bug 1062840 SUSE bug 1065600 SUSE bug 1065615 SUSE bug 1066223 SUSE bug 1067118 SUSE bug 1068032 SUSE bug 1068569 SUSE bug 1069135 SUSE bug 1071306 SUSE bug 1071892 SUSE bug 1072363 SUSE bug 1072689 SUSE bug 1072739 SUSE bug 1072865 SUSE bug 1073401 SUSE bug 1074198 SUSE bug 1074426 SUSE bug 1075087 SUSE bug 1076282 SUSE bug 1077285 SUSE bug 1077513 SUSE bug 1077560 SUSE bug 1077779 SUSE bug 1078583 SUSE bug 1078609 SUSE bug 1078672 SUSE bug 1078673 SUSE bug 1078787 SUSE bug 1079029 SUSE bug 1079038 SUSE bug 1079384 SUSE bug 1079989 SUSE bug 1080014 SUSE bug 1080263 SUSE bug 1080344 SUSE bug 1080360 SUSE bug 1080364 SUSE bug 1080384 SUSE bug 1080464 SUSE bug 1080774 SUSE bug 1080809 SUSE bug 1080813 SUSE bug 1080851 SUSE bug 1081134 SUSE bug 1081431 SUSE bug 1081491 SUSE bug 1081498 SUSE bug 1081500 SUSE bug 1081512 SUSE bug 1081671 SUSE bug 1082223 SUSE bug 1082299 SUSE bug 1082478 SUSE bug 1082795 SUSE bug 1082864 SUSE bug 1082897 SUSE bug 1082979 SUSE bug 1082993 SUSE bug 1083494 SUSE bug 1083548 SUSE bug 1084610 SUSE bug 1085053 SUSE bug 1085107 SUSE bug 1085224 SUSE bug 1085239 SUSE bug 863764 SUSE bug 966328 SUSE bug 975772 SUSE bug 983145 CVE-2017-13166 CVE-2017-15951 CVE-2017-16644 CVE-2017-16912 CVE-2017-16913 CVE-2017-17975 CVE-2017-18208 CVE-2018-1000026 CVE-2018-1068 CVE-2018-8087 cpe:/o:suse:sles:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2 This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Important SUSE bug 1045315 SUSE bug 1049423 SUSE bug 1052449 SUSE bug 1082858 SUSE bug 1083915 CVE-2012-6706 CVE-2017-11423 CVE-2017-6419 CVE-2018-0202 CVE-2018-1000085 cpe:/o:suse:sles:12:sp2 Security update for dhcp (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for dhcp fixes the following issues: Security issues fixed: - CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303). - CVE-2018-5732: buffer overflow in dhclient (bsc#1083302). Moderate SUSE bug 1083302 SUSE bug 1083303 CVE-2018-5732 CVE-2018-5733 cpe:/o:suse:sles:12:sp2 Security update for tomcat (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for tomcat fixes the following issues: Security issues fixed: - CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481). - CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480). - CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677). Moderate SUSE bug 1078677 SUSE bug 1082480 SUSE bug 1082481 CVE-2017-15706 CVE-2018-1304 CVE-2018-1305 cpe:/o:suse:sles:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for wireshark fixes the following issues: Security issue fixed (bsc#1082692): - CVE-2018-7335: The IEEE 802.11 dissector could crash (wnpa-sec-2018-05) - CVE-2018-7321: thrift long dissector loop (dissect_thrift_map) - CVE-2018-7322: DICOM: inifinite loop (dissect_dcm_tag) - CVE-2018-7323: WCCP: very long loop (dissect_wccp2_alternate_mask_value_set_element) - CVE-2018-7324: SCCP: infinite loop (dissect_sccp_optional_parameters) - CVE-2018-7325: RPKI-Router Protocol: infinite loop (dissect_rpkirtr_pdu) - CVE-2018-7326: LLTD: infinite loop (dissect_lltd_tlv) - CVE-2018-7327: openflow_v6: infinite loop (dissect_openflow_bundle_control_v6) - CVE-2018-7328: USB-DARWIN: long loop (dissect_darwin_usb_iso_transfer) - CVE-2018-7329: S7COMM: infinite loop (s7comm_decode_ud_cpu_alarm_main) - CVE-2018-7330: thread_meshcop: infinite loop (get_chancount) - CVE-2018-7331: GTP: infinite loop (dissect_gprscdr_GGSNPDPRecord, dissect_ber_set) - CVE-2018-7332: RELOAD: infinite loop (dissect_statans) - CVE-2018-7333: RPCoRDMA: infinite loop in get_write_list_chunk_count - CVE-2018-7421: Multiple dissectors could go into large infinite loops (wnpa-sec-2018-06) - CVE-2018-7334: The UMTS MAC dissector could crash (wnpa-sec-2018-07) - CVE-2018-7337: The DOCSIS dissector could crash (wnpa-sec-2018-08) - CVE-2018-7336: The FCP dissector could crash (wnpa-sec-2018-09) - CVE-2018-7320: The SIGCOMP dissector could crash (wnpa-sec-2018-10) - CVE-2018-7420: The pcapng file parser could crash (wnpa-sec-2018-11) - CVE-2018-7417: The IPMI dissector could crash (wnpa-sec-2018-12) - CVE-2018-7418: The SIGCOMP dissector could crash (wnpa-sec-2018-13) - CVE-2018-7419: The NBAP disssector could crash (wnpa-sec-2018-14) - CVE-2017-17997: Misuse of NULL pointer in MRDISC dissector (bsc#1077080). Moderate SUSE bug 1077080 SUSE bug 1082692 CVE-2017-17997 CVE-2018-7320 CVE-2018-7321 CVE-2018-7322 CVE-2018-7323 CVE-2018-7324 CVE-2018-7325 CVE-2018-7326 CVE-2018-7327 CVE-2018-7328 CVE-2018-7329 CVE-2018-7330 CVE-2018-7331 CVE-2018-7332 CVE-2018-7333 CVE-2018-7334 CVE-2018-7335 CVE-2018-7336 CVE-2018-7337 CVE-2018-7417 CVE-2018-7418 CVE-2018-7419 CVE-2018-7420 CVE-2018-7421 cpe:/o:suse:sles:12:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 12 SP2 This update for glibc fixes the following issues: - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] Important SUSE bug 1051042 SUSE bug 1053188 SUSE bug 1063675 SUSE bug 1064569 SUSE bug 1064580 SUSE bug 1064583 SUSE bug 1070905 SUSE bug 1071319 SUSE bug 1073231 SUSE bug 1074293 CVE-2017-1000408 CVE-2017-1000409 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2018-1000001 cpe:/o:suse:sles:12:sp2 Security update for librelp (Important) SUSE Linux Enterprise Server 12 SP2 This update for librelp fixes the following issues: CVE-2018-1000140 (bsc#1086730): librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509 certificate. Important SUSE bug 1086730 CVE-2018-1000140 cpe:/o:suse:sles:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2 LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712). - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711). Important SUSE bug 1017711 SUSE bug 1017712 SUSE bug 1081493 CVE-2016-9941 CVE-2016-9942 CVE-2018-7225 cpe:/o:suse:sles:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2 This update for qemu fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. (CVE-2017-5715 bsc#1068032) The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We replaced our initial patch by the patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) These two patches will be removed when we can reasonably assume everyone is running with the appropriate updates. Also security fixes for the following CVE issues are included: - CVE-2017-15119: The Network Block Device (NBD) server in Quick Emulator (QEMU), was vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. (bsc#1070144) - CVE-2017-15124: VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. (bsc#1073489) - CVE-2017-16845: The PS2 driver in Qemu did not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. (bsc#1068613) - CVE-2017-17381: The Virtio Vring implementation in QEMU allowed local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. (bsc#1071228) - CVE-2017-18030: A problem in the Cirrus driver in Qemu allowed local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. (bsc#1076179) - CVE-2017-18043: Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allowed a user to cause a denial of service (Qemu process crash). (bsc#1076775) - CVE-2018-5683: The VGA driver in Qemu allowed local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. (bsc#1076114) - CVE-2018-7550: The multiboot functionality in Quick Emulator (aka QEMU) allowed local guest OS users to execute arbitrary code on the QEMU host via an out-of-bounds read or write memory access. (bsc#1083291) Also the following bugs were fixed: - Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor. - Spectre fixes for IBM Z series by providing more hw features to guests (bsc#1076814) - Pre-add group kvm for qemu-tools (bsc#1040202) - the qemu-tools package also needs a prerequire of group management tools, from the shadow package. (bsc#1085598) Important SUSE bug 1040202 SUSE bug 1068032 SUSE bug 1068613 SUSE bug 1070144 SUSE bug 1071228 SUSE bug 1073489 SUSE bug 1076114 SUSE bug 1076179 SUSE bug 1076775 SUSE bug 1076814 SUSE bug 1082276 SUSE bug 1083291 SUSE bug 1085598 CVE-2017-15119 CVE-2017-15124 CVE-2017-16845 CVE-2017-17381 CVE-2017-18030 CVE-2017-18043 CVE-2017-5715 CVE-2018-5683 CVE-2018-7550 cpe:/o:suse:sles:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for samba fixes the following issues: - CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally (bsc#1081741) Moderate SUSE bug 1081741 CVE-2018-1050 cpe:/o:suse:sles:12:sp2 Security update for memcached (Important) SUSE Linux Enterprise Server 12 SP2 This update for memcached fixes the following issues: - CVE-2017-9951: Fixed heap-based buffer over-read in try_read_command function which allowed remote attackers to cause a denial of service attack (bsc#1056865). Important SUSE bug 1056865 CVE-2017-9951 cpe:/o:suse:sles:12:sp2 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for krb5 provides the following fixes: Security issues fixed: - CVE-2018-5730: DN container check bypass by supplying special crafted data (bsc#1083927). - CVE-2018-5729: Null pointer dereference in kadmind or DN container check bypass by supplying special crafted data (bsc#1083926). Non-security issues fixed: - Make it possible for legacy applications (e.g. SAP Netweaver) to remain compatible with newer Kerberos. System administrators who are experiencing this kind of compatibility issues may set the environment variable GSSAPI_ASSUME_MECH_MATCH to a non-empty value, and make sure the environment variable is visible and effective to the application startup script. (bsc#1057662) - Fix a GSS failure in legacy applications by not indicating deprecated GSS mechanisms in gss_indicate_mech() list. (bsc#1081725) Moderate SUSE bug 1057662 SUSE bug 1081725 SUSE bug 1083926 SUSE bug 1083927 CVE-2018-5729 CVE-2018-5730 cpe:/o:suse:sles:12:sp2 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for MozillaFirefox fixes the following issues: Security issues fixed in Firefox ESR 52.7.3 (bsc#1085130): - CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 - CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList - CVE-2018-5129: Out-of-bounds write with malformed IPC messages - CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption - CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources - CVE-2018-5144: Integer overflow during Unicode conversion - CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 - CVE-2018-5146: Out of bounds memory write in libvorbis (bsc#1085671) - CVE-2018-5147: Out of bounds memory write in libtremor (bsc#1085671) - CVE-2018-5148: Use-after-free in compositor (MFSA 2018-10) (bsc#1087059) Moderate SUSE bug 1085130 SUSE bug 1085671 SUSE bug 1087059 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 CVE-2018-5147 CVE-2018-5148 cpe:/o:suse:sles:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-8804: The WriteEPTImage function allowed remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file (bsc#1086011). - CVE-2017-11524: The WriteBlob function allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file (bsc#1050087). - CVE-2017-18209: Prevent NULL pointer dereference in the GetOpenCLCachedFilesDirectory function caused by a memory allocation result that was not checked, related to GetOpenCLCacheDirectory (bsc#1083628). - CVE-2017-18211: Prevent NULL pointer dereference in the function saveBinaryCLProgram caused by a program-lookup result not being checked, related to CacheOpenCLKernel (bsc#1083634). - CVE-2017-9500: Prevent assertion failure in the function ResetImageProfileIterator, which allowed attackers to cause a denial of service via a crafted file (bsc#1043290). - CVE-2017-14739: The AcquireResampleFilterThreadSet function mishandled failed memory allocation, which allowed remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors (bsc#1060382). - CVE-2017-16353: Prevent memory information disclosure in the DescribeImage function caused by a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments were never checked (bsc#1066170). - CVE-2017-16352: Prevent a heap-based buffer overflow in the 'Display visual image directory' feature of the DescribeImage() function. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag (bsc#1066168). - CVE-2017-14314: Prevent off-by-one error in the DrawImage function that allowed remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file (bsc#1058630). - CVE-2017-13768: Prevent NULL pointer dereference in the IdentifyImage function that allowed an attacker to perform denial of service by sending a crafted image file (bsc#1056434). - CVE-2017-14505: Fixed handling of NULL arrays, which allowed attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input (bsc#1059735). - CVE-2018-7470: The IsWEBPImageLossless function allowed attackers to cause a denial of service (segmentation violation) via a crafted file (bsc#1082837). - CVE-2018-7443: The ReadTIFFImage function did not properly validate the amount of image data in a file, which allowed remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c) (bsc#1082792). - CVE-2017-15016: Prevent NULL pointer dereference vulnerability in ReadEnhMetaFile allowing for denial of service (bsc#1082291). - CVE-2017-15017: Prevent NULL pointer dereference vulnerability in ReadOneMNGImage allowing for denial of service (bsc#1082283). - CVE-2017-12692: The ReadVIFFImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file (bsc#1082362). - CVE-2017-12693: The ReadBMPImage function allowed remote attackers to cause a denial of service (memory consumption) via a crafted BMP file (bsc#1082348). Moderate SUSE bug 1043290 SUSE bug 1050087 SUSE bug 1056434 SUSE bug 1058630 SUSE bug 1059735 SUSE bug 1060382 SUSE bug 1066168 SUSE bug 1066170 SUSE bug 1082283 SUSE bug 1082291 SUSE bug 1082348 SUSE bug 1082362 SUSE bug 1082792 SUSE bug 1082837 SUSE bug 1083628 SUSE bug 1083634 SUSE bug 1086011 CVE-2017-11524 CVE-2017-12692 CVE-2017-12693 CVE-2017-13768 CVE-2017-14314 CVE-2017-14505 CVE-2017-14739 CVE-2017-15016 CVE-2017-15017 CVE-2017-16352 CVE-2017-16353 CVE-2017-18209 CVE-2017-18211 CVE-2017-9500 CVE-2018-7443 CVE-2018-7470 CVE-2018-8804 cpe:/o:suse:sles:12:sp2 Security update for graphite2 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for graphite2 fixes the following issues: - CVE-2018-7999: Fixed a NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of serivce (bsc#1084850). Moderate SUSE bug 1084850 CVE-2018-7999 cpe:/o:suse:sles:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' (var2) (bsc#1079869). - CVE-2018-6764: Fixed guest executable code injection via libnss_dns.so loaded by libvirt_lxc before init (bsc#1080042). - CVE-2018-1064: Fixed denial of service when reading from guest agent (bsc#1083625). Non-security issues fixed: - Error starting domain: internal error: No usable sysfs TPM cancel file could be found (bsc#1078808). - SUSE Linux Enterprise 11 SP4 hvm converted to pvhvm. Unless vm memory is on gig boundary, vm won't boot (bsc#1082041). Important SUSE bug 1078808 SUSE bug 1079869 SUSE bug 1080042 SUSE bug 1082041 SUSE bug 1083625 CVE-2017-5715 CVE-2018-1064 CVE-2018-6764 cpe:/o:suse:sles:12:sp2 Security update for tiff (Important) SUSE Linux Enterprise Server 12 SP2 This update for tiff to version 4.0.9 fixes the following issues: Security issues fixed: - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools (bsc#969783). - CVE-2015-7554: Fix invalid write in tiffsplit / _TIFFVGetField (bsc#960341). - CVE-2016-10095: Fix stack-based buffer overflow in _TIFFVGetField (tif_dir.c) (bsc#1017690). - CVE-2016-5318: Fix stackoverflow in thumbnail (bsc#983436). - CVE-2017-16232: Fix memory-based DoS in tiff2bw (bsc#1069213). Important SUSE bug 1017690 SUSE bug 1069213 SUSE bug 960341 SUSE bug 969783 SUSE bug 983436 CVE-2014-8128 CVE-2015-7554 CVE-2016-10095 CVE-2016-5318 CVE-2017-16232 cpe:/o:suse:sles:12:sp2 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2018-1058: Fixed uncontrolled search path element in pg_dump and other client applications (bsc#1081925). Bug fixes: - See release notes for details: * https://www.postgresql.org/docs/9.4/static/release-9-4-17.html * https://www.postgresql.org/docs/9.4/static/release-9-4-16.html Moderate SUSE bug 1081925 CVE-2018-1058 cpe:/o:suse:sles:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2 This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security (bsc#1064084). - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO (bsc#1064071). - CVE-2017-10281: Fix issue inside subcomponent Serialization (bsc#1064072). - CVE-2017-10285: Fix issue inside subcomponent RMI (bsc#1064073). - CVE-2017-10295: Fix issue inside subcomponent Networking (bsc#1064075). - CVE-2017-10388: Fix issue inside subcomponent Libraries (bsc#1064086). - CVE-2017-10346: Fix issue inside subcomponent Hotspot (bsc#1064078). - CVE-2017-10350: Fix issue inside subcomponent JAX-WS (bsc#1064082). - CVE-2017-10347: Fix issue inside subcomponent Serialization (bsc#1064079). - CVE-2017-10349: Fix issue inside subcomponent JAXP (bsc#1064081). - CVE-2017-10345: Fix issue inside subcomponent Serialization (bsc#1064077). - CVE-2017-10348: Fix issue inside subcomponent Libraries (bsc#1064080). - CVE-2017-10357: Fix issue inside subcomponent Serialization (bsc#1064085). - CVE-2017-10355: Fix issue inside subcomponent Networking (bsc#1064083). - CVE-2017-10102: Fix incorrect handling of references in DGC (bsc#1049316). - CVE-2017-10053: Fix reading of unprocessed image data in JPEGImageReader (bsc#1049305). - CVE-2017-10067: Fix JAR verifier incorrect handling of missing digest (bsc#1049306). - CVE-2017-10081: Fix incorrect bracket processing in function signature handling (bsc#1049309). - CVE-2017-10087: Fix insufficient access control checks in ThreadPoolExecutor (bsc#1049311). - CVE-2017-10089: Fix insufficient access control checks in ServiceRegistry (bsc#1049312). - CVE-2017-10090: Fix insufficient access control checks in AsynchronousChannelGroupImpl (bsc#1049313). - CVE-2017-10096: Fix insufficient access control checks in XML transformations (bsc#1049314). - CVE-2017-10101: Fix unrestricted access to com.sun.org.apache.xml.internal.resolver (bsc#1049315). - CVE-2017-10107: Fix insufficient access control checks in ActivationID (bsc#1049318). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10110: Fix insufficient access control checks in ImageWatched (bsc#1049321). - CVE-2017-10108: Fix unbounded memory allocation in BasicAttribute deserialization (bsc#1049319). - CVE-2017-10109: Fix unbounded memory allocation in CodeSource deserialization (bsc#1049320). - CVE-2017-10115: Fix unspecified vulnerability in subcomponent JCE (bsc#1049324). - CVE-2017-10118: Fix ECDSA implementation timing attack (bsc#1049326). - CVE-2017-10116: Fix LDAPCertStore following referrals to non-LDAP URL (bsc#1049325). - CVE-2017-10135: Fix PKCS#8 implementation timing attack (bsc#1049328). - CVE-2017-10176: Fix incorrect handling of certain EC points (bsc#1049329). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10074: Fix integer overflows in range check loop predicates (bsc#1049307). - CVE-2017-10111: Fix checks in LambdaFormEditor (bsc#1049322). - CVE-2017-10243: Fix unspecified vulnerability in subcomponent JAX-WS (bsc#1049332). - CVE-2017-10125: Fix unspecified vulnerability in subcomponent deployment (bsc#1049327). - CVE-2017-10114: Fix unspecified vulnerability in subcomponent JavaFX (bsc#1049323). - CVE-2017-10105: Fix unspecified vulnerability in subcomponent deployment (bsc#1049317). - CVE-2017-10086: Fix unspecified in subcomponent JavaFX (bsc#1049310). - CVE-2017-10198: Fix incorrect enforcement of certificate path restrictions (bsc#1049331). - CVE-2017-10193: Fix incorrect key size constraint check (bsc#1049330). Bug fixes: - Drop Exec Shield workaround to fix crashes on recent kernels, where Exec Shield is gone (bsc#1052318). Important SUSE bug 1049305 SUSE bug 1049306 SUSE bug 1049307 SUSE bug 1049309 SUSE bug 1049310 SUSE bug 1049311 SUSE bug 1049312 SUSE bug 1049313 SUSE bug 1049314 SUSE bug 1049315 SUSE bug 1049316 SUSE bug 1049317 SUSE bug 1049318 SUSE bug 1049319 SUSE bug 1049320 SUSE bug 1049321 SUSE bug 1049322 SUSE bug 1049323 SUSE bug 1049324 SUSE bug 1049325 SUSE bug 1049326 SUSE bug 1049327 SUSE bug 1049328 SUSE bug 1049329 SUSE bug 1049330 SUSE bug 1049331 SUSE bug 1049332 SUSE bug 1052318 SUSE bug 1064071 SUSE bug 1064072 SUSE bug 1064073 SUSE bug 1064075 SUSE bug 1064077 SUSE bug 1064078 SUSE bug 1064079 SUSE bug 1064080 SUSE bug 1064081 SUSE bug 1064082 SUSE bug 1064083 SUSE bug 1064084 SUSE bug 1064085 SUSE bug 1064086 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10125 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2 This update for xen fixes the following issues: Update to Xen 4.7.5 bug fix only release (bsc#1027519) Security issues fixed: - CVE-2018-7540: Fixed DoS via non-preemptable L3/L4 pagetable freeing (XSA-252) (bsc#1080635) - CVE-2018-7541: A grant table v2 -> v1 transition may crash Xen (XSA-255) (bsc#1080662) - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 Fixed information leaks via side effects of speculative execution (XSA-254). Includes Spectre v2 mitigation. (bsc#1074562) - Preserve xen-syms from xen-dbg.gz to allow processing vmcores with crash(1) (bsc#1087251) - Xen HVM: Fixed unchecked MSR access error (bsc#1072834) - Add script, udev rule and systemd service to watch for vcpu online/offline events in a HVM domU They are triggered via xl vcpu-set domU N (fate#324965) - Make sure tools and tools-domU require libs from the very same build Important SUSE bug 1027519 SUSE bug 1072834 SUSE bug 1074562 SUSE bug 1080635 SUSE bug 1080662 SUSE bug 1087251 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-7540 CVE-2018-7541 cpe:/o:suse:sles:12:sp2 Security update for policycoreutils (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for policycoreutils fixes the following issues: - CVE-2018-1063: Fixed problem to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Moderate SUSE bug 1083624 CVE-2018-1063 cpe:/o:suse:sles:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. (bsc#1087102). Moderate SUSE bug 1087102 CVE-2018-0739 cpe:/o:suse:sles:12:sp2 Security update for postgresql94 (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for postgresql94 fixes the following issues: Security issues fixed: - CVE-2017-15098: Fix crash due to rowtype mismatch in json{b}_populate_recordset() (bsc#1067844). - CVE-2017-12172: Start scripts permit database administrator to modify root-owned files. This issue did not affect SUSE (bsc#1062538). Bug fixes: - Update to version 9.4.15 * https://www.postgresql.org/docs/9.4/static/release-9-4-15.html * https://www.postgresql.org/docs/9.4/static/release-9-4-14.html Moderate SUSE bug 1062538 SUSE bug 1067844 CVE-2017-12172 CVE-2017-15098 cpe:/o:suse:sles:12:sp2 Security update for mariadb (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for mariadb fixes several issues. These security issues were fixed: - CVE-2017-3636: Client programs had an unspecified vulnerability that could lead to unauthorized access and denial of service (bsc#1049399) - CVE-2017-3641: DDL unspecified vulnerability could lead to denial of service (bsc#1049404) - CVE-2017-3653: DML Unspecified vulnerability could lead to unauthorized database access (bsc#1049417) This non-security issues was fixed: - Add ODBC support for Connect engine (bsc#1039034) - Relax required version for mariadb-errormessages (bsc#1072665) Moderate SUSE bug 1039034 SUSE bug 1049399 SUSE bug 1049404 SUSE bug 1049417 SUSE bug 1054591 SUSE bug 1072665 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Important SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Important SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for openslp (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for openslp fixes two security issues and two bugs. The following vulnerabilities were fixed: - CVE-2016-4912: A remote attacker could have crashed the server with a large number of packages (bsc#980722) - CVE-2016-7567: A remote attacker could cause a memory corruption having unspecified impact (bsc#1001600) The following bugfix changes are included: - bsc#994989: Removed convenience code as changes bytes in the message buffer breaking the verification code - bsc#974655: Removed no longer needed slpd init file Moderate SUSE bug 1001600 SUSE bug 974655 SUSE bug 980722 SUSE bug 994989 CVE-2016-4912 CVE-2016-7567 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Important SUSE bug 1073230 SUSE bug 1076017 SUSE bug 1083488 SUSE bug 1085114 SUSE bug 1085447 CVE-2017-13166 CVE-2018-1000004 CVE-2018-1068 CVE-2018-7566 cpe:/o:suse:sles-ltss:12:sp2 Security update for kernel-firmware (Important) SUSE Linux Enterprise Server 12 SP2 This update for kernel-firmware fixes the following issues: - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715) This new firmware disables branch prediction on AMD family 17h processor to mitigate a attack on the branch predictor that could lead to information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715). Important SUSE bug 1068032 CVE-2017-5715 cpe:/o:suse:sles:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \'Session\' header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. [bsc#1086820] Moderate SUSE bug 1086774 SUSE bug 1086775 SUSE bug 1086813 SUSE bug 1086814 SUSE bug 1086817 SUSE bug 1086820 CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (bsc#1075428). - Revert 'e1000e: Separate signaling for link check/link up' (bsc#1075428). - Revert 'led: core: Fix brightness setting when setting delay_off=0' (bnc#1012382). - Revert 'watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).' This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dm io: fix duplicate bio completion due to missing ref count (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bnc#1012382). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - perf/x86/intel: Add model number for Skylake Server to perf (FATE#321269). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - storvsc: do not schedule work elements during host reset (bsc#1070536, bsc#1057734). - storvsc_drv: use embedded work structure for host rescan (bsc#1070536, bsc#1057734). - storvsc_drv: use separate workqueue for rescan (bsc#1070536, bsc#1057734). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Important SUSE bug 1012382 SUSE bug 1031717 SUSE bug 1046610 SUSE bug 1057734 SUSE bug 1070536 SUSE bug 1075428 SUSE bug 1076847 SUSE bug 1077560 SUSE bug 1082153 SUSE bug 1082299 SUSE bug 1083125 SUSE bug 1083745 SUSE bug 1083836 SUSE bug 1084353 SUSE bug 1084610 SUSE bug 1084721 SUSE bug 1084829 SUSE bug 1085042 SUSE bug 1085185 SUSE bug 1085224 SUSE bug 1085402 SUSE bug 1085404 SUSE bug 1086162 SUSE bug 1086194 SUSE bug 1087088 SUSE bug 1087260 SUSE bug 1087845 SUSE bug 1088241 SUSE bug 1088242 SUSE bug 1088600 SUSE bug 1088684 SUSE bug 1089198 SUSE bug 1089608 SUSE bug 1089644 SUSE bug 1089752 SUSE bug 1090643 CVE-2017-18257 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for rsync (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for rsync fixes several issues. These security issues were fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also did not apply the sanitize_paths protection mechanism to pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function in rsync.c), which allowed remote attackers to bypass intended access restrictions' (bsc#1071460). - CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync, proceeded with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allowed remote attackers to bypass intended access restrictions (bsc#1071459). - CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check for a trailing '\\0' character in an xattr name, which allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon (bsc#1066644). This non-security issue was fixed: - Stop file upload after errors like a full disk (bsc#1062063) - Ensure -X flag works even when setting owner/group (bsc#1028842) Moderate SUSE bug 1028842 SUSE bug 1062063 SUSE bug 1066644 SUSE bug 1071459 SUSE bug 1071460 CVE-2017-16548 CVE-2017-17433 CVE-2017-17434 cpe:/o:suse:sles:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). These non-security issues were fixed: - bsc#1086039: Ensure that Dom0 does represent DomU cpu flags correctly - bsc#1027519: Fixed shadow mode guests Important SUSE bug 1027519 SUSE bug 1086039 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2018-10471 CVE-2018-10472 CVE-2018-8897 cpe:/o:suse:sles-ltss:12:sp2 Security update for ncurses (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136). - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131). - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127). - CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132). - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128). - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129). Moderate SUSE bug 1056127 SUSE bug 1056128 SUSE bug 1056129 SUSE bug 1056131 SUSE bug 1056132 SUSE bug 1056136 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Important SUSE bug 1090036 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for curl fixes the following issues: Security issues fixed: - CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code (bsc#1069226). - CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function (bsc#1069222). Moderate SUSE bug 1069222 SUSE bug 1069226 CVE-2017-8816 CVE-2017-8817 cpe:/o:suse:sles:12:sp2 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Important SUSE bug 1090036 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). Important SUSE bug 1090036 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed: - CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268). Important SUSE bug 1088268 SUSE bug 1090036 CVE-2017-0861 CVE-2018-1000199 cpe:/o:suse:sles-ltss:12:sp2 Security update for perl-XML-LibXML (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for perl-XML-LibXML fixes the following issues: Security issue fixed: - CVE-2017-10672: Fix use-after-free that allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call (bsc#1046848). Moderate SUSE bug 1046848 CVE-2017-10672 cpe:/o:suse:sles:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098) Non security issues fixed: - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825) Moderate SUSE bug 1086825 SUSE bug 1092098 CVE-2018-1000301 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox to the ESR 52.8 release fixes the following issues: Mozil to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/o:suse:sles-ltss:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This feature was added: - Add support for block resize support for xen disks through the monitor This non-security issue was fixed: - bsc#1079405: Add new look up path 'sys/class/tpm' for tpm cancel path based on Linux 4.0 change Important SUSE bug 1079405 SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' The following related and non-security bugs were fixed: - cpuid: Fix cpuid.edx.7.0 propagation to guest - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). Important SUSE bug 1056427 SUSE bug 1068032 SUSE bug 1075087 SUSE bug 1080157 SUSE bug 1087082 SUSE bug 1090953 SUSE bug 1091041 SUSE bug 1092289 SUSE bug 1093215 SUSE bug 1094019 CVE-2018-3639 cpe:/o:suse:sles-ltss:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2 This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c (bsc#1074973) - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c (bsc#1074975) - CVE-2018-5247: Fixed memory leak vulnerability in ReadRLAImage in coders/rla.c (bsc#1074969) - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052720) - CVE-2017-13060: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1055065) - CVE-2017-11724: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c involving the quantum_info and clone_info data structures (bsc#1051446) - CVE-2017-12670: Added validation in coders/mat.c to prevent an assertion failure in the function DestroyImage in MagickCore/image.c, which allowed attackers to cause a denial of service (bsc#1052731) - CVE-2017-12667: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1052732) - CVE-2017-13146: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055323) - CVE-2017-10800: Processing MATLAB images in coders/mat.c could have lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object was larger than the actual amount of data (bsc#1047044) - CVE-2017-13648: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1055434) - CVE-2017-11141: Fixed a memory leak vulnerability in the function ReadMATImage in coders\mat.c that could have caused memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call (bsc#1047898) - CVE-2017-11529: The ReadMATImage function in coders/mat.c allowed remote attackers to cause a denial of service (memory leak) via a crafted file (bsc#1050120) - CVE-2017-12564: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (bsc#1052468) - CVE-2017-12434: Added a missing NULL check in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c (bsc#1052550) - CVE-2017-12675: Added a missing check for multidimensional data coders/mat.c, that could have lead to a memory leak in the function ReadImage in MagickCore/constitute.c, which allowed attackers to cause a denial of service (bsc#1052710) - CVE-2017-14326: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted file (bsc#1058640) - CVE-2017-11644: Processesing a crafted file in convert could have lead to a memory leak in the ReadMATImage() function in coders/mat.c (bsc#1050606) - CVE-2017-13658: Added a missing NULL check in the ReadMATImage function in coders/mat.c, which could have lead to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c (bsc#1055855) - CVE-2017-14533: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c (bsc#1059751) - CVE-2017-17881: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service via a crafted MAT image file (bsc#1074123) Moderate SUSE bug 1047044 SUSE bug 1047898 SUSE bug 1050120 SUSE bug 1050606 SUSE bug 1051446 SUSE bug 1052468 SUSE bug 1052550 SUSE bug 1052710 SUSE bug 1052720 SUSE bug 1052731 SUSE bug 1052732 SUSE bug 1055065 SUSE bug 1055323 SUSE bug 1055434 SUSE bug 1055855 SUSE bug 1058640 SUSE bug 1059751 SUSE bug 1074123 SUSE bug 1074969 SUSE bug 1074973 SUSE bug 1074975 CVE-2017-10800 CVE-2017-11141 CVE-2017-11529 CVE-2017-11644 CVE-2017-11724 CVE-2017-12434 CVE-2017-12564 CVE-2017-12667 CVE-2017-12670 CVE-2017-12672 CVE-2017-12675 CVE-2017-13060 CVE-2017-13146 CVE-2017-13648 CVE-2017-13658 CVE-2017-14326 CVE-2017-14533 CVE-2017-17881 CVE-2017-18022 CVE-2018-5246 CVE-2018-5247 cpe:/o:suse:sles:12:sp2 Security update for bash (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299) - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) Non-security issues fixed: - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247) Moderate SUSE bug 1000396 SUSE bug 1001299 SUSE bug 1086247 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sles-ltss:12:sp2 Security update for icu (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999) Moderate SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 1087932 SUSE bug 929629 SUSE bug 990636 CVE-2014-8146 CVE-2014-8147 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sles-ltss:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 cpe:/o:suse:sles-ltss:12:sp2 Security update for freeradius-server (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Important SUSE bug 1132549 SUSE bug 1132664 CVE-2019-11234 CVE-2019-11235 cpe:/o:suse:sles-ltss:12:sp2 Security update for libssh2_org (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sles-ltss:12:sp2 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). Moderate SUSE bug 1104205 SUSE bug 1109209 CVE-2018-14526 cpe:/o:suse:sles-ltss:12:sp2 Security update for atftp (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:sles-ltss:12:sp2 Security update for krb5 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Important SUSE bug 1120489 CVE-2018-20217 cpe:/o:suse:sles-ltss:12:sp2 Security update for hostinfo, supportutils (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) Important SUSE bug 1054979 SUSE bug 1099498 SUSE bug 1115245 SUSE bug 1117751 SUSE bug 1117776 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 SUSE bug 1125623 SUSE bug 1125666 CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: - Reject invalid EC point coordinates (bsc#1131291) This helps openssl using services that do not do this verification on their own. Moderate SUSE bug 1131291 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 cpe:/o:suse:sles-ltss:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Save registry file outside share as unprivileged user (bsc#1131060). Non-security issue fixed: - Backport changes to support quotas with SMB2 (bsc#1106119). Moderate SUSE bug 1106119 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles-ltss:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fixed an issue where the first login failed and subsequent ones work (bsc#1126463). - Fixed winbind running out of memory with high number of domain groups (bsc#1114459). - Backport changes to support quotas with SMB2 (bsc#1106119). Moderate SUSE bug 1087481 SUSE bug 1106119 SUSE bug 1114459 SUSE bug 1126463 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles-ltss:12:sp2 Security update for jakarta-commons-fileupload (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Important SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1133135 CVE-2018-11212 CVE-2018-3639 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-ltss:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) Important SUSE bug 1080919 SUSE bug 1121563 SUSE bug 1125352 SUSE bug 1126056 SUSE bug 1127557 SUSE bug 1128657 SUSE bug 1130230 SUSE bug 1132348 SUSE bug 1132400 SUSE bug 1132721 SUSE bug 955942 CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 cpe:/o:suse:sles-ltss:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for qemu fixes the following issues: Following security issues were fixed: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Important SUSE bug 1111331 SUSE bug 1129622 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network could use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. (bnc#1096748). - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. (bnc#1096748). - CVE-2016-8636: Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c allowed local users to cause a denial of service (memory corruption), obtain sensitive information or possibly have unspecified other impact via a write or read request involving the 'RDMA protocol over infiniband' (aka Soft RoCE) technology (bnc#1024908). - CVE-2017-18174: In the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533). - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c has multiple race conditions (bnc#1133188). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (bsc#1131427). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2019-9503, CVE-2019-8564: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828, bnc#1132673). The following non-security bugs were fixed: - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - add mainline tags to four hyperv patches - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - Drivers: hv: vmbus: Define an API to retrieve virtual processor index (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the event page (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the message page (bsc#1122822).++ kernel-source.spec (revision 4)Release: &lt;RELEASE>.gbd4498d - Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt controller (bsc#1122822). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1111331). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - MDS: Add CVE refs - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1129279). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1129279). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1129279). - net: ena: complete host info to match latest ENA spec (bsc#1129279). - net: ena: enable Low Latency Queues (bsc#1129279). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1129279). - net: ena: fix auto casting to boolean (bsc#1129279). - net: ena: fix compilation error in xtensa architecture (bsc#1129279). - net: ena: fix crash during ena_remove() (bsc#1129279). - net: ena: fix crash during failed resume from hibernation (bsc#1129279). - net: ena: fix indentations in ena_defs for better readability (bsc#1129279). - net: ena: Fix Kconfig dependency on X86 (bsc#1129279). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1129279). - net: ena: fix race between link up and device initalization (bsc#1129279). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1129279). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1129279). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1129279). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1129279). - net: ena: minor performance improvement (bsc#1129279). - net: ena: remove ndo_poll_controller (bsc#1129279). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1129279). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1129279). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129279). - net: ena: update driver version to 2.0.1 (bsc#1129279). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1129279). - PCI: hv: Add vPCI version protocol negotiation (bnc#1043485, bsc#1122822). - PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC (bnc#1034113, bsc#1122822). - PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg() (bnc#1094268, bsc#1122822). - PCI: hv: Do not sleep in compose_msi_msg() (bsc#1082632, bsc#1122822). - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#1087906, bsc#1122822). - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659, bsc#1122822). - PCI: hv: Fix comment formatting and use proper integer fields (bnc#1043485, bsc#1122822). - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (bsc#1087659, bsc#1122822). - PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659, bsc#1122822). - PCI: hv: Serialize the present and eject work items (bsc#1087659, bsc#1122822). - PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs (bnc#1043485, bsc#1122822). - PCI: hv: Temporary own CPU-number-to-vCPU-number infra (bnc#1043485, bsc#1122822). - PCI: hv: Use effective affinity mask (bsc#1109772, bsc#1122822). - PCI: hv: Use page allocation for hbus structure (bnc#1043485, bsc#1122822). - PCI: hv: Use vPCI protocol version 1.2 (bnc#1043485, bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - powerpc/64: Disable the speculation barrier from the command line (bsc#1068032). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390: add explicit <linux/stringify.h> for jump label (bsc#1111331). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - Use upstream variant of two pci-hyperv patches - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382 bsc#1100152). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1111331). - x86/bugs: Rename SSBD_NO to SSB_NO (bsc#1111331). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#1111331). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772, bsc#1122822). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86: stop exporting msr-index.h to userland (bsc#1111331). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382 bsc#1100152). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382 bsc#1100152). Important SUSE bug 1012382 SUSE bug 1024908 SUSE bug 1034113 SUSE bug 1043485 SUSE bug 1068032 SUSE bug 1073311 SUSE bug 1080157 SUSE bug 1080533 SUSE bug 1082632 SUSE bug 1087231 SUSE bug 1087659 SUSE bug 1087906 SUSE bug 1093158 SUSE bug 1094268 SUSE bug 1096748 SUSE bug 1100152 SUSE bug 1103186 SUSE bug 1106913 SUSE bug 1109772 SUSE bug 1111331 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1116841 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1122822 SUSE bug 1124832 SUSE bug 1125580 SUSE bug 1129279 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131587 SUSE bug 1132673 SUSE bug 1132828 SUSE bug 1133188 CVE-2016-8636 CVE-2017-17741 CVE-2017-18174 CVE-2018-1091 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-19407 CVE-2019-11091 CVE-2019-11486 CVE-2019-3882 CVE-2019-8564 CVE-2019-9503 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: ucode-intel was updated to official QSR 2019.1 microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded Broadwell CPU ucode that was missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssh (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Important SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles-ltss:12:sp2 Security update for systemd (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Moderate SUSE bug 1005023 SUSE bug 1076696 SUSE bug 1101591 SUSE bug 1114981 SUSE bug 1115518 SUSE bug 1119971 SUSE bug 1120323 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 cpe:/o:suse:sles-ltss:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380). - Fixed an issue with live migration (bsc#1133818). - Added upstream bug fix (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1116380 SUSE bug 1130680 SUSE bug 1133818 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Important SUSE bug 1135824 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_0-openjdk fixes the following issues: Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed: - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: - Please check the package Changelog for detailed information. Moderate SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1134297 CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sles-ltss:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes one issue. The following security issue was fixed: - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Important SUSE bug 1102682 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_85 fixes one issue. The following security issue was fixed: - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free) (bsc#1131390). Important SUSE bug 1131390 CVE-2018-14734 cpe:/o:suse:sles-ltss:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other security issues fixed: - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). - qemu: Add support for using AES secret for SCSI hotplug Important SUSE bug 1111331 SUSE bug 1131595 SUSE bug 1135273 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-3886 cpe:/o:suse:sles-ltss:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Important SUSE bug 1122319 CVE-2019-6116 cpe:/o:suse:sles-ltss:12:sp2 Security update for vim (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Moderate SUSE bug 1065237 SUSE bug 1090671 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There is an unchecked kstrdup of fwstr, which may have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1131543) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not have ended with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) The following non-security bugs were fixed: - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1134596). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1134596). Important SUSE bug 1099658 SUSE bug 1106284 SUSE bug 1110785 SUSE bug 1113769 SUSE bug 1120843 SUSE bug 1120885 SUSE bug 1131543 SUSE bug 1131565 SUSE bug 1132374 SUSE bug 1132472 SUSE bug 1134537 SUSE bug 1134596 SUSE bug 1134848 SUSE bug 1135281 SUSE bug 1135603 SUSE bug 1136424 SUSE bug 1136446 SUSE bug 1136586 SUSE bug 1136935 SUSE bug 1137586 CVE-2018-17972 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sles-ltss:12:sp2 Security update for dbus-1 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sles-ltss:12:sp2 Security update for gstreamer-plugins-base (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sles-ltss:12:sp2 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sles-ltss:12:sp2 Security update for gstreamer-0_10-plugins-base (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sles-ltss:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_85 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Important SUSE bug 1138872 CVE-2019-11708 cpe:/o:suse:sles-ltss:12:sp2 Security update for glib2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Important SUSE bug 1061599 SUSE bug 1107116 SUSE bug 1107121 SUSE bug 1137001 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2018-5390: Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Important SUSE bug 1102682 SUSE bug 1133191 CVE-2018-5390 CVE-2019-11487 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql10 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#) - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#) - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#) - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190) The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).' This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701). - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701). - x86/microcode/amd: Hand down the CPU family (bsc#1134701). - x86/microcode/amd: Move private inlines to .c and mark local functions static (bsc#1134701). - x86/microcode/intel: Drop stashed AP patch pointer optimization (bsc#1134701). - x86/microcode/intel: Fix allocation size of struct ucode_patch (bsc#1134701). - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/intel: Remove intel_lib.c (bsc#1134701). - x86/microcode/intel: Remove unused arg of get_matching_model_microcode() (bsc#1134701). - x86/microcode/intel: Rename load_microcode_early() to find_microcode_patch() (bsc#1134701). - x86/microcode/intel: Rename local variables of type struct mc_saved_data (bsc#1134701). - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701). - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701). - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701). - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701). - x86/microcode/intel: Use correct buffer size for saving microcode data (bsc#1134701). - x86/microcode: Collect CPU info on resume (bsc#1134701). - x86/microcode: Export the microcode cache linked list (bsc#1134701). - x86/microcode: Fix loading precedence (bsc#1134701). - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg (bsc#1134701). - x86/microcode: Issue the debug printk on resume only on success (bsc#1134701). - x86/microcode: Rework microcode loading (bsc#1134701). - x86/microcode: Run the AP-loading routine only on the application processors (bsc#1134701). Important SUSE bug 1096254 SUSE bug 1108382 SUSE bug 1109137 SUSE bug 1127155 SUSE bug 1133190 SUSE bug 1133738 SUSE bug 1134395 SUSE bug 1134701 SUSE bug 1136922 SUSE bug 1136935 SUSE bug 1137194 SUSE bug 1138291 SUSE bug 1140575 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sles-ltss:12:sp2 Security update for glib2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Important SUSE bug 1139959 SUSE bug 1140122 CVE-2019-13012 cpe:/o:suse:sles-ltss:12:sp2 Security update for xrdp (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xrdp fixes the following issues: Security issues fixed: - CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user's cleartext password, DES encrypted with a known key (bsc#1015567). - CVE-2017-16927: The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through used an untrusted integer as a write length, which could lead to a local denial of service (bsc#1069591). - CVE-2017-6967: Fixed call of the PAM function auth_start_session(). This lead to to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass (bsc#1029912). Other issues addressed: - The KillDisconnected option for TigerVNC Xvnc sessions is now supported (bsc#1101506) - Fixed an issue with delayed X KeyRelease events (bsc#1100453) - Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524) - Avoid use of hard-coded sesman port. (bsc#1060644) - Backport upstream commit 5575197, sesman should stop setting LANG and let initialization scripts take care of it (bsc#1023988). - Backport upstream patches for 32bpp support (bsc#1022098). - Fixed a regression connecting from Windows 10. (bsc#1090174) Important SUSE bug 1014524 SUSE bug 1015567 SUSE bug 1022098 SUSE bug 1023988 SUSE bug 1029912 SUSE bug 1060644 SUSE bug 1069591 SUSE bug 1090174 SUSE bug 1100453 SUSE bug 1101506 CVE-2013-1430 CVE-2017-16927 CVE-2017-6967 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:sles-ltss:12:sp2 Security update for polkit (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes one issue. The following security issue was fixed: This update contains a regression fix for CVE-2019-11478 (bsc#1140747). Important SUSE bug 1140747 CVE-2019-11478 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-ltss:12:sp2 Security update for bzip2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sles-ltss:12:sp2 Security update for glibc (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Moderate SUSE bug 1127223 SUSE bug 1127308 SUSE bug 1128574 CVE-2009-5155 CVE-2019-9169 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) - Fixed an issue with live migrations, which used to fail when spectre is enabled on xen boot cmdline (bsc#1116380) - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1105528 SUSE bug 1108940 SUSE bug 1114423 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1116380 SUSE bug 1117756 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 cpe:/o:suse:sles-ltss:12:sp2 Security update for bzip2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sles-ltss:12:sp2 Security update for polkit (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Important SUSE bug 1115375 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:suse:sles-ltss:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mariadb fixes the following issues: Update to MariaDB 10.0.38 GA (bsc#1136037). Security issues fixed: - CVE-2019-2537: Denial of service via multiple protocols (bsc#1136037) - CVE-2019-2529: Denial of service via multiple protocols (bsc#1136037) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Removed PerconaFT from the package as it has AGPL licence (bsc#1118754). - Do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Removed 'umask 077' from mysql-systemd-helper that caused new datadirs created with wrong permissions (bsc#1132666). Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10038-release-notes - https://kb.askmonty.org/en/mariadb-10038-changelog - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Important SUSE bug 1013882 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112397 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 SUSE bug 1132666 SUSE bug 1136037 CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 CVE-2019-2529 CVE-2019-2537 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Important SUSE bug 1109663 SUSE bug 1109847 SUSE bug 1138459 CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 cpe:/o:suse:sles-ltss:12:sp2 Security update for evince (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sles-ltss:12:sp2 Security update for squid (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials (bsc#1141329). - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332). - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Moderate SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 CVE-2019-12525 CVE-2019-12529 CVE-2019-13345 cpe:/o:suse:sles-ltss:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sles-ltss:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issue fixed: - qemu: Add support for overriding max threads per process limit (bsc#1133719) Important SUSE bug 1133719 SUSE bug 1138301 SUSE bug 1138303 CVE-2019-10161 CVE-2019-10167 cpe:/o:suse:sles-ltss:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Important SUSE bug 1135902 SUSE bug 1140402 SUSE bug 1143794 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_117 fixes one issue. The following security issue was fixed: - CVE-2018-5390: Fixed expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could have led to a denial of service (bsc#1102682). Important SUSE bug 1102682 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for perl fixes the following issues: Security issue fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). Important SUSE bug 1114674 CVE-2018-18311 cpe:/o:suse:sles-ltss:12:sp2 Security update for libsolv, libzypp, zypper (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 and fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Fixes for libzypp: - Fixes a bug where locking the kernel was not possible (bsc#1113296) - Fixes a file descriptor leak (bsc#1116995) - Will now run file conflict check on dry-run (best with download-only) (bsc#1140039) Fixes for zypper: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) - Fixes bash completion option detection (bsc#1049825) Moderate SUSE bug 1049825 SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1116995 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 SUSE bug 1140039 SUSE bug 1145521 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') could have caused a system lock up and a denial of service (bnc#1123161). - CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922). - CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857). - CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). The following non-security bugs were fixed: - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652, bsc#1144288). - bcache: fix race in btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1130972, bsc#1144257). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1130972, bsc#1144273). - bcache: performance improvement for btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652, bsc#1144288). - btrfs: improve delayed refs iterations (bsc#1076033, bsc#1107256). - i40e: add functions to control default VSI (bsc#1141628). - i40e: set default VSI without a reset (bsc#1141628). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1142098). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - qib/hfi1: Fix MR reference count leak on write with immediate (bsc#1045640). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (XSA-300). Important SUSE bug 1045640 SUSE bug 1076033 SUSE bug 1107256 SUSE bug 1123161 SUSE bug 1130972 SUSE bug 1134399 SUSE bug 1139358 SUSE bug 1140012 SUSE bug 1140652 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141628 SUSE bug 1142023 SUSE bug 1142098 SUSE bug 1142857 SUSE bug 1143045 SUSE bug 1143048 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1144257 SUSE bug 1144273 SUSE bug 1144288 SUSE bug 1144920 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1146163 CVE-2017-18551 CVE-2018-20855 CVE-2018-20856 CVE-2019-10207 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 CVE-2019-15117 CVE-2019-15118 CVE-2019-3819 cpe:/o:suse:sles-ltss:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Important SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles-ltss:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Important SUSE bug 1135715 SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Important SUSE bug 1122292 SUSE bug 1122299 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141787 SUSE bug 1141789 SUSE bug 1147021 CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles-ltss:12:sp2 Security update for ibus (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Important SUSE bug 1120644 SUSE bug 1122191 CVE-2018-20406 CVE-2019-5010 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) Important SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1149324 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:sles-ltss:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for dovecot22 fixes the following issues: - CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Important SUSE bug 1145559 CVE-2019-11500 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Important SUSE bug 1129180 SUSE bug 1131863 SUSE bug 1134156 SUSE bug 1140359 SUSE bug 1146882 SUSE bug 1146884 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 cpe:/o:suse:sles-ltss:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Important SUSE bug 1123371 SUSE bug 1123377 SUSE bug 1123378 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 cpe:/o:suse:sles-ltss:12:sp2 Security update for libsoup (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libsoup fixes the following issues: Security issue fixed: - CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097). - CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916). Bug fixes: - bsc#1086036: translation-update-upstream commented out for Leap Moderate SUSE bug 1052916 SUSE bug 1086036 SUSE bug 1100097 CVE-2017-2885 CVE-2018-12910 cpe:/o:suse:sles-ltss:12:sp2 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_95 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_98 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). - CVE-2018-5390: Fixed a denial of service ('SegmentSmack') in tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet (bsc#1102682). Important SUSE bug 1102682 SUSE bug 1151021 CVE-2018-5390 CVE-2019-14835 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_117 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_104 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_101 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Important SUSE bug 1087200 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1133810 SUSE bug 1140868 SUSE bug 1145665 SUSE bug 1149323 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 cpe:/o:suse:sles-ltss:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly. Moderate SUSE bug 1109412 SUSE bug 1109413 SUSE bug 1109414 SUSE bug 1111996 SUSE bug 1112534 SUSE bug 1112535 SUSE bug 1113247 SUSE bug 1113252 SUSE bug 1113255 SUSE bug 1116827 SUSE bug 1118830 SUSE bug 1118831 SUSE bug 1120640 SUSE bug 1121034 SUSE bug 1121035 SUSE bug 1121056 SUSE bug 1133131 SUSE bug 1133232 SUSE bug 1141913 SUSE bug 1142772 CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2019-1010180 cpe:/o:suse:sles-ltss:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sles-ltss:12:sp2 Security update for libpcap (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:suse:sles-ltss:12:sp2 Security update for nfs-utils (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Moderate SUSE bug 1150733 CVE-2019-3689 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Important SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1143797 SUSE bug 1146874 SUSE bug 1149813 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). Important SUSE bug 1010399 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010421 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1025108 SUSE bug 1043008 SUSE bug 1047281 SUSE bug 1074235 SUSE bug 1092611 SUSE bug 1120374 SUSE bug 1137990 SUSE bug 1149429 SUSE bug 1154738 SUSE bug 959933 SUSE bug 983922 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7789 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:suse:sles-ltss:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issues: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles-ltss:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles-ltss:12:sp2 Security update for gdb (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Add gdb-s390-handle-arch13.diff to handle most new s390 arch13 instructions. [fate#327369, jsc#ECO-368] Moderate SUSE bug 1115034 SUSE bug 1142772 SUSE bug 1145692 CVE-2019-1010180 cpe:/o:suse:sles-ltss:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sles-ltss:12:sp2 Security update for libseccomp (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libseccomp fixes the following issues: Update to new upstream release 2.4.1: * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 (bsc#1128828 CVE-2019-9893): * Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates Update to release 2.3.3: * Updated the syscall table for Linux v4.15-rc7 Update to release 2.3.2: * Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes - ignore make check error for ppc64/ppc64le, bypass bsc#1142614 Moderate SUSE bug 1082318 SUSE bug 1128828 SUSE bug 1142614 CVE-2019-9893 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) - requires coreutils for the %post script (bsc#1154043) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1154043 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles-ltss:12:sp2 Security update for libjpeg-turbo (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Important SUSE bug 1156402 CVE-2019-2201 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ghostscript fixes the following issue: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). Important SUSE bug 1156275 CVE-2019-14869 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17055: The AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). - CVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems (bnc#1151347). - CVE-2019-15902: A backporting issue was discovered that re-introduced the Spectre vulnerability it had aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15291: Fixed a NULL pointer dereference issue that could be caused by a malicious USB device (bnc#1146519). - CVE-2019-15807: Fixed a memory leak in the SCSI module that could be abused to cause denial of service (bnc#1148938). - CVE-2019-13272: Fixed a mishandled the recording of the credentials of a process that wants to create a ptrace relationship, which allowed local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). (bnc#1140671). - CVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's kvm hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15505: An out-of-bounds issue had been fixed that could be caused by crafted USB device traffic (bnc#1147122). - CVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555). - CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: A NULL pointer dereference was fixed that could be malicious USB device (bnc#1146361). - CVE-2019-15924: A a NULL pointer dereference has been fixed in the drivers/net/ethernet/intel/fm10k module (bnc#1149612). - CVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025). - CVE-2019-15926: An out-of-bounds access was fixed in the drivers/net/wireless/ath/ath6kl module. (bnc#1149527). - CVE-2019-15927: An out-of-bounds access was fixed in the sound/usb/mixer module (bnc#1149522). - CVE-2019-15666: There was an out-of-bounds array access in the net/xfrm module that could cause denial of service (bnc#1148394). - CVE-2019-15219: A NULL pointer dereference was fixed that could be abused by a malicious USB device (bnc#1146519 1146524). - CVE-2019-15220: A use-after-free issue was fixed that could be caused by a malicious USB device (bnc#1146519 1146526). - CVE-2019-15221: A NULL pointer dereference was fixed that could be caused by a malicious USB device (bnc#1146519 1146529). - CVE-2019-14814: A heap-based buffer overflow was fixed in the marvell wifi chip driver. That issue allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: A missing length check while parsing WMM IEs was fixed (bsc#1146512, bsc#1146514, bsc#1146516). - CVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip driver was fixed. Local users would have abused this issue to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477) - CVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865). - CVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath was fixed (bnc#1146378). - CVE-2019-15290: A NULL pointer dereference in ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378). - CVE-2019-15212: A double-free issue was fixed in drivers/usb driver (bnc#1146391). - CVE-2016-10906: A use-after-free issue was fixed in drivers/net/ethernet/arc (bnc#1146584). - CVE-2019-15211: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/v4l2-core driver (bnc#1146519). - CVE-2019-15217: A a NULL pointer dereference issue caused by a malicious USB device was fixed in the drivers/media/usb/zr364xx driver (bnc#1146519). - CVE-2019-15214: An a use-after-free issue in the sound subsystem was fixed (bnc#1146519). - CVE-2019-15218: A NULL pointer dereference caused by a malicious USB device was fixed in the drivers/media/usb/siano driver (bnc#1146413). - CVE-2019-15215: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425). - CVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver (bnc#1146285). - CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966) - CVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967) - CVE-2019-16231: The fjes driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bnc#1150466) - CVE-2019-18805: Fix signed integer overflow in tcp_ack_update_rtt() that could have lead to a denial of service or possibly unspecified other impact (bsc#1156187) - CVE-2019-18680: A NULL pointer dereference in rds_tcp_kill_sock() could cause denial of service (bnc#1155898) The following non-security bugs were fixed: - cpu/speculation: Uninline and export CPU mitigations helpers (bnc#1117665). - documentation: Add ITLB_MULTIHIT documentation (bnc#1117665). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ib/core: array_index_nospec: Sanitize speculative array (bsc#1155671) - ipv6: Update ipv6 defrag code (add bsc#1141054). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm kABI Fix for NX patches (bsc#1117665). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665). - kvm: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage (bsc#1117665). - kvm: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed (bsc#1117665). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - kvm: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault() (bsc#1117665). - kvm: x86: MMU: Encapsulate the type of rmap-chain head in a new struct (bsc#1117665). - kvm: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault() (bsc#1117665). - kvm: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (bsc#1117665). - kvm: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (bsc#1117665). - kvm: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() (bsc#1117665). - kvm: x86: MMU: always set accessed bit in shadow PTEs (bsc#1117665). - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: extend usage of RET_MMIO_PF_* constants (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT (bnc#1117665). - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - kvm: x86: simplify ept_misconfig (bsc#1117665). - media: smsusb: better handle optional alignment (bsc#1146413). - mm: use upstream patch for bsc#1106913 - scsi: scsi_transport_fc: Drop double list_del() (bsc#1084878) - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1068032, bsc#1092497). - x86/cpu: Add Atom Tremont (Jacobsville) (bsc#1117665). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bsc#1150223). - x86/mitigations: Backport the STIBP pile See bsc#1139550 - xen-blkfront: avoid ENOMEM in blkif_recover after migration (bsc#1149849). Important SUSE bug 1068032 SUSE bug 1084878 SUSE bug 1092497 SUSE bug 1106913 SUSE bug 1117665 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137865 SUSE bug 1139550 SUSE bug 1140671 SUSE bug 1141054 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1145477 SUSE bug 1146285 SUSE bug 1146361 SUSE bug 1146378 SUSE bug 1146391 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146512 SUSE bug 1146514 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146584 SUSE bug 1147122 SUSE bug 1148394 SUSE bug 1148938 SUSE bug 1149376 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149555 SUSE bug 1149612 SUSE bug 1149849 SUSE bug 1150025 SUSE bug 1150112 SUSE bug 1150223 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150466 SUSE bug 1151347 SUSE bug 1151350 SUSE bug 1152685 SUSE bug 1152782 SUSE bug 1152788 SUSE bug 1153158 SUSE bug 1154372 SUSE bug 1155671 SUSE bug 1155898 SUSE bug 1156187 CVE-2016-10906 CVE-2017-18509 CVE-2017-18595 CVE-2018-12207 CVE-2018-20976 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-13272 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15098 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15290 CVE-2019-15291 CVE-2019-15505 CVE-2019-15666 CVE-2019-15807 CVE-2019-15902 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16413 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18680 CVE-2019-18805 CVE-2019-9456 CVE-2019-9506 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles-ltss:12:sp2 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:sles-ltss:12:sp2 Security update for cups (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). Important SUSE bug 1146358 SUSE bug 1146359 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sles-ltss:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Moderate SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1151839 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:sles-ltss:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Important SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles-ltss:12:sp2 Security update for LibVNCServer (Critical) SUSE Linux Enterprise Server 12 SP2-LTSS This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sles-ltss:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:sles-ltss:12:sp2 Security update for permissions (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused segmentation fault (bsc#1157198). Moderate SUSE bug 1093414 SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3688 CVE-2019-3690 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 SUSE bug 1157770 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 SUSE bug 1157770 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1157770 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-ltss:12:sp2 Security update for strongswan (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for strongswan provides the following fixes: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Other issues addressed: - Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853). - Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit. - Handle unexpected informational message from SonicWall. (bsc#1009254) Important SUSE bug 1009254 SUSE bug 1071853 SUSE bug 1093536 SUSE bug 1094462 SUSE bug 1107874 SUSE bug 1109845 CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2018-5388 cpe:/o:suse:sles-ltss:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023) Important SUSE bug 1082023 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158788 SUSE bug 1158789 SUSE bug 1158790 SUSE bug 1158791 SUSE bug 1158792 SUSE bug 1158793 SUSE bug 1158795 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Important SUSE bug 1158328 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Important SUSE bug 1120374 SUSE bug 1122983 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_85 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_92 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_98 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_95 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-ltss:12:sp2 Security update for util-linux (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user (bsc#1084300). These non-security issues were fixed: - Fixed crash loop in lscpu (bsc#1072947). - Fixed possible segfault of umount -a - Fixed mount -a on NFS bind mounts (bsc#1080740). - Fixed lsblk on NVMe (bsc#1078662). Important SUSE bug 1072947 SUSE bug 1078662 SUSE bug 1080740 SUSE bug 1084300 CVE-2018-7738 cpe:/o:suse:sles-ltss:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage['cursor'] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Important SUSE bug 1111498 SUSE bug 1117025 SUSE bug 1117382 SUSE bug 1120658 SUSE bug 1122000 SUSE bug 1122344 SUSE bug 1123333 SUSE bug 1123892 SUSE bug 1125352 CVE-2019-6454 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). The following non-security bugs were fixed: - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ata: Fix racy link clearance (bsc#1107866). - btrfs: Fix wrong first_key parameter in replace_path (follow up fixes for bsc#1084721). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (bsc#1113192) - fscache: fix race between enablement and dropping of object (bsc#1107385). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ip: hash fragments consistently (bsc#1042286 bsc#1108145). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - libfc: sync strings with upstream versions (bsc#1114763). - md: reorder flag_bits to match upstream commits The ordering in the patches was backward. - mm: add support for releasing multiple instances of a page (bsc#1100105). - mm: rename __page_frag functions to __page_frag_cache, drop order from drain (bsc#1100105). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - NFS: add nostatflush mount option (bsc#1065726). - nospec: Include <asm/barrier.h> dependency (bsc#1114648). - ovl: after setting xattributes, you need to copy the attributes in order to make sure the mode and ctime/mtime is set (bsc#1107299). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - Revert 'kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)' This reverts commit 54da5757cbbb39ab15b3cd09cf922a8a9e32209c. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1091197). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - sd: disable logical block provisioning if 'lpbme' is not set (bsc#1086095). - tcp: prevent bogus FRTO undos with non-SACK flows (bsc#1086535). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bsc#1105931). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555, bsc#1117187). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs/dmapi: restore event in xfs_getbmap (bsc#1095344, bsc#1114763). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). Important SUSE bug 1012382 SUSE bug 1023175 SUSE bug 1042286 SUSE bug 1065600 SUSE bug 1065726 SUSE bug 1070805 SUSE bug 1084721 SUSE bug 1086095 SUSE bug 1086535 SUSE bug 1091158 SUSE bug 1091171 SUSE bug 1091197 SUSE bug 1094825 SUSE bug 1095344 SUSE bug 1098996 SUSE bug 1099523 SUSE bug 1099597 SUSE bug 1100105 SUSE bug 1101555 SUSE bug 1103624 SUSE bug 1104731 SUSE bug 1105025 SUSE bug 1105931 SUSE bug 1106293 SUSE bug 1107256 SUSE bug 1107299 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108145 SUSE bug 1108498 SUSE bug 1109330 SUSE bug 1110286 SUSE bug 1110837 SUSE bug 1111062 SUSE bug 1113192 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114190 SUSE bug 1114648 SUSE bug 1114763 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1116027 SUSE bug 1116183 SUSE bug 1116345 SUSE bug 1117186 SUSE bug 1117187 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1119714 SUSE bug 1119946 SUSE bug 1119947 SUSE bug 1120743 SUSE bug 1120758 SUSE bug 1121621 SUSE bug 1123161 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 cpe:/o:suse:sles-ltss:12:sp2 Security update for procps (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sles-ltss:12:sp2 Security update for texlive (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Important SUSE bug 1109673 CVE-2018-17407 cpe:/o:suse:sles-ltss:12:sp2 Security update for kernel-firmware (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Important SUSE bug 1104301 CVE-2018-5383 cpe:/o:suse:sles-ltss:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 cpe:/o:suse:sles-ltss:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604). - CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function. - CVE-2017-13672: Fixed a denial of service via vectors involving display update. Non-security issues fixed: - Fixed bad guest time after migration (bsc#1113231). Important SUSE bug 1084604 SUSE bug 1113231 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1119493 SUSE bug 1123156 CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2018-7858 CVE-2019-6778 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 cpe:/o:suse:sles-ltss:12:sp2 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues fixed: - libxl: save current memory value after successful balloon (bsc#1120813). - spec: Don't restart libvirt-guests when updating libvirt-client (bsc#1104662). Moderate SUSE bug 1104662 SUSE bug 1120813 SUSE bug 1127458 CVE-2019-3840 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Important SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 cpe:/o:suse:sles-ltss:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120119 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Important SUSE bug 1122292 SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1128158 CVE-2018-11212 CVE-2018-1890 CVE-2019-2422 CVE-2019-2449 cpe:/o:suse:sles-ltss:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_85 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Moderate SUSE bug 1129231 cpe:/o:suse:sles-ltss:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1125401 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could have led to a denial of service (bsc#1102682). Important SUSE bug 1102682 SUSE bug 1107832 SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2018-14633 CVE-2018-5390 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Other issues addressed: - Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Moderate SUSE bug 1100078 SUSE bug 1113975 SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 cpe:/o:suse:sles-ltss:12:sp2 Security update for sssd (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sssd provides the following fixes: This security issue was fixed: - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users (bsc#1098377) These non-security issues were fixed: - Fix a segmentation fault in sss_cache command. (bsc#1072728) - Fix a failure in autofs initialisation sequence upon system boot. (bsc#1010700) - Fix race condition on boot between SSSD and autofs. (bsc#1010700) - Fix a bug where file descriptors were not closed (bsc#1080156) - Fix an issue where sssd logs were not rotated properly (bsc#1080156) - Remove whitespaces from netgroup entries (bsc#1087320) - Remove misleading log messages (bsc#1101877) - exit() the forked process if exec()-ing a child process fails (bsc#1110299) - Do not schedule the machine renewal task if adcli is not executable (bsc#1110299) Moderate SUSE bug 1010700 SUSE bug 1072728 SUSE bug 1080156 SUSE bug 1087320 SUSE bug 1098377 SUSE bug 1101877 SUSE bug 1110299 CVE-2018-10852 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829). - CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732). - CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728). The following non-security bugs were fixed: - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ipv4: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - netfilter: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599, bsc#1105402, bsc#1127758). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1108145). - scsi: megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (bsc#1121698). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bsc#1122821). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen-netfront: Fix hang on device removal (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Important SUSE bug 1012382 SUSE bug 1075697 SUSE bug 1082943 SUSE bug 1098599 SUSE bug 1102959 SUSE bug 1105402 SUSE bug 1107829 SUSE bug 1108145 SUSE bug 1109137 SUSE bug 1109330 SUSE bug 1110286 SUSE bug 1117645 SUSE bug 1119019 SUSE bug 1120691 SUSE bug 1121698 SUSE bug 1121805 SUSE bug 1122821 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1125315 SUSE bug 1127155 SUSE bug 1127758 SUSE bug 1127961 SUSE bug 1128166 SUSE bug 1129080 SUSE bug 1129179 CVE-2018-14633 CVE-2019-2024 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 cpe:/o:suse:sles-ltss:12:sp2 Security update for bash (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Important SUSE bug 1130324 CVE-2019-9924 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Important SUSE bug 1125330 SUSE bug 1127987 SUSE bug 1129821 SUSE bug 1130262 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 cpe:/o:suse:sles-ltss:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Important SUSE bug 1131233 SUSE bug 1131237 SUSE bug 1131239 SUSE bug 1131241 SUSE bug 1131245 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sles-ltss:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:sles-ltss:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Important SUSE bug 1111789 SUSE bug 1123022 SUSE bug 1130116 CVE-2019-3814 CVE-2019-7524 cpe:/o:suse:sles-ltss:12:sp2 Security update for sqlite3 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Moderate SUSE bug 1119687 SUSE bug 1131576 CVE-2018-20346 CVE-2018-20506 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) Other issue addressed: - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). Important SUSE bug 1026236 SUSE bug 1114988 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129623 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_104 fixes one issue. The following security issue was fixed: - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Important SUSE bug 1102682 CVE-2018-5390 cpe:/o:suse:sles-ltss:12:sp2 Security update for wget (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Important SUSE bug 1131493 CVE-2019-5953 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 CVE-2019-9636 cpe:/o:suse:sles-ltss:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758). Important SUSE bug 1112758 SUSE bug 1131886 CVE-2018-16839 cpe:/o:suse:sles-ltss:12:sp2 Security update for cups (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:sles-ltss:12:sp2 Security update for pam_radius (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for pam_radius fixes the following issues: - CVE-2015-9542: Fixed a buffer overflow in password field (bsc#1163933). - On s390x didn't decrypt passwords correctly (bsc#1141670). Important SUSE bug 1141670 SUSE bug 1163933 CVE-2015-9542 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). - CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329). Important SUSE bug 1155321 SUSE bug 1156318 SUSE bug 1159329 SUSE bug 1161719 SUSE bug 1163809 SUSE bug 1165528 SUSE bug 1169658 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 cpe:/o:suse:sles-ltss:12:sp2 Security update for shibboleth-sp (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files (bsc#1157471). Moderate SUSE bug 1157471 CVE-2019-19191 cpe:/o:suse:sles-ltss:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:sles-ltss:12:sp2 Security update for icu (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for icu fixes the following issues: - CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend() (bsc#1166844). Moderate SUSE bug 1166844 CVE-2020-10531 cpe:/o:suse:sles-ltss:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643). Non-security issues fixed: - Update to version 2.28.2 (bsc#1170643): + Fix excessive CPU usage due to GdkFrameClock not being stopped. + Fix UI process crash when EGL_WL_bind_wayland_display extension is not available. + Fix position of select popup menus in X11. + Fix playing of Youtube 'live stream'/H264 URLs. + Fix a crash under X11 when cairo uses xcb. + Fix the build in MIPS64. + Fix several crashes and rendering issues. Important SUSE bug 1170643 CVE-2020-3899 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603). Important SUSE bug 1170603 CVE-2020-12268 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: Update to version 68.8.0 ESR (bsc#1171186): - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection - CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 Important SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:sles-ltss:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-11945: fixes a potential remote execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (bsc#1170423). Important SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12524 CVE-2020-11945 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: Fixed a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which leads to a wait_til_ready out-of-bounds read (bnc#1165111). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). - CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem caused by mishandling invalid descriptors (bnc#1168854). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bnc#1170345). - CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bnc#1168829). - CVE-2017-18255: The perf_cpu_time_max_percent_handler function in kernel/events/core.c allowed local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation (bnc#1087813). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971). - CVE-2019-5108: Fixed a denial-of-service vulnerability caused by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912). - CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c allowed attackers to cause a denial of service (soft lockup) via a crafted journal size (bnc#1164069). - CVE-2018-21008: Fixed a use-after-free which could be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155). - CVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bnc#1157804). - CVE-2019-14615: Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may have allowed an unauthenticated user to potentially enable information disclosure via local access (bnc#1160195, bsc#1165881). - CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bnc#1159911). - CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910). - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908). - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841). - CVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem image, performing some operations, and unmounting could lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819). - CVE-2019-19319: Fixed an issue with a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). - CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). - CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). - CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827). - CVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904). - CVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). - CVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). - CVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). - CVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). - CVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823). - CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). - CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: Fixed a information disclosure on powerpc related to the Spectre-RSB mitigation. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038 1157923). - CVE-2019-18683: Fixed a privilege escalation where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem) (bnc#1155897). - CVE-2019-19062: Fixed a memory leak in the crypto_report() function in crypto/crypto_user_base.c, which allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). - CVE-2019-11091,CVE-2018-12126,CVE-2018-12130,CVE-2018-12127: Earlier mitigations for the 'MDS' Microarchitectural Data Sampling attacks were not complete. An additional fix was added to the x86_64 fast systemcall path to further mitigate these attacks. (bsc#1164846 bsc#1170847) The following non-security bugs were fixed: - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (bsc#1155311). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1155311). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1155311). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1155311). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1155311). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1155311). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1155311). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1155311). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1155311). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1155311). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1155311). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1155311). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1155311). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1155311). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1155311). - cgroup: avoid copying strings longer than the buffers (bsc#1146544). - cgroup: use strlcpy() instead of strscpy() to avoid spurious warning (bsc#1146544). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - fix PageHeadHuge() race with THP split (VM Functionality, bsc#1165311). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279 bsc#1156060). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - futex: Use smp_store_release() in mark_wake_futex() (bsc#1157464). - Input: add safety guards to input_set_keycode() (bsc#1168075). - ipv4: correct gso_size for UFO (bsc#1154844). - ipv6: fix memory accounting during ipv6 queue expire (bsc#1162227) (bsc#1162227). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (bsc#1037216). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1146544). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mitigations: Clear CPU buffers on the SYSCALL fast path (bsc#1164846). - xen/pv: Fix a boot up hang revealed by int3 self test (bsc#1153811). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). Important SUSE bug 1037216 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1087082 SUSE bug 1087813 SUSE bug 1091041 SUSE bug 1099279 SUSE bug 1120386 SUSE bug 1131107 SUSE bug 1133147 SUSE bug 1136449 SUSE bug 1137325 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1146612 SUSE bug 1149591 SUSE bug 1153811 SUSE bug 1154844 SUSE bug 1155311 SUSE bug 1155897 SUSE bug 1156060 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157158 SUSE bug 1157303 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157464 SUSE bug 1157804 SUSE bug 1157923 SUSE bug 1158021 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1159297 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159912 SUSE bug 1160195 SUSE bug 1162227 SUSE bug 1162298 SUSE bug 1162928 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164078 SUSE bug 1164846 SUSE bug 1165111 SUSE bug 1165311 SUSE bug 1165873 SUSE bug 1165881 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1170056 SUSE bug 1170345 SUSE bug 1170778 CVE-2017-18255 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-21008 CVE-2019-11091 CVE-2019-14615 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15213 CVE-2019-18660 CVE-2019-18675 CVE-2019-18683 CVE-2019-19052 CVE-2019-19062 CVE-2019-19066 CVE-2019-19073 CVE-2019-19074 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19767 CVE-2019-19768 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20096 CVE-2019-3701 CVE-2019-5108 CVE-2019-9455 CVE-2019-9458 CVE-2020-10690 CVE-2020-10720 CVE-2020-10942 CVE-2020-11494 CVE-2020-11608 CVE-2020-11609 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-8992 CVE-2020-9383 cpe:/o:suse:sles-ltss:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1168407 SUSE bug 1169066 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:sles-ltss:12:sp2 Security update for git (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for git to 2.26.2 fixes the following issues: Security issue fixed: - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936). Non-security issue fixed: - Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - Enabled access for git-daemon in firewall configuration (bsc#1170302). - Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741). Moderate SUSE bug 1149792 SUSE bug 1168930 SUSE bug 1169605 SUSE bug 1169786 SUSE bug 1169936 SUSE bug 1170302 SUSE bug 1170741 SUSE bug 1170939 CVE-2020-11008 CVE-2020-5260 cpe:/o:suse:sles-ltss:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug (bsc#1171363). - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). - Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920). Important SUSE bug 1167068 SUSE bug 1170558 SUSE bug 1171363 SUSE bug 682920 CVE-2020-12108 CVE-2020-12137 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). - CVE-2020-1749: Fixed an improper implementation in some IPsec protocols where the data were sent unencrypted allowing an attacker to read them (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for tomcat fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS. CVE-2019-17563 (bsc#1159729) When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. CVE-2019-17569 (bsc#1164825) Invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header. Important SUSE bug 1136085 SUSE bug 1159723 SUSE bug 1159729 SUSE bug 1164825 SUSE bug 1171928 CVE-2019-0221 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-9484 cpe:/o:suse:sles-ltss:12:sp2 Security update for python (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). Additionally a new 'shared-python-startup' package is provided containing startup files. python-rpm-macros was updated to fix: - Do not write .pyc files for tests (bsc#1171561) Moderate SUSE bug 1027282 SUSE bug 1041090 SUSE bug 1042670 SUSE bug 1073269 SUSE bug 1073748 SUSE bug 1078326 SUSE bug 1078485 SUSE bug 1081750 SUSE bug 1084650 SUSE bug 1086001 SUSE bug 1149792 SUSE bug 1153830 SUSE bug 1155094 SUSE bug 1159035 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 SUSE bug 1170411 SUSE bug 1171561 SUSE bug 945401 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles-ltss:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240). - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873). - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018). - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066). - CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811). - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156). Moderate SUSE bug 1123156 SUSE bug 1146873 SUSE bug 1149811 SUSE bug 1161066 SUSE bug 1163018 SUSE bug 1166240 SUSE bug 1170940 CVE-2019-12068 CVE-2019-15890 CVE-2019-6778 CVE-2020-1711 CVE-2020-1983 CVE-2020-7039 CVE-2020-8608 cpe:/o:suse:sles-ltss:12:sp2 Security update for krb5-appl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for krb5-appl fixes the following issues: - CVE-2020-10188: Fixed a remote root execution (bsc#1165787). Important SUSE bug 1165787 CVE-2020-10188 cpe:/o:suse:sles-ltss:12:sp2 Security update for libexif (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Moderate SUSE bug 1055857 SUSE bug 1059893 SUSE bug 1120943 SUSE bug 1160770 SUSE bug 1171475 SUSE bug 1171847 SUSE bug 1172105 SUSE bug 1172116 SUSE bug 1172121 CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:suse:sles-ltss:12:sp2 Security update for vim (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225 and bsc#1172031). Moderate SUSE bug 1172031 SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:sles-ltss:12:sp2 Security update for ruby2.1 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286). - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286). - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452). - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607). - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632). - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754). - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757). - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782). - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002). - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434). - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782). - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441). - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436). - CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433). - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440). - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437). - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530). - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532). - CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007). - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008). - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014). - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009). - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010). - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011). - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058). - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627). - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623). - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622). - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620). - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617). - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611). - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995). - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992). - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990). - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517). Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072). Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275) Important SUSE bug 1043983 SUSE bug 1048072 SUSE bug 1055265 SUSE bug 1056286 SUSE bug 1056782 SUSE bug 1058754 SUSE bug 1058755 SUSE bug 1058757 SUSE bug 1062452 SUSE bug 1069607 SUSE bug 1069632 SUSE bug 1073002 SUSE bug 1078782 SUSE bug 1082007 SUSE bug 1082008 SUSE bug 1082009 SUSE bug 1082010 SUSE bug 1082011 SUSE bug 1082014 SUSE bug 1082058 SUSE bug 1087433 SUSE bug 1087434 SUSE bug 1087436 SUSE bug 1087437 SUSE bug 1087440 SUSE bug 1087441 SUSE bug 1112530 SUSE bug 1112532 SUSE bug 1130611 SUSE bug 1130617 SUSE bug 1130620 SUSE bug 1130622 SUSE bug 1130623 SUSE bug 1130627 SUSE bug 1152990 SUSE bug 1152992 SUSE bug 1152994 SUSE bug 1152995 SUSE bug 1171517 SUSE bug 1172275 CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_0-openjdk to version 7u261 fixes the following issues: - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1169511 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-ltss:12:sp2 Security update for tigervnc (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Important SUSE bug 1159856 SUSE bug 1159858 SUSE bug 1159860 SUSE bug 1160250 SUSE bug 1160251 SUSE bug 1160937 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). The following non-security bugs were fixed: - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1171698). - KEYS: allow reaching the keys quotas exactly (bsc#1171689). - KEYS: reaching the keys quotas correctly (bsc#1171689). - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). Important SUSE bug 1154824 SUSE bug 1164871 SUSE bug 1171098 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171689 SUSE bug 1171698 SUSE bug 1172221 SUSE bug 1172317 CVE-2020-0543 CVE-2020-10757 CVE-2020-12114 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12656 cpe:/o:suse:sles-ltss:12:sp2 Security update for virglrenderer (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Important SUSE bug 1159478 SUSE bug 1159479 SUSE bug 1159482 SUSE bug 1159486 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:suse:sles-ltss:12:sp2 Security update for adns (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:sles-ltss:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601). - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) Important SUSE bug 1102840 SUSE bug 1160039 SUSE bug 1170601 SUSE bug 1171863 SUSE bug 1171864 SUSE bug 1171866 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm fixes the following issues: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352). Important SUSE bug 1160968 SUSE bug 1169511 SUSE bug 1171352 SUSE bug 1172277 CVE-2019-2949 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1160398 SUSE bug 1169511 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-ltss:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_129 fixes one issue. The following security issue was fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). Important SUSE bug 1172437 CVE-2020-10757 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_125 fixes one issue. The following security issue was fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). Important SUSE bug 1172437 CVE-2020-10757 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). Important SUSE bug 1172140 SUSE bug 1172437 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). Important SUSE bug 1172140 SUSE bug 1172437 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). Important SUSE bug 1172140 SUSE bug 1172437 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sles-ltss:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for tomcat fixes the following issues: - CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405) Important SUSE bug 1172405 CVE-2020-8022 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3-requests (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3-requests provides the following fix: python-requests was updated to 2.20.1. Update to version 2.20.1: * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. Update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging Update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. - Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https connections will fail. Moderate SUSE bug 1054413 SUSE bug 1073879 SUSE bug 1111622 SUSE bug 1122668 SUSE bug 761500 SUSE bug 922448 SUSE bug 929736 SUSE bug 935252 SUSE bug 945455 SUSE bug 947357 SUSE bug 961596 SUSE bug 967128 CVE-2015-2296 CVE-2018-18074 cpe:/o:suse:sles-ltss:12:sp2 Security update for mutt (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:sles-ltss:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for squid fixes the following issues: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). Important SUSE bug 1167373 SUSE bug 1173304 CVE-2019-18860 CVE-2020-14059 cpe:/o:suse:sles-ltss:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Moderate SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:suse:sles-ltss:12:sp2 Security update for mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 Important SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173022 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:sles-ltss:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). Important SUSE bug 1170715 SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1167231 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:suse:sles-ltss:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for bind fixes the following issues: - Amended documentation referring to rule types 'krb5-subdomain' and 'ms-subdomain'. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. [CVE-2018-5741] - Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server address records are limited to 4 for any domain. [CVE-2020-8616] - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. [CVE-2020-8617] [bsc#1109160, bsc#1171740, CVE-2018-5741, bind-CVE-2018-5741.patch, CVE-2020-8616, bind-CVE-2020-8616.patch, CVE-2020-8617, bind-CVE-2020-8617.patch] - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367 bsc#1118368) - Using a drop-in file Important SUSE bug 1109160 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1171740 CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-ltss:12:sp2 Security update for xrdp (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xrdp provides the following fix: - CVE-2020-4044: xrdp-sesman can be crashed remotely over port 3350 (bsc#1173580). - Fixed an issue where xrdp-sesman could not restart (bsc#1155952). - Fixed an issue where xrdp could not start due to an error in the service file use absolute path in ExecStart (bsc#1155789). - Fixed a PAM error after 2nd xrdp session after logout (bsc#1153471). - Fixed a crash in xrdp-sesman, caused by terminating and reconnecting an xrdp session (bsc#1152711). - Fixed a failure in RDP session recovery (bsc#1150584). - Fixed a process leak (bsc#1144379). - Let systemd handle the daemons, fixing daemon start failures. (bsc#1138954, bsc#1144327) - Don't try to create .vnc directory if it already exists. (bsc#1157860) Important SUSE bug 1138954 SUSE bug 1144327 SUSE bug 1144379 SUSE bug 1150584 SUSE bug 1152711 SUSE bug 1153471 SUSE bug 1155789 SUSE bug 1155952 SUSE bug 1157860 SUSE bug 1173580 CVE-2017-6967 CVE-2020-4044 cpe:/o:suse:sles-ltss:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Important SUSE bug 1173455 CVE-2020-15049 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-ltss:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Important SUSE bug 1173998 CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 cpe:/o:suse:sles-ltss:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes - Fix packed-not-aligned error on GCC 8 (bsc#1084632) - Backport gcc-7 build fixes Important SUSE bug 1084632 SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:sles-ltss:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Moderate SUSE bug 1173948 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:sles-ltss:12:sp2 Security update for libX11 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10732: A flaw was found in the implementation of userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - x86/dumpstack/64: Handle faults when printing the 'Stack: ' part of an OOPS (bsc#1170383). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1172049). Important SUSE bug 1162002 SUSE bug 1170383 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171220 SUSE bug 1171732 SUSE bug 1171988 SUSE bug 1172049 SUSE bug 1172453 SUSE bug 1172458 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 cpe:/o:suse:sles-ltss:12:sp2 Security update for python-ipaddress (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:suse:sles-ltss:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 cpe:/o:suse:sles-ltss:12:sp2 Security update for libX11 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-ltss:12:sp2 Security update for xerces-c (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Moderate SUSE bug 1083630 CVE-2017-12627 cpe:/o:suse:sles-ltss:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: Multiple xenoprof issues - bsc#1168142 - CVE-2020-11739: Missing memory barriers in read-write unlock paths Important SUSE bug 1163019 SUSE bug 1168140 SUSE bug 1168142 SUSE bug 1169392 SUSE bug 1174543 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-8608 cpe:/o:suse:sles-ltss:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for dovecot22 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:suse:sles-ltss:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). Important SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:sles-ltss:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 SUSE bug 1174120 CVE-2020-10745 cpe:/o:suse:sles-ltss:12:sp2 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Moderate SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:suse:sles-ltss:12:sp2 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). Moderate SUSE bug 1144524 SUSE bug 1166847 CVE-2019-13456 CVE-2019-17185 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-17631 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 cpe:/o:suse:sles-ltss:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sles-ltss:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Moderate SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175072 CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-ltss:12:sp2 Security update for squid (Critical) SUSE Linux Enterprise Server 12 SP2-LTSS This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sles-ltss:12:sp2 Security update for libX11 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-18680: Fixed a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c (bsc#1173867). - CVE-2019-14816: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173666). - CVE-2019-14814: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173664). - CVE-2019-14815: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173665). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Important SUSE bug 1173100 SUSE bug 1173659 SUSE bug 1173661 SUSE bug 1173663 SUSE bug 1173664 SUSE bug 1173665 SUSE bug 1173666 SUSE bug 1173867 SUSE bug 1173869 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174247 CVE-2019-0155 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-18680 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Important SUSE bug 1173100 SUSE bug 1173659 SUSE bug 1173661 SUSE bug 1173869 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174247 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Important SUSE bug 1173659 SUSE bug 1173942 SUSE bug 1174247 CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1173659 SUSE bug 1173942 SUSE bug 1174247 CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1173659 SUSE bug 1173942 SUSE bug 1174247 CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2019-16746: Fixed an improper check of the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bug was fixed: - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). Important SUSE bug 1152107 SUSE bug 1173798 SUSE bug 1174205 SUSE bug 1174757 SUSE bug 1175691 SUSE bug 1176069 CVE-2019-16746 CVE-2020-14314 CVE-2020-14331 CVE-2020-14386 CVE-2020-16166 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sles-ltss:12:sp2 Security update for tomcat (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for tomcat fixes the following issues: - CVE-2020-1935: Fixed an HTTP request smuggling vulnerability (bsc#1164860). - CVE-2020-13935: Fixed a WebSocket DoS (bsc#1174117). Moderate SUSE bug 1164860 SUSE bug 1174117 CVE-2020-13935 CVE-2020-1935 cpe:/o:suse:sles-ltss:12:sp2 Security update for shim (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Moderate SUSE bug 1168994 SUSE bug 1175626 SUSE bug 1175656 CVE-2020-10713 cpe:/o:suse:sles-ltss:12:sp2 Security update for perl-DBI (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). Important SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1130840 SUSE bug 1141853 SUSE bug 1149955 SUSE bug 1153238 SUSE bug 1162423 SUSE bug 1173274 SUSE bug 1174091 SUSE bug 1174701 CVE-2018-14647 CVE-2018-20852 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-9947 CVE-2020-14422 cpe:/o:suse:sles-ltss:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). Important SUSE bug 1176579 CVE-2020-1472 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:sles-ltss:12:sp2 Security update for libqt5-qtbase (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205,XSA-320) - CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321). - CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE (bsc#1173380,XSA-328) Important SUSE bug 1172205 SUSE bug 1173378 SUSE bug 1173380 SUSE bug 1175534 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176349 SUSE bug 1176350 CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 cpe:/o:suse:sles-ltss:12:sp2 Security update for perl-DBI (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). Important SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2019-20919 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_0-openjdk fixes the following issues: - java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157) - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c - JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError - JDK-8077982: GIFLIB upgrade - JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions - JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' - JDK-8155691: Update GIFlib library to the latest up-to-date - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - JDK-8203190: SessionId.hashCode generates too many collisions - JDK-8217676: Upgrade libpng to 1.6.37 - JDK-8220495: Update GIFlib library to the 5.1.8 - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - JDK-8229899: Make java.io.File.isInvalid() less racy - JDK-8230597: Update GIFlib library to the 5.2.1 - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result Important SUSE bug 1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-ltss:12:sp2 Security update for tigervnc (Critical) SUSE Linux Enterprise Server 12 SP2-LTSS This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733). Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:suse:sles-ltss:12:sp2 Security update for libproxy (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:suse:sles-ltss:12:sp2 Security update for freetype2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:suse:sles-ltss:12:sp2 Security update for glibc (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero (bsc#1165784) - Use posix_spawn on popen (bsc#1149332, bsc#1176013) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085) - Fixed concurrent changes on nscd aware files (bsc#1171878) Moderate SUSE bug 1149332 SUSE bug 1165784 SUSE bug 1171878 SUSE bug 1172085 SUSE bug 1176013 CVE-2020-10029 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:sles-ltss:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 CVE-2020-14318 CVE-2020-14323 cpe:/o:suse:sles-ltss:12:sp2 Security update for sane-backends (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sane-backends fixes the following issues: - sane-backends version upgrade to 1.0.31: * sane-backends version upgrade to 1.0.30 fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 (bsc#1172524) * sane-backends version upgrade to 1.0.31 to further improve hardware enablement for scanner devices (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) * The new escl backend cannot be provided for SLE12 because it requires more additional software (avahi-client, libcurl, and libpoppler-glib-devel) where in particular for libcurl the one that is in SLE12 (via libcurl-devel-7.37.0) is likely too old because with that building the escl backend fails with 'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH' undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH' Important SUSE bug 1172524 CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:suse:sles-ltss:12:sp2 Security update for ovmf (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc() (bsc#1163927). Moderate SUSE bug 1163927 SUSE bug 1175476 CVE-2019-14559 CVE-2019-14562 cpe:/o:suse:sles-ltss:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). Important SUSE bug 1174955 SUSE bug 1177155 CVE-2020-15708 CVE-2020-25637 cpe:/o:suse:sles-ltss:12:sp2 Security update for apache-commons-httpclient (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:suse:sles-ltss:12:sp2 Security update for libqt5-qtbase (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libqt5-qtbase fixes the following issue: Security issue fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Other issue addressed: - Fixed an issue with rendering animated gifs (QTBUG-55141). Important SUSE bug 1118597 SUSE bug 1130246 SUSE bug 1161167 CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Important SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_141 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952). - CVE-2020-1749: A flaw was found in the implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link, rather sending the data unencrypted. This would have allowed anyone in between the two endpoints to read the traffic unencrypted. (bsc#1165629) Important SUSE bug 1165631 SUSE bug 1173942 SUSE bug 1176012 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-11668 CVE-2020-14381 CVE-2020-1749 CVE-2020-25212 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). Important SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-25212 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). Important SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-25212 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). Important SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-25212 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). Important SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-25212 cpe:/o:suse:sles-ltss:12:sp2 Security update for gcc10 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for gcc10 fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 prerelease - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:sles-ltss:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Important SUSE bug 1106383 SUSE bug 1133495 SUSE bug 1139459 SUSE bug 1151377 SUSE bug 1151506 SUSE bug 1154043 SUSE bug 1155574 SUSE bug 1156482 SUSE bug 1159814 SUSE bug 1162108 CVE-2020-1712 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool) Important SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888). - CVE-2019-19581: find_next_bit() issues (bsc#1158003). - CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004). - CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005). - CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006). - CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007). - CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448). - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456). - CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458). - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461). - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945). - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497). Important SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 SUSE bug 1157888 SUSE bug 1158003 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 SUSE bug 1161181 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19583 CVE-2020-7211 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update changes the internal packaging for postgresql, and so contains all currently maintained postgresql versions across our SUSE Linux Enterprise 12 products. * postgresql12 is shipped new in version 12.3 (bsc#1171924). The server and client packages only on SUSE Linux Enterprise Server 12 SP5, the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/12/release-12-3.html * postgresql10 is updated to 10.13 (bsc#1171924). On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/10/release-10-13.html * postgresql96 is updated to 9.6.18 (bsc#1171924): + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/9.6/release-9-6-18.html On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only. * postgresql 9.4 is updated to 9.4.26: + https://www.postgresql.org/about/news/2011/ + https://www.postgresql.org/docs/9.4/release-9-4-26.html + https://www.postgresql.org/about/news/1994/ + https://www.postgresql.org/docs/9.4/release-9-4-25.html Moderate SUSE bug 1171924 cpe:/o:suse:sles-ltss:12:sp2 Security update for raptor (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). - Update raptor to version 2.0.15 * Made several fixes to Turtle / N-Triples family of parsers and serializers * Added utility functions for re-entrant sorting of objects and sequences. * Made other fixes and improvements including fixing reported issues: 0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:suse:sles-ltss:12:sp2 Security update for kernel-firmware (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:suse:sles-ltss:12:sp2 Security update for libzypp, zypper (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libzypp, zypper fixes the following issues: libzypp fixes the following security issue: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). zypper was updated to fix the following issues: - Fixed an issue, where zypper crashed when the system language is set to Spanish and the user tried to patch their system with 'zypper patch --category security' (bsc#1178038) - Fixed a typo in man page (bsc#1169947) Moderate SUSE bug 1158763 SUSE bug 1169947 SUSE bug 1178038 CVE-2019-18900 cpe:/o:suse:sles-ltss:12:sp2 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_141 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_138 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_135 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_129 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_125 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql10 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql10 fixes the following issues: Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql96 fixes the following issues: Upgrade to version 9.6.20: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/9.6/release-9-6-20.html Changes from 9.6.19: * CVE-2020-14350, bsc#1175194: Make contrib modules installation Important SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2017-18204: Fixed a denial of service in the ocfs2_setattr function of fs/ocfs2/file.c (bnc#1083244). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which could have been used by local attackers to corrupt memory (bsc#1176381). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). The following non-security bugs were fixed: - btrfs: fix race with relocation recovery and fs_root setup (bsc#1131277). - btrfs: flush_space always takes fs_info->fs_root (bsc#1131277). - btrfs: btrfs_init_new_device should use fs_info->dev_root (bsc#1131277, bsc#1176922). - btrfs: btrfs_test_opt and friends should take a btrfs_fs_info (bsc#1131277, bsc#1176922). - btrfs: call functions that always use the same root with fs_info instead (bsc#1131277, bsc#1176922). - btrfs: call functions that overwrite their root parameter with fs_info (bsc#1131277, bsc#1176922). - btrfs: flush_space always takes fs_info->fs_root (bsc#1131277, bsc#1176922). - btrfs: pull node/sector/stripe sizes out of root and into fs_info (bsc#1131277, bsc#1176922). - btrfs: Remove fs_info argument of btrfs_write_and_wait_transaction (bsc#1131277, bsc#1176922). - btrfs: remove root parameter from transaction commit/end routines (bsc#1131277, bsc#1176922). - btrfs: remove root usage from can_overcommit (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, access fs_info->delayed_root directly (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, add fs_info convenience variables (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, btrfs_calc_{trans,trunc}_metadata_size (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, update_block_group{,flags} (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, use fs_info->dev_root everywhere (bsc#1131277, bsc#1176922). - btrfs: split btrfs_wait_marked_extents into normal and tree log functions (bsc#1131277, bsc#1176922). - btrfs: struct btrfsic_state->root should be an fs_info (bsc#1131277, bsc#1176922). - btrfs: take an fs_info directly when the root is not used otherwise (bsc#1131277, bsc#1176922). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1065600 SUSE bug 1083244 SUSE bug 1131277 SUSE bug 1170415 SUSE bug 1175721 SUSE bug 1175749 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176253 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176382 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176725 SUSE bug 1176896 SUSE bug 1176922 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177165 SUSE bug 1177206 SUSE bug 1177226 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177511 SUSE bug 1177513 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1178782 CVE-2017-18204 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-26088 CVE-2020-8694 cpe:/o:suse:sles-ltss:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:sles-ltss:12:sp2 Security update for bluez (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for bluez fixes the following issues: - CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751). Important SUSE bug 1166751 CVE-2020-0556 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:sles-ltss:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sles-ltss:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sles-ltss:12:sp2 Security update for python-setuptools (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-ltss:12:sp2 Security update for gdm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:suse:sles-ltss:12:sp2 Security update for python-cryptography (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Moderate SUSE bug 1178168 CVE-2020-25659 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql12 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html The previous postgresql12 update already addressed: Update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-ltss:12:sp2 Security update for mutt (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 SUSE bug 1179461 CVE-2020-28896 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Important SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Important SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Important SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_141 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Important SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_146 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to to local privilege escalation (bsc#1176931). - CVE-2020-11668: Fixed an issue where the Xirlink camera USB driver mishandled invalid descriptors (bsc#1173942). - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1173942 SUSE bug 1176931 SUSE bug 1177513 SUSE bug 1178622 CVE-2020-0429 CVE-2020-11668 CVE-2020-1749 CVE-2020-25645 CVE-2020-25668 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: - bsc#1178963 - stack corruption from XSA-346 change (XSA-355) - bsc#1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles-ltss:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) Important SUSE bug 1161799 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:sles-ltss:12:sp2 Security update for spice-gtk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for spice-gtk fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Fixed a buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles-ltss:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for spice fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Fixed a buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:sles-ltss:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): * Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html Important SUSE bug 1118459 SUSE bug 1119353 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2019-12900 CVE-2019-15961 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sles-ltss:12:sp2 Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles-ltss:12:sp2 Security update for gcc9 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) Moderate SUSE bug 1114592 SUSE bug 1135254 SUSE bug 1141897 SUSE bug 1142649 SUSE bug 1142654 SUSE bug 1148517 SUSE bug 1149145 CVE-2019-14250 CVE-2019-15847 cpe:/o:suse:sles-ltss:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sudo fixes the following issue: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Important SUSE bug 1162202 CVE-2019-18634 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Non-security issues fixed: * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles-ltss:12:sp2 Security update for libexif (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: - Fixed a crash in BN_copy (bsc#1160163). Moderate SUSE bug 1117951 SUSE bug 1158809 SUSE bug 1160163 CVE-2019-1551 cpe:/o:suse:sles-ltss:12:sp2 Security update for ppp (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sles-ltss:12:sp2 Security update for ovmf (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094291). - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959). - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927). - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969). Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330) Moderate SUSE bug 1077330 SUSE bug 1094291 SUSE bug 1163927 SUSE bug 1163959 SUSE bug 1163969 CVE-2018-0739 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3 fixes the following issues: Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Moderate SUSE bug 1068664 SUSE bug 1159208 SUSE bug 1159623 CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-9063 CVE-2017-1000158 CVE-2017-9233 cpe:/o:suse:sles-ltss:12:sp2 Security update for mariadb (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mariadb fixes the following issues: Security issue fixed: - CVE-2019-2974: Fixed Server Optimizer (bsc#1154162). Moderate SUSE bug 1154162 CVE-2019-2974 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles-ltss:12:sp2 Security update for rsyslog (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Non-security issues fixed: - Handle multiline messages correctly when using the imfile module. (bsc#1015203) - Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to shutdown properly. (bsc#1022804) - Fixed a rsyslogd SIGABORT crash if a path does not exists (bsc#1087920). - Fixed an issue where configuration templates where not consistently flushed (bsc#1084682). Moderate SUSE bug 1015203 SUSE bug 1022804 SUSE bug 1084682 SUSE bug 1087920 SUSE bug 1153451 SUSE bug 1153459 CVE-2019-17041 CVE-2019-17042 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support Important SUSE bug 1160968 SUSE bug 1162972 CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles-ltss:12:sp2 Security update for log4j (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:sles-ltss:12:sp2 Security update for permissions (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). Moderate SUSE bug 1123886 SUSE bug 1160594 SUSE bug 1160764 SUSE bug 1161779 SUSE bug 1163922 CVE-2020-8013 cpe:/o:suse:sles-ltss:12:sp2 Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues: python-cfn-lint was included as a new package in 0.21.4. python-aws-sam-translator was updated to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications - Initial build + Version 1.9.0 - Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old + ast_drop-compatible-releases-operator.patch python-jsonschema was updated to 2.6.0: * Improved performance on CPython by adding caching around ref resolution Update to version 2.5.0: * Improved performance on CPython by adding caching around ref resolution (#203) Update to version 2.4.0: * Added a CLI (#134) * Added absolute path and absolute schema path to errors (#120) * Added ``relevance`` * Meta-schemas are now loaded via ``pkgutil`` * Added ``by_relevance`` and ``best_match`` (#91) * Fixed ``format`` to allow adding formats for non-strings (#125) * Fixed the ``uri`` format to reject URI references (#131) - Install /usr/bin/jsonschema with update-alternatives support python-nose2 was updated to 0.9.1: * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) python-scandir was included in version 2.3.2. python-requests was updated to version 2.20.1 (bsc#1111622) * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). * remove restriction for urllib3 < 1.24 Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). * Dependencies + Requests now supports urllib3 v1.24. * Deprecations + Requests has officially stopped support for Python 2.6. Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. + Migrate to using collections.abc for 3.7 compatibility. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. * We now support idna v2.7 and urllib3 v1.23. update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging * Dependencies + We now support idna v2.6. update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. Moderate SUSE bug 1111622 SUSE bug 1122668 CVE-2018-18074 cpe:/o:suse:sles-ltss:12:sp2 Security update for libpng16 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1124211 SUSE bug 1141493 CVE-2017-12652 CVE-2019-7317 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql96 (Low) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql96 fixes the following issues: PostgreSQL was updated to version 9.6.17. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_0-openjdk fixes the following issues: Update java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sles-ltss:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Important SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 CVE-2019-12523 CVE-2019-12526 CVE-2019-12528 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql10 (Low) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 SUSE bug 1166238 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:sles-ltss:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for tomcat fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1164692 CVE-2020-1938 cpe:/o:suse:sles-ltss:12:sp2 Security update for python-cffi, python-cryptography (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python-cffi, python-cryptography fixes the following issues: Security issue fixed: - CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820). Non-security issues fixed: python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598): - fixed a build failure on i586 (bsc#1111657) - Salt was unable to highstate in snapshot 20171129 (bsc#1070737) - Update pytest in spec to add c directory tests in addition to testing directory. - update to version 1.11.2: * Fix Windows issue with managing the thread-state on CPython 3.0 to 3.5 - Update pytest in spec to add c directory tests in addition to testing directory. - Omit test_init_once_multithread tests as they rely on multiple threads finishing in a given time. Returns sporadic pass/fail within build. - Update to 1.11.1: * Fix tests, remove deprecated C API usage * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary extensions (cpython issue #29943) * Fix for 3.7.0a1+ - Update to 1.11.0: * Support the modern standard types char16_t and char32_t. These work like wchar_t: they represent one unicode character, or when used as charN_t * or charN_t[] they represent a unicode string. The difference with wchar_t is that they have a known, fixed size. They should work at all places that used to work with wchar_t (please report an issue if I missed something). Note that with set_source(), you need to make sure that these types are actually defined by the C source you provide (if used in cdef()). * Support the C99 types float _Complex and double _Complex. Note that libffi doesn't support them, which means that in the ABI mode you still cannot call C functions that take complex numbers directly as arguments or return type. * Fixed a rare race condition when creating multiple FFI instances from multiple threads. (Note that you aren't meant to create many FFI instances: in inline mode, you should write ffi = cffi.FFI() at module level just after import cffi; and in out-of-line mode you don't instantiate FFI explicitly at all.) * Windows: using callbacks can be messy because the CFFI internal error messages show up to stderr-but stderr goes nowhere in many applications. This makes it particularly hard to get started with the embedding mode. (Once you get started, you can at least use @ffi.def_extern(onerror=...) and send the error logs where it makes sense for your application, or record them in log files, and so on.) So what is new in CFFI is that now, on Windows CFFI will try to open a non-modal MessageBox (in addition to sending raw messages to stderr). The MessageBox is only visible if the process stays alive: typically, console applications that crash close immediately, but that is also the situation where stderr should be visible anyway. * Progress on support for callbacks in NetBSD. * Functions returning booleans would in some case still return 0 or 1 instead of False or True. Fixed. * ffi.gc() now takes an optional third parameter, which gives an estimate of the size (in bytes) of the object. So far, this is only used by PyPy, to make the next GC occur more quickly (issue #320). In the future, this might have an effect on CPython too (provided the CPython issue 31105 is addressed). * Add a note to the documentation: the ABI mode gives function objects that are slower to call than the API mode does. For some reason it is often thought to be faster. It is not! - Update to 1.10.1: * Fixed the line numbers reported in case of cdef() errors. Also, I just noticed, but pycparser always supported the preprocessor directive # 42 'foo.h' to mean 'from the next line, we're in file foo.h starting from line 42';, which it puts in the error messages. - update to 1.10.0: * Issue #295: use calloc() directly instead of PyObject_Malloc()+memset() to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array) where most of the time you never touch most of the array. * Some OS/X build fixes ('only with Xcode but without CLT';). * Improve a couple of error messages: when getting mismatched versions of cffi and its backend; and when calling functions which cannot be called with libffi because an argument is a struct that is 'too complicated'; (and not a struct pointer, which always works). * Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang) * Implemented the remaining cases for ffi.from_buffer. Now all buffer/memoryview objects can be passed. The one remaining check is against passing unicode strings in Python 2. (They support the buffer interface, but that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the times not what you expect. In Python 3 this has been fixed and the unicode strings don't support the memoryview interface any more.) * The C type _Bool or bool now converts to a Python boolean when reading, instead of the content of the byte as an integer. The potential incompatibility here is what occurs if the byte contains a value different from 0 and 1. Previously, it would just return it; with this change, CFFI raises an exception in this case. But this case means 'undefined behavior'; in C; if you really have to interface with a library relying on this, don't use bool in the CFFI side. Also, it is still valid to use a byte string as initializer for a bool[], but now it must only contain \x00 or \x01. As an aside, ffi.string() no longer works on bool[] (but it never made much sense, as this function stops at the first zero). * ffi.buffer is now the name of cffi's buffer type, and ffi.buffer() works like before but is the constructor of that type. * ffi.addressof(lib, 'name') now works also in in-line mode, not only in out-of-line mode. This is useful for taking the address of global variables. * Issue #255: cdata objects of a primitive type (integers, floats, char) are now compared and ordered by value. For example, <cdata 'int' 42> compares equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C, <cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it compares smaller, because -1 < 4294967295. * PyPy: ffi.new() and ffi.new_allocator()() did not record 'memory pressure';, causing the GC to run too infrequently if you call ffi.new() very often and/or with large arrays. Fixed in PyPy 5.7. * Support in ffi.cdef() for numeric expressions with + or -. Assumes that there is no overflow; it should be fixed first before we add more general support for arbitrary arithmetic on constants. - do not generate HTML documentation for packages that are indirect dependencies of Sphinx (see docs at https://cffi.readthedocs.org/ ) - update to 1.9.1 - Structs with variable-sized arrays as their last field: now we track the length of the array after ffi.new() is called, just like we always tracked the length of ffi.new('int[]', 42). This lets us detect out-of-range accesses to array items. This also lets us display a better repr(), and have the total size returned by ffi.sizeof() and ffi.buffer(). Previously both functions would return a result based on the size of the declared structure type, with an assumed empty array. (Thanks andrew for starting this refactoring.) - Add support in cdef()/set_source() for unspecified-length arrays in typedefs: typedef int foo_t[...];. It was already supported for global variables or structure fields. - I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has no values explicitly defined: refusing to guess which integer type it is meant to be (unsigned/signed, int/long). Now I'm turning it back to a warning again; it seems that guessing that the enum has size int is a 99%-safe bet. (But not 100%, so it stays as a warning.) - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a remaining issue that is hard to fix: if you pass a Python file object to a FILE * argument, then os.dup() is used and the new file descriptor is only closed when the GC reclaims the Python file object-and not at the earlier time when you call close(), which only closes the original file descriptor. If this is an issue, you should avoid this automatic convertion of Python file objects: instead, explicitly manipulate file descriptors and call fdopen() from C (...via cffi). - When passing a void * argument to a function with a different pointer type, or vice-versa, the cast occurs automatically, like in C. The same occurs for initialization with ffi.new() and a few other places. However, I thought that char * had the same property-but I was mistaken. In C you get the usual warning if you try to give a char * to a char ** argument, for example. Sorry about the confusion. This has been fixed in CFFI by giving for now a warning, too. It will turn into an error in a future version. - Issue #283: fixed ffi.new() on structures/unions with nested anonymous structures/unions, when there is at least one union in the mix. When initialized with a list or a dict, it should now behave more closely like the { } syntax does in GCC. - CPython 3.x: experimental: the generated C extension modules now use the 'limited API';, which means that, as a compiled .so/.dll, it should work directly on any version of CPython >= 3.2. The name produced by distutils is still version-specific. To get the version-independent name, you can rename it manually to NAME.abi3.so, or use the very recent setuptools 26. - Added ffi.compile(debug=...), similar to python setup.py build --debug but defaulting to True if we are running a debugging version of Python itself. - Removed the restriction that ffi.from_buffer() cannot be used on byte strings. Now you can get a char * out of a byte string, which is valid as long as the string object is kept alive. (But don't use it to modify the string object! If you need this, use bytearray or other official techniques.) - PyPy 5.4 can now pass a byte string directly to a char * argument (in older versions, a copy would be made). This used to be a CPython-only optimization. - ffi.gc(p, None) removes the destructor on an object previously created by another call to ffi.gc() - bool(ffi.cast('primitive type', x)) now returns False if the value is zero (including -0.0), and True otherwise. Previously this would only return False for cdata objects of a pointer type when the pointer is NULL. - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason it was not supported was that it was hard to do in PyPy, but it works since PyPy 5.3.) To call a C function with a char * argument from a buffer object-now including bytearrays-you write lib.foo(ffi.from_buffer(x)). Additionally, this is now supported: p[0:length] = bytearray-object. The problem with this was that a iterating over bytearrays gives numbers instead of characters. (Now it is implemented with just a memcpy, of course, not actually iterating over the characters.) - C++: compiling the generated C code with C++ was supposed to work, but failed if you make use the bool type (because that is rendered as the C _Bool type, which doesn't exist in C++). - help(lib) and help(lib.myfunc) now give useful information, as well as dir(p) where p is a struct or pointer-to-struct. - update for multipython build - disable 'negative left shift' warning in test suite to prevent failures with gcc6, until upstream fixes the undefined code in question (bsc#981848) - Update to version 1.6.0: * ffi.list_types() * ffi.unpack() * extern 'Python+C'; * in API mode, lib.foo.__doc__ contains the C signature now. * Yet another attempt at robustness of ffi.def_extern() against CPython's interpreter shutdown logic. - Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598) - Make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Add proper conditional for the python2, the ifpython works only for the requires/etc - add missing dependency on python ssl - update to version 2.1.4: * Added X509_up_ref for an upcoming pyOpenSSL release. - update to version 2.1.3: * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0g. - update to version 2.1.2: * Corrected a bug with the manylinux1 wheels where OpenSSL's stack was marked executable. - fix BuildRequires conditions for python3 - update to 2.1.1 - Fix cffi version requirement. - Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478) - update to 2.0.3 - update to 2.0.2 - update to 2.0 - update to 1.9 - add python-packaging to requirements explicitly instead of relying on setuptools to pull it in - Switch to singlespec approach - update to 1.8.1 - Adust Requires and BuildRequires Moderate SUSE bug 1055478 SUSE bug 1070737 SUSE bug 1101820 SUSE bug 1111657 SUSE bug 1138748 SUSE bug 1149792 SUSE bug 981848 CVE-2018-10903 cpe:/o:suse:sles-ltss:12:sp2 Security update for spamassassin (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for spamassassin fixes the following issues: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Important SUSE bug 1118987 SUSE bug 1162197 SUSE bug 1162200 CVE-2018-11805 CVE-2020-1930 CVE-2020-1931 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3 (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3 fixes the following issue: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed an issue with version missmatch (bsc#1162224). - Rename idle icons to idle3 in order to not conflict with python2 variant of the package. (bsc#1165894) Moderate SUSE bug 1155094 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-ltss:12:sp2 Security update for mozilla-nspr, mozilla-nss (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Moderate SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 CVE-2019-11745 CVE-2019-17006 cpe:/o:suse:sles-ltss:12:sp2 Security update for libxslt (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Moderate SUSE bug 1154609 CVE-2019-18197 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 68.6.1esr MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:sles-ltss:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for git fixes the following issues: Security issue fixed: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed: git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): - the xinetd snippet was removed - the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0: * 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' * Improved handling of sparse checkouts * Improvements to many commands and internal features git 2.25.1: * 'git commit' now honors advise.statusHints * various updates, bug fixes and documentation updates git 2.25.0: * The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. * A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. * Test updates to prepare for SHA-2 transition continues. * Redo 'git name-rev' to avoid recursive calls. * When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. * HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) - Fix building with asciidoctor and without DocBook4 stylesheets. git 2.24.0 * The command line parser learned '--end-of-options' notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. * fixes and improvements to UI, workflow and features, bash completion fixes * part of it merged upstream * the Makefile attempted to download some documentation, banned git 2.23.0: * The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. * The 'git log' command by default behaves as if the --mailmap option was given. * fixes and improvements to UI, workflow and features git 2.22.1: * A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. * 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. * 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. * 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. * Update to Unicode 12.1 width table. * 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. * 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. * The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. * 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. * Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html git 2.22.0: * The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option * 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * 'git branch' learned a new subcommand '--show-current'. * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0: * Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. * Small fixes and features for fast-export and fast-import. * The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. * 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. * Update 'git multimail' from the upstream. * A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). git 2.20.1: * portability fixes * 'git help -a' did not work well when an overly long alias was defined * no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0: * 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. * 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. * 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). * Developer builds now use -Wunused-function compilation option. * Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. * The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. * Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. * Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. * 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. * ...and much more features and fixes - fix CVE-2018-19486 (bsc#1117257) git 2.19.2: * various bug fixes for multiple subcommands and operations git 2.19.1: * CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0: * 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. * 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. * 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. * The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. * The userdiff pattern for .php has been updated. * The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. * 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). * 'git grep' learned the '--only-matching' option. * 'git rebase --rebase-merges' mode now handles octopus merges as well. * Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). * A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. * Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. * Many more strings are prepared for l10n. * 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. * The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. * 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. * 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. * 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. * The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. * 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. * 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0: * improvements to rename detection logic * When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. * 'git mergetools' learned talking to guiffy. * various other workflow improvements and fixes * performance improvements and other developer visible fixes Update to git 2.16.4: security fix release git 2.17.1: * Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) * Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0: * 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. * 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. * The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. * 'git rebase' learned to take '--allow-empty-message' option. * 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. * 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. * 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. * 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. * The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. * 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). * Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. * 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. * 'git diff' and friends learned funcname patterns for Go language source files. * 'git send-email' learned '--reply-to=<address>' option. * Funcname pattern used for C# now recognizes 'async' keyword. * In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). - Use %license instead of %doc [bsc#1082318] git 2.16.3: * 'git status' after moving a path in the working tree (hence making it appear 'removed') and then adding with the -N option (hence making that appear 'added') detected it as a rename, but did not report the old and new pathnames correctly. * 'git commit --fixup' did not allow '-m<message>' option to be used at the same time; allow it to annotate resulting commit with more text. * When resetting the working tree files recursively, the working tree of submodules are now also reset to match. * Fix for a commented-out code to adjust it to a rather old API change around object ID. * When there are too many changed paths, 'git diff' showed a warning message but in the middle of a line. * The http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable. * Crash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on. * The split-index mode had a few corner case bugs fixed. * Assorted fixes to 'git daemon'. * Completion of 'git merge -s<strategy>' (in contrib/) did not work well in non-C locale. * Workaround for segfault with more recent versions of SVN. * Recently introduced leaks in fsck have been plugged. * Travis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's). - Drop superfluous xinetd snippet, no longer used (bsc#1084460) - Build with asciidoctor for the recent distros (bsc#1075764) - Move %{?systemd_requires} to daemon subpackage - Create subpackage for libsecret credential helper. git 2.16.2: * An old regression in 'git describe --all $annotated_tag^0' has been fixed. * 'git svn dcommit' did not take into account the fact that a svn+ssh:// URL with a username@ (typically used for pushing) refers to the same SVN repository without the username@ and failed when svn.pushmergeinfo option is set. * 'git merge -Xours/-Xtheirs' learned to use our/their version when resolving a conflicting updates to a symbolic link. * 'git clone $there $here' is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation. * 'git stash -- <pathspec>' incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected. * 'git add -p' was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway. git 2.16.1: * 'git clone' segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem git 2.16.0 (CVE-2017-15298, bsc#1063412): * See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt git 2.15.1: * fix 'auto' column output * fixes to moved lines diffing * documentation updates * fix use of repositories immediately under the root directory * improve usage of libsecret * fixes to various error conditions in git commands - Rewrite from sysv init to systemd unit file for git-daemon (bsc#1069803) - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468) - split off p4 to a subpackage (bsc#1067502) - Build with the external libsha1detectcoll (bsc#1042644) git 2.15.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is still warned and Git asks users to use a more explicit '.' for that instead. Removal scheduled for 2.16 * Git now avoids blindly falling back to '.git' when the setup sequence said we are _not_ in Git repository (another corner case removed) * 'branch --set-upstream' was retired, deprecated since 1.8 * many other improvements and updates git 2.14.3: * git send-email understands more cc: formats * fixes so gitk --bisect * git commit-tree fixed to handle -F file alike * Prevent segfault in 'git cat-file --textconv' * Fix function header parsing for HTML * Various small fixes to user commands and and internal functions git 2.14.2: * fixes to color output * http.{sslkey,sslCert} now interpret '~[username]/' prefix * fixes to walking of reflogs via 'log -g' and friends * various fixes to output correctness * 'git push --recurse-submodules $there HEAD:$target' is now propagated down to the submodules * 'git clone --recurse-submodules --quiet' c$how propagates quiet option down to submodules. * 'git svn --localtime' correctness fixes * 'git grep -L' and 'git grep --quiet -L' now report same exit code * fixes to 'git apply' when converting line endings * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041 * 'git cvsserver' no longer is invoked by 'git daemon' by default git 2.14.1 (bsc#1052481): * Security fix for CVE-2017-1000117: A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. * A 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage). * In the same spirit, a repository name that begins with a dash '-' is also forbidden now. git 2.14.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is deprecated, use '.' * Avoid blindly falling back to '.git' when the setup sequence indicates operation not on a Git repository * 'indent heuristics' are now the default. * Builds with pcre2 * Many bug fixes, improvements and updates git 2.13.4: * Update the character width tables. * Fix an alias that contained an uppercase letter * Progress meter fixes * git gc concurrency fixes git 2.13.3: * various internal bug fixes * Fix a regression to 'git rebase -i' * Correct unaligned 32-bit access in pack-bitmap code * Tighten error checks for invalid 'git apply' input * The split index code did not honor core.sharedrepository setting correctly * Fix 'git branch --list' handling of color.branch.local git 2.13.2: * 'collision detecting' SHA-1 update for platform fixes * 'git checkout --recurse-submodules' did not quite work with a submodule that itself has submodules. * The 'run-command' API implementation has been made more robust against dead-locking in a threaded environment. * 'git clean -d' now only cleans ignored files with '-x' * 'git status --ignored' did not list ignored and untracked files without '-uall' * 'git pull --rebase --autostash' didn't auto-stash when the local history fast-forwards to the upstream. * 'git describe --contains' gives as much weight to lightweight tags as annotated tags * Fix 'git stash push <pathspec>' from a subdirectory git 2.13.1: * Setting 'log.decorate=false' in the configuration file did not take effect in v2.13, which has been corrected. * corrections to documentation and command help output * garbage collection fixes * memory leaks fixed * receive-pack now makes sure that the push certificate records the same set of push options used for pushing * shell completion corrections for git stash * fix 'git clone --config var=val' with empty strings * internal efficiency improvements * Update sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches - Fix packaging of documentation git 2.13.0: * empty string as a pathspec element for 'everything matches' is still warned, for future removal. * deprecated argument order 'git merge <msg> HEAD <commit>...' was removed * default location '~/.git-credential-cache/socket' for the socket used to communicate with the credential-cache daemon moved to '~/.cache/git/credential/socket'. * now avoid blindly falling back to '.git' when the setup sequence indicated otherwise * many workflow features, improvements and bug fixes * add a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640) * CVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395) Changes in pcre2: - Include the libraries, development and tools packages. git uses only libpcre2-8 so far, but this allows further application usage of pcre2. Important SUSE bug 1167890 SUSE bug 1168930 CVE-2020-5260 cpe:/o:suse:sles-ltss:12:sp2 Security update for fwupdate (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Important SUSE bug 1182057 cpe:/o:suse:sles-ltss:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - Fixed an issue where xenstored was crashing with segfault (bsc#1182155). Important SUSE bug 1182155 SUSE bug 1182431 CVE-2021-27379 cpe:/o:suse:sles-ltss:12:sp2 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:sles-ltss:12:sp2 Security update for flac (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). Moderate SUSE bug 1180099 CVE-2020-0499 cpe:/o:suse:sles-ltss:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for dovecot22 fixes the following issues: - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). Important SUSE bug 1180405 CVE-2020-24386 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). Important SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27757 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 cpe:/o:suse:sles-ltss:12:sp2 Security update for postgresql, postgresql12, postgresql13 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresql12: - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix a DST problem in the test suite. Changes in postgresql13: - Add postgresql-icu68.patch: fix build with ICU 68 - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html - Fix a DST problem in the test suite. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 SUSE bug 1178961 SUSE bug 1179765 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). Moderate SUSE bug 1173513 CVE-2020-14145 cpe:/o:suse:sles-ltss:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] Important SUSE bug 1180684 SUSE bug 1181090 CVE-2021-23239 CVE-2021-3156 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:sles-ltss:12:sp2 Security update for openvswitch (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openvswitch fixes the following issues: - openvswitch was updated to 2.5.11 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) - datapath: Clear the L4 portion of the key for 'later' fragments - datapath: Properly set L4 keys on 'later' IP fragments - ofproto-dpif: Fix using uninitialised memory in user_action_cookie. - stream-ssl: Fix crash on NULL private key and valid certificate. - datapath: fix flow actions reallocation Important SUSE bug 1117483 SUSE bug 1181345 CVE-2020-27827 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python3 fixes the following issues: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 CVE-2019-20916 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_146 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_141 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-ltss:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ). - CVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755). - futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755). - futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755). - futex: Avoid freeing an active timer (bsc#969755). - futex: Avoid violating the 10th rule of futex (bsc#969755). - futex: Change locking rules (bsc#969755). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755). - futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755). - futex: Fix OWNER_DEAD fixup (bsc#969755). - futex: Fix incorrect should_fail_futex() handling (bsc#969755). - futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755). - futex: Fix pi_state->owner serialization (bsc#969755). - futex: Fix small (and harmless looking) inconsistencies (bsc#969755). - futex: Futex_unlock_pi() determinism (bsc#969755). - futex: Handle early deadlock return correctly (bsc#969755). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#969755). - futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755). - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755). - futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). Important SUSE bug 1070943 SUSE bug 1121826 SUSE bug 1121872 SUSE bug 1157298 SUSE bug 1168952 SUSE bug 1173942 SUSE bug 1176395 SUSE bug 1176485 SUSE bug 1177411 SUSE bug 1178123 SUSE bug 1178182 SUSE bug 1178589 SUSE bug 1178622 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179204 SUSE bug 1179419 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1181349 SUSE bug 969755 CVE-2019-19063 CVE-2019-20934 CVE-2019-6133 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27673 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 cpe:/o:suse:sles-ltss:12:sp2 Security update for openvswitch (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Important SUSE bug 1181742 CVE-2020-35498 cpe:/o:suse:sles-ltss:12:sp2 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Important SUSE bug 1150934 SUSE bug 1181777 CVE-2019-16275 CVE-2021-0326 cpe:/o:suse:sles-ltss:12:sp2 Security update for jasper (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sles-ltss:12:sp2 Security update for screen (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Important SUSE bug 1182092 CVE-2021-26937 cpe:/o:suse:sles-ltss:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-ltss:12:sp2 Security update for krb5-appl (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). Important SUSE bug 1131109 CVE-2019-25017 CVE-2019-25018 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Moderate SUSE bug 1181239 CVE-2020-14803 cpe:/o:suse:sles-ltss:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-ltss:12:sp2 Security update for perl-XML-Twig (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:sles-ltss:12:sp2 Security update for python-cryptography (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). Important SUSE bug 1182066 CVE-2020-36242 cpe:/o:suse:sles-ltss:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) grub2 was bumped to version 2.02, same as SUSE Linux Enterprise 12 SP3. Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:sles-ltss:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-LTSS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). The following non-security bug was fixed: - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1178372 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182175 CVE-2020-28374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:sles-ltss:12:sp2 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805) Important SUSE bug 1182805 CVE-2021-27803 cpe:/o:suse:sles-ltss:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) Important SUSE bug 1183026 CVE-2021-21300 cpe:/o:suse:sles-ltss:12:sp2 Security update for python (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2019-18348 CVE-2021-23336 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:sles-ltss:12:sp2 Security update for glib2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 CVE-2021-27219 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_149 fixes several issues. The following security issues were fixed: - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). - CVE-2020-25645: Fixed an issue where the traffic between two Geneve endpoints may have been unencrypted when IPsec was configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a potential memory corruption due to a use after free which could have led local escalation of privilege with System execution privileges needed (bsc#1176931). - CVE-2020-1749: Fixed an issue in some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6 where the kernel was not correctly routing tunneled data over the encrypted link rather sending the data unencrypted (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1176931 SUSE bug 1177513 SUSE bug 1178684 SUSE bug 1179616 CVE-2020-0429 CVE-2020-1749 CVE-2020-25645 CVE-2020-27786 CVE-2020-28374 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_146 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_141 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-ltss:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-ltss:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for sudo fixes the following issues: - Fixed a potential crash on exit as a result of the fix of CVE-2021-3156 [bsc#1181090] Important SUSE bug 1181090 CVE-2021-3156 cpe:/o:suse:sles-ltss:12:sp2 Security update for wavpack (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sles-ltss:12:sp2 Security update for nghttp2 (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Important SUSE bug 1082318 SUSE bug 1088639 SUSE bug 1112438 SUSE bug 1125689 SUSE bug 1134616 SUSE bug 1146182 SUSE bug 1146184 SUSE bug 1181358 SUSE bug 962914 SUSE bug 964140 SUSE bug 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:suse:sles-ltss:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-LTSS This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles-ltss:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-LTSS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:sles-ltss:12:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) Non security bugs fixed: - Fix crash in resolver on memory allocation failure (bsc#1086690) Important SUSE bug 1086690 SUSE bug 1094150 SUSE bug 1094154 SUSE bug 1094161 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 cpe:/o:suse:sles-bcl:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for git fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Important SUSE bug 1095218 SUSE bug 1095219 CVE-2018-11233 CVE-2018-11235 cpe:/o:suse:sles-bcl:12:sp2 Security update for kernel-firmware (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Moderate SUSE bug 1095735 CVE-2017-5715 cpe:/o:suse:sles-bcl:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through (bsc#1092885) Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: Update to version 20180425 (bsc#1091836) Fix provided for: - GLK B0 6-7a-1/01 0000001e->00000022 Pentium Silver N/J5xxx, Celeron N/J4xxx - Name microcodes which are not allowed to load late with a *.early suffix Moderate SUSE bug 1091836 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Important SUSE bug 1087066 SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent classloading + S8190478: Improved interface method selection + S8190877: Better handling of abstract classes + S8191696: Better mouse positioning + S8192030: Better MTSchema support + S8193409: Improve AES supporting classes + S8193414: Improvements in MethodType lookups + S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries + S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability + S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability + S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability + S8189989, CVE-2018-2798, bsc#1090028: Improve container portability + S8189993, CVE-2018-2799, bsc#1090029: Improve document portability + S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms + S8192025, CVE-2018-2814, bsc#1090032: Less referential references + S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation + S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For additional changes please consult the changelog. Important SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:sles-bcl:12:sp2 Security update for gpg2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed: - bsc#1086039 - Dom0 does not represent DomU cpu flags Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1086039 SUSE bug 1092631 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449]: Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 cpe:/o:suse:sles-bcl:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update is a reissue of the previous update with LTSS channels included. Moderate SUSE bug 1077445 SUSE bug 1082063 SUSE bug 1082210 SUSE bug 1083417 SUSE bug 1083420 SUSE bug 1083422 SUSE bug 1083424 SUSE bug 1083426 CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:sles-bcl:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2-BCL MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes: * PCRE updated to 8.42 * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] * MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE * MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state * MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index * MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record * fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10035-release-notes * https://kb.askmonty.org/en/mariadb-10035-changelog Important SUSE bug 1088681 SUSE bug 1090518 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095). - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650). - CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962). - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Fix excessive newline in /proc/*/status (bsc#1094823). - Fix the patch content (bsc#1085185) - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). Important SUSE bug 1068032 SUSE bug 1079152 SUSE bug 1082962 SUSE bug 1083650 SUSE bug 1083900 SUSE bug 1085185 SUSE bug 1086400 SUSE bug 1087007 SUSE bug 1087012 SUSE bug 1087036 SUSE bug 1087086 SUSE bug 1087095 SUSE bug 1089895 SUSE bug 1090534 SUSE bug 1090955 SUSE bug 1092497 SUSE bug 1092552 SUSE bug 1092813 SUSE bug 1092904 SUSE bug 1094033 SUSE bug 1094353 SUSE bug 1094823 SUSE bug 1095042 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1096728 SUSE bug 1097356 SUSE bug 973378 CVE-2017-13305 CVE-2017-18241 CVE-2017-18249 CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/o:suse:sles-bcl:12:sp2 Recommended update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1096141 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sles-bcl:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] Important SUSE bug 1068565 SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1082234 SUSE bug 1096718 CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:sles-bcl:12:sp2 Security update for shadow (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Important SUSE bug 1099310 CVE-2016-6252 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes: - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Important SUSE bug 1027519 SUSE bug 1087289 SUSE bug 1094725 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1097523 CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) The following other bugs were fixed: - Fix libnss_wins.so.2 link libreplace with rpath (bsc#1054849) Important SUSE bug 1054849 SUSE bug 1103411 CVE-2018-10858 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Moderate SUSE bug 1082858 SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 cpe:/o:suse:sles-bcl:12:sp2 Security update to ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Moderate SUSE bug 1081741 SUSE bug 1103411 CVE-2018-1050 CVE-2018-10858 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5390 aka 'SegmentSmack': The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-9385: When printing the 'driver_override' option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: do not attach backing with duplicate UUID (bsc#1076110). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix for allocator and register thread race (bsc#1076110). - bcache: fix for data collapse after re-attaching an attached device (bsc#1076110). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: properly set task state in bch_writeback_thread() (bsc#1064232). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: return attach error when no cache set exist (bsc#1076110). - bcache: segregate flash only volume write streams (bsc#1076110). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - ext4: fix unsupported feature message formatting (bsc#1098435). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc@1097140). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: use atomic bitwise operations when handling reset requests (bsc#1101557). - kabi/severities: add PASS to drivers/md/bcache/*, no one uses bcache kernel module. - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - signals: avoid unnecessary taking of sighand->siglock (bsc#1096130). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/grant-table: log the lack of grants (bnc#1085042). Important SUSE bug 1064232 SUSE bug 1076110 SUSE bug 1083635 SUSE bug 1085042 SUSE bug 1086652 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1090123 SUSE bug 1091171 SUSE bug 1094248 SUSE bug 1096130 SUSE bug 1096480 SUSE bug 1096978 SUSE bug 1097140 SUSE bug 1097551 SUSE bug 1098016 SUSE bug 1098425 SUSE bug 1098435 SUSE bug 1099924 SUSE bug 1100089 SUSE bug 1100416 SUSE bug 1100418 SUSE bug 1100491 SUSE bug 1101557 SUSE bug 1102340 SUSE bug 1102851 SUSE bug 1103097 SUSE bug 1103119 SUSE bug 1103580 CVE-2017-18344 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-5814 CVE-2018-9385 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Important SUSE bug 1027519 SUSE bug 1091107 SUSE bug 1103276 CVE-2018-3646 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Moderate SUSE bug 1076957 CVE-2016-10708 cpe:/o:suse:sles-bcl:12:sp2 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) These non-security issues were fixed: - bsc#1100112: schema: allow any strings in smbios entry qemu: escape smbios entry strings - bsc#1091427: libxl: fix segfault in libxlReconnectDomain - bsc#959329: libxl: don't set hasManagedSave when performing save Moderate SUSE bug 1079869 SUSE bug 1091427 SUSE bug 1094325 SUSE bug 1094725 SUSE bug 1100112 SUSE bug 959329 CVE-2017-5715 cpe:/o:suse:sles-bcl:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) Important SUSE bug 1082828 CVE-2017-15130 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018). Important SUSE bug 1104668 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:sles-bcl:12:sp2 Security update for libzypp, zypper (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML <install-summary> attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) - do not recommend cron (bsc#1079334) - Improve signature check callback messages (bsc#1045735) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735) Important SUSE bug 1036304 SUSE bug 1045735 SUSE bug 1049825 SUSE bug 1070851 SUSE bug 1076192 SUSE bug 1079334 SUSE bug 1088705 SUSE bug 1091624 SUSE bug 1092413 SUSE bug 1096803 SUSE bug 1099847 SUSE bug 1100028 SUSE bug 1101349 SUSE bug 1102429 CVE-2017-9269 CVE-2018-7685 cpe:/o:suse:sles-bcl:12:sp2 Security update for openslp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the 'Location' or other outbound header key or value. (bsc#1104826) Moderate SUSE bug 1016715 SUSE bug 1104826 CVE-2016-4975 CVE-2016-8743 cpe:/o:suse:sles-bcl:12:sp2 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Moderate SUSE bug 1047002 SUSE bug 1105437 SUSE bug 1105459 SUSE bug 1105460 CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668) - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668) - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668) - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668) - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) Moderate SUSE bug 1104668 CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 cpe:/o:suse:sles-bcl:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for wireshark to version 2.4.9 fixes the following issues: Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Moderate SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 SUSE bug 1106514 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 cpe:/o:suse:sles-bcl:12:sp2 Security update for smt, yast2-smt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) Important SUSE bug 1006984 SUSE bug 1006989 SUSE bug 1037811 SUSE bug 1097560 SUSE bug 1097824 SUSE bug 1103809 SUSE bug 1103810 SUSE bug 1104076 SUSE bug 977043 CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 cpe:/o:suse:sles-bcl:12:sp2 Security update for yast2-smt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update fixes the following issues in yast2-smt: - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Added missing translation marks (bsc#1037811) - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. Important SUSE bug 1037811 SUSE bug 1097560 SUSE bug 977043 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Moderate SUSE bug 1089039 SUSE bug 1101246 SUSE bug 1101470 SUSE bug 1104789 SUSE bug 1106197 SUSE bug 997043 CVE-2018-0737 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Moderate SUSE bug 1092885 SUSE bug 1096223 SUSE bug 1098735 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the 'CS' and 'SC' PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in 'ztype' could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect 'restoration of privilege' checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Important SUSE bug 1106171 SUSE bug 1106172 SUSE bug 1106173 SUSE bug 1106195 SUSE bug 1107410 SUSE bug 1107411 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107422 SUSE bug 1107423 SUSE bug 1107426 SUSE bug 1107581 SUSE bug 1108027 SUSE bug 1109105 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 cpe:/o:suse:sles-bcl:12:sp2 Security update for openslp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to '&#xa;' - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1106812 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 cpe:/o:suse:sles-bcl:12:sp2 Security update for qpdf (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for qpdf fixes the following issues: qpdf was updated to 7.1.1. Security issues fixed: - CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577). - CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579). - CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578). - CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581). - CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960). - CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312). - CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313). - CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311). * Check release notes for detailed bug fixes. * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes Moderate SUSE bug 1040311 SUSE bug 1040312 SUSE bug 1040313 SUSE bug 1050577 SUSE bug 1050578 SUSE bug 1050579 SUSE bug 1050581 SUSE bug 1055960 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a 'x.y' format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Moderate SUSE bug 1108308 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-10938: A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw (bnc#1106016). - CVE-2018-10940: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bnc#1092903). - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-13093: There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13094: An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-13095: A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-14678: The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges (bnc#1102715). - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 (bnc#1107689). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). The following security bugs were fixed: - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863). The following non-security bugs were fixed: - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - kABI: protect struct x86_emulate_ops (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: MMU: always terminate page walks at level 1 (bsc#1062604). - kvm: MMU: simplify last_pte_bitmap (bsc#1062604). - kvm: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108239). - net: ena: fix device destruction to gracefully free resources (bsc#1108239). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239). - net: ena: fix incorrect usage of memory barriers (bsc#1108239). - net: ena: fix missing calls to READ_ONCE (bsc#1108239). - net: ena: fix missing lock during device destruction (bsc#1108239). - net: ena: fix potential double ena_destroy_device() (bsc#1108239). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108239). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382 bsc#1100152). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfs: Use an appropriate work queue for direct-write completion (bsc#1082519). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - provide special timeout module parameters for EC2 (bsc#1065364). - stop_machine: Atomically queue and wake stopper threads (git-fixes). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86: Drop kernel trampoline stack. It is involved in breaking kdump/kexec infrastucture. (bsc#1099597) - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Important SUSE bug 1012382 SUSE bug 1042286 SUSE bug 1062604 SUSE bug 1064232 SUSE bug 1065364 SUSE bug 1082519 SUSE bug 1082863 SUSE bug 1084536 SUSE bug 1085042 SUSE bug 1088810 SUSE bug 1089066 SUSE bug 1092903 SUSE bug 1094466 SUSE bug 1095344 SUSE bug 1096547 SUSE bug 1097104 SUSE bug 1099597 SUSE bug 1099811 SUSE bug 1099813 SUSE bug 1099844 SUSE bug 1099845 SUSE bug 1099846 SUSE bug 1099849 SUSE bug 1099863 SUSE bug 1099864 SUSE bug 1099922 SUSE bug 1099993 SUSE bug 1099999 SUSE bug 1100000 SUSE bug 1100001 SUSE bug 1100152 SUSE bug 1102517 SUSE bug 1102715 SUSE bug 1102870 SUSE bug 1103445 SUSE bug 1104319 SUSE bug 1104495 SUSE bug 1105292 SUSE bug 1105296 SUSE bug 1105322 SUSE bug 1105348 SUSE bug 1105396 SUSE bug 1105536 SUSE bug 1106016 SUSE bug 1106095 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1106512 SUSE bug 1106594 SUSE bug 1107689 SUSE bug 1107735 SUSE bug 1107966 SUSE bug 1108239 SUSE bug 1108399 SUSE bug 1109333 CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14617 CVE-2018-14678 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 CVE-2018-7480 CVE-2018-7757 CVE-2018-9363 cpe:/o:suse:sles-bcl:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a 'SECTION' type that has a '0' value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to 'no'. - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add '-z undefs' command line option as the inverse of the '-z defs' option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during 'objdump -D' execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). Moderate SUSE bug 1029907 SUSE bug 1029908 SUSE bug 1029909 SUSE bug 1030296 SUSE bug 1030297 SUSE bug 1030298 SUSE bug 1030584 SUSE bug 1030585 SUSE bug 1030588 SUSE bug 1030589 SUSE bug 1031590 SUSE bug 1031593 SUSE bug 1031595 SUSE bug 1031638 SUSE bug 1031644 SUSE bug 1031656 SUSE bug 1037052 SUSE bug 1037057 SUSE bug 1037061 SUSE bug 1037066 SUSE bug 1037273 SUSE bug 1044891 SUSE bug 1044897 SUSE bug 1044901 SUSE bug 1044909 SUSE bug 1044925 SUSE bug 1044927 SUSE bug 1065643 SUSE bug 1065689 SUSE bug 1065693 SUSE bug 1068640 SUSE bug 1068643 SUSE bug 1068887 SUSE bug 1068888 SUSE bug 1068950 SUSE bug 1069176 SUSE bug 1069202 SUSE bug 1074741 SUSE bug 1077745 SUSE bug 1079103 SUSE bug 1079741 SUSE bug 1080556 SUSE bug 1081527 SUSE bug 1083528 SUSE bug 1083532 SUSE bug 1085784 SUSE bug 1086608 SUSE bug 1086784 SUSE bug 1086786 SUSE bug 1086788 SUSE bug 1090997 SUSE bug 1091015 SUSE bug 1091365 SUSE bug 1091368 CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) Non security issues fixed: - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Moderate SUSE bug 1094508 SUSE bug 1103276 SUSE bug 1111014 CVE-2018-15468 CVE-2018-17963 cpe:/o:suse:sles-bcl:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sles-bcl:12:sp2 Security update for net-snmp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Important SUSE bug 1027353 SUSE bug 1081164 SUSE bug 1102775 SUSE bug 1111122 CVE-2018-18065 cpe:/o:suse:sles-bcl:12:sp2 Security update for smt (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Moderate SUSE bug 1104076 SUSE bug 1111056 CVE-2018-12472 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Important SUSE bug 1109961 CVE-2018-11763 cpe:/o:suse:sles-bcl:12:sp2 Security update for wireshark (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Important SUSE bug 1111647 CVE-2018-12086 CVE-2018-18227 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 cpe:/o:suse:sles-bcl:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for 'add support for sector-size= option' - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. Important SUSE bug 1106923 SUSE bug 1108835 SUSE bug 1109252 SUSE bug 1110445 SUSE bug 1111278 SUSE bug 1112024 SUSE bug 1113083 SUSE bug 1113632 SUSE bug 1113665 CVE-2018-15686 CVE-2018-15688 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Moderate SUSE bug 1112209 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles-bcl:12:sp2 Security update for rpm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Important SUSE bug 943457 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 964336 CVE-2018-15473 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-cryptography, python-pyOpenSSL (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) - avoid bad interaction with python-cryptography package. (bsc#1021578) Important SUSE bug 1021578 SUSE bug 1111634 SUSE bug 1111635 CVE-2018-1000807 CVE-2018-1000808 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Important SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117274 SUSE bug 1117313 SUSE bug 1117327 SUSE bug 1117331 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 cpe:/o:suse:sles-bcl:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Important SUSE bug 1110949 CVE-2018-17456 cpe:/o:suse:sles-bcl:12:sp2 Security update for libqt5-qtbase (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Moderate SUSE bug 1118595 SUSE bug 1118596 CVE-2018-15518 CVE-2018-19873 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Important SUSE bug 1097410 SUSE bug 1106873 SUSE bug 1119069 SUSE bug 1119105 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Moderate SUSE bug 1106222 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1114422 CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 cpe:/o:suse:sles-bcl:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user's browser via specially encoded URLs (bsc#1077358 CVE-2018-5950) - Fixed a directory traversal vulnerability in MTA transports when using the recommended Mailman Transport for Exim (bsc#925502 CVE-2015-2775) - Fixed a XSS vulnerability, which allowed malicious listowners to inject scripts into the listinfo pages (bsc#1099510 CVE-2018-0618) - Fixed arbitrary text injection vulnerability in several mailman CGIs (CVE-2018-13796 bsc#1101288) - Fixed a CSRF vulnerability on the user options page (CVE-2016-6893 bsc#995352) Important SUSE bug 1077358 SUSE bug 1099510 SUSE bug 1101288 SUSE bug 925502 SUSE bug 995352 CVE-2015-2775 CVE-2016-6893 CVE-2018-0618 CVE-2018-13796 CVE-2018-5950 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \'Session\' header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. [bsc#1086820] Moderate SUSE bug 1086774 SUSE bug 1086775 SUSE bug 1086813 SUSE bug 1086814 SUSE bug 1086817 SUSE bug 1086820 CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (bsc#1075428). - Revert 'e1000e: Separate signaling for link check/link up' (bsc#1075428). - Revert 'led: core: Fix brightness setting when setting delay_off=0' (bnc#1012382). - Revert 'watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).' This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dm io: fix duplicate bio completion due to missing ref count (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bnc#1012382). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - perf/x86/intel: Add model number for Skylake Server to perf (FATE#321269). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - storvsc: do not schedule work elements during host reset (bsc#1070536, bsc#1057734). - storvsc_drv: use embedded work structure for host rescan (bsc#1070536, bsc#1057734). - storvsc_drv: use separate workqueue for rescan (bsc#1070536, bsc#1057734). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Important SUSE bug 1012382 SUSE bug 1031717 SUSE bug 1046610 SUSE bug 1057734 SUSE bug 1070536 SUSE bug 1075428 SUSE bug 1076847 SUSE bug 1077560 SUSE bug 1082153 SUSE bug 1082299 SUSE bug 1083125 SUSE bug 1083745 SUSE bug 1083836 SUSE bug 1084353 SUSE bug 1084610 SUSE bug 1084721 SUSE bug 1084829 SUSE bug 1085042 SUSE bug 1085185 SUSE bug 1085224 SUSE bug 1085402 SUSE bug 1085404 SUSE bug 1086162 SUSE bug 1086194 SUSE bug 1087088 SUSE bug 1087260 SUSE bug 1087845 SUSE bug 1088241 SUSE bug 1088242 SUSE bug 1088600 SUSE bug 1088684 SUSE bug 1089198 SUSE bug 1089608 SUSE bug 1089644 SUSE bug 1089752 SUSE bug 1090643 CVE-2017-18257 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). These non-security issues were fixed: - bsc#1086039: Ensure that Dom0 does represent DomU cpu flags correctly - bsc#1027519: Fixed shadow mode guests Important SUSE bug 1027519 SUSE bug 1086039 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2017-5754 CVE-2018-10471 CVE-2018-10472 CVE-2018-8897 cpe:/o:suse:sles-bcl:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098) Non security issues fixed: - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825) Moderate SUSE bug 1086825 SUSE bug 1092098 CVE-2018-1000301 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox to the ESR 52.8 release fixes the following issues: Mozil to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This feature was added: - Add support for block resize support for xen disks through the monitor This non-security issue was fixed: - bsc#1079405: Add new look up path 'sys/class/tpm' for tpm cancel path based on Linux 4.0 change Important SUSE bug 1079405 SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' The following related and non-security bugs were fixed: - cpuid: Fix cpuid.edx.7.0 propagation to guest - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). Important SUSE bug 1056427 SUSE bug 1068032 SUSE bug 1075087 SUSE bug 1080157 SUSE bug 1087082 SUSE bug 1090953 SUSE bug 1091041 SUSE bug 1092289 SUSE bug 1093215 SUSE bug 1094019 CVE-2018-3639 cpe:/o:suse:sles-bcl:12:sp2 Security update for bash (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299) - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) Non-security issues fixed: - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247) Moderate SUSE bug 1000396 SUSE bug 1001299 SUSE bug 1086247 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sles-bcl:12:sp2 Security update for icu (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999) Moderate SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 1087932 SUSE bug 929629 SUSE bug 990636 CVE-2014-8146 CVE-2014-8147 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sles-bcl:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 cpe:/o:suse:sles-bcl:12:sp2 Security update for freeradius-server (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Important SUSE bug 1132549 SUSE bug 1132664 CVE-2019-11234 CVE-2019-11235 cpe:/o:suse:sles-bcl:12:sp2 Security update for libssh2_org (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sles-bcl:12:sp2 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). Moderate SUSE bug 1104205 SUSE bug 1109209 CVE-2018-14526 cpe:/o:suse:sles-bcl:12:sp2 Security update for atftp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:sles-bcl:12:sp2 Security update for krb5 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Important SUSE bug 1120489 CVE-2018-20217 cpe:/o:suse:sles-bcl:12:sp2 Security update for hostinfo, supportutils (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) Important SUSE bug 1054979 SUSE bug 1099498 SUSE bug 1115245 SUSE bug 1117751 SUSE bug 1117776 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 SUSE bug 1125623 SUSE bug 1125666 CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: - Reject invalid EC point coordinates (bsc#1131291) This helps openssl using services that do not do this verification on their own. Moderate SUSE bug 1131291 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Save registry file outside share as unprivileged user (bsc#1131060). Non-security issue fixed: - Backport changes to support quotas with SMB2 (bsc#1106119). Moderate SUSE bug 1106119 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fixed an issue where the first login failed and subsequent ones work (bsc#1126463). - Fixed winbind running out of memory with high number of domain groups (bsc#1114459). - Backport changes to support quotas with SMB2 (bsc#1106119). Moderate SUSE bug 1087481 SUSE bug 1106119 SUSE bug 1114459 SUSE bug 1126463 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles-bcl:12:sp2 Security update for jakarta-commons-fileupload (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Important SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1133135 CVE-2018-11212 CVE-2018-3639 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-bcl:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) Important SUSE bug 1080919 SUSE bug 1121563 SUSE bug 1125352 SUSE bug 1126056 SUSE bug 1127557 SUSE bug 1128657 SUSE bug 1130230 SUSE bug 1132348 SUSE bug 1132400 SUSE bug 1132721 SUSE bug 955942 CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: Following security issues were fixed: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Important SUSE bug 1111331 SUSE bug 1129622 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network could use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. (bnc#1096748). - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. (bnc#1096748). - CVE-2016-8636: Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c allowed local users to cause a denial of service (memory corruption), obtain sensitive information or possibly have unspecified other impact via a write or read request involving the 'RDMA protocol over infiniband' (aka Soft RoCE) technology (bnc#1024908). - CVE-2017-18174: In the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533). - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c has multiple race conditions (bnc#1133188). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (bsc#1131427). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2019-9503, CVE-2019-8564: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828, bnc#1132673). The following non-security bugs were fixed: - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - add mainline tags to four hyperv patches - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - Drivers: hv: vmbus: Define an API to retrieve virtual processor index (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the event page (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the message page (bsc#1122822).++ kernel-source.spec (revision 4)Release: &lt;RELEASE>.gbd4498d - Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt controller (bsc#1122822). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1111331). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - MDS: Add CVE refs - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1129279). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1129279). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1129279). - net: ena: complete host info to match latest ENA spec (bsc#1129279). - net: ena: enable Low Latency Queues (bsc#1129279). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1129279). - net: ena: fix auto casting to boolean (bsc#1129279). - net: ena: fix compilation error in xtensa architecture (bsc#1129279). - net: ena: fix crash during ena_remove() (bsc#1129279). - net: ena: fix crash during failed resume from hibernation (bsc#1129279). - net: ena: fix indentations in ena_defs for better readability (bsc#1129279). - net: ena: Fix Kconfig dependency on X86 (bsc#1129279). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1129279). - net: ena: fix race between link up and device initalization (bsc#1129279). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1129279). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1129279). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1129279). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1129279). - net: ena: minor performance improvement (bsc#1129279). - net: ena: remove ndo_poll_controller (bsc#1129279). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1129279). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1129279). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129279). - net: ena: update driver version to 2.0.1 (bsc#1129279). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1129279). - PCI: hv: Add vPCI version protocol negotiation (bnc#1043485, bsc#1122822). - PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC (bnc#1034113, bsc#1122822). - PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg() (bnc#1094268, bsc#1122822). - PCI: hv: Do not sleep in compose_msi_msg() (bsc#1082632, bsc#1122822). - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#1087906, bsc#1122822). - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659, bsc#1122822). - PCI: hv: Fix comment formatting and use proper integer fields (bnc#1043485, bsc#1122822). - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (bsc#1087659, bsc#1122822). - PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659, bsc#1122822). - PCI: hv: Serialize the present and eject work items (bsc#1087659, bsc#1122822). - PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs (bnc#1043485, bsc#1122822). - PCI: hv: Temporary own CPU-number-to-vCPU-number infra (bnc#1043485, bsc#1122822). - PCI: hv: Use effective affinity mask (bsc#1109772, bsc#1122822). - PCI: hv: Use page allocation for hbus structure (bnc#1043485, bsc#1122822). - PCI: hv: Use vPCI protocol version 1.2 (bnc#1043485, bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - powerpc/64: Disable the speculation barrier from the command line (bsc#1068032). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390: add explicit <linux/stringify.h> for jump label (bsc#1111331). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - Use upstream variant of two pci-hyperv patches - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382 bsc#1100152). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1111331). - x86/bugs: Rename SSBD_NO to SSB_NO (bsc#1111331). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#1111331). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772, bsc#1122822). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86: stop exporting msr-index.h to userland (bsc#1111331). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382 bsc#1100152). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382 bsc#1100152). Important SUSE bug 1012382 SUSE bug 1024908 SUSE bug 1034113 SUSE bug 1043485 SUSE bug 1068032 SUSE bug 1073311 SUSE bug 1080157 SUSE bug 1080533 SUSE bug 1082632 SUSE bug 1087231 SUSE bug 1087659 SUSE bug 1087906 SUSE bug 1093158 SUSE bug 1094268 SUSE bug 1096748 SUSE bug 1100152 SUSE bug 1103186 SUSE bug 1106913 SUSE bug 1109772 SUSE bug 1111331 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1116841 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1122822 SUSE bug 1124832 SUSE bug 1125580 SUSE bug 1129279 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131587 SUSE bug 1132673 SUSE bug 1132828 SUSE bug 1133188 CVE-2016-8636 CVE-2017-17741 CVE-2017-18174 CVE-2018-1091 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-19407 CVE-2019-11091 CVE-2019-11486 CVE-2019-3882 CVE-2019-8564 CVE-2019-9503 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: ucode-intel was updated to official QSR 2019.1 microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded Broadwell CPU ucode that was missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssh (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Important SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles-bcl:12:sp2 Security update for systemd (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Moderate SUSE bug 1005023 SUSE bug 1076696 SUSE bug 1101591 SUSE bug 1114981 SUSE bug 1115518 SUSE bug 1119971 SUSE bug 1120323 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 cpe:/o:suse:sles-bcl:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380). - Fixed an issue with live migration (bsc#1133818). - Added upstream bug fix (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1116380 SUSE bug 1130680 SUSE bug 1133818 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Important SUSE bug 1135824 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk fixes the following issues: Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed: - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: - Please check the package Changelog for detailed information. Moderate SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1134297 CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sles-bcl:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 cpe:/o:suse:sles-bcl:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other security issues fixed: - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). - qemu: Add support for using AES secret for SCSI hotplug Important SUSE bug 1111331 SUSE bug 1131595 SUSE bug 1135273 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-3886 cpe:/o:suse:sles-bcl:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Important SUSE bug 1122319 CVE-2019-6116 cpe:/o:suse:sles-bcl:12:sp2 Security update for vim (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Moderate SUSE bug 1065237 SUSE bug 1090671 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There is an unchecked kstrdup of fwstr, which may have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1131543) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not have ended with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) The following non-security bugs were fixed: - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1134596). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1134596). Important SUSE bug 1099658 SUSE bug 1106284 SUSE bug 1110785 SUSE bug 1113769 SUSE bug 1120843 SUSE bug 1120885 SUSE bug 1131543 SUSE bug 1131565 SUSE bug 1132374 SUSE bug 1132472 SUSE bug 1134537 SUSE bug 1134596 SUSE bug 1134848 SUSE bug 1135281 SUSE bug 1135603 SUSE bug 1136424 SUSE bug 1136446 SUSE bug 1136586 SUSE bug 1136935 SUSE bug 1137586 CVE-2018-17972 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sles-bcl:12:sp2 Security update for dbus-1 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sles-bcl:12:sp2 Security update for gstreamer-plugins-base (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sles-bcl:12:sp2 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sles-bcl:12:sp2 Security update for gstreamer-0_10-plugins-base (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sles-bcl:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Important SUSE bug 1138872 CVE-2019-11708 cpe:/o:suse:sles-bcl:12:sp2 Security update for glib2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for glib2 provides the following fix: Security issues fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). - CVE-2018-16428: Avoid a null pointer dereference that could crash glib2 users in markup processing (bnc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: - Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Important SUSE bug 1061599 SUSE bug 1107116 SUSE bug 1107121 SUSE bug 1137001 CVE-2018-16428 CVE-2018-16429 CVE-2019-12450 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql10 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#) - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#) - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#) - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190) The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).' This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701). - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701). - x86/microcode/amd: Hand down the CPU family (bsc#1134701). - x86/microcode/amd: Move private inlines to .c and mark local functions static (bsc#1134701). - x86/microcode/intel: Drop stashed AP patch pointer optimization (bsc#1134701). - x86/microcode/intel: Fix allocation size of struct ucode_patch (bsc#1134701). - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/intel: Remove intel_lib.c (bsc#1134701). - x86/microcode/intel: Remove unused arg of get_matching_model_microcode() (bsc#1134701). - x86/microcode/intel: Rename load_microcode_early() to find_microcode_patch() (bsc#1134701). - x86/microcode/intel: Rename local variables of type struct mc_saved_data (bsc#1134701). - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701). - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701). - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701). - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701). - x86/microcode/intel: Use correct buffer size for saving microcode data (bsc#1134701). - x86/microcode: Collect CPU info on resume (bsc#1134701). - x86/microcode: Export the microcode cache linked list (bsc#1134701). - x86/microcode: Fix loading precedence (bsc#1134701). - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg (bsc#1134701). - x86/microcode: Issue the debug printk on resume only on success (bsc#1134701). - x86/microcode: Rework microcode loading (bsc#1134701). - x86/microcode: Run the AP-loading routine only on the application processors (bsc#1134701). Important SUSE bug 1096254 SUSE bug 1108382 SUSE bug 1109137 SUSE bug 1127155 SUSE bug 1133190 SUSE bug 1133738 SUSE bug 1134395 SUSE bug 1134701 SUSE bug 1136922 SUSE bug 1136935 SUSE bug 1137194 SUSE bug 1138291 SUSE bug 1140575 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sles-bcl:12:sp2 Security update for glib2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Important SUSE bug 1139959 SUSE bug 1140122 CVE-2019-13012 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:sles-bcl:12:sp2 Security update for polkit (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-bcl:12:sp2 Security update for bzip2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sles-bcl:12:sp2 Security update for glibc (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Moderate SUSE bug 1127223 SUSE bug 1127308 SUSE bug 1128574 CVE-2009-5155 CVE-2019-9169 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) - Fixed an issue with live migrations, which used to fail when spectre is enabled on xen boot cmdline (bsc#1116380) - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1105528 SUSE bug 1108940 SUSE bug 1114423 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1116380 SUSE bug 1117756 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 cpe:/o:suse:sles-bcl:12:sp2 Security update for bzip2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sles-bcl:12:sp2 Security update for polkit (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Important SUSE bug 1115375 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:suse:sles-bcl:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mariadb fixes the following issues: Update to MariaDB 10.0.38 GA (bsc#1136037). Security issues fixed: - CVE-2019-2537: Denial of service via multiple protocols (bsc#1136037) - CVE-2019-2529: Denial of service via multiple protocols (bsc#1136037) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Removed PerconaFT from the package as it has AGPL licence (bsc#1118754). - Do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Removed 'umask 077' from mysql-systemd-helper that caused new datadirs created with wrong permissions (bsc#1132666). Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10038-release-notes - https://kb.askmonty.org/en/mariadb-10038-changelog - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Important SUSE bug 1013882 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112397 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 SUSE bug 1132666 SUSE bug 1136037 CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 CVE-2019-2529 CVE-2019-2537 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Important SUSE bug 1109663 SUSE bug 1109847 SUSE bug 1138459 CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 cpe:/o:suse:sles-bcl:12:sp2 Security update for evince (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sles-bcl:12:sp2 Security update for squid (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials (bsc#1141329). - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332). - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Moderate SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 CVE-2019-12525 CVE-2019-12529 CVE-2019-13345 cpe:/o:suse:sles-bcl:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sles-bcl:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issue fixed: - qemu: Add support for overriding max threads per process limit (bsc#1133719) Important SUSE bug 1133719 SUSE bug 1138301 SUSE bug 1138303 CVE-2019-10161 CVE-2019-10167 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Important SUSE bug 1135902 SUSE bug 1140402 SUSE bug 1143794 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles-bcl:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for perl fixes the following issues: Security issue fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). Important SUSE bug 1114674 CVE-2018-18311 cpe:/o:suse:sles-bcl:12:sp2 Security update for libsolv, libzypp, zypper (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 and fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Fixes for libzypp: - Fixes a bug where locking the kernel was not possible (bsc#1113296) - Fixes a file descriptor leak (bsc#1116995) - Will now run file conflict check on dry-run (best with download-only) (bsc#1140039) Fixes for zypper: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) - Fixes bash completion option detection (bsc#1049825) Moderate SUSE bug 1049825 SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1116995 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 SUSE bug 1140039 SUSE bug 1145521 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') could have caused a system lock up and a denial of service (bnc#1123161). - CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922). - CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857). - CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). The following non-security bugs were fixed: - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652, bsc#1144288). - bcache: fix race in btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1130972, bsc#1144257). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1130972, bsc#1144273). - bcache: performance improvement for btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652, bsc#1144288). - btrfs: improve delayed refs iterations (bsc#1076033, bsc#1107256). - i40e: add functions to control default VSI (bsc#1141628). - i40e: set default VSI without a reset (bsc#1141628). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1142098). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - qib/hfi1: Fix MR reference count leak on write with immediate (bsc#1045640). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (XSA-300). Important SUSE bug 1045640 SUSE bug 1076033 SUSE bug 1107256 SUSE bug 1123161 SUSE bug 1130972 SUSE bug 1134399 SUSE bug 1139358 SUSE bug 1140012 SUSE bug 1140652 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141628 SUSE bug 1142023 SUSE bug 1142098 SUSE bug 1142857 SUSE bug 1143045 SUSE bug 1143048 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1144257 SUSE bug 1144273 SUSE bug 1144288 SUSE bug 1144920 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1146163 CVE-2017-18551 CVE-2018-20855 CVE-2018-20856 CVE-2019-10207 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 CVE-2019-15117 CVE-2019-15118 CVE-2019-3819 cpe:/o:suse:sles-bcl:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Important SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles-bcl:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Important SUSE bug 1135715 SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Important SUSE bug 1122292 SUSE bug 1122299 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141787 SUSE bug 1141789 SUSE bug 1147021 CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles-bcl:12:sp2 Security update for ibus (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Important SUSE bug 1120644 SUSE bug 1122191 CVE-2018-20406 CVE-2019-5010 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) Important SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1149324 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:sles-bcl:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dovecot22 fixes the following issues: - CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Important SUSE bug 1145559 CVE-2019-11500 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Important SUSE bug 1129180 SUSE bug 1131863 SUSE bug 1134156 SUSE bug 1140359 SUSE bug 1146882 SUSE bug 1146884 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 cpe:/o:suse:sles-bcl:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Important SUSE bug 1123371 SUSE bug 1123377 SUSE bug 1123378 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 cpe:/o:suse:sles-bcl:12:sp2 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Important SUSE bug 1087200 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1133810 SUSE bug 1140868 SUSE bug 1145665 SUSE bug 1149323 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 cpe:/o:suse:sles-bcl:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly. Moderate SUSE bug 1109412 SUSE bug 1109413 SUSE bug 1109414 SUSE bug 1111996 SUSE bug 1112534 SUSE bug 1112535 SUSE bug 1113247 SUSE bug 1113252 SUSE bug 1113255 SUSE bug 1116827 SUSE bug 1118830 SUSE bug 1118831 SUSE bug 1120640 SUSE bug 1121034 SUSE bug 1121035 SUSE bug 1121056 SUSE bug 1133131 SUSE bug 1133232 SUSE bug 1141913 SUSE bug 1142772 CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2019-1010180 cpe:/o:suse:sles-bcl:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sles-bcl:12:sp2 Security update for libpcap (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:suse:sles-bcl:12:sp2 Security update for nfs-utils (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Moderate SUSE bug 1150733 CVE-2019-3689 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Important SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1143797 SUSE bug 1146874 SUSE bug 1149813 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). Important SUSE bug 1010399 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010421 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1025108 SUSE bug 1043008 SUSE bug 1047281 SUSE bug 1074235 SUSE bug 1092611 SUSE bug 1120374 SUSE bug 1137990 SUSE bug 1149429 SUSE bug 1154738 SUSE bug 959933 SUSE bug 983922 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7789 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles-bcl:12:sp2 Security update for gdb (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Add gdb-s390-handle-arch13.diff to handle most new s390 arch13 instructions. [fate#327369, jsc#ECO-368] Moderate SUSE bug 1115034 SUSE bug 1142772 SUSE bug 1145692 CVE-2019-1010180 cpe:/o:suse:sles-bcl:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sles-bcl:12:sp2 Security update for libseccomp (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libseccomp fixes the following issues: Update to new upstream release 2.4.1: * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 (bsc#1128828 CVE-2019-9893): * Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates Update to release 2.3.3: * Updated the syscall table for Linux v4.15-rc7 Update to release 2.3.2: * Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes - ignore make check error for ppc64/ppc64le, bypass bsc#1142614 Moderate SUSE bug 1082318 SUSE bug 1128828 SUSE bug 1142614 CVE-2019-9893 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) - requires coreutils for the %post script (bsc#1154043) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1154043 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles-bcl:12:sp2 Security update for libjpeg-turbo (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Important SUSE bug 1156402 CVE-2019-2201 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript fixes the following issue: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). Important SUSE bug 1156275 CVE-2019-14869 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17055: The AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). - CVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems (bnc#1151347). - CVE-2019-15902: A backporting issue was discovered that re-introduced the Spectre vulnerability it had aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15291: Fixed a NULL pointer dereference issue that could be caused by a malicious USB device (bnc#1146519). - CVE-2019-15807: Fixed a memory leak in the SCSI module that could be abused to cause denial of service (bnc#1148938). - CVE-2019-13272: Fixed a mishandled the recording of the credentials of a process that wants to create a ptrace relationship, which allowed local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). (bnc#1140671). - CVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's kvm hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15505: An out-of-bounds issue had been fixed that could be caused by crafted USB device traffic (bnc#1147122). - CVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555). - CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: A NULL pointer dereference was fixed that could be malicious USB device (bnc#1146361). - CVE-2019-15924: A a NULL pointer dereference has been fixed in the drivers/net/ethernet/intel/fm10k module (bnc#1149612). - CVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025). - CVE-2019-15926: An out-of-bounds access was fixed in the drivers/net/wireless/ath/ath6kl module. (bnc#1149527). - CVE-2019-15927: An out-of-bounds access was fixed in the sound/usb/mixer module (bnc#1149522). - CVE-2019-15666: There was an out-of-bounds array access in the net/xfrm module that could cause denial of service (bnc#1148394). - CVE-2019-15219: A NULL pointer dereference was fixed that could be abused by a malicious USB device (bnc#1146519 1146524). - CVE-2019-15220: A use-after-free issue was fixed that could be caused by a malicious USB device (bnc#1146519 1146526). - CVE-2019-15221: A NULL pointer dereference was fixed that could be caused by a malicious USB device (bnc#1146519 1146529). - CVE-2019-14814: A heap-based buffer overflow was fixed in the marvell wifi chip driver. That issue allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: A missing length check while parsing WMM IEs was fixed (bsc#1146512, bsc#1146514, bsc#1146516). - CVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip driver was fixed. Local users would have abused this issue to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477) - CVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865). - CVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath was fixed (bnc#1146378). - CVE-2019-15290: A NULL pointer dereference in ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378). - CVE-2019-15212: A double-free issue was fixed in drivers/usb driver (bnc#1146391). - CVE-2016-10906: A use-after-free issue was fixed in drivers/net/ethernet/arc (bnc#1146584). - CVE-2019-15211: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/v4l2-core driver (bnc#1146519). - CVE-2019-15217: A a NULL pointer dereference issue caused by a malicious USB device was fixed in the drivers/media/usb/zr364xx driver (bnc#1146519). - CVE-2019-15214: An a use-after-free issue in the sound subsystem was fixed (bnc#1146519). - CVE-2019-15218: A NULL pointer dereference caused by a malicious USB device was fixed in the drivers/media/usb/siano driver (bnc#1146413). - CVE-2019-15215: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425). - CVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver (bnc#1146285). - CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966) - CVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967) - CVE-2019-16231: The fjes driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bnc#1150466) - CVE-2019-18805: Fix signed integer overflow in tcp_ack_update_rtt() that could have lead to a denial of service or possibly unspecified other impact (bsc#1156187) - CVE-2019-18680: A NULL pointer dereference in rds_tcp_kill_sock() could cause denial of service (bnc#1155898) The following non-security bugs were fixed: - cpu/speculation: Uninline and export CPU mitigations helpers (bnc#1117665). - documentation: Add ITLB_MULTIHIT documentation (bnc#1117665). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ib/core: array_index_nospec: Sanitize speculative array (bsc#1155671) - ipv6: Update ipv6 defrag code (add bsc#1141054). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm kABI Fix for NX patches (bsc#1117665). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665). - kvm: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage (bsc#1117665). - kvm: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed (bsc#1117665). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - kvm: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault() (bsc#1117665). - kvm: x86: MMU: Encapsulate the type of rmap-chain head in a new struct (bsc#1117665). - kvm: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault() (bsc#1117665). - kvm: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (bsc#1117665). - kvm: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (bsc#1117665). - kvm: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() (bsc#1117665). - kvm: x86: MMU: always set accessed bit in shadow PTEs (bsc#1117665). - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: extend usage of RET_MMIO_PF_* constants (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT (bnc#1117665). - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - kvm: x86: simplify ept_misconfig (bsc#1117665). - media: smsusb: better handle optional alignment (bsc#1146413). - mm: use upstream patch for bsc#1106913 - scsi: scsi_transport_fc: Drop double list_del() (bsc#1084878) - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1068032, bsc#1092497). - x86/cpu: Add Atom Tremont (Jacobsville) (bsc#1117665). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bsc#1150223). - x86/mitigations: Backport the STIBP pile See bsc#1139550 - xen-blkfront: avoid ENOMEM in blkif_recover after migration (bsc#1149849). Important SUSE bug 1068032 SUSE bug 1084878 SUSE bug 1092497 SUSE bug 1106913 SUSE bug 1117665 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137865 SUSE bug 1139550 SUSE bug 1140671 SUSE bug 1141054 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1145477 SUSE bug 1146285 SUSE bug 1146361 SUSE bug 1146378 SUSE bug 1146391 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146512 SUSE bug 1146514 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146584 SUSE bug 1147122 SUSE bug 1148394 SUSE bug 1148938 SUSE bug 1149376 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149555 SUSE bug 1149612 SUSE bug 1149849 SUSE bug 1150025 SUSE bug 1150112 SUSE bug 1150223 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150466 SUSE bug 1151347 SUSE bug 1151350 SUSE bug 1152685 SUSE bug 1152782 SUSE bug 1152788 SUSE bug 1153158 SUSE bug 1154372 SUSE bug 1155671 SUSE bug 1155898 SUSE bug 1156187 CVE-2016-10906 CVE-2017-18509 CVE-2017-18595 CVE-2018-12207 CVE-2018-20976 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-13272 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15098 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15290 CVE-2019-15291 CVE-2019-15505 CVE-2019-15666 CVE-2019-15807 CVE-2019-15902 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16413 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18680 CVE-2019-18805 CVE-2019-9456 CVE-2019-9506 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles-bcl:12:sp2 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:sles-bcl:12:sp2 Security update for cups (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). Important SUSE bug 1146358 SUSE bug 1146359 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Moderate SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1151839 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:sles-bcl:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Important SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles-bcl:12:sp2 Security update for LibVNCServer (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:sles-bcl:12:sp2 Security update for permissions (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused segmentation fault (bsc#1157198). Moderate SUSE bug 1093414 SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3688 CVE-2019-3690 cpe:/o:suse:sles-bcl:12:sp2 Security update for strongswan (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for strongswan provides the following fixes: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Other issues addressed: - Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853). - Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit. - Handle unexpected informational message from SonicWall. (bsc#1009254) Important SUSE bug 1009254 SUSE bug 1071853 SUSE bug 1093536 SUSE bug 1094462 SUSE bug 1107874 SUSE bug 1109845 CVE-2018-10811 CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2018-5388 cpe:/o:suse:sles-bcl:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023) Important SUSE bug 1082023 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158788 SUSE bug 1158789 SUSE bug 1158790 SUSE bug 1158791 SUSE bug 1158792 SUSE bug 1158793 SUSE bug 1158795 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Important SUSE bug 1158328 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Important SUSE bug 1120374 SUSE bug 1122983 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 cpe:/o:suse:sles-bcl:12:sp2 Security update for util-linux (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for util-linux fixes the following issues: This non-security issue was fixed: - CVE-2018-7738: bash-completion/umount allowed local users to gain privileges by embedding shell commands in a mountpoint name, which was mishandled during a umount command by a different user (bsc#1084300). These non-security issues were fixed: - Fixed crash loop in lscpu (bsc#1072947). - Fixed possible segfault of umount -a - Fixed mount -a on NFS bind mounts (bsc#1080740). - Fixed lsblk on NVMe (bsc#1078662). Important SUSE bug 1072947 SUSE bug 1078662 SUSE bug 1080740 SUSE bug 1084300 CVE-2018-7738 cpe:/o:suse:sles-bcl:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage['cursor'] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Important SUSE bug 1111498 SUSE bug 1117025 SUSE bug 1117382 SUSE bug 1120658 SUSE bug 1122000 SUSE bug 1122344 SUSE bug 1123333 SUSE bug 1123892 SUSE bug 1125352 CVE-2019-6454 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). The following non-security bugs were fixed: - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ata: Fix racy link clearance (bsc#1107866). - btrfs: Fix wrong first_key parameter in replace_path (follow up fixes for bsc#1084721). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (bsc#1113192) - fscache: fix race between enablement and dropping of object (bsc#1107385). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ip: hash fragments consistently (bsc#1042286 bsc#1108145). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - libfc: sync strings with upstream versions (bsc#1114763). - md: reorder flag_bits to match upstream commits The ordering in the patches was backward. - mm: add support for releasing multiple instances of a page (bsc#1100105). - mm: rename __page_frag functions to __page_frag_cache, drop order from drain (bsc#1100105). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - NFS: add nostatflush mount option (bsc#1065726). - nospec: Include <asm/barrier.h> dependency (bsc#1114648). - ovl: after setting xattributes, you need to copy the attributes in order to make sure the mode and ctime/mtime is set (bsc#1107299). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - Revert 'kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)' This reverts commit 54da5757cbbb39ab15b3cd09cf922a8a9e32209c. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1091197). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - sd: disable logical block provisioning if 'lpbme' is not set (bsc#1086095). - tcp: prevent bogus FRTO undos with non-SACK flows (bsc#1086535). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bsc#1105931). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555, bsc#1117187). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs/dmapi: restore event in xfs_getbmap (bsc#1095344, bsc#1114763). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). Important SUSE bug 1012382 SUSE bug 1023175 SUSE bug 1042286 SUSE bug 1065600 SUSE bug 1065726 SUSE bug 1070805 SUSE bug 1084721 SUSE bug 1086095 SUSE bug 1086535 SUSE bug 1091158 SUSE bug 1091171 SUSE bug 1091197 SUSE bug 1094825 SUSE bug 1095344 SUSE bug 1098996 SUSE bug 1099523 SUSE bug 1099597 SUSE bug 1100105 SUSE bug 1101555 SUSE bug 1103624 SUSE bug 1104731 SUSE bug 1105025 SUSE bug 1105931 SUSE bug 1106293 SUSE bug 1107256 SUSE bug 1107299 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108145 SUSE bug 1108498 SUSE bug 1109330 SUSE bug 1110286 SUSE bug 1110837 SUSE bug 1111062 SUSE bug 1113192 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114190 SUSE bug 1114648 SUSE bug 1114763 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1116027 SUSE bug 1116183 SUSE bug 1116345 SUSE bug 1117186 SUSE bug 1117187 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1119714 SUSE bug 1119946 SUSE bug 1119947 SUSE bug 1120743 SUSE bug 1120758 SUSE bug 1121621 SUSE bug 1123161 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 cpe:/o:suse:sles-bcl:12:sp2 Security update for procps (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sles-bcl:12:sp2 Security update for texlive (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Important SUSE bug 1109673 CVE-2018-17407 cpe:/o:suse:sles-bcl:12:sp2 Security update for kernel-firmware (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Important SUSE bug 1104301 CVE-2018-5383 cpe:/o:suse:sles-bcl:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604). - CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function. - CVE-2017-13672: Fixed a denial of service via vectors involving display update. Non-security issues fixed: - Fixed bad guest time after migration (bsc#1113231). Important SUSE bug 1084604 SUSE bug 1113231 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1119493 SUSE bug 1123156 CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2018-7858 CVE-2019-6778 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 cpe:/o:suse:sles-bcl:12:sp2 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues fixed: - libxl: save current memory value after successful balloon (bsc#1120813). - spec: Don't restart libvirt-guests when updating libvirt-client (bsc#1104662). Moderate SUSE bug 1104662 SUSE bug 1120813 SUSE bug 1127458 CVE-2019-3840 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Important SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 cpe:/o:suse:sles-bcl:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120119 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Important SUSE bug 1122292 SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1128158 CVE-2018-11212 CVE-2018-1890 CVE-2019-2422 CVE-2019-2449 cpe:/o:suse:sles-bcl:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Moderate SUSE bug 1129231 cpe:/o:suse:sles-bcl:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1125401 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Other issues addressed: - Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Moderate SUSE bug 1100078 SUSE bug 1113975 SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829). - CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732). - CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728). The following non-security bugs were fixed: - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ipv4: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - netfilter: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599, bsc#1105402, bsc#1127758). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1108145). - scsi: megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (bsc#1121698). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bsc#1122821). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen-netfront: Fix hang on device removal (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Important SUSE bug 1012382 SUSE bug 1075697 SUSE bug 1082943 SUSE bug 1098599 SUSE bug 1102959 SUSE bug 1105402 SUSE bug 1107829 SUSE bug 1108145 SUSE bug 1109137 SUSE bug 1109330 SUSE bug 1110286 SUSE bug 1117645 SUSE bug 1119019 SUSE bug 1120691 SUSE bug 1121698 SUSE bug 1121805 SUSE bug 1122821 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1125315 SUSE bug 1127155 SUSE bug 1127758 SUSE bug 1127961 SUSE bug 1128166 SUSE bug 1129080 SUSE bug 1129179 CVE-2018-14633 CVE-2019-2024 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 cpe:/o:suse:sles-bcl:12:sp2 Security update for bash (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Important SUSE bug 1130324 CVE-2019-9924 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Important SUSE bug 1125330 SUSE bug 1127987 SUSE bug 1129821 SUSE bug 1130262 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Important SUSE bug 1131233 SUSE bug 1131237 SUSE bug 1131239 SUSE bug 1131241 SUSE bug 1131245 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:sles-bcl:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Important SUSE bug 1111789 SUSE bug 1123022 SUSE bug 1130116 CVE-2019-3814 CVE-2019-7524 cpe:/o:suse:sles-bcl:12:sp2 Security update for sqlite3 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Moderate SUSE bug 1119687 SUSE bug 1131576 CVE-2018-20346 CVE-2018-20506 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) Other issue addressed: - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). Important SUSE bug 1026236 SUSE bug 1114988 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129623 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sles-bcl:12:sp2 Security update for wget (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Important SUSE bug 1131493 CVE-2019-5953 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 CVE-2019-9636 cpe:/o:suse:sles-bcl:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758). Important SUSE bug 1112758 SUSE bug 1131886 CVE-2018-16839 cpe:/o:suse:sles-bcl:12:sp2 Security update for cups (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:sles-bcl:12:sp2 Security update for pam_radius (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for pam_radius fixes the following issues: - CVE-2015-9542: Fixed a buffer overflow in password field (bsc#1163933). - On s390x didn't decrypt passwords correctly (bsc#1141670). Important SUSE bug 1141670 SUSE bug 1163933 CVE-2015-9542 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). - CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329). Important SUSE bug 1155321 SUSE bug 1156318 SUSE bug 1159329 SUSE bug 1161719 SUSE bug 1163809 SUSE bug 1165528 SUSE bug 1169658 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 cpe:/o:suse:sles-bcl:12:sp2 Security update for shibboleth-sp (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files (bsc#1157471). Moderate SUSE bug 1157471 CVE-2019-19191 cpe:/o:suse:sles-bcl:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:sles-bcl:12:sp2 Security update for icu (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for icu fixes the following issues: - CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend() (bsc#1166844). Moderate SUSE bug 1166844 CVE-2020-10531 cpe:/o:suse:sles-bcl:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643). Non-security issues fixed: - Update to version 2.28.2 (bsc#1170643): + Fix excessive CPU usage due to GdkFrameClock not being stopped. + Fix UI process crash when EGL_WL_bind_wayland_display extension is not available. + Fix position of select popup menus in X11. + Fix playing of Youtube 'live stream'/H264 URLs. + Fix a crash under X11 when cairo uses xcb. + Fix the build in MIPS64. + Fix several crashes and rendering issues. Important SUSE bug 1170643 CVE-2020-3899 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603). Important SUSE bug 1170603 CVE-2020-12268 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Update to version 68.8.0 ESR (bsc#1171186): - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection - CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 Important SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:sles-bcl:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-11945: fixes a potential remote execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (bsc#1170423). Important SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12524 CVE-2020-11945 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: Fixed a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which leads to a wait_til_ready out-of-bounds read (bnc#1165111). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). - CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem caused by mishandling invalid descriptors (bnc#1168854). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bnc#1170345). - CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bnc#1168829). - CVE-2017-18255: The perf_cpu_time_max_percent_handler function in kernel/events/core.c allowed local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation (bnc#1087813). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971). - CVE-2019-5108: Fixed a denial-of-service vulnerability caused by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912). - CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c allowed attackers to cause a denial of service (soft lockup) via a crafted journal size (bnc#1164069). - CVE-2018-21008: Fixed a use-after-free which could be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155). - CVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bnc#1157804). - CVE-2019-14615: Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may have allowed an unauthenticated user to potentially enable information disclosure via local access (bnc#1160195, bsc#1165881). - CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bnc#1159911). - CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910). - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908). - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841). - CVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem image, performing some operations, and unmounting could lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819). - CVE-2019-19319: Fixed an issue with a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). - CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). - CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). - CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827). - CVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904). - CVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). - CVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). - CVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). - CVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). - CVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823). - CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). - CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: Fixed a information disclosure on powerpc related to the Spectre-RSB mitigation. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038 1157923). - CVE-2019-18683: Fixed a privilege escalation where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem) (bnc#1155897). - CVE-2019-19062: Fixed a memory leak in the crypto_report() function in crypto/crypto_user_base.c, which allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). - CVE-2019-11091,CVE-2018-12126,CVE-2018-12130,CVE-2018-12127: Earlier mitigations for the 'MDS' Microarchitectural Data Sampling attacks were not complete. An additional fix was added to the x86_64 fast systemcall path to further mitigate these attacks. (bsc#1164846 bsc#1170847) The following non-security bugs were fixed: - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (bsc#1155311). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1155311). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1155311). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1155311). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1155311). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1155311). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1155311). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1155311). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1155311). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1155311). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1155311). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1155311). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1155311). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1155311). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1155311). - cgroup: avoid copying strings longer than the buffers (bsc#1146544). - cgroup: use strlcpy() instead of strscpy() to avoid spurious warning (bsc#1146544). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - fix PageHeadHuge() race with THP split (VM Functionality, bsc#1165311). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279 bsc#1156060). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - futex: Use smp_store_release() in mark_wake_futex() (bsc#1157464). - Input: add safety guards to input_set_keycode() (bsc#1168075). - ipv4: correct gso_size for UFO (bsc#1154844). - ipv6: fix memory accounting during ipv6 queue expire (bsc#1162227) (bsc#1162227). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (bsc#1037216). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1146544). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mitigations: Clear CPU buffers on the SYSCALL fast path (bsc#1164846). - xen/pv: Fix a boot up hang revealed by int3 self test (bsc#1153811). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). Important SUSE bug 1037216 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1087082 SUSE bug 1087813 SUSE bug 1091041 SUSE bug 1099279 SUSE bug 1120386 SUSE bug 1131107 SUSE bug 1133147 SUSE bug 1136449 SUSE bug 1137325 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1146612 SUSE bug 1149591 SUSE bug 1153811 SUSE bug 1154844 SUSE bug 1155311 SUSE bug 1155897 SUSE bug 1156060 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157158 SUSE bug 1157303 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157464 SUSE bug 1157804 SUSE bug 1157923 SUSE bug 1158021 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1159297 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159912 SUSE bug 1160195 SUSE bug 1162227 SUSE bug 1162298 SUSE bug 1162928 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164078 SUSE bug 1164846 SUSE bug 1165111 SUSE bug 1165311 SUSE bug 1165873 SUSE bug 1165881 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1170056 SUSE bug 1170345 SUSE bug 1170778 CVE-2017-18255 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-21008 CVE-2019-11091 CVE-2019-14615 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15213 CVE-2019-18660 CVE-2019-18675 CVE-2019-18683 CVE-2019-19052 CVE-2019-19062 CVE-2019-19066 CVE-2019-19073 CVE-2019-19074 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19767 CVE-2019-19768 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20096 CVE-2019-3701 CVE-2019-5108 CVE-2019-9455 CVE-2019-9458 CVE-2020-10690 CVE-2020-10720 CVE-2020-10942 CVE-2020-11494 CVE-2020-11608 CVE-2020-11609 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-8992 CVE-2020-9383 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1168407 SUSE bug 1169066 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:sles-bcl:12:sp2 Security update for git (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for git to 2.26.2 fixes the following issues: Security issue fixed: - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936). Non-security issue fixed: - Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - Enabled access for git-daemon in firewall configuration (bsc#1170302). - Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741). Moderate SUSE bug 1149792 SUSE bug 1168930 SUSE bug 1169605 SUSE bug 1169786 SUSE bug 1169936 SUSE bug 1170302 SUSE bug 1170741 SUSE bug 1170939 CVE-2020-11008 CVE-2020-5260 cpe:/o:suse:sles-bcl:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug (bsc#1171363). - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). - Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920). Important SUSE bug 1167068 SUSE bug 1170558 SUSE bug 1171363 SUSE bug 682920 CVE-2020-12108 CVE-2020-12137 cpe:/o:suse:sles-bcl:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for tomcat fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS. CVE-2019-17563 (bsc#1159729) When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. CVE-2019-17569 (bsc#1164825) Invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header. Important SUSE bug 1136085 SUSE bug 1159723 SUSE bug 1159729 SUSE bug 1164825 SUSE bug 1171928 CVE-2019-0221 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-9484 cpe:/o:suse:sles-bcl:12:sp2 Security update for python (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). Additionally a new 'shared-python-startup' package is provided containing startup files. python-rpm-macros was updated to fix: - Do not write .pyc files for tests (bsc#1171561) Moderate SUSE bug 1027282 SUSE bug 1041090 SUSE bug 1042670 SUSE bug 1073269 SUSE bug 1073748 SUSE bug 1078326 SUSE bug 1078485 SUSE bug 1081750 SUSE bug 1084650 SUSE bug 1086001 SUSE bug 1149792 SUSE bug 1153830 SUSE bug 1155094 SUSE bug 1159035 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 SUSE bug 1170411 SUSE bug 1171561 SUSE bug 945401 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240). - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873). - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018). - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066). - CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811). - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156). Moderate SUSE bug 1123156 SUSE bug 1146873 SUSE bug 1149811 SUSE bug 1161066 SUSE bug 1163018 SUSE bug 1166240 SUSE bug 1170940 CVE-2019-12068 CVE-2019-15890 CVE-2019-6778 CVE-2020-1711 CVE-2020-1983 CVE-2020-7039 CVE-2020-8608 cpe:/o:suse:sles-bcl:12:sp2 Security update for krb5-appl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for krb5-appl fixes the following issues: - CVE-2020-10188: Fixed a remote root execution (bsc#1165787). Important SUSE bug 1165787 CVE-2020-10188 cpe:/o:suse:sles-bcl:12:sp2 Security update for libexif (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Moderate SUSE bug 1055857 SUSE bug 1059893 SUSE bug 1120943 SUSE bug 1160770 SUSE bug 1171475 SUSE bug 1171847 SUSE bug 1172105 SUSE bug 1172116 SUSE bug 1172121 CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:suse:sles-bcl:12:sp2 Security update for vim (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225 and bsc#1172031). Moderate SUSE bug 1172031 SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:sles-bcl:12:sp2 Security update for ruby2.1 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286). - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286). - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452). - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607). - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632). - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754). - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757). - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782). - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002). - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434). - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782). - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441). - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436). - CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433). - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440). - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437). - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530). - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532). - CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007). - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008). - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014). - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009). - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010). - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011). - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058). - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627). - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623). - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622). - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620). - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617). - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611). - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995). - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992). - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990). - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517). Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072). Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275) Important SUSE bug 1043983 SUSE bug 1048072 SUSE bug 1055265 SUSE bug 1056286 SUSE bug 1056782 SUSE bug 1058754 SUSE bug 1058755 SUSE bug 1058757 SUSE bug 1062452 SUSE bug 1069607 SUSE bug 1069632 SUSE bug 1073002 SUSE bug 1078782 SUSE bug 1082007 SUSE bug 1082008 SUSE bug 1082009 SUSE bug 1082010 SUSE bug 1082011 SUSE bug 1082014 SUSE bug 1082058 SUSE bug 1087433 SUSE bug 1087434 SUSE bug 1087436 SUSE bug 1087437 SUSE bug 1087440 SUSE bug 1087441 SUSE bug 1112530 SUSE bug 1112532 SUSE bug 1130611 SUSE bug 1130617 SUSE bug 1130620 SUSE bug 1130622 SUSE bug 1130623 SUSE bug 1130627 SUSE bug 1152990 SUSE bug 1152992 SUSE bug 1152994 SUSE bug 1152995 SUSE bug 1171517 SUSE bug 1172275 CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk to version 7u261 fixes the following issues: - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1169511 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-bcl:12:sp2 Security update for tigervnc (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Important SUSE bug 1159856 SUSE bug 1159858 SUSE bug 1159860 SUSE bug 1160250 SUSE bug 1160251 SUSE bug 1160937 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). The following non-security bugs were fixed: - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1171698). - KEYS: allow reaching the keys quotas exactly (bsc#1171689). - KEYS: reaching the keys quotas correctly (bsc#1171689). - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). Important SUSE bug 1154824 SUSE bug 1164871 SUSE bug 1171098 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171689 SUSE bug 1171698 SUSE bug 1172221 SUSE bug 1172317 CVE-2020-0543 CVE-2020-10757 CVE-2020-12114 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12656 cpe:/o:suse:sles-bcl:12:sp2 Security update for virglrenderer (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Important SUSE bug 1159478 SUSE bug 1159479 SUSE bug 1159482 SUSE bug 1159486 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:suse:sles-bcl:12:sp2 Security update for adns (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:sles-bcl:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601). - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) Important SUSE bug 1102840 SUSE bug 1160039 SUSE bug 1170601 SUSE bug 1171863 SUSE bug 1171864 SUSE bug 1171866 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352). Important SUSE bug 1160968 SUSE bug 1169511 SUSE bug 1171352 SUSE bug 1172277 CVE-2019-2949 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1160398 SUSE bug 1169511 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-bcl:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sles-bcl:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for tomcat fixes the following issues: - CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405) Important SUSE bug 1172405 CVE-2020-8022 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3-requests (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3-requests provides the following fix: python-requests was updated to 2.20.1. Update to version 2.20.1: * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. Update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging Update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. - Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https connections will fail. Moderate SUSE bug 1054413 SUSE bug 1073879 SUSE bug 1111622 SUSE bug 1122668 SUSE bug 761500 SUSE bug 922448 SUSE bug 929736 SUSE bug 935252 SUSE bug 945455 SUSE bug 947357 SUSE bug 961596 SUSE bug 967128 CVE-2015-2296 CVE-2018-18074 cpe:/o:suse:sles-bcl:12:sp2 Security update for mutt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:sles-bcl:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for squid fixes the following issues: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). Important SUSE bug 1167373 SUSE bug 1173304 CVE-2019-18860 CVE-2020-14059 cpe:/o:suse:sles-bcl:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Moderate SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:suse:sles-bcl:12:sp2 Security update for mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 Important SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173022 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:sles-bcl:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). Important SUSE bug 1170715 SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1167231 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:suse:sles-bcl:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for bind fixes the following issues: - Amended documentation referring to rule types 'krb5-subdomain' and 'ms-subdomain'. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. [CVE-2018-5741] - Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server address records are limited to 4 for any domain. [CVE-2020-8616] - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. [CVE-2020-8617] [bsc#1109160, bsc#1171740, CVE-2018-5741, bind-CVE-2018-5741.patch, CVE-2020-8616, bind-CVE-2020-8616.patch, CVE-2020-8617, bind-CVE-2020-8617.patch] - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367 bsc#1118368) - Using a drop-in file Important SUSE bug 1109160 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1171740 CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:sles-bcl:12:sp2 Security update for xrdp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xrdp provides the following fix: - CVE-2020-4044: xrdp-sesman can be crashed remotely over port 3350 (bsc#1173580). - Fixed an issue where xrdp-sesman could not restart (bsc#1155952). - Fixed an issue where xrdp could not start due to an error in the service file use absolute path in ExecStart (bsc#1155789). - Fixed a PAM error after 2nd xrdp session after logout (bsc#1153471). - Fixed a crash in xrdp-sesman, caused by terminating and reconnecting an xrdp session (bsc#1152711). - Fixed a failure in RDP session recovery (bsc#1150584). - Fixed a process leak (bsc#1144379). - Let systemd handle the daemons, fixing daemon start failures. (bsc#1138954, bsc#1144327) - Don't try to create .vnc directory if it already exists. (bsc#1157860) Important SUSE bug 1138954 SUSE bug 1144327 SUSE bug 1144379 SUSE bug 1150584 SUSE bug 1152711 SUSE bug 1153471 SUSE bug 1155789 SUSE bug 1155952 SUSE bug 1157860 SUSE bug 1173580 CVE-2017-6967 CVE-2020-4044 cpe:/o:suse:sles-bcl:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Important SUSE bug 1173455 CVE-2020-15049 cpe:/o:suse:sles-bcl:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Important SUSE bug 1173998 CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 cpe:/o:suse:sles-bcl:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes - Fix packed-not-aligned error on GCC 8 (bsc#1084632) - Backport gcc-7 build fixes Important SUSE bug 1084632 SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Moderate SUSE bug 1173948 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:sles-bcl:12:sp2 Security update for libX11 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10732: A flaw was found in the implementation of userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - x86/dumpstack/64: Handle faults when printing the 'Stack: ' part of an OOPS (bsc#1170383). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1172049). Important SUSE bug 1162002 SUSE bug 1170383 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171220 SUSE bug 1171732 SUSE bug 1171988 SUSE bug 1172049 SUSE bug 1172453 SUSE bug 1172458 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-ipaddress (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:suse:sles-bcl:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 cpe:/o:suse:sles-bcl:12:sp2 Security update for libX11 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-bcl:12:sp2 Security update for xerces-c (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Moderate SUSE bug 1083630 CVE-2017-12627 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: Multiple xenoprof issues - bsc#1168142 - CVE-2020-11739: Missing memory barriers in read-write unlock paths Important SUSE bug 1163019 SUSE bug 1168140 SUSE bug 1168142 SUSE bug 1169392 SUSE bug 1174543 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-8608 cpe:/o:suse:sles-bcl:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dovecot22 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:suse:sles-bcl:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). Important SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 SUSE bug 1174120 CVE-2020-10745 cpe:/o:suse:sles-bcl:12:sp2 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Moderate SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:suse:sles-bcl:12:sp2 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). Moderate SUSE bug 1144524 SUSE bug 1166847 CVE-2019-13456 CVE-2019-17185 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-17631 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 cpe:/o:suse:sles-bcl:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Moderate SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175072 CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-bcl:12:sp2 Security update for squid (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sles-bcl:12:sp2 Security update for libX11 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2019-16746: Fixed an improper check of the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bug was fixed: - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). Important SUSE bug 1152107 SUSE bug 1173798 SUSE bug 1174205 SUSE bug 1174757 SUSE bug 1175691 SUSE bug 1176069 CVE-2019-16746 CVE-2020-14314 CVE-2020-14331 CVE-2020-14386 CVE-2020-16166 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sles-bcl:12:sp2 Security update for tomcat (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for tomcat fixes the following issues: - CVE-2020-1935: Fixed an HTTP request smuggling vulnerability (bsc#1164860). - CVE-2020-13935: Fixed a WebSocket DoS (bsc#1174117). Moderate SUSE bug 1164860 SUSE bug 1174117 CVE-2020-13935 CVE-2020-1935 cpe:/o:suse:sles-bcl:12:sp2 Security update for shim (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for shim fixes the following issues: - Update to the unified shim binary from SUSE Linux Enterprise 15-SP1 (bsc#1168994) This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied. Additional fixes: + shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656) Moderate SUSE bug 1168994 SUSE bug 1175626 SUSE bug 1175656 CVE-2020-10713 cpe:/o:suse:sles-bcl:12:sp2 Security update for perl-DBI (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). Important SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1130840 SUSE bug 1141853 SUSE bug 1149955 SUSE bug 1153238 SUSE bug 1162423 SUSE bug 1173274 SUSE bug 1174091 SUSE bug 1174701 CVE-2018-14647 CVE-2018-20852 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-9947 CVE-2020-14422 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). Important SUSE bug 1176579 CVE-2020-1472 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:sles-bcl:12:sp2 Security update for libqt5-qtbase (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205,XSA-320) - CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321). - CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE (bsc#1173380,XSA-328) Important SUSE bug 1172205 SUSE bug 1173378 SUSE bug 1173380 SUSE bug 1175534 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176349 SUSE bug 1176350 CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 cpe:/o:suse:sles-bcl:12:sp2 Security update for perl-DBI (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). Important SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2019-20919 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk fixes the following issues: - java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157) - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c - JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError - JDK-8077982: GIFLIB upgrade - JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions - JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' - JDK-8155691: Update GIFlib library to the latest up-to-date - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - JDK-8203190: SessionId.hashCode generates too many collisions - JDK-8217676: Upgrade libpng to 1.6.37 - JDK-8220495: Update GIFlib library to the 5.1.8 - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - JDK-8229899: Make java.io.File.isInvalid() less racy - JDK-8230597: Update GIFlib library to the 5.2.1 - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result Important SUSE bug 1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-bcl:12:sp2 Security update for tigervnc (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733). Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:suse:sles-bcl:12:sp2 Security update for libproxy (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:suse:sles-bcl:12:sp2 Security update for freetype2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:suse:sles-bcl:12:sp2 Security update for glibc (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero (bsc#1165784) - Use posix_spawn on popen (bsc#1149332, bsc#1176013) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085) - Fixed concurrent changes on nscd aware files (bsc#1171878) Moderate SUSE bug 1149332 SUSE bug 1165784 SUSE bug 1171878 SUSE bug 1172085 SUSE bug 1176013 CVE-2020-10029 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 CVE-2020-14318 CVE-2020-14323 cpe:/o:suse:sles-bcl:12:sp2 Security update for sane-backends (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sane-backends fixes the following issues: - sane-backends version upgrade to 1.0.31: * sane-backends version upgrade to 1.0.30 fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 (bsc#1172524) * sane-backends version upgrade to 1.0.31 to further improve hardware enablement for scanner devices (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) * The new escl backend cannot be provided for SLE12 because it requires more additional software (avahi-client, libcurl, and libpoppler-glib-devel) where in particular for libcurl the one that is in SLE12 (via libcurl-devel-7.37.0) is likely too old because with that building the escl backend fails with 'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH' undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH' Important SUSE bug 1172524 CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:suse:sles-bcl:12:sp2 Security update for ovmf (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc() (bsc#1163927). Moderate SUSE bug 1163927 SUSE bug 1175476 CVE-2019-14559 CVE-2019-14562 cpe:/o:suse:sles-bcl:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). Important SUSE bug 1174955 SUSE bug 1177155 CVE-2020-15708 CVE-2020-25637 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache-commons-httpclient (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:suse:sles-bcl:12:sp2 Security update for libqt5-qtbase (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libqt5-qtbase fixes the following issue: Security issue fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Other issue addressed: - Fixed an issue with rendering animated gifs (QTBUG-55141). Important SUSE bug 1118597 SUSE bug 1130246 SUSE bug 1161167 CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Important SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-bcl:12:sp2 Security update for gcc10 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for gcc10 fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 prerelease - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:sles-bcl:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Important SUSE bug 1106383 SUSE bug 1133495 SUSE bug 1139459 SUSE bug 1151377 SUSE bug 1151506 SUSE bug 1154043 SUSE bug 1155574 SUSE bug 1156482 SUSE bug 1159814 SUSE bug 1162108 CVE-2020-1712 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool) Important SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-bcl:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888). - CVE-2019-19581: find_next_bit() issues (bsc#1158003). - CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004). - CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005). - CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006). - CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007). - CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448). - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456). - CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458). - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461). - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945). - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497). Important SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 SUSE bug 1157888 SUSE bug 1158003 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 SUSE bug 1161181 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19583 CVE-2020-7211 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update changes the internal packaging for postgresql, and so contains all currently maintained postgresql versions across our SUSE Linux Enterprise 12 products. * postgresql12 is shipped new in version 12.3 (bsc#1171924). The server and client packages only on SUSE Linux Enterprise Server 12 SP5, the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/12/release-12-3.html * postgresql10 is updated to 10.13 (bsc#1171924). On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/10/release-10-13.html * postgresql96 is updated to 9.6.18 (bsc#1171924): + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/9.6/release-9-6-18.html On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only. * postgresql 9.4 is updated to 9.4.26: + https://www.postgresql.org/about/news/2011/ + https://www.postgresql.org/docs/9.4/release-9-4-26.html + https://www.postgresql.org/about/news/1994/ + https://www.postgresql.org/docs/9.4/release-9-4-25.html Moderate SUSE bug 1171924 cpe:/o:suse:sles-bcl:12:sp2 Security update for raptor (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). - Update raptor to version 2.0.15 * Made several fixes to Turtle / N-Triples family of parsers and serializers * Added utility functions for re-entrant sorting of objects and sequences. * Made other fixes and improvements including fixing reported issues: 0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:suse:sles-bcl:12:sp2 Security update for kernel-firmware (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:suse:sles-bcl:12:sp2 Security update for libzypp, zypper (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libzypp, zypper fixes the following issues: libzypp fixes the following security issue: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). zypper was updated to fix the following issues: - Fixed an issue, where zypper crashed when the system language is set to Spanish and the user tried to patch their system with 'zypper patch --category security' (bsc#1178038) - Fixed a typo in man page (bsc#1169947) Moderate SUSE bug 1158763 SUSE bug 1169947 SUSE bug 1178038 CVE-2019-18900 cpe:/o:suse:sles-bcl:12:sp2 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql10 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql10 fixes the following issues: Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql96 fixes the following issues: Upgrade to version 9.6.20: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/9.6/release-9-6-20.html Changes from 9.6.19: * CVE-2020-14350, bsc#1175194: Make contrib modules installation Important SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2017-18204: Fixed a denial of service in the ocfs2_setattr function of fs/ocfs2/file.c (bnc#1083244). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which could have been used by local attackers to corrupt memory (bsc#1176381). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). The following non-security bugs were fixed: - btrfs: fix race with relocation recovery and fs_root setup (bsc#1131277). - btrfs: flush_space always takes fs_info->fs_root (bsc#1131277). - btrfs: btrfs_init_new_device should use fs_info->dev_root (bsc#1131277, bsc#1176922). - btrfs: btrfs_test_opt and friends should take a btrfs_fs_info (bsc#1131277, bsc#1176922). - btrfs: call functions that always use the same root with fs_info instead (bsc#1131277, bsc#1176922). - btrfs: call functions that overwrite their root parameter with fs_info (bsc#1131277, bsc#1176922). - btrfs: flush_space always takes fs_info->fs_root (bsc#1131277, bsc#1176922). - btrfs: pull node/sector/stripe sizes out of root and into fs_info (bsc#1131277, bsc#1176922). - btrfs: Remove fs_info argument of btrfs_write_and_wait_transaction (bsc#1131277, bsc#1176922). - btrfs: remove root parameter from transaction commit/end routines (bsc#1131277, bsc#1176922). - btrfs: remove root usage from can_overcommit (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, access fs_info->delayed_root directly (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, add fs_info convenience variables (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, btrfs_calc_{trans,trunc}_metadata_size (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, update_block_group{,flags} (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, use fs_info->dev_root everywhere (bsc#1131277, bsc#1176922). - btrfs: split btrfs_wait_marked_extents into normal and tree log functions (bsc#1131277, bsc#1176922). - btrfs: struct btrfsic_state->root should be an fs_info (bsc#1131277, bsc#1176922). - btrfs: take an fs_info directly when the root is not used otherwise (bsc#1131277, bsc#1176922). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1065600 SUSE bug 1083244 SUSE bug 1131277 SUSE bug 1170415 SUSE bug 1175721 SUSE bug 1175749 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176253 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176382 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176725 SUSE bug 1176896 SUSE bug 1176922 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177165 SUSE bug 1177206 SUSE bug 1177226 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177511 SUSE bug 1177513 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1178782 CVE-2017-18204 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-26088 CVE-2020-8694 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:sles-bcl:12:sp2 Security update for bluez (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for bluez fixes the following issues: - CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751). Important SUSE bug 1166751 CVE-2020-0556 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:sles-bcl:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sles-bcl:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-setuptools (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-bcl:12:sp2 Security update for gdm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-cryptography (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Moderate SUSE bug 1178168 CVE-2020-25659 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql12 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html The previous postgresql12 update already addressed: Update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-bcl:12:sp2 Security update for mutt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 SUSE bug 1179461 CVE-2020-28896 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - bsc#1178963 - stack corruption from XSA-346 change (XSA-355) - bsc#1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles-bcl:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) Important SUSE bug 1161799 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:sles-bcl:12:sp2 Security update for spice-gtk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for spice-gtk fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Fixed a buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles-bcl:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for spice fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Fixed a buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): * Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html Important SUSE bug 1118459 SUSE bug 1119353 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2019-12900 CVE-2019-15961 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sles-bcl:12:sp2 Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles-bcl:12:sp2 Security update for gcc9 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) Moderate SUSE bug 1114592 SUSE bug 1135254 SUSE bug 1141897 SUSE bug 1142649 SUSE bug 1142654 SUSE bug 1148517 SUSE bug 1149145 CVE-2019-14250 CVE-2019-15847 cpe:/o:suse:sles-bcl:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sudo fixes the following issue: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Important SUSE bug 1162202 CVE-2019-18634 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Non-security issues fixed: * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles-bcl:12:sp2 Security update for libexif (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: - Fixed a crash in BN_copy (bsc#1160163). Moderate SUSE bug 1117951 SUSE bug 1158809 SUSE bug 1160163 CVE-2019-1551 cpe:/o:suse:sles-bcl:12:sp2 Security update for ppp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sles-bcl:12:sp2 Security update for ovmf (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth (bsc#1094291). - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation (bsc#1163959). - CVE-2019-14559: Fixed a remotely exploitable memory leak in the ARP handling code (bsc#1163927). - CVE-2019-14575: Fixed an insufficient signature check in the DxeImageVerificationHandler (bsc#1163969). Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility. (bsc#1077330) Moderate SUSE bug 1077330 SUSE bug 1094291 SUSE bug 1163927 SUSE bug 1163959 SUSE bug 1163969 CVE-2018-0739 CVE-2019-14559 CVE-2019-14563 CVE-2019-14575 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issues: Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Moderate SUSE bug 1068664 SUSE bug 1159208 SUSE bug 1159623 CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-9063 CVE-2017-1000158 CVE-2017-9233 cpe:/o:suse:sles-bcl:12:sp2 Security update for mariadb (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for mariadb fixes the following issues: Security issue fixed: - CVE-2019-2974: Fixed Server Optimizer (bsc#1154162). Moderate SUSE bug 1154162 CVE-2019-2974 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles-bcl:12:sp2 Security update for rsyslog (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages (bsc#1153451). - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages (bsc#1153459). Non-security issues fixed: - Handle multiline messages correctly when using the imfile module. (bsc#1015203) - Fix a race condition in the shutdown sequence in wtp that was causing rsyslog not to shutdown properly. (bsc#1022804) - Fixed a rsyslogd SIGABORT crash if a path does not exists (bsc#1087920). - Fixed an issue where configuration templates where not consistently flushed (bsc#1084682). Moderate SUSE bug 1015203 SUSE bug 1022804 SUSE bug 1084682 SUSE bug 1087920 SUSE bug 1153451 SUSE bug 1153459 CVE-2019-17041 CVE-2019-17042 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support Important SUSE bug 1160968 SUSE bug 1162972 CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles-bcl:12:sp2 Security update for log4j (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:sles-bcl:12:sp2 Security update for permissions (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). Moderate SUSE bug 1123886 SUSE bug 1160594 SUSE bug 1160764 SUSE bug 1161779 SUSE bug 1163922 CVE-2020-8013 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues: python-cfn-lint was included as a new package in 0.21.4. python-aws-sam-translator was updated to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications - Initial build + Version 1.9.0 - Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old + ast_drop-compatible-releases-operator.patch python-jsonschema was updated to 2.6.0: * Improved performance on CPython by adding caching around ref resolution Update to version 2.5.0: * Improved performance on CPython by adding caching around ref resolution (#203) Update to version 2.4.0: * Added a CLI (#134) * Added absolute path and absolute schema path to errors (#120) * Added ``relevance`` * Meta-schemas are now loaded via ``pkgutil`` * Added ``by_relevance`` and ``best_match`` (#91) * Fixed ``format`` to allow adding formats for non-strings (#125) * Fixed the ``uri`` format to reject URI references (#131) - Install /usr/bin/jsonschema with update-alternatives support python-nose2 was updated to 0.9.1: * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) python-scandir was included in version 2.3.2. python-requests was updated to version 2.20.1 (bsc#1111622) * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). * remove restriction for urllib3 < 1.24 Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). * Dependencies + Requests now supports urllib3 v1.24. * Deprecations + Requests has officially stopped support for Python 2.6. Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. + Migrate to using collections.abc for 3.7 compatibility. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. * We now support idna v2.7 and urllib3 v1.23. update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging * Dependencies + We now support idna v2.6. update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. Moderate SUSE bug 1111622 SUSE bug 1122668 CVE-2018-18074 cpe:/o:suse:sles-bcl:12:sp2 Security update for libpng16 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1124211 SUSE bug 1141493 CVE-2017-12652 CVE-2019-7317 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql96 (Low) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql96 fixes the following issues: PostgreSQL was updated to version 9.6.17. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk fixes the following issues: Update java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sles-bcl:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Important SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 CVE-2019-12523 CVE-2019-12526 CVE-2019-12528 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql10 (Low) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 SUSE bug 1166238 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:sles-bcl:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for tomcat fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1164692 CVE-2020-1938 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-cffi, python-cryptography (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-cffi, python-cryptography fixes the following issues: Security issue fixed: - CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820). Non-security issues fixed: python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598): - fixed a build failure on i586 (bsc#1111657) - Salt was unable to highstate in snapshot 20171129 (bsc#1070737) - Update pytest in spec to add c directory tests in addition to testing directory. - update to version 1.11.2: * Fix Windows issue with managing the thread-state on CPython 3.0 to 3.5 - Update pytest in spec to add c directory tests in addition to testing directory. - Omit test_init_once_multithread tests as they rely on multiple threads finishing in a given time. Returns sporadic pass/fail within build. - Update to 1.11.1: * Fix tests, remove deprecated C API usage * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary extensions (cpython issue #29943) * Fix for 3.7.0a1+ - Update to 1.11.0: * Support the modern standard types char16_t and char32_t. These work like wchar_t: they represent one unicode character, or when used as charN_t * or charN_t[] they represent a unicode string. The difference with wchar_t is that they have a known, fixed size. They should work at all places that used to work with wchar_t (please report an issue if I missed something). Note that with set_source(), you need to make sure that these types are actually defined by the C source you provide (if used in cdef()). * Support the C99 types float _Complex and double _Complex. Note that libffi doesn't support them, which means that in the ABI mode you still cannot call C functions that take complex numbers directly as arguments or return type. * Fixed a rare race condition when creating multiple FFI instances from multiple threads. (Note that you aren't meant to create many FFI instances: in inline mode, you should write ffi = cffi.FFI() at module level just after import cffi; and in out-of-line mode you don't instantiate FFI explicitly at all.) * Windows: using callbacks can be messy because the CFFI internal error messages show up to stderr-but stderr goes nowhere in many applications. This makes it particularly hard to get started with the embedding mode. (Once you get started, you can at least use @ffi.def_extern(onerror=...) and send the error logs where it makes sense for your application, or record them in log files, and so on.) So what is new in CFFI is that now, on Windows CFFI will try to open a non-modal MessageBox (in addition to sending raw messages to stderr). The MessageBox is only visible if the process stays alive: typically, console applications that crash close immediately, but that is also the situation where stderr should be visible anyway. * Progress on support for callbacks in NetBSD. * Functions returning booleans would in some case still return 0 or 1 instead of False or True. Fixed. * ffi.gc() now takes an optional third parameter, which gives an estimate of the size (in bytes) of the object. So far, this is only used by PyPy, to make the next GC occur more quickly (issue #320). In the future, this might have an effect on CPython too (provided the CPython issue 31105 is addressed). * Add a note to the documentation: the ABI mode gives function objects that are slower to call than the API mode does. For some reason it is often thought to be faster. It is not! - Update to 1.10.1: * Fixed the line numbers reported in case of cdef() errors. Also, I just noticed, but pycparser always supported the preprocessor directive # 42 'foo.h' to mean 'from the next line, we're in file foo.h starting from line 42';, which it puts in the error messages. - update to 1.10.0: * Issue #295: use calloc() directly instead of PyObject_Malloc()+memset() to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array) where most of the time you never touch most of the array. * Some OS/X build fixes ('only with Xcode but without CLT';). * Improve a couple of error messages: when getting mismatched versions of cffi and its backend; and when calling functions which cannot be called with libffi because an argument is a struct that is 'too complicated'; (and not a struct pointer, which always works). * Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang) * Implemented the remaining cases for ffi.from_buffer. Now all buffer/memoryview objects can be passed. The one remaining check is against passing unicode strings in Python 2. (They support the buffer interface, but that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the times not what you expect. In Python 3 this has been fixed and the unicode strings don't support the memoryview interface any more.) * The C type _Bool or bool now converts to a Python boolean when reading, instead of the content of the byte as an integer. The potential incompatibility here is what occurs if the byte contains a value different from 0 and 1. Previously, it would just return it; with this change, CFFI raises an exception in this case. But this case means 'undefined behavior'; in C; if you really have to interface with a library relying on this, don't use bool in the CFFI side. Also, it is still valid to use a byte string as initializer for a bool[], but now it must only contain \x00 or \x01. As an aside, ffi.string() no longer works on bool[] (but it never made much sense, as this function stops at the first zero). * ffi.buffer is now the name of cffi's buffer type, and ffi.buffer() works like before but is the constructor of that type. * ffi.addressof(lib, 'name') now works also in in-line mode, not only in out-of-line mode. This is useful for taking the address of global variables. * Issue #255: cdata objects of a primitive type (integers, floats, char) are now compared and ordered by value. For example, <cdata 'int' 42> compares equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C, <cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it compares smaller, because -1 < 4294967295. * PyPy: ffi.new() and ffi.new_allocator()() did not record 'memory pressure';, causing the GC to run too infrequently if you call ffi.new() very often and/or with large arrays. Fixed in PyPy 5.7. * Support in ffi.cdef() for numeric expressions with + or -. Assumes that there is no overflow; it should be fixed first before we add more general support for arbitrary arithmetic on constants. - do not generate HTML documentation for packages that are indirect dependencies of Sphinx (see docs at https://cffi.readthedocs.org/ ) - update to 1.9.1 - Structs with variable-sized arrays as their last field: now we track the length of the array after ffi.new() is called, just like we always tracked the length of ffi.new('int[]', 42). This lets us detect out-of-range accesses to array items. This also lets us display a better repr(), and have the total size returned by ffi.sizeof() and ffi.buffer(). Previously both functions would return a result based on the size of the declared structure type, with an assumed empty array. (Thanks andrew for starting this refactoring.) - Add support in cdef()/set_source() for unspecified-length arrays in typedefs: typedef int foo_t[...];. It was already supported for global variables or structure fields. - I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has no values explicitly defined: refusing to guess which integer type it is meant to be (unsigned/signed, int/long). Now I'm turning it back to a warning again; it seems that guessing that the enum has size int is a 99%-safe bet. (But not 100%, so it stays as a warning.) - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a remaining issue that is hard to fix: if you pass a Python file object to a FILE * argument, then os.dup() is used and the new file descriptor is only closed when the GC reclaims the Python file object-and not at the earlier time when you call close(), which only closes the original file descriptor. If this is an issue, you should avoid this automatic convertion of Python file objects: instead, explicitly manipulate file descriptors and call fdopen() from C (...via cffi). - When passing a void * argument to a function with a different pointer type, or vice-versa, the cast occurs automatically, like in C. The same occurs for initialization with ffi.new() and a few other places. However, I thought that char * had the same property-but I was mistaken. In C you get the usual warning if you try to give a char * to a char ** argument, for example. Sorry about the confusion. This has been fixed in CFFI by giving for now a warning, too. It will turn into an error in a future version. - Issue #283: fixed ffi.new() on structures/unions with nested anonymous structures/unions, when there is at least one union in the mix. When initialized with a list or a dict, it should now behave more closely like the { } syntax does in GCC. - CPython 3.x: experimental: the generated C extension modules now use the 'limited API';, which means that, as a compiled .so/.dll, it should work directly on any version of CPython >= 3.2. The name produced by distutils is still version-specific. To get the version-independent name, you can rename it manually to NAME.abi3.so, or use the very recent setuptools 26. - Added ffi.compile(debug=...), similar to python setup.py build --debug but defaulting to True if we are running a debugging version of Python itself. - Removed the restriction that ffi.from_buffer() cannot be used on byte strings. Now you can get a char * out of a byte string, which is valid as long as the string object is kept alive. (But don't use it to modify the string object! If you need this, use bytearray or other official techniques.) - PyPy 5.4 can now pass a byte string directly to a char * argument (in older versions, a copy would be made). This used to be a CPython-only optimization. - ffi.gc(p, None) removes the destructor on an object previously created by another call to ffi.gc() - bool(ffi.cast('primitive type', x)) now returns False if the value is zero (including -0.0), and True otherwise. Previously this would only return False for cdata objects of a pointer type when the pointer is NULL. - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason it was not supported was that it was hard to do in PyPy, but it works since PyPy 5.3.) To call a C function with a char * argument from a buffer object-now including bytearrays-you write lib.foo(ffi.from_buffer(x)). Additionally, this is now supported: p[0:length] = bytearray-object. The problem with this was that a iterating over bytearrays gives numbers instead of characters. (Now it is implemented with just a memcpy, of course, not actually iterating over the characters.) - C++: compiling the generated C code with C++ was supposed to work, but failed if you make use the bool type (because that is rendered as the C _Bool type, which doesn't exist in C++). - help(lib) and help(lib.myfunc) now give useful information, as well as dir(p) where p is a struct or pointer-to-struct. - update for multipython build - disable 'negative left shift' warning in test suite to prevent failures with gcc6, until upstream fixes the undefined code in question (bsc#981848) - Update to version 1.6.0: * ffi.list_types() * ffi.unpack() * extern 'Python+C'; * in API mode, lib.foo.__doc__ contains the C signature now. * Yet another attempt at robustness of ffi.def_extern() against CPython's interpreter shutdown logic. - Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598) - Make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Add proper conditional for the python2, the ifpython works only for the requires/etc - add missing dependency on python ssl - update to version 2.1.4: * Added X509_up_ref for an upcoming pyOpenSSL release. - update to version 2.1.3: * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0g. - update to version 2.1.2: * Corrected a bug with the manylinux1 wheels where OpenSSL's stack was marked executable. - fix BuildRequires conditions for python3 - update to 2.1.1 - Fix cffi version requirement. - Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478) - update to 2.0.3 - update to 2.0.2 - update to 2.0 - update to 1.9 - add python-packaging to requirements explicitly instead of relying on setuptools to pull it in - Switch to singlespec approach - update to 1.8.1 - Adust Requires and BuildRequires Moderate SUSE bug 1055478 SUSE bug 1070737 SUSE bug 1101820 SUSE bug 1111657 SUSE bug 1138748 SUSE bug 1149792 SUSE bug 981848 CVE-2018-10903 cpe:/o:suse:sles-bcl:12:sp2 Security update for spamassassin (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for spamassassin fixes the following issues: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Important SUSE bug 1118987 SUSE bug 1162197 SUSE bug 1162200 CVE-2018-11805 CVE-2020-1930 CVE-2020-1931 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issue: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed an issue with version missmatch (bsc#1162224). - Rename idle icons to idle3 in order to not conflict with python2 variant of the package. (bsc#1165894) Moderate SUSE bug 1155094 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles-bcl:12:sp2 Security update for mozilla-nspr, mozilla-nss (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Moderate SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 CVE-2019-11745 CVE-2019-17006 cpe:/o:suse:sles-bcl:12:sp2 Security update for libxslt (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Moderate SUSE bug 1154609 CVE-2019-18197 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 68.6.1esr MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:sles-bcl:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for git fixes the following issues: Security issue fixed: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed: git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): - the xinetd snippet was removed - the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0: * 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' * Improved handling of sparse checkouts * Improvements to many commands and internal features git 2.25.1: * 'git commit' now honors advise.statusHints * various updates, bug fixes and documentation updates git 2.25.0: * The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. * A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. * Test updates to prepare for SHA-2 transition continues. * Redo 'git name-rev' to avoid recursive calls. * When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. * HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) - Fix building with asciidoctor and without DocBook4 stylesheets. git 2.24.0 * The command line parser learned '--end-of-options' notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. * fixes and improvements to UI, workflow and features, bash completion fixes * part of it merged upstream * the Makefile attempted to download some documentation, banned git 2.23.0: * The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. * The 'git log' command by default behaves as if the --mailmap option was given. * fixes and improvements to UI, workflow and features git 2.22.1: * A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. * 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. * 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. * 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. * Update to Unicode 12.1 width table. * 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. * 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. * The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. * 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. * Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html git 2.22.0: * The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option * 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * 'git branch' learned a new subcommand '--show-current'. * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0: * Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. * Small fixes and features for fast-export and fast-import. * The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. * 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. * Update 'git multimail' from the upstream. * A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). git 2.20.1: * portability fixes * 'git help -a' did not work well when an overly long alias was defined * no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0: * 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. * 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. * 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). * Developer builds now use -Wunused-function compilation option. * Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. * The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. * Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. * Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. * 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. * ...and much more features and fixes - fix CVE-2018-19486 (bsc#1117257) git 2.19.2: * various bug fixes for multiple subcommands and operations git 2.19.1: * CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0: * 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. * 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. * 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. * The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. * The userdiff pattern for .php has been updated. * The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. * 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). * 'git grep' learned the '--only-matching' option. * 'git rebase --rebase-merges' mode now handles octopus merges as well. * Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). * A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. * Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. * Many more strings are prepared for l10n. * 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. * The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. * 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. * 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. * 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. * The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. * 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. * 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0: * improvements to rename detection logic * When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. * 'git mergetools' learned talking to guiffy. * various other workflow improvements and fixes * performance improvements and other developer visible fixes Update to git 2.16.4: security fix release git 2.17.1: * Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) * Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0: * 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. * 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. * The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. * 'git rebase' learned to take '--allow-empty-message' option. * 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. * 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. * 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. * 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. * The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. * 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). * Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. * 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. * 'git diff' and friends learned funcname patterns for Go language source files. * 'git send-email' learned '--reply-to=<address>' option. * Funcname pattern used for C# now recognizes 'async' keyword. * In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). - Use %license instead of %doc [bsc#1082318] git 2.16.3: * 'git status' after moving a path in the working tree (hence making it appear 'removed') and then adding with the -N option (hence making that appear 'added') detected it as a rename, but did not report the old and new pathnames correctly. * 'git commit --fixup' did not allow '-m<message>' option to be used at the same time; allow it to annotate resulting commit with more text. * When resetting the working tree files recursively, the working tree of submodules are now also reset to match. * Fix for a commented-out code to adjust it to a rather old API change around object ID. * When there are too many changed paths, 'git diff' showed a warning message but in the middle of a line. * The http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable. * Crash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on. * The split-index mode had a few corner case bugs fixed. * Assorted fixes to 'git daemon'. * Completion of 'git merge -s<strategy>' (in contrib/) did not work well in non-C locale. * Workaround for segfault with more recent versions of SVN. * Recently introduced leaks in fsck have been plugged. * Travis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's). - Drop superfluous xinetd snippet, no longer used (bsc#1084460) - Build with asciidoctor for the recent distros (bsc#1075764) - Move %{?systemd_requires} to daemon subpackage - Create subpackage for libsecret credential helper. git 2.16.2: * An old regression in 'git describe --all $annotated_tag^0' has been fixed. * 'git svn dcommit' did not take into account the fact that a svn+ssh:// URL with a username@ (typically used for pushing) refers to the same SVN repository without the username@ and failed when svn.pushmergeinfo option is set. * 'git merge -Xours/-Xtheirs' learned to use our/their version when resolving a conflicting updates to a symbolic link. * 'git clone $there $here' is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation. * 'git stash -- <pathspec>' incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected. * 'git add -p' was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway. git 2.16.1: * 'git clone' segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem git 2.16.0 (CVE-2017-15298, bsc#1063412): * See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt git 2.15.1: * fix 'auto' column output * fixes to moved lines diffing * documentation updates * fix use of repositories immediately under the root directory * improve usage of libsecret * fixes to various error conditions in git commands - Rewrite from sysv init to systemd unit file for git-daemon (bsc#1069803) - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468) - split off p4 to a subpackage (bsc#1067502) - Build with the external libsha1detectcoll (bsc#1042644) git 2.15.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is still warned and Git asks users to use a more explicit '.' for that instead. Removal scheduled for 2.16 * Git now avoids blindly falling back to '.git' when the setup sequence said we are _not_ in Git repository (another corner case removed) * 'branch --set-upstream' was retired, deprecated since 1.8 * many other improvements and updates git 2.14.3: * git send-email understands more cc: formats * fixes so gitk --bisect * git commit-tree fixed to handle -F file alike * Prevent segfault in 'git cat-file --textconv' * Fix function header parsing for HTML * Various small fixes to user commands and and internal functions git 2.14.2: * fixes to color output * http.{sslkey,sslCert} now interpret '~[username]/' prefix * fixes to walking of reflogs via 'log -g' and friends * various fixes to output correctness * 'git push --recurse-submodules $there HEAD:$target' is now propagated down to the submodules * 'git clone --recurse-submodules --quiet' c$how propagates quiet option down to submodules. * 'git svn --localtime' correctness fixes * 'git grep -L' and 'git grep --quiet -L' now report same exit code * fixes to 'git apply' when converting line endings * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041 * 'git cvsserver' no longer is invoked by 'git daemon' by default git 2.14.1 (bsc#1052481): * Security fix for CVE-2017-1000117: A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. * A 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage). * In the same spirit, a repository name that begins with a dash '-' is also forbidden now. git 2.14.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is deprecated, use '.' * Avoid blindly falling back to '.git' when the setup sequence indicates operation not on a Git repository * 'indent heuristics' are now the default. * Builds with pcre2 * Many bug fixes, improvements and updates git 2.13.4: * Update the character width tables. * Fix an alias that contained an uppercase letter * Progress meter fixes * git gc concurrency fixes git 2.13.3: * various internal bug fixes * Fix a regression to 'git rebase -i' * Correct unaligned 32-bit access in pack-bitmap code * Tighten error checks for invalid 'git apply' input * The split index code did not honor core.sharedrepository setting correctly * Fix 'git branch --list' handling of color.branch.local git 2.13.2: * 'collision detecting' SHA-1 update for platform fixes * 'git checkout --recurse-submodules' did not quite work with a submodule that itself has submodules. * The 'run-command' API implementation has been made more robust against dead-locking in a threaded environment. * 'git clean -d' now only cleans ignored files with '-x' * 'git status --ignored' did not list ignored and untracked files without '-uall' * 'git pull --rebase --autostash' didn't auto-stash when the local history fast-forwards to the upstream. * 'git describe --contains' gives as much weight to lightweight tags as annotated tags * Fix 'git stash push <pathspec>' from a subdirectory git 2.13.1: * Setting 'log.decorate=false' in the configuration file did not take effect in v2.13, which has been corrected. * corrections to documentation and command help output * garbage collection fixes * memory leaks fixed * receive-pack now makes sure that the push certificate records the same set of push options used for pushing * shell completion corrections for git stash * fix 'git clone --config var=val' with empty strings * internal efficiency improvements * Update sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches - Fix packaging of documentation git 2.13.0: * empty string as a pathspec element for 'everything matches' is still warned, for future removal. * deprecated argument order 'git merge <msg> HEAD <commit>...' was removed * default location '~/.git-credential-cache/socket' for the socket used to communicate with the credential-cache daemon moved to '~/.cache/git/credential/socket'. * now avoid blindly falling back to '.git' when the setup sequence indicated otherwise * many workflow features, improvements and bug fixes * add a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640) * CVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395) Changes in pcre2: - Include the libraries, development and tools packages. git uses only libpcre2-8 so far, but this allows further application usage of pcre2. Important SUSE bug 1167890 SUSE bug 1168930 CVE-2020-5260 cpe:/o:suse:sles-bcl:12:sp2 Security update for fwupdate (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Important SUSE bug 1182057 cpe:/o:suse:sles-bcl:12:sp2 Security update for spamassassin (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for spamassassin fixes the following issues: - spamassassin was updated to version 3.4.5 - CVE-2019-12420: memory leak via crafted messages (bsc#1159133) - CVE-2020-1946: security update (bsc#1184221) Important SUSE bug 1159133 SUSE bug 1184221 CVE-2019-12420 CVE-2020-1946 cpe:/o:suse:sles-bcl:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation (bsc#1180128) Important SUSE bug 1180128 CVE-2021-3472 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. (bsc#1184532) - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. (bsc#1184533) - CVE-2021-1405: Fix for mail parser NULL-dereference crash. (bsc#1184534) - Fix errors when scanning files > 4G (bsc#1181256) - Update clamav.keyring - Update to 0.103.2 Important SUSE bug 1181256 SUSE bug 1184532 SUSE bug 1184533 SUSE bug 1184534 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 cpe:/o:suse:sles-bcl:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sudo fixes the following issues: - L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936) Important SUSE bug 1183936 CVE-2021-3156 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - Fixed an issue where xenstored was crashing with segfault (bsc#1182155). Important SUSE bug 1182155 SUSE bug 1182431 CVE-2021-27379 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation (CVE-2020-12829, bsc#1172385) - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation (CVE-2020-13362 bsc#1172383) - Fix use-after-free in usb xhci packet handling (CVE-2020-25723, bsc#1178934) - Fix use-after-free in usb ehci packet handling (CVE-2020-25084, bsc#1176673) - Fix OOB access in usb hcd-ohci emulation (CVE-2020-25624, bsc#1176682) - Fix infinite loop (DoS) in usb hcd-ohci emulation (CVE-2020-25625, bsc#1176684) - Fix guest triggerable assert in shared network handling code (CVE-2020-27617, bsc#1178174) - Fix OOB access in atapi emulation (CVE-2020-29443, bsc#1181108) - Fix null pointer deref. (DoS) in mmio ops (CVE-2020-15469, bsc#1173612) - Fix infinite loop (DoS) in e1000 device emulation (CVE-2021-20257, bsc#1182577) - Fix OOB access (stack overflow) in rtl8139 NIC emulation (CVE-2021-3416, bsc#1182968) - Fix OOB access (stack overflow) in other NIC emulations (CVE-2021-3416) - Fix OOB access in SLIRP ARP packet processing (CVE-2020-29130, bsc#1179467) - Fix null pointer dereference possibility (DoS) in MegaRAID SAS 8708EM2 emulation (CVE-2020-13659 bsc#1172386 - Fix OOB access in iscsi (CVE-2020-11947 bsc#1180523) - Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639) - Fix buffer overflow in the XGMAC device (CVE-2020-15863 bsc#1174386) - Fix DoS in packet processing of various emulated NICs (CVE-2020-16092 bsc#1174641) - Fix OOB access while processing USB packets (CVE-2020-14364 bsc#1175441) - Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425) - Fix potential privilege escalation in virtfs (CVE-2021-20181 bsc#1182137) - Fix OOB access possibility in ES1370 audio device emulation (CVE-2020-13361 bsc#1172384) - Fix OOB access in ROM loading (CVE-2020-13765 bsc#1172478) Important SUSE bug 1172383 SUSE bug 1172384 SUSE bug 1172385 SUSE bug 1172386 SUSE bug 1172478 SUSE bug 1173612 SUSE bug 1174386 SUSE bug 1174641 SUSE bug 1175441 SUSE bug 1176673 SUSE bug 1176682 SUSE bug 1176684 SUSE bug 1178174 SUSE bug 1178934 SUSE bug 1179467 SUSE bug 1180523 SUSE bug 1181108 SUSE bug 1181639 SUSE bug 1182137 SUSE bug 1182425 SUSE bug 1182577 SUSE bug 1182968 CVE-2020-11947 CVE-2020-12829 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13765 CVE-2020-14364 CVE-2020-15469 CVE-2020-15863 CVE-2020-16092 CVE-2020-25084 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20203 CVE-2021-20257 CVE-2021-3416 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR (bsc#1184960) * CVE-2021-23994: Out of bound write due to lazy initialization * CVE-2021-23995: Use-after-free in Responsive Design Mode * CVE-2021-23998: Secure Lock icon could have been spoofed * CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999: Blob URLs may have been granted additional privileges * CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946: Port blocking could be bypassed Important SUSE bug 1184960 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 cpe:/o:suse:sles-bcl:12:sp2 Security update for libnettle (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401, bsc#1183835). Important SUSE bug 1183835 SUSE bug 1184401 CVE-2021-20305 cpe:/o:suse:sles-bcl:12:sp2 Security update for gdm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gdm fixes the following issues: - Avoid the signal SIGTRAP when gdm exits (bsc#1184456). Important SUSE bug 1184456 cpe:/o:suse:sles-bcl:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for tomcat fixes the following issues: - CVE-2021-25329: Complete fix for CVE-2020-9484 (bsc#1182909) Important SUSE bug 1182909 CVE-2021-25329 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.25 - OpenJDK 7u291 (January 2021 CPU, bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters * Import of OpenJDK 7 u291 build 1 + JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b + JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c + JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d Moderate SUSE bug 1181239 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - Adjust smbcacls '--propagate-inheritance' feature to align with upstream (bsc#1178469). Important SUSE bug 1178469 SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). Important SUSE bug 1184677 CVE-2021-20254 cpe:/o:suse:sles-bcl:12:sp2 Security update for cups (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161) Important SUSE bug 1184161 CVE-2021-25317 cpe:/o:suse:sles-bcl:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update (IXFR) which could have caused named to terminate unexpectedly (bsc#1185345). - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the DNAME to be processed to resolve itself (bsc#1185345). - CVE-2021-25216: Fixed an issue where policy negotiation can be targeted by a buffer overflow attack (bsc#1185345). - MD5 warning message using host, dig, nslookup (bind-utils) with FIPS enabled (bsc#1181495). Important SUSE bug 1181495 SUSE bug 1185345 CVE-2021-25214 CVE-2021-25215 CVE-2021-25216 cpe:/o:suse:sles-bcl:12:sp2 Security update for avahi (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work (bsc#1184521). Important SUSE bug 1184521 CVE-2021-3468 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). - CVE-2020-36322: Fixed an issue in the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211 bnc#1184952). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022 bnc#1183069 ). - CVE-2020-1749: Fixed a flaw with some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality (bnc#1165629). The following non-security bugs were fixed: - KVM: Add proper lockdep assertion in I/O bus unregister (bsc#1185555). - KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1185556). - KVM: Stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1185557). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bluetooth: eliminate the potential race condition when removing the HCI controller (bsc#1184611). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Important SUSE bug 1165629 SUSE bug 1173485 SUSE bug 1176720 SUSE bug 1178181 SUSE bug 1182715 SUSE bug 1182716 SUSE bug 1182717 SUSE bug 1183022 SUSE bug 1183069 SUSE bug 1183593 SUSE bug 1184120 SUSE bug 1184167 SUSE bug 1184168 SUSE bug 1184194 SUSE bug 1184198 SUSE bug 1184208 SUSE bug 1184211 SUSE bug 1184391 SUSE bug 1184393 SUSE bug 1184397 SUSE bug 1184509 SUSE bug 1184611 SUSE bug 1184952 SUSE bug 1185555 SUSE bug 1185556 SUSE bug 1185557 CVE-2020-0433 CVE-2020-1749 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28950 CVE-2021-28972 CVE-2021-29154 CVE-2021-29264 CVE-2021-29265 CVE-2021-29650 CVE-2021-30002 CVE-2021-3483 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issues: Security issues fixed: - CVE-2020-27619: where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. (bsc#1178009) Other fixes: - Make sure to close the 'import_failed.map' file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block Important CVE-2020-27619 cpe:/o:suse:sles-bcl:12:sp2 Security update for djvulibre (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for djvulibre fixes the following issues: Security issues fixed: - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file Important SUSE bug 1185900 SUSE bug 1185904 SUSE bug 1185905 CVE-2019-18804 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 cpe:/o:suse:sles-bcl:12:sp2 Security update for graphviz (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow (bsc#1185833). Critical SUSE bug 1185833 CVE-2020-18032 cpe:/o:suse:sles-bcl:12:sp2 Security update for libxml2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). Important SUSE bug 1185408 SUSE bug 1185409 SUSE bug 1185410 SUSE bug 1185698 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 cpe:/o:suse:sles-bcl:12:sp2 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:sles-bcl:12:sp2 Security update for flac (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). Moderate SUSE bug 1180099 CVE-2020-0499 cpe:/o:suse:sles-bcl:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dovecot22 fixes the following issues: - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). Important SUSE bug 1180405 CVE-2020-24386 cpe:/o:suse:sles-bcl:12:sp2 Security update for djvulibre (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for djvulibre fixes the following issues: - CVE-2021-3500: Stack overflow in function DJVU:DjVuDocument:get_djvu_file() via crafted djvu file (bsc#1186253) Important SUSE bug 1186253 CVE-2021-3500 cpe:/o:suse:sles-bcl:12:sp2 Security update for dhcp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient (bsc#1186382) Important SUSE bug 1186382 CVE-2021-25217 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: - Fix OOB access during mmio operations (CVE-2020-13754, bsc#1172382) - Fix sPAPR emulator leaks the host hardware identity (CVE-2019-8934, bsc#1126455) - Fix out-of-bounds read information disclosure in icmp6_send_echoreply (CVE-2020-10756, bsc#1172380) - Fix out-of-bound heap buffer access via an interrupt ID field (CVE-2021-20221, bsc#1181933) - For the record, these issues are fixed in this package already. Most are alternate references to previously mentioned issues: (CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534, CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477, CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975, bsc#1031692, bsc#1094725) Important SUSE bug 1031692 SUSE bug 1094725 SUSE bug 1126455 SUSE bug 1149813 SUSE bug 1163019 SUSE bug 1172380 SUSE bug 1172382 SUSE bug 1175534 SUSE bug 1178935 SUSE bug 1179477 SUSE bug 1181933 SUSE bug 1182846 SUSE bug 1182975 CVE-2019-15890 CVE-2019-8934 CVE-2020-10756 CVE-2020-13754 CVE-2020-14364 CVE-2020-25723 CVE-2020-29130 CVE-2020-8608 CVE-2021-20221 CVE-2021-20257 CVE-2021-3419 cpe:/o:suse:sles-bcl:12:sp2 Security update for libwebp (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for libwebp fixes the following issues: - CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685). - CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691). - CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674). - CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652). - CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690). - CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654). - CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686). - CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673). - CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247). Critical SUSE bug 1185652 SUSE bug 1185654 SUSE bug 1185673 SUSE bug 1185674 SUSE bug 1185685 SUSE bug 1185686 SUSE bug 1185690 SUSE bug 1185691 SUSE bug 1186247 CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 cpe:/o:suse:sles-bcl:12:sp2 Security update for polkit (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). Important SUSE bug 1186497 CVE-2021-3560 cpe:/o:suse:sles-bcl:12:sp2 Security update for gstreamer-plugins-bad (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gstreamer-plugins-bad fixes the following issues: - CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255). Important SUSE bug 1181255 CVE-2021-3185 cpe:/o:suse:sles-bcl:12:sp2 Security update for gstreamer-plugins-bad (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gstreamer-plugins-bad fixes the following issues: - CVE-2021-3185: Fixed buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking (bsc#1181255). Important SUSE bug 1181255 CVE-2021-3185 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.11.0 ESR (bsc#1186696) * CVE-2021-29964: Out of bounds-read when parsing a `WM_COPYDATA` message * CVE-2021-29967: Memory safety bugs fixed in Firefox Important SUSE bug 1185633 SUSE bug 1186696 CVE-2021-29951 CVE-2021-29964 CVE-2021-29967 cpe:/o:suse:sles-bcl:12:sp2 Security update for libX11 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643) Important SUSE bug 1186643 CVE-2021-31535 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-bcl:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686) - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code (bsc#1177158) Important SUSE bug 1177158 SUSE bug 1181686 CVE-2020-14355 CVE-2021-20201 cpe:/o:suse:sles-bcl:12:sp2 Security update for spice-gtk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code (bsc#1177158) Important SUSE bug 1177158 CVE-2020-14355 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833) See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html - CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html) - CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839) See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html Other fixes: - Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details. - Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. - New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2 | ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3 | ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3 | SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB | SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB | TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile | EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11 - Updated platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3 | HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile | BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx | SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3 | BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 | BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87 | BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53 | APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5 | DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series | GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx | GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile | LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology | AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile | CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10 | CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile | CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile Important SUSE bug 1179833 SUSE bug 1179836 SUSE bug 1179837 SUSE bug 1179839 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 cpe:/o:suse:sles-bcl:12:sp2 Security update for caribou (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for caribou fixes the following issues: Security issue fixed: - CVE-2021-3567: Fixed a segfault when attempting to use shifted characters (bsc#1186617). Important SUSE bug 1186617 CVE-2021-3567 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u292 (icedtea 3.19.0). - CVE-2021-2161: Fixed incomplete enforcement of JAR signing disabled algorithms (bsc#1185055). Moderate SUSE bug 1185055 CVE-2021-2163 cpe:/o:suse:sles-bcl:12:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). Important SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27757 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.1: + Improve handling of Media Capture devices. + Improve WebAudio playback. + Improve video orientation handling. + Improve seeking support for MSE playback. + Improve flush support in EME decryptors. + Fix HTTP status codes for requests done through a custom URI handler. + Fix the Bubblewrap sandbox in certain 32-bit systems. + Fix inconsistencies between the WebKitWebView.is-muted property state and values returned by webkit_web_view_is_playing_audio(). + Fix the build with ENABLE_VIDEO=OFF. + Fix wrong timestamps for long-lived cookies. + Fix UI process crash when failing to load favicons. + Fix several crashes and rendering issues. - Including Security fixes for: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871, CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870, CVE-2020-13558, CVE-2020-13584, CVE-2020-9983, CVE-2020-13543, CVE-2020-9947, CVE-2020-9948, CVE-2020-9951. Important SUSE bug 1177087 SUSE bug 1179122 SUSE bug 1179451 SUSE bug 1182286 SUSE bug 1184155 SUSE bug 1184262 CVE-2020-13543 CVE-2020-13558 CVE-2020-13584 CVE-2020-27918 CVE-2020-29623 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-35452 [bsc#1186922]: Single zero byte stack overflow in mod_auth_digest - fixed CVE-2021-26690 [bsc#1186923]: mod_session NULL pointer dereference in parser - fixed CVE-2021-26691 [bsc#1187017]: Heap overflow in mod_session Important SUSE bug 1186922 SUSE bug 1186923 SUSE bug 1186924 SUSE bug 1187017 SUSE bug 1187174 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 cpe:/o:suse:sles-bcl:12:sp2 Security update for xterm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) Important SUSE bug 1182091 CVE-2021-27135 cpe:/o:suse:sles-bcl:12:sp2 Security update for ovmf (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ovmf fixes the following issues: - Fixed a possible buffer overflow in IScsiDxe (bsc#1186151) - CVE-2021-28211: ovmf: edk2: possible heap corruption with LzmaUefiDecompressGetInfo (bsc#1183578) - CVE-2021-28210: ovmf: unlimited FV recursion, round 2 (bsc#1183579) - CVE-2019-14584: ovmf,shim: NULL pointer dereference in AuthenticodeVerify() (bsc#1177789) Important SUSE bug 1177789 SUSE bug 1183578 SUSE bug 1183579 SUSE bug 1186151 CVE-2019-14584 CVE-2021-28210 CVE-2021-28211 cpe:/o:suse:sles-bcl:12:sp2 Security update for libnettle (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). Important SUSE bug 1187060 CVE-2021-3580 cpe:/o:suse:sles-bcl:12:sp2 Security update for libsolv (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510) - CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229) Other issues fixed: - backport support for blacklisted packages to support ptf packages and retracted patches - fix ruleinfo of complex dependencies returning the wrong origin - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - fix add_complex_recommends() selecting conflicted packages in rare cases - fix potential segfault in resolve_jobrules - fix solv_zchunk decoding error if large chunks are used Moderate SUSE bug 1161510 SUSE bug 1186229 CVE-2019-20387 CVE-2021-3200 cpe:/o:suse:sles-bcl:12:sp2 Security update for libgcrypt (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). Important SUSE bug 1187212 CVE-2021-33560 cpe:/o:suse:sles-bcl:12:sp2 Security update for openexr (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openexr fixes the following issues: - Fixed CVE-2021-3479 [bsc#1184354]: Out-of-memory caused by allocation of a very large buffer - Fixed CVE-2021-3605 [bsc#1187395]: Heap buffer overflow in the rleUncompress function - Fixed CVE-2021-3598 [bsc#1187310]: Heap buffer overflow in Imf_3_1:CharPtrIO:readChars Important SUSE bug 1184354 SUSE bug 1187310 SUSE bug 1187395 CVE-2021-3479 CVE-2021-3598 CVE-2021-3605 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql, postgresql12, postgresql13 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresql12: - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix a DST problem in the test suite. Changes in postgresql13: - Add postgresql-icu68.patch: fix build with ICU 68 - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html - Fix a DST problem in the test suite. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 SUSE bug 1178961 SUSE bug 1179765 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-bcl:12:sp2 Security update for arpwatch (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Important SUSE bug 1186240 CVE-2021-25321 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). Moderate SUSE bug 1173513 CVE-2020-14145 cpe:/o:suse:sles-bcl:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] Important SUSE bug 1180684 SUSE bug 1181090 CVE-2021-23239 CVE-2021-3156 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.12.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-29 (bsc#1188275) * CVE-2021-29970: Use-after-free in accessibility features of a document * CVE-2021-30547: Out of bounds write in ANGLE * CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Important SUSE bug 1188275 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116) - CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062) - CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215) - CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601) - CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595) - CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452) - CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for local privilege escalation. (bsc#1187050) - CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bsc#1186463) - CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bsc#1179610) - CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038) - CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861) - CVE-2021-32399: Fixed a race condition in net/bluetooth/hci_request.c for removal of the HCI controller. (bsc#1184611) - CVE-2021-33034: Fixed an issue in net/bluetooth/hci_event.c where a use-after-free leads to writing an arbitrary value. (bsc#1186111) - CVE-2020-26139: Fixed a bug that allows an Access Point (AP) to forward EAPOL frames to other clients even though the sender has not yet successfully authenticated. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and made it easier to exploit other vulnerabilities in connected clients. (bsc#1186062) - CVE-2021-23134: Fixed a use After Free vulnerability in nfc sockets which allows local attackers to elevate their privileges. (bsc#1186060) - CVE-2020-24586: Fixed a bug that, under the right circumstances, allows to inject arbitrary network packets and/or exfiltrate user data when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP. (bsc#1185859) - CVE-2020-26141: Fixed a flaw that could allows an adversary to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bsc#1185987) - CVE-2020-26145: Fixed a bug in the WEP, WPA, WPA2, and WPA3 implementations that could allows an adversary to inject arbitrary network packets. (bsc#1185860) - CVE-2020-24587: Fixed a bug that allows an adversary to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (bsc#1185862) - CVE-2020-26147: Fixed a bug in the WEP, WPA, WPA2, and WPA3 implementations that could allows an adversary to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames. (bsc#1185987) The following non-security bugs were fixed: - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846). - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846). - kernel/smp: Add source and destination CPUs to __call_single_data (bsc#1180846). - kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846). - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846). - Update config files: disable CONFIG_CSD_LOCK_WAIT_DEBUG (bsc#1180846). Important SUSE bug 1179610 SUSE bug 1180846 SUSE bug 1184611 SUSE bug 1185859 SUSE bug 1185860 SUSE bug 1185861 SUSE bug 1185862 SUSE bug 1185863 SUSE bug 1185898 SUSE bug 1185987 SUSE bug 1186060 SUSE bug 1186062 SUSE bug 1186111 SUSE bug 1186390 SUSE bug 1186463 SUSE bug 1187038 SUSE bug 1187050 SUSE bug 1187215 SUSE bug 1187452 SUSE bug 1187595 SUSE bug 1187601 SUSE bug 1187934 SUSE bug 1188062 SUSE bug 1188116 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145 CVE-2020-26147 CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-22555 CVE-2021-23134 CVE-2021-32399 CVE-2021-33034 CVE-2021-33909 CVE-2021-34693 CVE-2021-3609 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:sles-bcl:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for systemd fixes the following issues: Security issues fixed: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) Other fixes: - mount-util: shorten the loop a bit (#7545) - mount-util: do not use the official MAX_HANDLE_SZ (#7523) - mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) - mount-util: fix bad indenting - mount-util: EOVERFLOW might have other causes than buffer size issues - mount-util: fix error propagation in fd_fdinfo_mnt_id() - mount-util: drop exponential buffer growing in name_to_handle_at_loop() - udev: port udev_has_devtmpfs() to use path_get_mnt_id() - mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path - mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at() - mount-util: accept that name_to_handle_at() might fail with EPERM (#5499) - basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo - sysusers: use the usual comment style - test/TEST-21-SYSUSERS: add tests for new functionality - sysusers: allow admin/runtime overrides to command-line config - basic/strv: add function to insert items at position - sysusers: allow the shell to be specified - sysusers: move various user credential validity checks to src/basic/ - man: reformat table in sysusers.d(5) - sysusers: take configuration as positional arguments - sysusers: emit a bit more info at debug level when locking fails - sysusers: allow force reusing existing user/group IDs (#8037) - sysusers: ensure GID in uid:gid syntax exists - sysusers: make ADD_GROUP always create a group - test: add TEST-21-SYSUSERS test - sysuser: use OrderedHashmap - sysusers: allow uid:gid in sysusers.conf files - sysusers: fix memleak (#4430) - These commits implement the option '--replace' for systemd-sysusers so %sysusers_create_package can be introduced in SLE and packages can rely on this rpm macro without wondering whether the macro is available on the different target the package is submitted to. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) - systemctl: add --value option - execute: make sure to call into PAM after initializing resource limits (bsc#1184967) - rlimit-util: introduce setrlimit_closest_all() - system-conf: drop reference to ShutdownWatchdogUsec= - core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331) - Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046) - rules: don't ignore Xen virtual interfaces anymore (bsc#1178561) - write_net_rules: set execute bits (bsc#1178561) - udev: rework network device renaming - Revert 'Revert 'udev: network device renaming - immediately give up if the target name isn't available'' Important SUSE bug 1178561 SUSE bug 1184761 SUSE bug 1184967 SUSE bug 1185046 SUSE bug 1185331 SUSE bug 1185807 SUSE bug 1188063 CVE-2021-33910 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: - CVE-2021-3595: Fixed an invalid pointer initialization may lead to information disclosure (tftp). (bsc#1187366) - CVE-2021-3592: Fixed an invalid pointer initialization may lead to information disclosure (bootp). (bsc#1187364) - CVE-2021-3594: Fixed an invalid pointer initialization may lead to information disclosure (udp). (bsc#1187367) - CVE-2021-3593: Fixed an invalid pointer initialization may lead to information disclosure (udp6). (bsc#1187365) - CVE-2021-3611: Fixed a segmentation fault due to stack overflow. (bsc#1187529) Moderate SUSE bug 1187364 SUSE bug 1187365 SUSE bug 1187366 SUSE bug 1187367 SUSE bug 1187529 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3611 cpe:/o:suse:sles-bcl:12:sp2 Security update for linuxptp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for linuxptp fixes the following issues: - CVE-2021-3570: Validate the messageLength field of incoming messages. (bsc#1187646) Important SUSE bug 1187646 CVE-2021-3570 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-21779: Fixed a use-after-free vulnerability in the way that WebKit GraphicsContext handles certain events. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (bsc#1188697) - CVE-2021-30663: An integer overflow was addressed with improved input validation. (bsc#1188697) - CVE-2021-30665: A memory corruption issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30689: A logic issue was addressed with improved state management. (bsc#1188697) - CVE-2021-30720: A logic issue was addressed with improved restrictions. (bsc#1188697) - CVE-2021-30734: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30744: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (bsc#1188697) - CVE-2021-30749: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) - CVE-2021-30758: A type confusion issue was addressed with improved state handling. (bsc#1188697) - CVE-2021-30795: A use after free issue was addressed with improved memory management. (bsc#1188697) - CVE-2021-30797: This issue was addressed with improved checks. (bsc#1188697) - CVE-2021-30799: Multiple memory corruption issues were addressed with improved memory handling. (bsc#1188697) Important SUSE bug 1188697 CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 cpe:/o:suse:sles-bcl:12:sp2 Security update for libsndfile (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. (bsc#1100167) - CVE-2018-19432: Fixed a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. (bsc#1116993) - CVE-2021-3246: Fixed a heap buffer overflow vulnerability in msadpcm_decode_block. (bsc#1188540) - CVE-2018-19758: Fixed a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. (bsc#1117954) Critical SUSE bug 1100167 SUSE bug 1116993 SUSE bug 1117954 SUSE bug 1188540 CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246 cpe:/o:suse:sles-bcl:12:sp2 Security update for djvulibre (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for djvulibre fixes the following issues: - CVE-2021-3630: out-of-bounds write in DJVU:DjVuTXT:decode() in DjVuText.cpp (bsc#1187869) Important SUSE bug 1187869 CVE-2021-3630 cpe:/o:suse:sles-bcl:12:sp2 Security update for cpio (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) Important SUSE bug 1189206 CVE-2021-38185 cpe:/o:suse:sles-bcl:12:sp2 Security update for libcares2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libcares2 fixes the following issues: - CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881). Important SUSE bug 1188881 CVE-2021-3672 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.13.0 ESR (MFSA 2021-34, bsc#1188891): - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 Important SUSE bug 1188891 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 cpe:/o:suse:sles-bcl:12:sp2 Security update for fetchmail (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for fetchmail fixes the following issues: - CVE-2021-36386: DoS or information disclosure in some configurations (bsc#1188875) - Change PASSWORDLEN from 64 to 256 [bsc#1188034] - Set the hostname for SNI when using TLS [bsc#1182807] - Allow --syslog option in daemon mode. (bsc#1033081) - Set the hostname for SNI when using TLS. (bsc#1182807) - Change PASSWORDLEN from 64 to 256 (bsc#1188034) Moderate SUSE bug 1033081 SUSE bug 1182807 SUSE bug 1188034 SUSE bug 1188875 CVE-2021-36386 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u302 (icedtea 3.20.0) - CVE-2021-2341: Improve file transfers. (bsc#1188564) - CVE-2021-2369: Better jar file validation. (bsc#1188565) - CVE-2021-2388: Enhance compiler validation. (bsc#1188566) - CVE-2021-2161: Less ambiguous processing. (bsc#1185056) Important SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 CVE-2021-2161 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 cpe:/o:suse:sles-bcl:12:sp2 Security update for cpio (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for cpio fixes the following issues: - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. [bsc#1189465] Important SUSE bug 1189465 CVE-2021-38185 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] Important SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles-bcl:12:sp2 Security update for unrar (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038). - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038). - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038). - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038). - CVE-2017-20006: Fixed heap-based buffer overflow in Unpack:CopyString (bsc#1187974). These non-security issues were fixed: - Added extraction support for .LZ archives created by Lzip compressor - Enable unpacking of files in ZIP archives compressed with XZ algorithm and encrypted with AES - Added support for PAX extended headers inside of TAR archive - If RAR recovery volumes (.rev files) are present in the same folder as usual RAR volumes, archive test command verifies .rev contents after completing testing .rar files - By default unrar skips symbolic links with absolute paths in link target when extracting unless -ola command line switch is specified - Added support for AES-NI CPU instructions - Support for a new RAR 5.0 archiving format - Wildcard exclusion mask for folders - Prevent conditional jumps depending on uninitialised values (bsc#1046882) Moderate SUSE bug 1046882 SUSE bug 1054038 SUSE bug 1187974 CVE-2012-6706 CVE-2017-12938 CVE-2017-12940 CVE-2017-12941 CVE-2017-12942 CVE-2017-20006 cpe:/o:suse:sles-bcl:12:sp2 Security update for aspell (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top (bsc#1188576). Important SUSE bug 1188576 CVE-2019-25051 cpe:/o:suse:sles-bcl:12:sp2 Security update for bind (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for bind fixes the following issues: - CVE-2020-8622: A truncated TSIG response can lead to an assertion failure (bsc#1175443). Moderate SUSE bug 1175443 SUSE bug 1188888 CVE-2020-8622 cpe:/o:suse:sles-bcl:12:sp2 Security update for openexr (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openexr fixes the following issues: - CVE-2021-20298 [bsc#1188460]: Fixed Out-of-memory in B44Compressor - CVE-2021-20299 [bsc#1188459]: Fixed Null-dereference READ in Imf_2_5:Header:operator - CVE-2021-20300 [bsc#1188458]: Fixed Integer-overflow in Imf_2_5:hufUncompress - CVE-2021-20302 [bsc#1188462]: Fixed Floating-point-exception in Imf_2_5:precalculateTileInfot - CVE-2021-20303 [bsc#1188457]: Fixed Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer - CVE-2021-20304 [bsc#1188461]: Fixed Undefined-shift in Imf_2_5:hufDecode Important SUSE bug 1188457 SUSE bug 1188458 SUSE bug 1188459 SUSE bug 1188460 SUSE bug 1188461 SUSE bug 1188462 CVE-2021-20298 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303 CVE-2021-20304 CVE-2021-3476 cpe:/o:suse:sles-bcl:12:sp2 Security update for libesmtp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libesmtp fixes the following issues: - CVE-2019-19977: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462). Important SUSE bug 1160462 SUSE bug 1189097 CVE-2019-19977 cpe:/o:suse:sles-bcl:12:sp2 Security update for file (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for file fixes the following issues: - CVE-2019-18218: Fixed heap-based buffer overflow in cdf_read_property_info in cdf.c (bsc#1154661). Important SUSE bug 1154661 CVE-2019-18218 cpe:/o:suse:sles-bcl:12:sp2 Security update for openvswitch (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openvswitch fixes the following issues: - openvswitch was updated to 2.5.11 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) - datapath: Clear the L4 portion of the key for 'later' fragments - datapath: Properly set L4 keys on 'later' IP fragments - ofproto-dpif: Fix using uninitialised memory in user_action_cookie. - stream-ssl: Fix crash on NULL private key and valid certificate. - datapath: fix flow actions reallocation Important SUSE bug 1117483 SUSE bug 1181345 CVE-2020-27827 cpe:/o:suse:sles-bcl:12:sp2 Security update for Mesa (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for Mesa fixes the following issues: Security issue fixed: - CVE-2019-5068: Fixed exploitable shared memory permissions vulnerability (bsc#1156015). Moderate SUSE bug 1156015 CVE-2019-5068 cpe:/o:suse:sles-bcl:12:sp2 Security update for transfig (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for transfig fixes the following issues: Update to version 3.2.8, including fixes for - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef() (bsc#1186329). - CVE-2020-21683: Fixed buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c (bsc#1189325). - CVE-2020-21682: Fixed buffer overflow in the set_fill component in genge.c (bsc#1189346). - CVE-2020-21681: Fixed buffer overflow in the set_color component in genge.c (bsc#1189345). - CVE-2020-21680: Fixed stack-based buffer overflow in the put_arrow() component in genpict2e.c (bsc#1189343). - CVE-2019-19797: out-of-bounds write in read_colordef in read.c (bsc#1159293). - CVE-2019-19555: stack-based buffer overflow because of an incorrect sscanf (bsc#1161698). - CVE-2019-19746: segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type (bsc#1159130). Moderate SUSE bug 1136882 SUSE bug 1159130 SUSE bug 1159293 SUSE bug 1161698 SUSE bug 1186329 SUSE bug 1189325 SUSE bug 1189343 SUSE bug 1189345 SUSE bug 1189346 CVE-2019-19555 CVE-2019-19746 CVE-2019-19797 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2021-3561 cpe:/o:suse:sles-bcl:12:sp2 Security update for gtk-vnc (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for gtk-vnc fixes the following issues: - CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268). - CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266). - Fix crash when opening connection from a GSocketAddress (bsc#1046782). - Fix possible crash on connection failure (bsc#1188292). Moderate SUSE bug 1024266 SUSE bug 1024268 SUSE bug 1046782 SUSE bug 1188292 CVE-2017-5884 CVE-2017-5885 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Low) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). Low SUSE bug 1189521 CVE-2021-3712 cpe:/o:suse:sles-bcl:12:sp2 Security update for ghostscript (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for ghostscript fixes the following issues: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection (bsc#1190381) Critical SUSE bug 1190381 CVE-2021-3781 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-bcl:12:sp2 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sqlite3 fixes the following issues: sqlite3 is sync version 3.36.0 from Factory (jsc#SLE-16032). The following CVEs have been fixed in upstream releases up to this point, but were not mentioned in the change log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2020-13434 bsc#1172115: integer overflow in sqlite3_str_vappendf * CVE-2020-13630 bsc#1172234: use-after-free in fts3EvalNextRow * CVE-2020-13631 bsc#1172236: virtual table allowed to be renamed to one of its shadow tables * CVE-2020-13632 bsc#1172240: NULL pointer dereference via crafted matchinfo() query * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) Important SUSE bug 1157818 SUSE bug 1158812 SUSE bug 1158958 SUSE bug 1158959 SUSE bug 1158960 SUSE bug 1159491 SUSE bug 1159715 SUSE bug 1159847 SUSE bug 1159850 SUSE bug 1160309 SUSE bug 1160438 SUSE bug 1160439 SUSE bug 1164719 SUSE bug 1172091 SUSE bug 1172115 SUSE bug 1172234 SUSE bug 1172236 SUSE bug 1172240 SUSE bug 1173641 SUSE bug 928700 SUSE bug 928701 CVE-2015-3414 CVE-2015-3415 CVE-2016-6153 CVE-2017-10989 CVE-2017-2518 CVE-2018-20346 CVE-2018-8740 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-8457 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-urllib3 (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-urllib3 fixes the following security issue: - CVE-2020-26137: A CRLF injection via HTTP request method was fixed (bsc#1177120) Note that this was fixed in a previous version update to 1.25.9, this update just complements the tracking. Moderate SUSE bug 1177120 CVE-2020-26137 cpe:/o:suse:sles-bcl:12:sp2 Security update for libqt5-qtbase (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libqt5-qtbase fixes the following issues: - CVE-2020-24741: Fixed a bug that allowed QLibrary to load libraries relative to CWD which could result in arbitrary code execution. (bsc#1189408) Important SUSE bug 1178600 SUSE bug 1189408 CVE-2020-24741 cpe:/o:suse:sles-bcl:12:sp2 Security update for glibc (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for glibc fixes the following issues: Security issues fixed: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) Also the following bug was fixed: - Avoid concurrency problem in ldconfig (bsc#1117993) Moderate SUSE bug 1117993 SUSE bug 1186489 SUSE bug 1187911 CVE-2021-33574 CVE-2021-35942 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.4 - CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701) - CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697) Important SUSE bug 1188697 SUSE bug 1190701 CVE-2021-21806 CVE-2021-30858 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703) - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via malicious input. (bsc#1190666) - CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests. (bsc#1190669) Important SUSE bug 1190666 SUSE bug 1190669 SUSE bug 1190703 CVE-2021-34798 CVE-2021-39275 CVE-2021-40438 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: Fixed IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373). - CVE-2021-28697: Fixed grant table v2 status pages that may remain accessible after de-allocation (XSA-379)(bsc#1189376). - CVE-2021-28698: Fixed long running loops in grant table handling (XSA-380)(bsc#1189378). - CVE-2021-20255: Fixed eepro100 stack overflow via infinite recursion (bsc#1182654). - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187369). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187378). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187376). - CVE-2021-28692: Fixed inappropriate x86 IOMMU timeout detection / handling (XSA-373)(bsc#1186429). - CVE-2021-0089: Fixed Speculative Code Store Bypass (XSA-375)(bsc#1186433). - CVE-2021-28690: Fixed x86 TSX Async Abort protections not restored after S3 (XSA-377)(bsc#1186434). - Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882). Moderate SUSE bug 1182654 SUSE bug 1186429 SUSE bug 1186433 SUSE bug 1186434 SUSE bug 1187369 SUSE bug 1187376 SUSE bug 1187378 SUSE bug 1189373 SUSE bug 1189376 SUSE bug 1189378 SUSE bug 1189632 SUSE bug 1189882 CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28701 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 cpe:/o:suse:sles-bcl:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python3 fixes the following issues: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 CVE-2019-20916 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.2.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-45 (bsc#1191332) * CVE-2021-38496: Use-after-free in MessageTask * CVE-2021-38497: Validation message could have been overlaid on another origin * CVE-2021-38498: Use-after-free of nsLanguageAtomService object * CVE-2021-32810: Fixed Data race in crossbeam-deque * CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 - Fixed crash in FIPS mode (bsc#1190710) Important SUSE bug 1190710 SUSE bug 1191332 CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 cpe:/o:suse:sles-bcl:12:sp2 Security update for strongswan (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for strongswan fixes the following issues: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. (bsc#1191435) Important SUSE bug 1191435 CVE-2021-41991 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql10 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql10 fixes the following issues: - Fix for build with llvm12 on s390x. (bsc#1185952) - Re-enable 'icu' for PostgreSQL 10. (bsc#1179945) - Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751) - Upgrade to version 10.18. (bsc#1190177) Upgrade to version 10.17 (already released for SUSE Linux Enterprise 12 SP5): - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). - Fixed an issue droping irregular warning messages by removing the package. (bsc#1178961) - Fixed an issue when build does not build the requiements to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. Important SUSE bug 1178961 SUSE bug 1179765 SUSE bug 1179945 SUSE bug 1183118 SUSE bug 1183168 SUSE bug 1185924 SUSE bug 1185925 SUSE bug 1185952 SUSE bug 1187751 SUSE bug 1190177 CVE-2021-32027 CVE-2021-32028 cpe:/o:suse:sles-bcl:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) - NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506) - NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) - eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255) - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) Important SUSE bug 1180432 SUSE bug 1180433 SUSE bug 1180434 SUSE bug 1180435 SUSE bug 1182651 SUSE bug 1186012 SUSE bug 1189145 CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255 CVE-2021-3527 CVE-2021-3682 cpe:/o:suse:sles-bcl:12:sp2 Security update for opensc (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for opensc fixes the following issues: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). Important SUSE bug 1191957 SUSE bug 1191992 SUSE bug 1192000 SUSE bug 1192005 CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 cpe:/o:suse:sles-bcl:12:sp2 Security update for transfig (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021) - bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline function in genepic.c. - bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects function in read.c. - bsc#1190617, CVE-2020-21531: global buffer overflow in the conv_pattern_index function in gencgm.c. - bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont function in genepic.c. - bsc#1190612, CVE-2020-21533: stack buffer overflow in the read_textobject function in read.c. - bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line function in read.c. - bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start function in gencgm.c. - bsc#1192019, CVE-2021-32280: NULL pointer dereference in compute_closed_spline() in trans_spline.c Important SUSE bug 1190607 SUSE bug 1190611 SUSE bug 1190612 SUSE bug 1190615 SUSE bug 1190616 SUSE bug 1190617 SUSE bug 1190618 SUSE bug 1192019 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2021-32280 cpe:/o:suse:sles-bcl:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for the arm-symbianelf format has been removed. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script=<NAME> command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=<style>, --no-demangle, --recurse-limit and --no-recurse-limit options are also now availale. Update to binutils 2.35.1: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. Update to binutils 2.35: * The assembler can now produce DWARF-5 format line number tables. * Readelf now has a 'lint' mode to enable extra checks of the files it is processing. * Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option. * The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler. Update to binutils 2.34: * The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions. * The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing. * The assembler and linker now support the generation of ELF format files for the Z80 architecture. Update to binutils 2.33.1: * Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions. * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors. * Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals. * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'. * The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details. * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker. * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI. * Add -z pac-plt for AArch64 to pick PAC enabled PLTs. * Add --source-comment[=<txt>] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly. * Add --set-section-alignment <section-name>=<power-of-2-align> option to objcopy to allow the changing of section alignments. * Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format. * The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file. * Add support for dumping types encoded in the Compact Type Format to objdump and readelf. The following security fixes are addressed by the update: - CVE-2021-20197: Fixed a race condition which allows users to own arbitrary files (bsc#1181452). - CVE-2021-20284: Fixed a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511). - CVE-2021-3487: Fixed a denial of service via excessive debug section size causing excessive memory consumption in bfd's dwarf2.c read_section() (bsc#1184620). - CVE-2020-35448: Fixed a heap-based buffer over-read in bfd_getl_signed_32() in libbfd.c (bsc#1184794). - CVE-2020-16590: Fixed a double free vulnerability in process_symbol_table() (bsc#1179898). - CVE-2020-16591: Fixed an invalid read in process_symbol_table() (bsc#1179899). - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup() (bsc#1179900). - CVE-2020-16593: Fixed a null pointer dereference in scan_unit_for_symbols() (bsc#1179901). - CVE-2020-16598: Fixed a null pointer dereference in debug_get_real_type() (bsc#1179902). - CVE-2020-16599: Fixed a null pointer dereference in _bfd_elf_get_symbol_version_string() (bsc#1179903) - CVE-2020-35493: Fixed heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file (bsc#1180451). - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module due to not checking return value of bfd_malloc (bsc#1180454). - CVE-2020-35507: Fixed a null pointer dereference in bfd_pef_parse_function_stubs() (bsc#1180461). - CVE-2019-17451: Fixed an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line() in dwarf2.c (bsc#1153768). - CVE-2019-17450: Fixed a potential denial of service in find_abstract_instance() in dwarf2.c (bsc#1153770). - CVE-2019-9077: Fixed a heap-based buffer overflow in process_mips_specific() in readelf.c via a malformed MIPS option section (bsc#1126826). - CVE-2019-9075: Fixed a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap() in archive64.c (bsc#1126829). - CVE-2019-9074: Fixed a out-of-bounds read leading to a SEGV in bfd_getl32() in libbfd.c (bsc#1126831). - CVE-2019-12972: Fixed a heap-based buffer over-read in _bfd_doprnt() in bfd.c (bsc#1140126). - CVE-2019-14444: Fixed an integer overflow apply_relocations() in readelf.c (bsc#1143609). - CVE-2019-14250: Fixed an integer overflow in simple_object_elf_match() in simple-object-elf.c (bsc#1142649). Moderate SUSE bug 1126826 SUSE bug 1126829 SUSE bug 1126831 SUSE bug 1140126 SUSE bug 1142649 SUSE bug 1143609 SUSE bug 1153768 SUSE bug 1153770 SUSE bug 1157755 SUSE bug 1160254 SUSE bug 1160590 SUSE bug 1163333 SUSE bug 1163744 SUSE bug 1179036 SUSE bug 1179341 SUSE bug 1179898 SUSE bug 1179899 SUSE bug 1179900 SUSE bug 1179901 SUSE bug 1179902 SUSE bug 1179903 SUSE bug 1180451 SUSE bug 1180454 SUSE bug 1180461 SUSE bug 1181452 SUSE bug 1182252 SUSE bug 1183511 SUSE bug 1184620 SUSE bug 1184794 CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-3487 cpe:/o:suse:sles-bcl:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO (bsc#1188941). - Fix empty man-pages from broken release tarball - Fixed a memory corruption with rpath option (bsc#1191473). - Fixed slow performance of stripping some binaries (bsc#1183909). Security issue fixed: - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in readelf (bnc#1184519) Moderate SUSE bug 1183909 SUSE bug 1184519 SUSE bug 1188941 SUSE bug 1191473 SUSE bug 1192267 CVE-2021-20294 cpe:/o:suse:sles-bcl:12:sp2 Security update for pcre (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973). - CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807). - CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805). - CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803). - CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066). - CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709). Moderate SUSE bug 1025709 SUSE bug 1030066 SUSE bug 1030803 SUSE bug 1030805 SUSE bug 1030807 SUSE bug 1172973 SUSE bug 1172974 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2019-20838 CVE-2020-14155 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). Important SUSE bug 1014440 SUSE bug 1192284 CVE-2016-2124 CVE-2020-25717 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-49 (bsc#1192250) * CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504: Use-after-free in file picker dialog * CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506: Firefox could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0008: Use-after-free in HTTP2 Session object * MOZ-2021-0007: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 Important SUSE bug 1192250 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql, postgresql13, postgresql14 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql, postgresql13 and postgresql14 fixes the following issues: Security issues fixed: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673) On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants. Feature changes in postgresql14: - https://www.postgresql.org/about/news/postgresql-14-released-2318/ - https://www.postgresql.org/docs/14/release-14.html Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql96 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles-bcl:12:sp2 Security update for postgresql10 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Important SUSE bug 1192516 CVE-2021-23214 CVE-2021-23222 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak (bsc#1191937). Important SUSE bug 1191937 CVE-2021-42762 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk fixes the following issues: Update to version OpenJDK 8u312 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35567: Fixed incorrect principal selection when using Kerberos Constrained Delegation (bsc#1191903). - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake (bsc#1191904). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_0-openjdk fixes the following issues: Update to OpenJDK 7u321 (October 2021 CPU): - CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS (bsc#1191901). - CVE-2021-35556: Fixed excessive memory allocation in RTFParser (bsc#1191910). - CVE-2021-35559: Fixed excessive memory allocation in RTFReader (bsc#1191911). - CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet (bsc#1191912). - CVE-2021-35564: Fixed certificates with end dates too far in the future can corrupt keystore (bsc#1191913). - CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session close (bsc#1191909). - CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader (bsc#1191914). - CVE-2021-35588: Fixed incomplete validation of inner class references in ClassFileParser (bsc#1191905) - CVE-2021-35603: Fixed non-constant comparison during TLS handshakes (bsc#1191906). Important SUSE bug 1191901 SUSE bug 1191905 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). Moderate SUSE bug 1192554 SUSE bug 1192557 SUSE bug 1192559 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 cpe:/o:suse:sles-bcl:12:sp2 Security update for ruby2.1 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ruby2.1 fixes the following issues: - CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125). - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). Important SUSE bug 1177125 SUSE bug 1188160 SUSE bug 1188161 SUSE bug 1190375 CVE-2020-25613 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). Moderate SUSE bug 1103032 SUSE bug 1188284 SUSE bug 1192346 CVE-2018-14679 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). Important SUSE bug 1192063 CVE-2021-30846 CVE-2021-30851 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Additional spectrev1 fixes were added to the eBPF code. - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1087082 bnc#1100416 bnc#1129735). - CVE-2018-16882: A use-after-free issue was found in the way the KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions and are vulnerable (bnc#1119934). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1176724). - CVE-2020-12655: An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767 (bnc#1171217). - CVE-2020-14305: An out-of-bounds memory write flaw was found in how the Linux kernel&#8217;s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allowed an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1173346). - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1186390 bnc#1188876). - CVE-2021-34556: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-35477: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the 'int_ctl' field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399). - CVE-2021-3655: A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-3679: A lack of CPU resource in the tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform allowed KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1190276). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159) - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-42739: The firewire subsystem in the Linux kernel has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673). - CVE-2021-43389: An issue was discovered in the Linux kernel There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - - ipv4: make exception cache less predictible (bsc#1191790, CVE-2021-20322). The following non-security bugs were fixed: - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22918) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22918). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1188325). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1188325). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1188325). - config: disable unprivileged BPF by default (jsc#SLE-22918) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - kABI: protect struct bpf_map (kabi). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sctp: simplify addr copy (bsc#1188563). Important SUSE bug 1068032 SUSE bug 1087082 SUSE bug 1098425 SUSE bug 1100416 SUSE bug 1119934 SUSE bug 1129735 SUSE bug 1171217 SUSE bug 1171420 SUSE bug 1173346 SUSE bug 1176724 SUSE bug 1183089 SUSE bug 1184673 SUSE bug 1186109 SUSE bug 1186390 SUSE bug 1188172 SUSE bug 1188325 SUSE bug 1188563 SUSE bug 1188601 SUSE bug 1188838 SUSE bug 1188876 SUSE bug 1188983 SUSE bug 1188985 SUSE bug 1189057 SUSE bug 1189262 SUSE bug 1189291 SUSE bug 1189399 SUSE bug 1189706 SUSE bug 1190023 SUSE bug 1190025 SUSE bug 1190067 SUSE bug 1190117 SUSE bug 1190159 SUSE bug 1190276 SUSE bug 1190349 SUSE bug 1190351 SUSE bug 1190601 SUSE bug 1191193 SUSE bug 1191315 SUSE bug 1191790 SUSE bug 1191958 SUSE bug 1191961 SUSE bug 1192781 SUSE bug 802154 CVE-2017-5753 CVE-2018-13405 CVE-2018-16882 CVE-2020-0429 CVE-2020-12655 CVE-2020-14305 CVE-2020-3702 CVE-2021-20265 CVE-2021-20322 CVE-2021-31916 CVE-2021-33033 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3760 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-3896 CVE-2021-40490 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389 cpe:/o:suse:sles-bcl:12:sp2 Security update for mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Important SUSE bug 1193170 CVE-2021-43527 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssh (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Important SUSE bug 1190975 CVE-2021-41617 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Important SUSE bug 1193321 SUSE bug 1193485 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 cpe:/o:suse:sles-bcl:12:sp2 Security update for glib-networking (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for glib-networking fixes the following issues: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Important SUSE bug 1172460 CVE-2020-13645 cpe:/o:suse:sles-bcl:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Important SUSE bug 1193030 CVE-2021-4008 cpe:/o:suse:sles-bcl:12:sp2 Security update for log4j (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Important SUSE bug 1193662 CVE-2021-4104 cpe:/o:suse:sles-bcl:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Important SUSE bug 1190487 SUSE bug 1190489 CVE-2021-4009 CVE-2021-4011 cpe:/o:suse:sles-bcl:12:sp2 Security update for chrony (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for chrony fixes the following issues: Chrony was updated to 4.1: * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Enable syscallfilter unconditionally (bsc#1181826). Chrony was updated to 4.0: Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Chrony was updated to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). - Update clknetsim to version 79ffe44 (fixes bsc#1162964). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529) Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step - Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add 'include /etc/chrony.d/*' - Enable pps support Upgraded to version 3.2: Enhancements * Improve stability with NTP sources and reference clocks * Improve stability with hardware timestamping * Improve support for NTP interleaved modes * Control frequency of system clock on macOS 10.13 and later * Set TAI-UTC offset of system clock with leapsectz directive * Minimise data in client requests to improve privacy * Allow transmit-only hardware timestamping * Add support for new timestamping options introduced in Linux 4.13 * Add root delay, root dispersion and maximum error to tracking log * Add mindelay and asymmetry options to server/peer/pool directive * Add extpps option to PHC refclock to timestamp external PPS signal * Add pps option to refclock directive to treat any refclock as PPS * Add width option to refclock directive to filter wrong pulse edges * Add rxfilter option to hwtimestamp directive * Add -x option to disable control of system clock * Add -l option to log to specified file instead of syslog * Allow multiple command-line options to be specified together * Allow starting without root privileges with -Q option * Update seccomp filter for new glibc versions * Dump history on exit by default with dumpdir directive * Use hardening compiler options by default Bug fixes * Don't drop PHC samples with low-resolution system clock * Ignore outliers in PHC tracking, RTC tracking, manual input * Increase polling interval when peer is not responding * Exit with error message when include directive fails * Don't allow slash after hostname in allow/deny directive/command * Try to connect to all addresses in chronyc before giving up Upgraded to version 3.1: - Enhancements - Add support for precise cross timestamping of PHC on Linux - Add minpoll, precision, nocrossts options to hwtimestamp directive - Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources - Allow sub-second polling interval with NTP sources - Bug fixes - Fix time smoothing in interleaved mode Upgraded to version 3.0: - Enhancements - Add support for software and hardware timestamping on Linux - Add support for client/server and symmetric interleaved modes - Add support for MS-SNTP authentication in Samba - Add support for truncated MACs in NTPv4 packets - Estimate and correct for asymmetric network jitter - Increase default minsamples and polltarget to improve stability with very low jitter - Add maxjitter directive to limit source selection by jitter - Add offset option to server/pool/peer directive - Add maxlockage option to refclock directive - Add -t option to chronyd to exit after specified time - Add partial protection against replay attacks on symmetric mode - Don't reset polling interval when switching sources to online state - Allow rate limiting with very short intervals - Improve maximum server throughput on Linux and NetBSD - Remove dump files after start - Add tab-completion to chronyc with libedit/readline - Add ntpdata command to print details about NTP measurements - Allow all source options to be set in add server/peer command - Indicate truncated addresses/hostnames in chronyc output - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses - Bug fixes - Fix crash with disabled asynchronous name resolving Upgraded to version 2.4.1: - Bug fixes - Fix processing of kernel timestamps on non-Linux systems - Fix crash with smoothtime directive - Fix validation of refclock sample times - Fix parsing of refclock directive update to 2.4: - Enhancements - Add orphan option to local directive for orphan mode compatible with ntpd - Add distance option to local directive to set activation threshold (1 second by default) - Add maxdrift directive to set maximum allowed drift of system clock - Try to replace NTP sources exceeding maximum distance - Randomise source replacement to avoid getting stuck with bad sources - Randomise selection of sources from pools on start - Ignore reference timestamp as ntpd doesn't always set it correctly - Modify tracking report to use same values as seen by NTP clients - Add -c option to chronyc to write reports in CSV format - Provide detailed manual pages - Bug fixes - Fix SOCK refclock to work correctly when not specified as last refclock - Fix initstepslew and -q/-Q options to accept time from own NTP clients - Fix authentication with keys using 512-bit hash functions - Fix crash on exit when multiple signals are received - Fix conversion of very small floating-point numbers in command packets Moderate SUSE bug 1063704 SUSE bug 1069468 SUSE bug 1082318 SUSE bug 1083597 SUSE bug 1099272 SUSE bug 1115529 SUSE bug 1128846 SUSE bug 1156884 SUSE bug 1159840 SUSE bug 1161119 SUSE bug 1162964 SUSE bug 1171806 SUSE bug 1172113 SUSE bug 1173277 SUSE bug 1173760 SUSE bug 1174075 SUSE bug 1174911 SUSE bug 1180689 SUSE bug 1181826 SUSE bug 1183783 SUSE bug 1184400 SUSE bug 1187906 SUSE bug 1190926 CVE-2020-14367 cpe:/o:suse:sles-bcl:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ). - CVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755). - futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755). - futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755). - futex: Avoid freeing an active timer (bsc#969755). - futex: Avoid violating the 10th rule of futex (bsc#969755). - futex: Change locking rules (bsc#969755). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755). - futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755). - futex: Fix OWNER_DEAD fixup (bsc#969755). - futex: Fix incorrect should_fail_futex() handling (bsc#969755). - futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755). - futex: Fix pi_state->owner serialization (bsc#969755). - futex: Fix small (and harmless looking) inconsistencies (bsc#969755). - futex: Futex_unlock_pi() determinism (bsc#969755). - futex: Handle early deadlock return correctly (bsc#969755). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#969755). - futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755). - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755). - futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). Important SUSE bug 1070943 SUSE bug 1121826 SUSE bug 1121872 SUSE bug 1157298 SUSE bug 1168952 SUSE bug 1173942 SUSE bug 1176395 SUSE bug 1176485 SUSE bug 1177411 SUSE bug 1178123 SUSE bug 1178182 SUSE bug 1178589 SUSE bug 1178622 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179204 SUSE bug 1179419 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1181349 SUSE bug 969755 CVE-2019-19063 CVE-2019-20934 CVE-2019-6133 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27673 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 cpe:/o:suse:sles-bcl:12:sp2 Security update for openvswitch (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Important SUSE bug 1181742 CVE-2020-35498 cpe:/o:suse:sles-bcl:12:sp2 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Important SUSE bug 1150934 SUSE bug 1181777 CVE-2019-16275 CVE-2021-0326 cpe:/o:suse:sles-bcl:12:sp2 Security update for jasper (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sles-bcl:12:sp2 Security update for screen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Important SUSE bug 1182092 CVE-2021-26937 cpe:/o:suse:sles-bcl:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-bcl:12:sp2 Security update for krb5-appl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). Important SUSE bug 1131109 CVE-2019-25017 CVE-2019-25018 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Moderate SUSE bug 1181239 CVE-2020-14803 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-bcl:12:sp2 Security update for perl-XML-Twig (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-cryptography (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). Important SUSE bug 1182066 CVE-2020-36242 cpe:/o:suse:sles-bcl:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) grub2 was bumped to version 2.02, same as SUSE Linux Enterprise 12 SP3. Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:sles-bcl:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). The following non-security bug was fixed: - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1178372 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182175 CVE-2020-28374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:sles-bcl:12:sp2 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805) Important SUSE bug 1182805 CVE-2021-27803 cpe:/o:suse:sles-bcl:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) Important SUSE bug 1183026 CVE-2021-21300 cpe:/o:suse:sles-bcl:12:sp2 Security update for python (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2019-18348 CVE-2021-23336 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:sles-bcl:12:sp2 Security update for glib2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 CVE-2021-27219 cpe:/o:suse:sles-bcl:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for sudo fixes the following issues: - Fixed a potential crash on exit as a result of the fix of CVE-2021-3156 [bsc#1181090] Important SUSE bug 1181090 CVE-2021-3156 cpe:/o:suse:sles-bcl:12:sp2 Security update for wavpack (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sles-bcl:12:sp2 Security update for nghttp2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Important SUSE bug 1082318 SUSE bug 1088639 SUSE bug 1112438 SUSE bug 1125689 SUSE bug 1134616 SUSE bug 1146182 SUSE bug 1146184 SUSE bug 1181358 SUSE bug 962914 SUSE bug 964140 SUSE bug 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:sles-bcl:12:sp2 Security update for openvpn (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). Important SUSE bug 1197341 CVE-2022-0547 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: Update Java 7.1 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: Update Java 8.0 to Service Refresh 7 Fix Pack 5 (bsc#1197126). Including fixes for the following vulnerabilities: CVE-2022-21366, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21277, CVE-2022-21299, CVE-2022-21296, CVE-2022-21282, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21283, CVE-2022-21248, CVE-2022-21271. Non-securtiy fix: - Fixed a broken symlink for javaws (bsc#1195146). Important SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195146 SUSE bug 1196500 SUSE bug 1197126 CVE-2022-21248 CVE-2022-21271 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366 cpe:/o:suse:sles-bcl:12:sp2 Security update for zlib (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Important SUSE bug 1197459 CVE-2018-25032 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902) - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904) Important SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1191902 SUSE bug 1191904 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles-bcl:12:sp2 Security update for util-linux (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - Load /etc/default/su (bsc#1116347). - Prevent outdated pam files (bsc#1082293, bsc#1081947#c68). - Do not trim read-only volumes (bsc#1106214). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - agetty: Reload issue only if it is really needed (bsc#1085196) - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - libblkid: Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix for warning on mounts to CIFS with mount. (bsc#1174942) Important SUSE bug 1038841 SUSE bug 1081947 SUSE bug 1082293 SUSE bug 1084671 SUSE bug 1085196 SUSE bug 1106214 SUSE bug 1116347 SUSE bug 1122417 SUSE bug 1125886 SUSE bug 1135534 SUSE bug 1135708 SUSE bug 1151708 SUSE bug 1168235 SUSE bug 1168389 SUSE bug 1169006 SUSE bug 1172427 SUSE bug 1174942 SUSE bug 1175514 SUSE bug 1175623 SUSE bug 1178236 SUSE bug 1178554 SUSE bug 1178825 SUSE bug 1188921 SUSE bug 1194642 CVE-2021-37600 cpe:/o:suse:sles-bcl:12:sp2 Security update for mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Important SUSE bug 1197903 CVE-2022-1097 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 Important SUSE bug 1197903 CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 cpe:/o:suse:sles-bcl:12:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for glibc fixes the following issues: - CVE-2020-1752: Fix use-after-free in glob when expanding ~user (bsc#1167631) Important SUSE bug 1167631 CVE-2020-1752 cpe:/o:suse:sles-bcl:12:sp2 Security update for libsolv, libzypp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libsolv, libzypp fixes the following issues: libsolv to 0.6.39: - fix memory leaks in SWIG generated code - fix misparsing of '&' in attributes with libxml2 - try to keep packages from a cycle close togther in the transaction order (bsc#1189622) - fix split provides not working if the update includes a forbidden vendor change (bsc#1195485) - fix segfault on conflict resolution when using bindings - do not replace noarch problem rules with arch dependent ones in problem reporting - fix and simplify pool_vendor2mask implementation - bump version to 0.6.39 libzypp to 16.22.4: - Hint on ptf resolver conflicts (bsc#1194848) - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. Important SUSE bug 1184501 SUSE bug 1189622 SUSE bug 1194848 SUSE bug 1195485 cpe:/o:suse:sles-bcl:12:sp2 Security update for openjpeg2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openjpeg2 fixes the following issues: - CVE-2016-1924: Fixed heap buffer overflow (bsc#980504). - CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617). - CVE-2016-4797: Fixed heap buffer overflow (bsc#980504). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130). - CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). Important SUSE bug 1102016 SUSE bug 1106881 SUSE bug 1106882 SUSE bug 1140130 SUSE bug 1140205 SUSE bug 1162090 SUSE bug 1173578 SUSE bug 1180457 SUSE bug 1184774 SUSE bug 1197738 SUSE bug 971617 SUSE bug 980504 CVE-2016-1924 CVE-2016-3183 CVE-2016-4797 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-20846 CVE-2020-15389 CVE-2020-27823 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Important SUSE bug 1194547 CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 cpe:/o:suse:sles-bcl:12:sp2 Security update for xz (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles-bcl:12:sp2 Security update for libexif (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libexif fixes the following issues: - CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802). - CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768). - CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479). Important SUSE bug 1172768 SUSE bug 1172802 SUSE bug 1178479 CVE-2020-0181 CVE-2020-0198 CVE-2020-0452 cpe:/o:suse:sles-bcl:12:sp2 Security update for gzip (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Important SUSE bug 1198062 CVE-2022-1271 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - sched/autogroup: Fix possible Spectre-v1 indexing for (git-fixes) - sr9700: sanity check for packet length (bsc#1196836). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Important SUSE bug 1189562 SUSE bug 1196018 SUSE bug 1196488 SUSE bug 1196761 SUSE bug 1196830 SUSE bug 1196836 SUSE bug 1197227 SUSE bug 1197331 SUSE bug 1197366 CVE-2021-45868 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 cpe:/o:suse:sles-bcl:12:sp2 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Important SUSE bug 1183709 SUSE bug 1197872 CVE-2021-3448 CVE-2022-0934 cpe:/o:suse:sles-bcl:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for tomcat fixes the following issues: - Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137) Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Important SUSE bug 1196137 SUSE bug 1198136 cpe:/o:suse:sles-bcl:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for git fixes the following issues: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Important SUSE bug 1198234 CVE-2022-24765 cpe:/o:suse:sles-bcl:12:sp2 Security update for libxml2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490) Important SUSE bug 1196490 CVE-2022-23308 cpe:/o:suse:sles-bcl:12:sp2 Security update for SDL (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for SDL fixes the following issues: - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202) - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201) - CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001) Important SUSE bug 1181201 SUSE bug 1181202 SUSE bug 1198001 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). - CVE-2021-20257: Fixed an infinite loop in the e1000 emulated device, which could cause an excessive CPU consumption in the host (bsc#1182846). Important SUSE bug 1182846 SUSE bug 1196915 SUSE bug 1197423 SUSE bug 1197425 SUSE bug 1197426 CVE-2021-20257 CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 (bsc#1194019). - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content. Important SUSE bug 1194019 CVE-2018-8518 CVE-2018-8523 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8719 CVE-2019-8726 CVE-2019-8733 CVE-2019-8763 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8821 CVE-2019-8822 CVE-2020-10018 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2021-1765 CVE-2021-1788 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1871 CVE-2021-30661 CVE-2021-30666 CVE-2021-30682 CVE-2021-30761 CVE-2021-30762 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 cpe:/o:suse:sles-bcl:12:sp2 Security update for cifs-utils (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Important SUSE bug 1197216 CVE-2022-27239 cpe:/o:suse:sles-bcl:12:sp2 Security update for aide (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Important SUSE bug 1194735 CVE-2021-45417 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. * Fixed: Various stability, functionality, and security fixes MFSA 2021-40 (bsc#1190269, bsc#1190274): * CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer * CVE-2021-38495: Memory safety bugs fixed in Firefox 92 and Firefox ESR 91.1 Firefox 91.0.1esr ESR * Fixed: Fixed an issue causing buttons on the tab bar to be resized when loading certain websites (bug 1704404) * Fixed: Fixed an issue which caused tabs from private windows to be visible in non-private windows when viewing switch-to- tab results in the address bar panel (bug 1720369) * Fixed: Various stability fixes * Fixed: Security fix MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Firefox Extended Support Release 91.0 ESR * New: Some of the highlights of the new Extended Support Release are: - A number of user interface changes. For more information, see the Firefox 89 release notes. - Firefox now supports logging into Microsoft, work, and school accounts using Windows single sign-on. Learn more - On Windows, updates can now be applied in the background while Firefox is not running. - Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications - Version 2 of Firefox's SmartBlock feature further improves private browsing. Third party Facebook scripts are blocked to prevent you from being tracked, but are now automatically loaded 'just in time' if you decide to 'Log in with Facebook' on any website. - Enhanced the privacy of the Firefox Browser's Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companis from using cookies to track your browsing across sites. This feature was originally launched in Firefox's ETP Strict mode. - PDF forms now support JavaScript embedded in PDF files. Some PDF forms use JavaScript for validation and other interactive features. - You'll encounter less website breakage in Private Browsing and Strict Enhanced Tracking Protection with SmartBlock, which provides stand-in scripts so that websites load properly. - Improved Print functionality with a cleaner design and better integration with your computer's printer settings. - Firefox now protects you from supercookies, a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next. - Firefox now remembers your preferred location for saved bookmarks, displays the bookmarks toolbar by default on new tabs, and gives you easy access to all of your bookmarks via a toolbar folder. - Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non- native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox. - Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages. - We’ve improved functionality and design for a number of Firefox search features: * Selecting a search engine at the bottom of the search panel now enters search mode for that engine, allowing you to see suggestions (if available) for your search terms. The old behavior (immediately performing a search) is available with a shift-click. * When Firefox autocompletes the URL of one of your search engines, you can now search with that engine directly in the address bar by selecting the shortcut in the address bar results. * We’ve added buttons at the bottom of the search panel to allow you to search your bookmarks, open tabs, and history. - Firefox supports AcroForm, which will allow you to fill in, print, and save supported PDF forms and the PDF viewer also has a new fresh look. - For our users in the US and Canada, Firefox can now save, manage, and auto-fill credit card information for you, making shopping on Firefox ever more convenient. - In addition to our default, dark and light themes, with this release, Firefox introduces the Alpenglow theme: a colorful appearance for buttons, menus, and windows. You can update your Firefox themes under settings or preferences. * Changed: Firefox no longer supports Adobe Flash. There is no setting available to re-enable Flash support. * Enterprise: Various bug fixes and new policies have been implemented in the latest version of Firefox. See more details in the Firefox for Enterprise 91 Release Notes. MFSA 2021-33 (bsc#1188891): * CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT * CVE-2021-29988: Memory corruption as a result of incorrect style treatment * CVE-2021-29983: Firefox for Android could get stuck in fullscreen mode * CVE-2021-29984: Incorrect instruction reordering during JIT optimization * CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux * CVE-2021-29985: Use-after-free media channels * CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion * CVE-2021-29989: Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 * CVE-2021-29990: Memory safety bugs fixed in Firefox 91 Important SUSE bug 1188891 SUSE bug 1189547 SUSE bug 1190269 SUSE bug 1190274 CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29987 CVE-2021-29988 CVE-2021-29989 CVE-2021-29990 CVE-2021-29991 CVE-2021-38492 CVE-2021-38495 cpe:/o:suse:sles-bcl:12:sp2 Security update for zsh (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294) - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294) Important SUSE bug 1107294 SUSE bug 1107296 CVE-2018-0502 CVE-2018-13259 cpe:/o:suse:sles-bcl:12:sp2 Security update for e2fsprogs (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) Important SUSE bug 1198446 CVE-2022-1304 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) Moderate SUSE bug 1185055 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188568 SUSE bug 1191905 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1192052 SUSE bug 1194198 SUSE bug 1194232 CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 cpe:/o:suse:sles-bcl:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). - Fixed issue with SASL init that crashed slapd at startup under certain conditions (bsc#1198383). Important SUSE bug 1198383 SUSE bug 1199240 CVE-2022-29155 cpe:/o:suse:sles-bcl:12:sp2 Security update for gzip (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for gzip fixes the following issues: - CVE-2022-1271: Add hardening for zgrep. (bsc#1198062) Important CVE-2022-1271 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Important SUSE bug 1196133 SUSE bug 1198290 CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 cpe:/o:suse:sles-bcl:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) Important SUSE bug 1199223 SUSE bug 1199224 CVE-2022-27781 CVE-2022-27782 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to Intel CPU Microcode 20220419 release. (bsc#1198717) - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423). Moderate SUSE bug 1198717 SUSE bug 1199423 CVE-2022-21151 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970): - CVE-2022-29914: Fullscreen notification bypass using popups - CVE-2022-29909: Bypassing permission prompt in nested browsing contexts - CVE-2022-29916: Leaking browser history with CSS variables - CVE-2022-29911: iframe Sandbox bypass - CVE-2022-29912: Reader mode bypassed SameSite cookies - CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 Important SUSE bug 1198970 CVE-2022-29909 CVE-2022-29911 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 cpe:/o:suse:sles-bcl:12:sp2 Security update for expat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). Important SUSE bug 1194251 SUSE bug 1194362 SUSE bug 1194474 SUSE bug 1194476 SUSE bug 1194477 SUSE bug 1194478 SUSE bug 1194479 SUSE bug 1194480 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 cpe:/o:suse:sles-bcl:12:sp2 Security update for polkit (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568). Important SUSE bug 1194568 CVE-2021-4034 cpe:/o:suse:sles-bcl:12:sp2 Security update for strongswan (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Important SUSE bug 1194471 CVE-2021-45079 cpe:/o:suse:sles-bcl:12:sp2 Security update for log4j (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for log4j fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842) Important SUSE bug 1194842 SUSE bug 1194843 SUSE bug 1194844 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 cpe:/o:suse:sles-bcl:12:sp2 Security update for python-requests (Moderate) (in QA) SUSE Linux Enterprise Server 12 SP2-BCL This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. (bsc#1111622) This patch is currently in QA and not yet available for download. Moderate SUSE bug 1111622 CVE-2018-18074 cpe:/o:suse:sles-bcl:12:sp2 Security update for ImageMagick (Important) (in QA) SUSE Linux Enterprise Server 12 SP2-BCL This update for ImageMagick fixes the following issues: - CVE-2022-1270: Fixed a memory corruption issue when parsing MIFF files (bsc#1198351). - CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350). This patch is currently in QA and not yet available for download. Important SUSE bug 1198351 SUSE bug 1199350 CVE-2022-1270 CVE-2022-28463 cpe:/o:suse:sles-bcl:12:sp2 Security update for samba (Critical) SUSE Linux Enterprise Server 12 SP2-BCL This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Critical SUSE bug 1194859 CVE-2021-44142 cpe:/o:suse:sles-bcl:12:sp2 Security update for net-snmp (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) Important SUSE bug 1100146 SUSE bug 1145864 SUSE bug 1152968 SUSE bug 1174961 SUSE bug 1178021 SUSE bug 1178351 SUSE bug 1179009 SUSE bug 1179699 SUSE bug 1184839 CVE-2020-15862 cpe:/o:suse:sles-bcl:12:sp2 Security update for libsndfile (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Important SUSE bug 1194006 CVE-2021-4156 cpe:/o:suse:sles-bcl:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xen fixes the following issues: - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Important SUSE bug 1194581 SUSE bug 1194588 CVE-2022-23034 CVE-2022-23035 cpe:/o:suse:sles-bcl:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Important SUSE bug 1194731 CVE-2022-20698 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). - CVE-2019-0136: Fixed insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver that may have allowed an unauthenticated user to potentially enable denial of service via adjacent access (bnc#1193157). - CVE-2020-35519: Fixed out-of-bounds memory access in x25_bind in net/x25/af_x25.c. A bounds check failure allowed a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information (bnc#1183696). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that may have allowed an authenticated user to potentially cause denial of service via local access (bnc#1192877). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4155: Fixed XFS map issue when unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (bsc#1194272). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-43976: Fixed insufficient access control in drivers/net/wireless/marvell/mwifiex/usb.c that allowed an attacker who connect a crafted USB device to cause denial of service (bnc#1192847). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-45485: Fixed information leak in the IPv6 implementation in net/ipv6/output_core.c (bnc#1194094). - CVE-2021-45486: Fixed information leak inside the IPv4 implementation caused by very small hash table (bnc#1194087). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). The following non-security bugs were fixed: - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - memstick: rtsx_usb_ms: fix UAF - moxart: fix potential use-after-free on remove path (bsc1194516). - net/x25: fix a race in x25_bind() (networking-stable-19_03_15). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - xen-netfront: do not assume sk_buff_head list is empty in error handling (git-fixes). - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). Important SUSE bug 1012382 SUSE bug 1179960 SUSE bug 1183696 SUSE bug 1186207 SUSE bug 1192032 SUSE bug 1192847 SUSE bug 1192877 SUSE bug 1192946 SUSE bug 1193157 SUSE bug 1193440 SUSE bug 1193442 SUSE bug 1193575 SUSE bug 1193669 SUSE bug 1193727 SUSE bug 1193861 SUSE bug 1193864 SUSE bug 1193867 SUSE bug 1194001 SUSE bug 1194087 SUSE bug 1194094 SUSE bug 1194272 SUSE bug 1194302 SUSE bug 1194516 SUSE bug 1194529 SUSE bug 1194880 CVE-2018-25020 CVE-2019-0136 CVE-2020-35519 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-4155 CVE-2021-4197 CVE-2021-4202 CVE-2021-43976 CVE-2021-45095 CVE-2021-45485 CVE-2021-45486 CVE-2022-0330 cpe:/o:suse:sles-bcl:12:sp2 Security update for virglrenderer (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389). Important SUSE bug 1195389 CVE-2022-0135 cpe:/o:suse:sles-bcl:12:sp2 Security update for expat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Important SUSE bug 1195054 SUSE bug 1195217 CVE-2022-23852 CVE-2022-23990 cpe:/o:suse:sles-bcl:12:sp2 Security update for tiff (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031). - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image (bsc#1154365). - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via the invertImage() function (bsc#1190312). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c (bsc#1194539). Important SUSE bug 1071031 SUSE bug 1154365 SUSE bug 1182808 SUSE bug 1182809 SUSE bug 1182811 SUSE bug 1182812 SUSE bug 1190312 SUSE bug 1194539 CVE-2017-17095 CVE-2019-17546 CVE-2020-19131 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2022-22844 cpe:/o:suse:sles-bcl:12:sp2 Security update for tcpdump (Moderate) SUSE Linux Enterprise Server 12 SP2-BCL This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). Moderate SUSE bug 1195825 CVE-2018-16301 cpe:/o:suse:sles-bcl:12:sp2 Security update for xerces-j2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser (bsc#1195108). Important SUSE bug 1195108 CVE-2022-23437 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.0 ESR / MFSA 2022-05 (bsc#1195682) - CVE-2022-22753: Privilege Escalation to SYSTEM on Windows via Maintenance Service - CVE-2022-22754: Extensions could have bypassed permission confirmation during update - CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable - CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements - CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types - CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages - CVE-2022-22763: Script Execution during invalid object state - CVE-2022-22764: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) - Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry Important SUSE bug 1195230 SUSE bug 1195682 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 cpe:/o:suse:sles-bcl:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html) Important SUSE bug 1192615 SUSE bug 1195779 SUSE bug 1195780 SUSE bug 1195781 CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942) Important SUSE bug 1193942 SUSE bug 1193943 CVE-2021-44224 CVE-2021-44790 cpe:/o:suse:sles-bcl:12:sp2 Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). Important SUSE bug 1196036 CVE-2022-24407 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: Update to version 2.34.5 (bsc#1195735): - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - CVE-2022-22590: A use after free issue was addressed with improved memory management. - CVE-2022-22592: A logic issue was addressed with improved state management. Update to version 2.34.4 (bsc#1195064): - CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling. - CVE-2021-30936: A use after free issue was addressed with improved memory management. - CVE-2021-30951: A use after free issue was addressed with improved memory management. - CVE-2021-30952: An integer overflow was addressed with improved input validation. - CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking. - CVE-2021-30954: A type confusion issue was addressed with improved memory handling. - CVE-2021-30984: A race condition was addressed with improved state handling. - CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation. The following CVEs were addressed in a previous update: - CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create. - CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild. - CVE-2021-45483: A use-after-free in WebCore::Frame::page. Important SUSE bug 1195064 SUSE bug 1195735 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 cpe:/o:suse:sles-bcl:12:sp2 Security update for expat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). Important SUSE bug 1196025 SUSE bug 1196026 SUSE bug 1196168 SUSE bug 1196169 SUSE bug 1196171 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 cpe:/o:suse:sles-bcl:12:sp2 Security update for zsh (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-1100: Fixed a potential code execution via a stack-based buffer overflow in utils.c:checkmailpath() (bsc#1089030). Important SUSE bug 1089030 SUSE bug 1163882 SUSE bug 1196435 CVE-2018-1100 CVE-2019-20044 CVE-2021-45444 cpe:/o:suse:sles-bcl:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-BCL The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580). - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731). - CVE-2016-10905: Fixed a use-after-free is gfs2_clear_rgrpd() and read_rindex_entry() (bsc#1146312). The following non-security bug was fixed: - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). Important SUSE bug 1146312 SUSE bug 1190717 SUSE bug 1191580 SUSE bug 1193731 SUSE bug 1194463 SUSE bug 1195543 SUSE bug 1195612 SUSE bug 1195908 SUSE bug 1195939 SUSE bug 1196079 SUSE bug 1196612 CVE-2016-10905 CVE-2021-0920 CVE-2022-0001 CVE-2022-0002 CVE-2022-0492 CVE-2022-0617 CVE-2022-24448 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR (bsc#1196809): - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework Important SUSE bug 1196809 CVE-2022-26485 CVE-2022-26486 cpe:/o:suse:sles-bcl:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 (bsc#1196133): - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Important SUSE bug 1196133 CVE-2022-22620 cpe:/o:suse:sles-bcl:12:sp2 Security update for libcaca (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte (bsc#1184751, bsc#1184752). Important SUSE bug 1184751 SUSE bug 1184752 CVE-2021-30498 CVE-2021-30499 cpe:/o:suse:sles-bcl:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR (bsc#1196900): - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-on signatures - CVE-2022-26381: Use-after-free in text reflows - CVE-2022-26386: Temporary files downloaded to /tmp and accessible by other local users Important SUSE bug 1196900 CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387 cpe:/o:suse:sles-bcl:12:sp2 Security update for expat (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Important SUSE bug 1196025 SUSE bug 1196784 CVE-2022-25236 cpe:/o:suse:sles-bcl:12:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). Important SUSE bug 1196877 CVE-2022-0778 cpe:/o:suse:sles-bcl:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u322 (icedtea-3.22.0) Including the following security fixes: - CVE-2022-21248, bsc#1194926: Enhance cross VM serialization - CVE-2022-21283, bsc#1194937: Better String matching - CVE-2022-21293, bsc#1194935: Improve String constructions - CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps - CVE-2022-21282, bsc#1194933: Better resolution of URIs - CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management - CVE-2022-21299, bsc#1194931: Improved scanning of XML entities - CVE-2022-21305, bsc#1194939: Better array indexing - CVE-2022-21340, bsc#1194940: Verify Jar Verification - CVE-2022-21341, bsc#1194941: Improve serial forms for transport - CVE-2022-21349: Improve Solaris font rendering - CVE-2022-21360, bsc#1194929: Enhance BMP image support - CVE-2022-21365, bsc#1194928: Enhanced BMP processing Important SUSE bug 1193314 SUSE bug 1193444 SUSE bug 1193491 SUSE bug 1194926 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1195163 CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365 cpe:/o:suse:sles-bcl:12:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for glibc fixes the following issues: - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) Important SUSE bug 1194640 SUSE bug 1194768 SUSE bug 1194770 CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 cpe:/o:suse:sles-bcl:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-BCL This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed (bsc#1197098). - CVE-2022-22720: HTTP request smuggling due to incorrect error handling (bsc#1197095). - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua (bsc#1197091). - CVE-2022-22721: possible buffer overflow with very large or unlimited LimitXMLRequestBody (bsc#1197096). Important SUSE bug 1197091 SUSE bug 1197095 SUSE bug 1197096 SUSE bug 1197098 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 cpe:/o:suse:sles-bcl:12:sp2 Security update for glibc (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don't write beyond buffer destination in __mempcpy_avx512_no_vzeroupper (bsc#1094154) Non security bugs fixed: - Fix crash in resolver on memory allocation failure (bsc#1086690) Important SUSE bug 1086690 SUSE bug 1094150 SUSE bug 1094154 SUSE bug 1094161 CVE-2017-18269 CVE-2018-11236 CVE-2018-11237 cpe:/o:suse:sles-espos:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for git fixes several issues. These security issues were fixed: - CVE-2018-11233: Path sanity-checks on NTFS allowed attackers to read arbitrary memory (bsc#1095218) - CVE-2018-11235: Arbitrary code execution when recursively cloning a malicious repository (bsc#1095219) Important SUSE bug 1095218 SUSE bug 1095219 CVE-2018-11233 CVE-2018-11235 cpe:/o:suse:sles-espos:12:sp2 Security update for kernel-firmware (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for kernel-firmware fixes the following issues: This security issue was fixed: - CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1095735) Moderate SUSE bug 1095735 CVE-2017-5715 cpe:/o:suse:sles-espos:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libvirt fixes the following issues: - CVE-2018-3639: cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits pass through (bsc#1092885) Important SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: Update to version 20180425 (bsc#1091836) Fix provided for: - GLK B0 6-7a-1/01 0000001e->00000022 Pentium Silver N/J5xxx, Celeron N/J4xxx - Name microcodes which are not allowed to load late with a *.early suffix Moderate SUSE bug 1091836 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries - S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability - S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability - S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability - S8189989, CVE-2018-2798, bsc#1090028: Improve container portability - S8189993, CVE-2018-2799, bsc#1090029: Improve document portability - S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms - S8190478: Improved interface method selection - S8190877: Better handling of abstract classes - S8191696: Better mouse positioning - S8192025, CVE-2018-2814, bsc#1090032: Less referential references - S8192030: Better MTSchema support - S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation - S8193409: Improve AES supporting classes - S8193414: Improvements in MethodType lookups - S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For other changes please consult the changelog. Important SUSE bug 1087066 SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_0-openjdk to version 7u181 fixes the following issues: + S8162488: JDK should be updated to use LittleCMS 2.8 + S8180881: Better packaging of deserialization + S8182362: Update CipherOutputStream Usage + S8183032: Upgrade to LittleCMS 2.9 + S8189123: More consistent classloading + S8190478: Improved interface method selection + S8190877: Better handling of abstract classes + S8191696: Better mouse positioning + S8192030: Better MTSchema support + S8193409: Improve AES supporting classes + S8193414: Improvements in MethodType lookups + S8189969, CVE-2018-2790, bsc#1090023: Manifest better manifest entries + S8189977, CVE-2018-2795, bsc#1090025: Improve permission portability + S8189981, CVE-2018-2796, bsc#1090026: Improve queuing portability + S8189985, CVE-2018-2797, bsc#1090027: Improve tabular data portability + S8189989, CVE-2018-2798, bsc#1090028: Improve container portability + S8189993, CVE-2018-2799, bsc#1090029: Improve document portability + S8189997, CVE-2018-2794, bsc#1090024: Enhance keystore mechanisms + S8192025, CVE-2018-2814, bsc#1090032: Less referential references + S8192757, CVE-2018-2815, bsc#1090033: Improve stub classes implementation + S8193833, CVE-2018-2800, bsc#1090030: Better RMI connection support For additional changes please consult the changelog. Important SUSE bug 1090023 SUSE bug 1090024 SUSE bug 1090025 SUSE bug 1090026 SUSE bug 1090027 SUSE bug 1090028 SUSE bug 1090029 SUSE bug 1090030 SUSE bug 1090032 SUSE bug 1090033 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 cpe:/o:suse:sles-espos:12:sp2 Security update for gpg2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745) Important SUSE bug 1096745 CVE-2018-12020 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes several issues. This feature was added: - Added support for qemu monitor command These security issues were fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1092631). - CVE-2017-5753,CVE-2017-5715,CVE-2017-5754: Improved Spectre v2 mitigations (bsc#1074562). This non-security issue was fixed: - bsc#1086039 - Dom0 does not represent DomU cpu flags Important SUSE bug 1027519 SUSE bug 1074562 SUSE bug 1086039 SUSE bug 1092631 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2018-3639 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS IBM Java was updated to version 8.0.5.15 [bsc#1093311, bsc#1085449] Security fixes: - CVE-2018-2826 CVE-2018-2825 CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 - Removed translations in the java-1_8_0-ibm-devel-32bit package as they conflict with those in java-1_8_0-ibm-devel. Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2825 CVE-2018-2826 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS IBM Java was updated to 7.1.4.25 [bsc#1093311, bsc#1085449]: Security fixes: - CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 CVE-2018-1417 Important SUSE bug 1085449 SUSE bug 1093311 CVE-2018-1417 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 cpe:/o:suse:sles-espos:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ntp fixes the following issues: - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. (bsc#1083426) * CVE-2018-7170: Multiple authenticated ephemeral associations. (bsc#1083424) * CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state. (bsc#1083422) * CVE-2018-7185: Unauthenticated packet can reset authenticated interleaved association. (bsc#1083420) * CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit.(bsc#1083417) - Don't use libevent's cached time stamps in sntp. (bsc#1077445) This update is a reissue of the previous update with LTSS channels included. Moderate SUSE bug 1077445 SUSE bug 1082063 SUSE bug 1082210 SUSE bug 1083417 SUSE bug 1083420 SUSE bug 1083422 SUSE bug 1083424 SUSE bug 1083426 CVE-2016-1549 CVE-2018-7170 CVE-2018-7182 CVE-2018-7183 CVE-2018-7184 CVE-2018-7185 cpe:/o:suse:sles-espos:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS MariaDB was updated to 10.0.35 (bsc#1090518) Notable changes: * PCRE updated to 8.42 * XtraDB updated to 5.6.39-83.1 * TokuDB updated to 5.6.39-83.1 * InnoDB updated to 5.6.40 * The embedded server library now supports SSL when connecting to remote servers [bsc#1088681], [CVE-2018-2767] * MDEV-15249 - Crash in MVCC read after IMPORT TABLESPACE * MDEV-14988 - innodb_read_only tries to modify files if transactions were recovered in COMMITTED state * MDEV-14773 - DROP TABLE hangs for InnoDB table with FULLTEXT index * MDEV-15723 - Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES when accessing corrupted record * fixes for the following security vulnerabilities: CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2766, CVE-2018-2755, CVE-2018-2819, CVE-2018-2817, CVE-2018-2761, CVE-2018-2781, CVE-2018-2771, CVE-2018-2813 * Release notes and changelog: * https://kb.askmonty.org/en/mariadb-10035-release-notes * https://kb.askmonty.org/en/mariadb-10035-changelog Important SUSE bug 1088681 SUSE bug 1090518 CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following security issue: - CVE-2018-6126: Prevent heap buffer overflow in rasterizing paths in SVG with Skia (bsc#1096449). Important SUSE bug 1096449 CVE-2018-6126 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356) - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728). - CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036) - CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086) - CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400) - CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353). - CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095). - CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007). - CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012). - CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904). - CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650). - CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900). - CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962). - CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895). The following non-security bugs were fixed: - ALSA: timer: Fix pause event notification (bsc#973378). - Fix excessive newline in /proc/*/status (bsc#1094823). - Fix the patch content (bsc#1085185) - KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281). - Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821. - ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552). - ipv6: omit traffic class when calculating flow hash (bsc#1095042). - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033). - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality). - x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140). - x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281). - x86/bugs: Respect retpoline command line option (bsc#1068032). - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497). - x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140). - x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813) - xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534). - xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534). - xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955). Important SUSE bug 1068032 SUSE bug 1079152 SUSE bug 1082962 SUSE bug 1083650 SUSE bug 1083900 SUSE bug 1085185 SUSE bug 1086400 SUSE bug 1087007 SUSE bug 1087012 SUSE bug 1087036 SUSE bug 1087086 SUSE bug 1087095 SUSE bug 1089895 SUSE bug 1090534 SUSE bug 1090955 SUSE bug 1092497 SUSE bug 1092552 SUSE bug 1092813 SUSE bug 1092904 SUSE bug 1094033 SUSE bug 1094353 SUSE bug 1094823 SUSE bug 1095042 SUSE bug 1096140 SUSE bug 1096242 SUSE bug 1096281 SUSE bug 1096728 SUSE bug 1097356 SUSE bug 973378 CVE-2017-13305 CVE-2017-18241 CVE-2017-18249 CVE-2018-1000199 CVE-2018-1000204 CVE-2018-1065 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158). - Blinding enhancements for ECDSA and DSA (bsc#1097624, bsc#1098592) Moderate SUSE bug 1097158 SUSE bug 1097624 SUSE bug 1098592 CVE-2018-0732 cpe:/o:suse:sles-espos:12:sp2 Recommended update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The Intel CPU microcode bundle was updated to the 20180703 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and helps mitigating CVE-2018-3639 (Spectre v4) (bsc#1100147 bsc#1087082 bsc#1087083). More information on: https://downloadcenter.intel.com/download/27945/Linux-Processor-Microcode-Data-File Following chipsets are fixed in this round: Model Stepping F-MO-S/PI Old->New ---- updated platforms ------------------------------------ SNB-EP C1 6-2d-6/6d 0000061c->0000061d Xeon E5 SNB-EP C2 6-2d-7/6d 00000713->00000714 Xeon E5 IVT C0 6-3e-4/ed 0000042c->0000042d Xeon E5 v2; Core i7-4960X/4930K/4820K IVT D1 6-3e-7/ed 00000713->00000714 Xeon E5 v2 HSX-E/EP/4S C0 6-3f-2/6f 0000003c->0000003d Xeon E5 v3 HSX-EX E0 6-3f-4/80 00000011->00000012 Xeon E7 v3 SKX-SP/D/W/X H0 6-55-4/b7 02000043->0200004d Xeon Bronze 31xx, Silver 41xx, Gold 51xx/61xx Platinum 81xx, D/W-21xx; Core i9-7xxxX BDX-DE A1 6-56-5/10 0e000009->0e00000a Xeon D-15x3N BDX-ML B/M/R0 6-4f-1/ef 0b00002c->0b00002e Xeon E5/E7 v4; Core i7-69xx/68xx - Add a new style supplements for the recent kernels. (bsc#1096141) Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1096141 SUSE bug 1100147 CVE-2018-3639 CVE-2018-3640 cpe:/o:suse:sles-espos:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for perl fixes the following issues: These security issue were fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216). - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233). - CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234). - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) This non-security issue was fixed: - fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565] Important SUSE bug 1068565 SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1082234 SUSE bug 1096718 CVE-2018-12015 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 cpe:/o:suse:sles-espos:12:sp2 Security update for shadow (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Important SUSE bug 1099310 CVE-2016-6252 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling (XSA-264) (bsc#1097521). - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks (XSA-266) (bsc#1097523). - CVE-2018-12893: Fix #DB exception safety check that could be triggered by a guest (XSA-265) (bsc#1097522). - CVE-2018-11806: Fix heap buffer overflow while reassembling fragmented datagrams (bsc#1096224). - CVE-2018-3665: Fix lazy FP Save/Restore (XSA-267) (bsc#1095242). Bug fixes: - bsc#1027519: Update to Xen 4.7.6 bug fix only release. - bsc#1087289: Xen BUG at sched_credit.c:1663. - bsc#1094725: `virsh blockresize` does not work with Xen qdisks. Important SUSE bug 1027519 SUSE bug 1087289 SUSE bug 1094725 SUSE bug 1095242 SUSE bug 1096224 SUSE bug 1097521 SUSE bug 1097522 SUSE bug 1097523 CVE-2018-11806 CVE-2018-12891 CVE-2018-12892 CVE-2018-12893 CVE-2018-3665 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issues: The following security vulnerability was fixed: - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) The following other bugs were fixed: - Fix libnss_wins.so.2 link libreplace with rpath (bsc#1054849) Important SUSE bug 1054849 SUSE bug 1103411 CVE-2018-10858 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox to version ESR 52.9 fixes the following issues: - CVE-2018-5188: Various memory safety bugs (bsc#1098998) - CVE-2018-12368: No warning when opening executable SettingContent-ms files - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture - CVE-2018-12359: Buffer overflow using computed size of canvas element Important SUSE bug 1098998 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-5156 CVE-2018-5188 cpe:/o:suse:sles-espos:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for clamav to version 0.100.1 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-0360: HWP integer overflow, infinite loop vulnerability (bsc#1101410) - CVE-2018-0361: PDF object length check, unreasonably long time to parse relatively small file (bsc#1101412) - CVE-2018-1000085: Fixed a out-of-bounds heap read in XAR parser (bsc#1082858) - CVE-2018-14679: Libmspack heap buffer over-read in CHM parser (bsc#1103040) - Buffer over-read in unRAR code due to missing max value checks in table initialization - PDF parser bugs The following other changes were made: - Disable YARA support for licensing reasons (bsc#1101654). - Add HTTPS support for clamsubmit - Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only Moderate SUSE bug 1082858 SUSE bug 1101410 SUSE bug 1101412 SUSE bug 1101654 SUSE bug 1103040 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 CVE-2018-14679 cpe:/o:suse:sles-espos:12:sp2 Security update to ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 (Spectre v3a) and is part of the mitigations for CVE-2018-3639 (Spectre v4) and CVE-2018-3646 (L1 Terminal fault). (bsc#1104134 bsc#1087082 bsc#1087083 bsc#1089343) Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- WSM-EP/WS U1 6-2c-2/03 0000001f Xeon E/L/X56xx, W36xx NHM-EX D0 6-2e-6/04 0000000d Xeon E/L/X65xx/75xx BXT C0 6-5c-2/01 00000014 Atom T5500/5700 APL E0 6-5c-a/03 0000000c Atom x5-E39xx DVN B0 6-5f-1/01 00000024 Atom C3xxx ---- updated platforms ------------------------------------ NHM-EP/WS D0 6-1a-5/03 00000019->0000001d Xeon E/L/X/W55xx NHM B1 6-1e-5/13 00000007->0000000a Core i7-8xx, i5-7xx; Xeon L3426, X24xx WSM B1 6-25-2/12 0000000e->00000011 Core i7-6xx, i5-6xx/4xxM, i3-5xx/3xxM, Pentium G69xx, Celeon P45xx; Xeon L3406 WSM K0 6-25-5/92 00000004->00000007 Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeron P4xxx/U3xxx SNB D2 6-2a-7/12 0000002d->0000002e Core Gen2; Xeon E3 WSM-EX A2 6-2f-2/05 00000037->0000003b Xeon E7 IVB E2 6-3a-9/12 0000001f->00000020 Core Gen3 Mobile HSW-H/S/E3 Cx/Dx 6-3c-3/32 00000024->00000025 Core Gen4 Desktop; Xeon E3 v3 BDW-U/Y E/F 6-3d-4/c0 0000002a->0000002b Core Gen5 Mobile HSW-ULT Cx/Dx 6-45-1/72 00000023->00000024 Core Gen4 Mobile and derived Pentium/Celeron HSW-H Cx 6-46-1/32 00000019->0000001a Core Extreme i7-5xxxX BDW-H/E3 E/G 6-47-1/22 0000001d->0000001e Core i5-5xxxR/C, i7-5xxxHQ/EQ; Xeon E3 v4 SKL-U/Y D0 6-4e-3/c0 000000c2->000000c6 Core Gen6 Mobile BDX-DE V1 6-56-2/10 00000015->00000017 Xeon D-1520/40 BDX-DE V2/3 6-56-3/10 07000012->07000013 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 BDX-DE Y0 6-56-4/10 0f000011->0f000012 Xeon D-1557/59/67/71/77/81/87 APL D0 6-5c-9/03 0000002c->00000032 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx SKL-H/S/E3 R0 6-5e-3/36 000000c2->000000c6 Core Gen6; Xeon E3 v5 Important SUSE bug 1087082 SUSE bug 1087083 SUSE bug 1089343 SUSE bug 1104134 CVE-2018-3639 CVE-2018-3640 CVE-2018-3646 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issues: The following security issues were fixed: - CVE-2018-1050: Fixed denial of service vulnerability when SPOOLSS is run externally (bsc#1081741). - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow (bsc#1103411) Moderate SUSE bug 1081741 SUSE bug 1103411 CVE-2018-1050 CVE-2018-10858 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5390 aka 'SegmentSmack': The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-9385: When printing the 'driver_override' option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The following non-security bugs were fixed: - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - bcache: add backing_request_endio() for bi_end_io (bsc#1064232). - bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064232). - bcache: add io_disable to struct cached_dev (bsc#1064232). - bcache: add journal statistic (bsc#1076110). - bcache: Add __printf annotation to __bch_check_keys() (bsc#1064232). - bcache: add stop_when_cache_set_failed option to backing device (bsc#1064232). - bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064232). - bcache: Annotate switch fall-through (bsc#1064232). - bcache: closures: move control bits one bit right (bsc#1076110). - bcache: correct flash only vols (check all uuids) (bsc#1064232). - bcache: count backing device I/O error for writeback I/O (bsc#1064232). - bcache: do not attach backing with duplicate UUID (bsc#1076110). - bcache: Fix a compiler warning in bcache_device_init() (bsc#1064232). - bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064232). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - bcache: fix error return value in memory shrink (bsc#1064232). - bcache: fix for allocator and register thread race (bsc#1076110). - bcache: fix for data collapse after re-attaching an attached device (bsc#1076110). - bcache: fix high CPU occupancy during journal (bsc#1076110). - bcache: Fix, improve efficiency of closure_sync() (bsc#1076110). - bcache: fix inaccurate io state for detached bcache devices (bsc#1064232). - bcache: fix incorrect sysfs output value of strip size (bsc#1064232). - bcache: Fix indentation (bsc#1064232). - bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110). - bcache: Fix kernel-doc warnings (bsc#1064232). - bcache: fix misleading error message in bch_count_io_errors() (bsc#1064232). - bcache: fix using of loop variable in memory shrink (bsc#1064232). - bcache: fix writeback target calc on large devices (bsc#1076110). - bcache: fix wrong return value in bch_debug_init() (bsc#1076110). - bcache: mark closure_sync() __sched (bsc#1076110). - bcache: move closure debug file into debug directory (bsc#1064232). - bcache: properly set task state in bch_writeback_thread() (bsc#1064232). - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064232). - bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064232). - bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232). - bcache: Remove an unused variable (bsc#1064232). - bcache: ret IOERR when read meets metadata error (bsc#1076110). - bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064232). - bcache: return attach error when no cache set exist (bsc#1076110). - bcache: segregate flash only volume write streams (bsc#1076110). - bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064232). - bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064232). - bcache: set error_limit correctly (bsc#1064232). - bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064232). - bcache: stop bcache device when backing device is offline (bsc#1064232). - bcache: stop dc->writeback_rate_update properly (bsc#1064232). - bcache: stop writeback thread after detaching (bsc#1076110). - bcache: store disk name in struct cache and struct cached_dev (bsc#1064232). - bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232). - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064232). - bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - ext4: fix unsupported feature message formatting (bsc#1098435). - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc@1097140). - ixgbe: fix possible race in reset subtask (bsc#1101557). - ixgbe: Refactor queue disable logic to take completion time into account (bsc#1101557). - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device (bsc#1101557). - ixgbe: use atomic bitwise operations when handling reset requests (bsc#1101557). - kabi/severities: add PASS to drivers/md/bcache/*, no one uses bcache kernel module. - procfs: add tunable for fd/fdinfo dentry retention (bsc#1086652). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - signals: avoid unnecessary taking of sighand->siglock (bsc#1096130). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - xen/grant-table: log the lack of grants (bnc#1085042). Important SUSE bug 1064232 SUSE bug 1076110 SUSE bug 1083635 SUSE bug 1085042 SUSE bug 1086652 SUSE bug 1087081 SUSE bug 1089343 SUSE bug 1090123 SUSE bug 1091171 SUSE bug 1094248 SUSE bug 1096130 SUSE bug 1096480 SUSE bug 1096978 SUSE bug 1097140 SUSE bug 1097551 SUSE bug 1098016 SUSE bug 1098425 SUSE bug 1098435 SUSE bug 1099924 SUSE bug 1100089 SUSE bug 1100416 SUSE bug 1100418 SUSE bug 1100491 SUSE bug 1101557 SUSE bug 1102340 SUSE bug 1102851 SUSE bug 1103097 SUSE bug 1103119 SUSE bug 1103580 CVE-2017-18344 CVE-2018-13053 CVE-2018-13405 CVE-2018-13406 CVE-2018-14734 CVE-2018-3620 CVE-2018-3646 CVE-2018-5390 CVE-2018-5391 CVE-2018-5814 CVE-2018-9385 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bsc#1091107, bsc#1027519). - Incorrect MSR_DEBUGCTL handling let guests enable BTS allowing a malicious or buggy guest administrator can lock up the entire host (bsc#1103276) Important SUSE bug 1027519 SUSE bug 1091107 SUSE bug 1103276 CVE-2018-3646 cpe:/o:suse:sles-espos:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssh fixes the following issues: Security issue fixed: - CVE-2016-10708: Prevent DoS due to crashes caused by out-of-sequence NEWKEYS message (bsc#1076957). Moderate SUSE bug 1076957 CVE-2016-10708 cpe:/o:suse:sles-espos:12:sp2 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libvirt fixes the following issues: This new feature was added: - bsc#1094325, bsc#1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: - CVE-2017-5715: Additional fixes for the Spectre patches (bsc#1079869) These non-security issues were fixed: - bsc#1100112: schema: allow any strings in smbios entry qemu: escape smbios entry strings - bsc#1091427: libxl: fix segfault in libxlReconnectDomain - bsc#959329: libxl: don't set hasManagedSave when performing save Moderate SUSE bug 1079869 SUSE bug 1091427 SUSE bug 1094325 SUSE bug 1094725 SUSE bug 1100112 SUSE bug 959329 CVE-2017-5715 cpe:/o:suse:sles-espos:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for dovecot22 fixes the following issues: Security issue fixed: - CVE-2017-15130: Fixed a potential denial of service via TLS SNI config lookups, which would slow the process down and could have led to exhaustive memory allocation and/or process restarts (bsc#1082828) Important SUSE bug 1082828 CVE-2017-15130 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: Security issues fixed: - CVE-2018-1517: Fixed a flaw in the java.math component in IBM SDK, which may allow an attacker to inflict a denial-of-service attack with specially crafted String data. - CVE-2018-1656: Protect against path traversal attacks when extracting compressed dump files. - CVE-2018-2940: Fixed an easily exploitable vulnerability in the libraries subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to unauthorized read access. - CVE-2018-2952: Fixed an easily exploitable vulnerability in the concurrency subcomponent, which allowed unauthenticated attackers with network access via multiple protocols to compromise the Java SE, leading to denial of service. - CVE-2018-2973: Fixed a difficult to exploit vulnerability in the JSSE subcomponent, which allowed unauthenticated attackers with network access via SSL/TLS to compromise the Java SE, leading to unauthorized creation, deletion or modification access to critical data. - CVE-2018-12539: Fixed a vulnerability in which users other than the process owner may be able to use Java Attach API to connect to the IBM JVM on the same machine and use Attach API operations, including the ability to execute untrusted arbitrary code. Other changes made: - Various JIT/JVM crash fixes - Version update to 7.1.4.30 (bsc#1104668) You can find detailed information about this update [here](https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018). Important SUSE bug 1104668 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 cpe:/o:suse:sles-espos:12:sp2 Security update for libzypp, zypper (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) - PackageProvider: Validate downloaded rpm package signatures before caching (bsc#1091624, bsc#1088705, CVE-2018-7685) Other bugs fixed: - lsof: use '-K i' if lsof supports it (bsc#1099847, bsc#1036304) - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - Avoid zombie tar processes (bsc#1076192) Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages (bsc#1045735, CVE-2017-9269) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735, CVE-2017-9269) Other bugs fixed: - XML <install-summary> attribute `packages-to-change` added (bsc#1102429) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Prevent nested calls to exit() if aborted by a signal (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope (bsc#1092413) - Fix: zypper bash completion expands non-existing options (bsc#1049825) - do not recommend cron (bsc#1079334) - Improve signature check callback messages (bsc#1045735) - add/modify repo: Add options to tune the GPG check settings (bsc#1045735) Important SUSE bug 1036304 SUSE bug 1045735 SUSE bug 1049825 SUSE bug 1070851 SUSE bug 1076192 SUSE bug 1079334 SUSE bug 1088705 SUSE bug 1091624 SUSE bug 1092413 SUSE bug 1096803 SUSE bug 1099847 SUSE bug 1100028 SUSE bug 1101349 SUSE bug 1102429 CVE-2017-9269 CVE-2018-7685 cpe:/o:suse:sles-espos:12:sp2 Security update for openslp (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles-espos:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for apache2 fixes the following issues: Security issues fixed: - CVE-2016-8743: Fixed liberal whitespace interpretation accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (bsc#1016715) - CVE-2016-4975: Fixed possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes which prohibit CR or LF injection into the 'Location' or other outbound header key or value. (bsc#1104826) Moderate SUSE bug 1016715 SUSE bug 1104826 CVE-2016-4975 CVE-2016-8743 cpe:/o:suse:sles-espos:12:sp2 Security update for gnutls (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for gnutls fixes the following issues: This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) - The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Moderate SUSE bug 1047002 SUSE bug 1105437 SUSE bug 1105459 SUSE bug 1105460 CVE-2017-10790 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm to 8.0.5.20 fixes the following security issues: - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1104668) - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1104668) - CVE-2018-2964: Vulnerability in subcomponent: Deployment. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. (bsc#1104668) - CVE-2016-0705: Prevent double free in the dsa_priv_decode function that allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#1104668) - CVE-2017-3732: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2017-3736: Prevent carry propagating bug in the x86_64 Montgomery squaring procedure (bsc#1104668) - CVE-2018-1517: Unspecified vulnerability (bsc#1104668) - CVE-2018-1656: Unspecified vulnerability (bsc#1104668) - CVE-2018-12539: Users other than the process owner might have been able to use Java Attach API to connect to an IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code (bsc#1104668) Moderate SUSE bug 1104668 CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-12539 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 cpe:/o:suse:sles-espos:12:sp2 Security update for wireshark (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for wireshark to version 2.4.9 fixes the following issues: Wireshark was updated to 2.4.9 (bsc#1094301, bsc#1106514). Security issues fixed: - CVE-2018-16058: Bluetooth AVDTP dissector crash (wnpa-sec-2018-44) - CVE-2018-16056: Bluetooth Attribute Protocol dissector crash (wnpa-sec-2018-45) - CVE-2018-16057: Radiotap dissector crash (wnpa-sec-2018-46) - CVE-2018-11355: Fix RTCP dissector crash (bsc#1094301). - CVE-2018-14370: IEEE 802.11 dissector crash (wnpa-sec-2018-43, bsc#1101802) - CVE-2018-14368: Bazaar dissector infinite loop (wnpa-sec-2018-40, bsc#1101794) - CVE-2018-11362: Fix LDSS dissector crash (bsc#1094301). - CVE-2018-11361: Fix IEEE 802.11 dissector crash (bsc#1094301). - CVE-2018-11360: Fix GSM A DTAP dissector crash (bsc#1094301). - CVE-2018-14342: BGP dissector large loop (wnpa-sec-2018-34, bsc#1101777) - CVE-2018-14343: ASN.1 BER dissector crash (wnpa-sec-2018-37, bsc#1101786) - CVE-2018-14340: Multiple dissectors could crash (wnpa-sec-2018-36, bsc#1101804) - CVE-2018-14341: DICOM dissector crash (wnpa-sec-2018-39, bsc#1101776) - CVE-2018-11358: Fix Q.931 dissector crash (bsc#1094301). - CVE-2018-14344: ISMP dissector crash (wnpa-sec-2018-35, bsc#1101788) - CVE-2018-11359: Fix multiple dissectors crashs (bsc#1094301). - CVE-2018-11356: Fix DNS dissector crash (bsc#1094301). - CVE-2018-14339: MMSE dissector infinite loop (wnpa-sec-2018-38, bsc#1101810) - CVE-2018-11357: Fix multiple dissectors that could consume excessive memory (bsc#1094301). - CVE-2018-14367: CoAP dissector crash (wnpa-sec-2018-42, bsc#1101791) - CVE-2018-11354: Fix IEEE 1905.1a dissector crash (bsc#1094301). - CVE-2018-14369: HTTP2 dissector crash (wnpa-sec-2018-41, bsc#1101800) Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.9.html Moderate SUSE bug 1094301 SUSE bug 1101776 SUSE bug 1101777 SUSE bug 1101786 SUSE bug 1101788 SUSE bug 1101791 SUSE bug 1101794 SUSE bug 1101800 SUSE bug 1101802 SUSE bug 1101804 SUSE bug 1101810 SUSE bug 1106514 CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 CVE-2018-14339 CVE-2018-14340 CVE-2018-14341 CVE-2018-14342 CVE-2018-14343 CVE-2018-14344 CVE-2018-14367 CVE-2018-14368 CVE-2018-14369 CVE-2018-14370 CVE-2018-16056 CVE-2018-16057 CVE-2018-16058 cpe:/o:suse:sles-espos:12:sp2 Security update for smt, yast2-smt (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read (bsc#1103809). - CVE-2018-12470: SQL injection in RegistrationSharing module allows remote attackers to run arbitrary SQL statements (bsc#1103810). - CVE-2018-12472: Authentication bypass in sibling check facilitated further attacks on SMT (bsc#1104076). SUSE would like to thank Jake Miller for reporting these issues to us. These non-security issues were fixed in SMT: - Fix cron jobs randomization (bsc#1097560) - Fix duplicate migration paths (bsc#1097824) This non-security issue was fixed in yast2-smt: - Remove cron job rescheduling (bsc#1097560) - Added missing translation marks (bsc#1037811) - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Make the Filter button default (bsc#1006984) - Prevent exiting the repo selection dialog via hitting Enter in the repository filter (bsc#1006984) - report when error occurs during repo mirroring (bsc#1006989) - Use TextEntry-based filter for repos (fate#319777) Important SUSE bug 1006984 SUSE bug 1006989 SUSE bug 1037811 SUSE bug 1097560 SUSE bug 1097824 SUSE bug 1103809 SUSE bug 1103810 SUSE bug 1104076 SUSE bug 977043 CVE-2018-12470 CVE-2018-12471 CVE-2018-12472 cpe:/o:suse:sles-espos:12:sp2 Security update for yast2-smt (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update fixes the following issues in yast2-smt: - Explicitly mention 'Organization Credentials' (fate#321759) - Rearrange the SMT set-up dialog (bsc#977043) - Added missing translation marks (bsc#1037811) - Remove cron job rescheduling (bsc#1097560) This update is a requirement for the security update for SMT. Because of that it is tagged as security to ensure that all users, even those that only install security updates, install it. Important SUSE bug 1037811 SUSE bug 1097560 SUSE bug 977043 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information (bsc#1104789) - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have recovered the private key (bsc#1089039) These non-security issues were fixed: - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) - Fixed path to the engines which are under /lib64 on SLE-12 (bsc#1101246, bsc#997043) Moderate SUSE bug 1089039 SUSE bug 1101246 SUSE bug 1101470 SUSE bug 1104789 SUSE bug 1106197 SUSE bug 997043 CVE-2018-0737 cpe:/o:suse:sles-espos:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for qemu fixes the following security issues: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket causing DoS (bsc#1098735) - CVE-2018-11806: Prevent heap-based buffer overflow via incoming fragmented datagrams (bsc#1096223) With this release the mitigations for Spectre v4 are moved the the patches from upstream (CVE-2018-3639, bsc#1092885). Moderate SUSE bug 1092885 SUSE bug 1096223 SUSE bug 1098735 CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 cpe:/o:suse:sles-espos:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code (bsc#1109105) - CVE-2018-15909: Prevent type confusion using the .shfill operator that could have been used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code (bsc#1106172). - CVE-2018-15908: Prevent attackers that are able to supply malicious PostScript files to bypass .tempfile restrictions and write files (bsc#1106171). - CVE-2018-15910: Prevent a type confusion in the LockDistillerParams parameter that could have been used to crash the interpreter or execute code (bsc#1106173). - CVE-2018-15911: Prevent use uninitialized memory access in the aesdecode operator that could have been used to crash the interpreter or potentially execute code (bsc#1106195). - CVE-2018-16513: Prevent a type confusion in the setcolor function that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107412). - CVE-2018-16509: Incorrect 'restoration of privilege' checking during handling of /invalidaccess exceptions could be have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction (bsc#1107410). - CVE-2018-16510: Incorrect exec stack handling in the 'CS' and 'SC' PDF primitives could have been used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact (bsc#1107411). - CVE-2018-16542: Prevent attackers able to supply crafted PostScript files from using insufficient interpreter stack-size checking during error handling to crash the interpreter (bsc#1107413). - CVE-2018-16541: Prevent attackers able to supply crafted PostScript files from using incorrect free logic in pagedevice replacement to crash the interpreter (bsc#1107421). - CVE-2018-16540: Prevent use-after-free in copydevice handling that could have been used to crash the interpreter or possibly have unspecified other impact (bsc#1107420). - CVE-2018-16539: Prevent attackers able to supply crafted PostScript files from using incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable (bsc#1107422). - CVE-2018-16543: gssetresolution and gsgetresolution allowed attackers to have an unspecified impact (bsc#1107423). - CVE-2018-16511: A type confusion in 'ztype' could have been used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107426). - CVE-2018-16585: The .setdistillerkeys PostScript command was accepted even though it is not intended for use during document processing (e.g., after the startup phase). This lead to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact (bsc#1107581). - CVE-2018-16802: Incorrect 'restoration of privilege' checking when running out of stack during exception handling could have been used by attackers able to supply crafted PostScript to execute code using the 'pipe' instruction. This is due to an incomplete fix for CVE-2018-16509 (bsc#1108027). These non-security issues were fixed: * Fixes problems with argument handling, some unintended results of the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files). * Avoid that ps2epsi fails with 'Error: /undefined in --setpagedevice--' For additional changes please check http://www.ghostscript.com/doc/9.25/News.htm and the changes file of the package. Important SUSE bug 1106171 SUSE bug 1106172 SUSE bug 1106173 SUSE bug 1106195 SUSE bug 1107410 SUSE bug 1107411 SUSE bug 1107412 SUSE bug 1107413 SUSE bug 1107420 SUSE bug 1107421 SUSE bug 1107422 SUSE bug 1107423 SUSE bug 1107426 SUSE bug 1107581 SUSE bug 1108027 SUSE bug 1109105 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16510 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-16802 CVE-2018-17183 cpe:/o:suse:sles-espos:12:sp2 Security update for openslp (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing Important SUSE bug 1090638 CVE-2017-17833 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk to the jdk8u181 (icedtea 3.9.0) release fixes the following issues: These security issues were fixed: - CVE-2018-2938: Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE (bsc#1101644). - CVE-2018-2940: Vulnerability in subcomponent: Libraries. Easily exploitable vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data (bsc#1101645) - CVE-2018-2952: Vulnerability in subcomponent: Concurrency. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit (bsc#1101651) - CVE-2018-2973: Vulnerability in subcomponent: JSSE. Difficult to exploit vulnerability allowed unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data (bsc#1101656) These non-security issues were fixed: - Improve desktop file usage - Better Internet address support - speculative traps break when classes are redefined - sun/security/pkcs11/ec/ReadCertificates.java fails intermittently - Clean up code that saves the previous versions of redefined classes - Prevent SIGSEGV in ReceiverTypeData::clean_weak_klass_links - RedefineClasses() tests fail assert(((Metadata*)obj)->is_valid()) failed: obj is valid - NMT is not enabled if NMT option is specified after class path specifiers - EndEntityChecker should not process custom extensions after PKIX validation - SupportedDSAParamGen.java failed with timeout - Montgomery multiply intrinsic should use correct name - When determining the ciphersuite lists, there is no debug output for disabled suites. - sun/security/mscapi/SignedObjectChain.java fails on Windows - On Windows Swing changes keyboard layout on a window activation - IfNode::range_check_trap_proj() should handler dying subgraph with single if proj - Even better Internet address support - Newlines in JAXB string values of SOAP-requests are escaped to '&#xa;' - TestFlushableGZIPOutputStream failing with IndexOutOfBoundsException - Unable to use JDWP API in JDK 8 to debug JDK 9 VM - Hotspot crash on Cassandra 3.11.1 startup with libnuma 2.0.3 - Performance drop with Java JDK 1.8.0_162-b32 - Upgrade time-zone data to tzdata2018d - Fix potential crash in BufImg_SetupICM - JDK 8u181 l10n resource file update - Remove debug print statements from RMI fix - (tz) Upgrade time-zone data to tzdata2018e - ObjectInputStream filterCheck method throws NullPointerException - adjust reflective access checks Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1106812 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 cpe:/o:suse:sles-espos:12:sp2 Security update for qpdf (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for qpdf fixes the following issues: qpdf was updated to 7.1.1. Security issues fixed: - CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577). - CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579). - CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578). - CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581). - CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960). - CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312). - CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313). - CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311). * Check release notes for detailed bug fixes. * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes Moderate SUSE bug 1040311 SUSE bug 1040312 SUSE bug 1040313 SUSE bug 1050577 SUSE bug 1050578 SUSE bug 1050579 SUSE bug 1050581 SUSE bug 1055960 CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 CVE-2017-12595 CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql10 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for brings postgresql10 version 10.5 to SUSE Linux Enterprise 12 SP3. (FATE#325659 bnc#1108308) This release marks the change of the versioning scheme for PostgreSQL to a 'x.y' format. This means the next minor releases of PostgreSQL will be 10.1, 10.2, ... and the next major release will be 11. * Logical Replication Logical replication extends the current replication features of PostgreSQL with the ability to send modifications on a per-database and per-table level to different PostgreSQL databases. Users can now fine-tune the data replicated to various database clusters and will have the ability to perform zero-downtime upgrades to future major PostgreSQL versions. * Declarative Table Partitioning Table partitioning has existed for years in PostgreSQL but required a user to maintain a nontrivial set of rules and triggers for the partitioning to work. PostgreSQL 10 introduces a table partitioning syntax that lets users easily create and maintain range and list partitioned tables. * Improved Query Parallelism PostgreSQL 10 provides better support for parallelized queries by allowing more parts of the query execution process to be parallelized. Improvements include additional types of data scans that are parallelized as well as optimizations when the data is recombined, such as pre-sorting. These enhancements allow results to be returned more quickly. * Quorum Commit for Synchronous Replication PostgreSQL 10 introduces quorum commit for synchronous replication, which allows for flexibility in how a primary database receives acknowledgement that changes were successfully written to remote replicas. Moderate SUSE bug 1108308 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322). - CVE-2018-10938: A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw (bnc#1106016). - CVE-2018-10940: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bnc#1092903). - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). - CVE-2018-13093: There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). - CVE-2018-13094: An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). - CVE-2018-13095: A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-14678: The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges (bnc#1102715). - CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095). - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 (bnc#1107689). - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). - CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). The following security bugs were fixed: - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863). The following non-security bugs were fixed: - atm: Preserve value of skb->truesize when accounting to vcc (bsc#1089066). - bcache: avoid unncessary cache prefetch bch_btree_node_get() (bsc#1064232). - bcache: calculate the number of incremental GC nodes according to the total of btree nodes (bsc#1064232). - bcache: display rate debug parameters to 0 when writeback is not running (bsc#1064232). - bcache: do not check return value of debugfs_create_dir() (bsc#1064232). - bcache: finish incremental GC (bsc#1064232). - bcache: fix error setting writeback_rate through sysfs interface (bsc#1064232). - bcache: fix I/O significant decline while backend devices registering (bsc#1064232). - bcache: free heap cache_set->flush_btree in bch_journal_free (bsc#1064232). - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch section (bsc#1064232). - bcache: release dc->writeback_lock properly in bch_writeback_thread() (bsc#1064232). - bcache: set max writeback rate when I/O request is idle (bsc#1064232). - bcache: simplify the calculation of the total amount of flash dirty data (bsc#1064232). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update checksum of new initialized bitmaps (bnc#1012382). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ibmvnic: Include missing return code checks in reset function (bnc#1107966). - kABI: protect struct x86_emulate_ops (kabi). - kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597) - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - kvm: MMU: always terminate page walks at level 1 (bsc#1062604). - kvm: MMU: simplify last_pte_bitmap (bsc#1062604). - kvm: nVMX: update last_nonleaf_level when initializing nested EPT (bsc#1062604). - kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369). - kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369). - net: add skb_condense() helper (bsc#1089066). - net: adjust skb->truesize in pskb_expand_head() (bsc#1089066). - net: adjust skb->truesize in ___pskb_trim() (bsc#1089066). - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108239). - net: ena: fix device destruction to gracefully free resources (bsc#1108239). - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108239). - net: ena: fix incorrect usage of memory barriers (bsc#1108239). - net: ena: fix missing calls to READ_ONCE (bsc#1108239). - net: ena: fix missing lock during device destruction (bsc#1108239). - net: ena: fix potential double ena_destroy_device() (bsc#1108239). - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108239). - net: ena: Fix use of uninitialized DMA address bits field (bsc#1108239). - netfilter: xt_CT: fix refcnt leak on error path (bnc#1012382 bsc#1100152). - netlink: do not enter direct reclaim from netlink_trim() (bsc#1042286). - nfs: Use an appropriate work queue for direct-write completion (bsc#1082519). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - powerpc: Avoid code patching freed init sections (bnc#1107735). - powerpc/livepatch: Fix livepatch stack access (bsc#1094466). - powerpc/modules: Do not try to restore r2 after a sibling call (bsc#1094466). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - provide special timeout module parameters for EC2 (bsc#1065364). - stop_machine: Atomically queue and wake stopper threads (git-fixes). - stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock (bsc#1088810). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547). - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bnc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1105536). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bnc#1105536). - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (bsc#1106369). - x86: Drop kernel trampoline stack. It is involved in breaking kdump/kexec infrastucture. (bsc#1099597) - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen/blkback: do not keep persistent grants too long (bsc#1085042). - xen/blkback: move persistent grants flags to bool (bsc#1085042). - xen/blkfront: cleanup stale persistent grants (bsc#1085042). - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042). - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344). - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344). - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344). - xfs: add a xfs_iext_update_extent helper (bsc#1095344). - xfs: add comments documenting the rebalance algorithm (bsc#1095344). - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344). - xfs: add xfs_trim_extent (bsc#1095344). - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344). - xfs: borrow indirect blocks from freed extent when available (bsc#1095344). - xfs: cleanup xfs_bmap_last_before (bsc#1095344). - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344). - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344). - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344). - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344). - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344). - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344). - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344). - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344). - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344). - xfs: improve kmem_realloc (bsc#1095344). - xfs: inline xfs_shift_file_space into callers (bsc#1095344). - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344). - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344). - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344). - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344). - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344). - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344). - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344). - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344). - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344). - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344). - xfs: new inode extent list lookup helpers (bsc#1095344). - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344). - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344). - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344). - xfs: provide helper for counting extents from if_bytes (bsc#1095344). - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344). - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: refactor xfs_bunmapi_cow (bsc#1095344). - xfs: refactor xfs_del_extent_real (bsc#1095344). - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344). - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344). - xfs: Remove dead code from inode recover function (bsc#1105396). - xfs: remove if_rdev (bsc#1095344). - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344). - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344). - xfs: remove the never fully implemented UUID fork format (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344). - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344). - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344). - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344). - xfs: remove xfs_bmbt_get_state (bsc#1095344). - xfs: remove xfs_bmse_shift_one (bsc#1095344). - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344). - xfs: repair malformed inode items during log recovery (bsc#1105396). - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344). - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344). - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344). - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344). - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344). - xfs: simplify the xfs_getbmap interface (bsc#1095344). - xfs: simplify validation of the unwritten extent bit (bsc#1095344). - xfs: split indlen reservations fairly when under reserved (bsc#1095344). - xfs: split xfs_bmap_shift_extents (bsc#1095344). - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344). - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344). - xfs: update freeblocks counter after extent deletion (bsc#1095344). - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344). - xfs: use a b+tree for the in-core extent list (bsc#1095344). - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344). - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344). - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344). - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344). - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344). - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344). - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344). - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344). Important SUSE bug 1012382 SUSE bug 1042286 SUSE bug 1062604 SUSE bug 1064232 SUSE bug 1065364 SUSE bug 1082519 SUSE bug 1082863 SUSE bug 1084536 SUSE bug 1085042 SUSE bug 1088810 SUSE bug 1089066 SUSE bug 1092903 SUSE bug 1094466 SUSE bug 1095344 SUSE bug 1096547 SUSE bug 1097104 SUSE bug 1099597 SUSE bug 1099811 SUSE bug 1099813 SUSE bug 1099844 SUSE bug 1099845 SUSE bug 1099846 SUSE bug 1099849 SUSE bug 1099863 SUSE bug 1099864 SUSE bug 1099922 SUSE bug 1099993 SUSE bug 1099999 SUSE bug 1100000 SUSE bug 1100001 SUSE bug 1100152 SUSE bug 1102517 SUSE bug 1102715 SUSE bug 1102870 SUSE bug 1103445 SUSE bug 1104319 SUSE bug 1104495 SUSE bug 1105292 SUSE bug 1105296 SUSE bug 1105322 SUSE bug 1105348 SUSE bug 1105396 SUSE bug 1105536 SUSE bug 1106016 SUSE bug 1106095 SUSE bug 1106369 SUSE bug 1106509 SUSE bug 1106511 SUSE bug 1106512 SUSE bug 1106594 SUSE bug 1107689 SUSE bug 1107735 SUSE bug 1107966 SUSE bug 1108239 SUSE bug 1108399 SUSE bug 1109333 CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-10938 CVE-2018-10940 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14617 CVE-2018-14678 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-6554 CVE-2018-6555 CVE-2018-7480 CVE-2018-7757 CVE-2018-9363 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_85 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed: - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). Important SUSE bug 1107832 SUSE bug 1110233 CVE-2018-14633 CVE-2018-17182 cpe:/o:suse:sles-espos:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for binutils to 2.31 fixes the following issues: These security issues were fixed: - CVE-2017-15996: readelf allowed remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggered a buffer overflow on fuzzed archive header (bsc#1065643). - CVE-2017-15939: Binary File Descriptor (BFD) library (aka libbfd) mishandled NULL files in a .debug_line file table, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename (bsc#1065689). - CVE-2017-15938: the Binary File Descriptor (BFD) library (aka libbfd) miscalculated DW_FORM_ref_addr die refs in the case of a relocatable object file, which allowed remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash) (bsc#1065693). - CVE-2017-16826: The coff_slurp_line_table function the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068640). - CVE-2017-16832: The pe_bfd_read_buildid function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate size and offset values in the data dictionary, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file (bsc#1068643). - CVE-2017-16831: Binary File Descriptor (BFD) library (aka libbfd) did not validate the symbol count, which allowed remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file (bsc#1068887). - CVE-2017-16830: The print_gnu_property_note function did not have integer-overflow protection on 32-bit platforms, which allowed remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068888). - CVE-2017-16829: The _bfd_elf_parse_gnu_properties function in the Binary File Descriptor (BFD) library (aka libbfd) did not prevent negative pointers, which allowed remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1068950). - CVE-2017-16828: The display_debug_frames function allowed remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069176). - CVE-2017-16827: The aout_get_external_symbols function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file (bsc#1069202). - CVE-2018-6323: The elf_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) had an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1077745). - CVE-2018-6543: Prevent integer overflow in the function load_specific_debug_section() which resulted in `malloc()` with 0 size. A crafted ELF file allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (bsc#1079103). - CVE-2018-6759: The bfd_get_debug_link_info_1 function in the Binary File Descriptor (BFD) library (aka libbfd) had an unchecked strnlen operation. Remote attackers could have leveraged this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file (bsc#1079741). - CVE-2018-6872: The elf_parse_notes function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment (bsc#1080556). - CVE-2018-7208: In the coff_pointerize_aux function in the Binary File Descriptor (BFD) library (aka libbfd) an index was not validated, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object (bsc#1081527). - CVE-2018-7570: The assign_file_positions_for_non_load_sections function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy (bsc#1083528). - CVE-2018-7569: The Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm (bsc#1083532). - CVE-2018-8945: The bfd_section_from_shdr function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (segmentation fault) via a large attribute section (bsc#1086608). - CVE-2018-7643: The display_debug_ranges function allowed remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump (bsc#1086784). - CVE-2018-7642: The swap_std_reloc_in function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy (bsc#1086786). - CVE-2018-7568: The parse_die function in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm (bsc#1086788). - CVE-2018-10373: concat_filename in the Binary File Descriptor (BFD) library (aka libbfd) allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new (bsc#1090997). - CVE-2018-10372: process_cu_tu_index allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf (bsc#1091015). - CVE-2018-10535: The ignore_section_sym function in the Binary File Descriptor (BFD) library (aka libbfd) did not validate the output_section pointer in the case of a symtab entry with a 'SECTION' type that has a '0' value, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy (bsc#1091365). - CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in the Binary File Descriptor (BFD) library (aka libbfd) processesed a negative Data Directory size with an unbounded loop that increased the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeded its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c (bsc#1091368). These non-security issues were fixed: - The AArch64 port now supports showing disassembly notes which are emitted when inconsistencies are found with the instruction that may result in the instruction being invalid. These can be turned on with the option -M notes to objdump. - The AArch64 port now emits warnings when a combination of an instruction and a named register could be invalid. - Added O modifier to ar to display member offsets inside an archive - The ADR and ADRL pseudo-instructions supported by the ARM assembler now only set the bottom bit of the address of thumb function symbols if the -mthumb-interwork command line option is active. - Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU Build Attribute notes if none are present in the input sources. Add a --enable-generate-build-notes=[yes|no] configure time option to set the default behaviour. Set the default if the configure option is not used to 'no'. - Remove -mold-gcc command-line option for x86 targets. - Add -O[2|s] command-line options to x86 assembler to enable alternate shorter instruction encoding. - Add support for .nops directive. It is currently supported only for x86 targets. - Speed up direct linking with DLLs for Cygwin and Mingw targets. - Add a configure option --enable-separate-code to decide whether -z separate-code should be enabled in ELF linker by default. Default to yes for Linux/x86 targets. Note that -z separate-code can increase disk and memory size. - RISC-V: Fix symbol address problem with versioned symbols - Restore riscv64-elf cross prefix via symlinks - RISC-V: Don't enable relaxation in relocatable link - Prevent linking faiures on i386 with assertion (bsc#1085784) - Fix symbol size bug when relaxation deletes bytes - Add --debug-dump=links option to readelf and --dwarf=links option to objdump which displays the contents of any .gnu_debuglink or .gnu_debugaltlink sections. Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links option to objdump which causes indirect links into separate debug info files to be followed when dumping other DWARF sections. - Add support for loaction views in DWARF debug line information. - Add -z separate-code to generate separate code PT_LOAD segment. - Add '-z undefs' command line option as the inverse of the '-z defs' option. - Add -z globalaudit command line option to force audit libraries to be run for every dynamic object loaded by an executable - provided that the loader supports this functionality. - Tighten linker script grammar around file name specifiers to prevent the use of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would previously be accepted but had no effect. - The EXCLUDE_FILE directive can now be placed within any SORT_* directive within input section lists. - Fix linker relaxation with --wrap - Add arm-none-eabi symlinks (bsc#1074741) Former updates of binutils also fixed the following security issues, for which there was not CVE assigned at the time the update was released or no mapping between code change and CVE existed: - CVE-2014-9939: Prevent stack buffer overflow when printing bad bytes in Intel Hex objects (bsc#1030296). - CVE-2017-7225: The find_nearest_line function in addr2line did not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash (bsc#1030585). - CVE-2017-7224: The find_nearest_line function in objdump was vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash (bsc#1030588). - CVE-2017-7223: GNU assembler in was vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash (bsc#1030589). - CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a heap-based buffer over-read of size 4049 because it used the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well (bsc#1030584). - CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd) had an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) did not check the format of the input file trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash (bsc#1031644). - CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash (bsc#1031656). - CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd) had a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability caused Binutils utilities like strip to crash (bsc#1031595). - CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers attempting to match them. This vulnerability caused Binutils utilities like strip to crash (bsc#1031593). - CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd) had an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it did not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash (bsc#1031638). - CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field attempting to follow it. This vulnerability caused Binutils utilities like strip to crash (bsc#1031590). - CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037052). - CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash (bsc#1037057). - CVE-2017-8394: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash (bsc#1037061). - CVE-2017-8396: The Binary File Descriptor (BFD) library (aka libbfd) was vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability caused programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash (bsc#1037066). - CVE-2017-8421: The function coff_set_alignment_hook in Binary File Descriptor (BFD) library (aka libbfd) had a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file (bsc#1037273). - CVE-2017-9746: The disassemble_bytes function in objdump.c allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during 'objdump -D' execution (bsc#1044891). - CVE-2017-9747: The ieee_archive_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044897). - CVE-2017-9748: The ieee_object_p function in the Binary File Descriptor (BFD) library (aka libbfd) might have allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044901). - CVE-2017-9750: opcodes/rx-decode.opc lacked bounds checks for certain scale arrays, which allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044909). - CVE-2017-9755: Not considering the the number of registers for bnd mode allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044925). - CVE-2017-9756: The aarch64_ext_ldst_reglist function allowed remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during 'objdump -D' execution (bsc#1044927). - CVE-2017-7209: The dump_section_as_bytes function in readelf accessed a NULL pointer while reading section contents in a corrupt binary, leading to a program crash (bsc#1030298). - CVE-2017-6965: readelf wrote to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow (bsc#1029909). - CVE-2017-6966: readelf had a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations (bsc#1029908). - CVE-2017-6969: readelf was vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well (bsc#1029907). - CVE-2017-7210: objdump was vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash (bsc#1030297). Moderate SUSE bug 1029907 SUSE bug 1029908 SUSE bug 1029909 SUSE bug 1030296 SUSE bug 1030297 SUSE bug 1030298 SUSE bug 1030584 SUSE bug 1030585 SUSE bug 1030588 SUSE bug 1030589 SUSE bug 1031590 SUSE bug 1031593 SUSE bug 1031595 SUSE bug 1031638 SUSE bug 1031644 SUSE bug 1031656 SUSE bug 1037052 SUSE bug 1037057 SUSE bug 1037061 SUSE bug 1037066 SUSE bug 1037273 SUSE bug 1044891 SUSE bug 1044897 SUSE bug 1044901 SUSE bug 1044909 SUSE bug 1044925 SUSE bug 1044927 SUSE bug 1065643 SUSE bug 1065689 SUSE bug 1065693 SUSE bug 1068640 SUSE bug 1068643 SUSE bug 1068887 SUSE bug 1068888 SUSE bug 1068950 SUSE bug 1069176 SUSE bug 1069202 SUSE bug 1074741 SUSE bug 1077745 SUSE bug 1079103 SUSE bug 1079741 SUSE bug 1080556 SUSE bug 1081527 SUSE bug 1083528 SUSE bug 1083532 SUSE bug 1085784 SUSE bug 1086608 SUSE bug 1086784 SUSE bug 1086786 SUSE bug 1086788 SUSE bug 1090997 SUSE bug 1091015 SUSE bug 1091365 SUSE bug 1091368 CVE-2014-9939 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: - CVE-2018-17963: qemu_deliver_packet_iov accepted packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111014) - CVE-2018-15468: The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) could have locked up the entire host, causing a Denial of Service. (XSA-269) (bsc#1103276) Non security issues fixed: - Kernel oops in fs/dcache.c called by d_materialise_unique() (bsc#1094508) Moderate SUSE bug 1094508 SUSE bug 1103276 SUSE bug 1111014 CVE-2018-15468 CVE-2018-17963 cpe:/o:suse:sles-espos:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS NTP was updated to 4.2.8p12 (bsc#1111853): - CVE-2018-12327: Fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. (bsc#1098531) - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection (bsc#1083424) Please also see https://www.nwtime.org/network-time-foundation-publishes-ntp-4-2-8p12/ for more information. Moderate SUSE bug 1083424 SUSE bug 1098531 SUSE bug 1111853 CVE-2018-12327 CVE-2018-7170 cpe:/o:suse:sles-espos:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for clamav fixes the following issues: clamav was updated to version 0.100.2: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723) - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040) - Make freshclam more robust against lagging signature mirrors. - On-Access 'Extra Scanning', an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457). Moderate SUSE bug 1103040 SUSE bug 1104457 SUSE bug 1110723 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 CVE-2018-15378 cpe:/o:suse:sles-espos:12:sp2 Security update for net-snmp (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for net-snmp fixes the following issues: Security issues fixed: - CVE-2018-18065: _set_key in agent/helpers/table_container.c had a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. (bsc#1111122) Non-security issues fixed: - swintst_rpm: Protect against unspecified Group name (bsc#1102775) - Add tsm and tlstm MIBs and the USM security module. (bsc#1081164) - Fix agentx freezing on timeout (bsc#1027353) Important SUSE bug 1027353 SUSE bug 1081164 SUSE bug 1102775 SUSE bug 1111122 CVE-2018-18065 cpe:/o:suse:sles-espos:12:sp2 Security update for smt (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS SMT was updated to version 3.0.38. Following security issue was fixed: - CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076) Following non security issues were fixed: - Add migration path check when registration sharing is enabled - Fix sibling sync errors (bsc#1111056): - Synchronize all registered products - Handle duplicate registrations when syncing - Force resync to the sibling instance in `upgrade` and `synchronize` API calls Moderate SUSE bug 1104076 SUSE bug 1111056 CVE-2018-12472 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Important SUSE bug 1102682 SUSE bug 1107832 CVE-2018-14633 CVE-2018-5390 cpe:/o:suse:sles-espos:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for apache2 fixes the following issues: Security issues fixed: - CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961) Important SUSE bug 1109961 CVE-2018-11763 cpe:/o:suse:sles-espos:12:sp2 Security update for wireshark (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for wireshark fixes the following issues: Wireshark was updated to 2.4.10 (bsc#1111647). Following security issues were fixed: - CVE-2018-18227: MS-WSP dissector crash (wnpa-sec-2018-47) - CVE-2018-12086: OpcUA dissector crash (wnpa-sec-2018-50) Further bug fixes and updated protocol support that were done are listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.10.html Important SUSE bug 1111647 CVE-2018-12086 CVE-2018-18227 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing top visited, recently visited and recommended pages - Support for configuration policies in enterprise deployments via JSON files - Support for Web Authentication, allowing the use of USB tokens for authentication to web sites The following changes affect compatibility: - Now exclusively supports extensions built using the WebExtension API. - Unsupported legacy extensions will no longer work in Firefox 60 ESR - TLS certificates issued by Symantec before June 1st, 2016 are no longer trusted The 'security.pki.distrust_ca_policy' preference can be set to 0 to reinstate trust in those certificates The following issues affect performance: - new format for storing private keys, certificates and certificate trust If the user home or data directory is on a network file system, it is recommended that users set the following environment variable to avoid slowdowns: NSS_SDB_USE_CACHE=yes This setting is not recommended for local, fast file systems. These security issues were fixed: - CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation (bsc#1107343). - CVE-2017-16541: Proxy bypass using automount and autofs (bsc#1107343). - CVE-2018-12376: Various memory safety bugs (bsc#1107343). - CVE-2018-12377: Use-after-free in refresh driver timers (bsc#1107343). - CVE-2018-12378: Use-after-free in IndexedDB (bsc#1107343). - CVE-2018-12379: Out-of-bounds write with malicious MAR file (bsc#1107343). - CVE-2018-12386: Type confusion in JavaScript allowed remote code execution (bsc#1110506) - CVE-2018-12387: Array.prototype.push stack pointer vulnerability may enable exploits in the sandboxed content process (bsc#1110507) - CVE-2018-12385: Crash in TransportSecurityInfo due to cached data (bsc#1109363) - CVE-2018-12383: Setting a master password did not delete unencrypted previously stored passwords (bsc#1107343) This update for mozilla-nspr to version 4.19 fixes the follwing issues - Added TCP Fast Open functionality - A socket without PR_NSPR_IO_LAYER will no longer trigger an assertion when polling This update for mozilla-nss to version 3.36.4 fixes the follwing issues - Connecting to a server that was recently upgraded to TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error. - Fix a rare bug with PKCS#12 files. - Replaces existing vectorized ChaCha20 code with verified HACL* implementation. - TLS 1.3 support has been updated to draft -23. - Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. - The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Certum CA, O=Unizeto Sp. z o.o. StartCom Certification Authority StartCom Certification Authority G2 T?BİTAK UEKAE K?k Sertifika Hizmet Sağlayıcısı - S?r?m 3 ACEDICOM Root Certinomis - Autorit? Racine T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı PSCProcert CA 沃通根证书, O=WoSign CA Limited Certification Authority of WoSign Certification Authority of WoSign G2 CA WoSign ECC Root Subject CN = VeriSign Class 3 Secure Server CA - G2 O = Japanese Government, OU = ApplicationCA CN = WellsSecure Public Root Certificate Authority CN = T?RKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 CN = Microsec e-Szigno Root * The following CA certificates were Removed: AddTrust Public CA Root AddTrust Qualified CA Root China Internet Network Information Center EV Certificates Root CNNIC ROOT ComSign Secured CA GeoTrust Global CA 2 Secure Certificate Services Swisscom Root CA 1 Swisscom Root EV CA 2 Trusted Certificate Services UTN-USERFirst-Hardware UTN-USERFirst-Object * The following CA certificates were Added CN = D-TRUST Root CA 3 2013 CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 GDCA TrustAUTH R5 ROOT SSL.com Root Certification Authority RSA SSL.com Root Certification Authority ECC SSL.com EV Root Certification Authority RSA R2 SSL.com EV Root Certification Authority ECC TrustCor RootCert CA-1 TrustCor RootCert CA-2 TrustCor ECA-1 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) Due to the update of mozilla-nss apache2-mod_nss needs to be updated to change to the SQLite certificate database, which is now the default (bsc#1108771) Important SUSE bug 1012260 SUSE bug 1021577 SUSE bug 1026191 SUSE bug 1041469 SUSE bug 1041894 SUSE bug 1049703 SUSE bug 1061204 SUSE bug 1064786 SUSE bug 1065464 SUSE bug 1066489 SUSE bug 1073210 SUSE bug 1078436 SUSE bug 1091551 SUSE bug 1092697 SUSE bug 1094767 SUSE bug 1096515 SUSE bug 1107343 SUSE bug 1108771 SUSE bug 1108986 SUSE bug 1109363 SUSE bug 1109465 SUSE bug 1110506 SUSE bug 1110507 SUSE bug 703591 SUSE bug 839074 SUSE bug 857131 SUSE bug 893359 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12381 CVE-2018-12383 CVE-2018-12385 CVE-2018-12386 CVE-2018-12387 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: Security issues fixed: - Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852) - CVE-2018-12392: Crash with nested event loops. - CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript. - CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting. - CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts. - CVE-2018-12397: WebExtension local file access vulnerability. - CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3. - CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3. Important SUSE bug 1112852 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 cpe:/o:suse:sles-espos:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non-security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - socket-util: introduce port argument in sockaddr_port() - service: fixup ExecStop for socket-activated shutdown (#4120) - service: Continue shutdown on socket activated unit on termination (#4108) (bsc#1106923) - cryptsetup: build fixes for 'add support for sector-size= option' - udev-rules: IMPORT cmdline does not recognize keys with similar names (bsc#1111278) - core: keep the kernel coredump defaults when systemd-coredump is disabled - core: shorten main() a bit, split out coredump initialization - core: set RLIMIT_CORE to unlimited by default (bsc#1108835) - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - tmp.mount.hm4: After swap.target (#3087) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. Important SUSE bug 1106923 SUSE bug 1108835 SUSE bug 1109252 SUSE bug 1110445 SUSE bug 1111278 SUSE bug 1112024 SUSE bug 1113083 SUSE bug 1113632 SUSE bug 1113665 CVE-2018-15686 CVE-2018-15688 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bsc#1107832). - CVE-2018-5390: Fixed the possiblilty that the kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102682). Important SUSE bug 1102682 SUSE bug 1107832 CVE-2018-14633 CVE-2018-5390 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). - CVE-2018-18386: The drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bsc#1112039). Important SUSE bug 1103098 SUSE bug 1112039 CVE-2018-18386 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). - CVE-2018-18386: The drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bsc#1112039). Important SUSE bug 1103098 SUSE bug 1112039 CVE-2018-18386 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 15 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). - CVE-2018-18386: The drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bsc#1112039). Important SUSE bug 1103098 SUSE bug 1112039 CVE-2018-18386 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_85 fixes one issue. The following security issue was fixed: - CVE-2018-5391: Fixed a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may have caused a denial of service condition by sending specially crafted IP fragments. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Important SUSE bug 1103098 CVE-2018-5391 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Moderate SUSE bug 1112209 SUSE bug 1113534 SUSE bug 1113652 SUSE bug 1113742 CVE-2018-0734 CVE-2018-5407 cpe:/o:suse:sles-espos:12:sp2 Security update for rpm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3. Important SUSE bug 943457 CVE-2017-7500 CVE-2017-7501 cpe:/o:suse:sles-espos:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. (bsc#1105010) The following non-security issues were fixed: - Stop leaking File descriptors (bsc#964336) - sftp-client.c returns wrong error code upon failure [bsc#1091396] Moderate SUSE bug 1091396 SUSE bug 1105010 SUSE bug 964336 CVE-2018-15473 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 (bsc#1116574): * Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API * Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. * Java Virtual Machine - IJ10931 CVE-2018-3169 - IV91132 SOME CORE PATTERN SPECIFIERS ARE NOT HANDLED BY THE JVM ON LINUX * JIT Compiler - IJ08205 CRASH WHILE COMPILING - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 cpe:/o:suse:sles-espos:12:sp2 Security update for python-cryptography, python-pyOpenSSL (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python-cryptography, python-pyOpenSSL fixes the following issues: Security issues fixed: - CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634) - CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635) - avoid bad interaction with python-cryptography package. (bsc#1021578) Important SUSE bug 1021578 SUSE bug 1111634 SUSE bug 1111635 CVE-2018-1000807 CVE-2018-1000808 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS java-1_8_0-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 (bsc#1116574) * Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTION FROM JAVA.TEXT.DECIMALFORMAT. FORMAT - IJ09088 INTRODUCING A NEW PROPERTY FOR TURKEY TIMEZONE FOR PRODUCTS NOT IDENTIFYING TRT - IJ10800 REMOVE EXPIRING ROOT CERTIFICATES IN IBM JDK’S CACERTS. - IJ10566 SUPPORT EBCDIC CODE PAGE IBM-274 – BELGIUM EBCDIC * Java Virtual Machine - IJ08730 APPLICATION SIGNAL HANDLER NOT INVOKED FOR SIGABRT - IJ10453 ASSERTION FAILURE AT CLASSPATHITEM.CPP - IJ09574 CLASSLOADER DEFINED THROUGH SYSTEM PROPERTY ‘JAVA.SYSTEM.CLASS.LOADE R’ IS NOT HONORED. - IJ10931 CVE-2018-3169 - IJ10618 GPU SORT: UNSPECIFIED LAUNCH FAILURE - IJ10619 INCORRECT ILLEGALARGUMENTEXCEPTION BECAUSE OBJECT IS NOT AN INSTANCE OF DECLARING CLASS ON REFLECTIVE INVOCATION - IJ10135 JVM HUNG IN GARBAGECOLLECTORMXBEAN.G ETLASTGCINFO() API - IJ10680 RECURRENT ABORTED SCAVENGE * ORB - IX90187 CLIENTREQUESTIMPL.REINVO KE FAILS WITH JAVA.LANG.INDEXOUTOFBOUN DSEXCEPTION * Reliability and Serviceability - IJ09600 DTFJ AND JDMPVIEW FAIL TO PARSE WIDE REGISTER VALUES * Security - IJ10492 'EC KEYSIZE < 384' IS NOT HONORED USING THE 'JDK.TLS.DISABLEDALGORIT HMS' SECURITY PROPERTY - IJ10310 ADD NULL CHECKING ON THE ENCRYPTION TYPES LIST TO CREDENTIALS.GETDEFAULTNA TIVECREDS() METHOD - IJ10491 AES/GCM CIPHER – AAD NOT RESET TO UN-INIT STATE AFTER DOFINAL( ) AND INIT( ) - IJ08442 HTTP PUBLIC KEY PINNING FINGERPRINT,PROBLEM WITH CONVERTING TO JKS KEYSTORE - IJ09107 IBMPKCS11IMPL CRYPTO PROVIDER – INTERMITTENT ERROR WITH SECP521R1 SIGNATURE ON Z/OS - IJ10136 IBMPKCS11IMPL – INTERMITTENT ERROR WITH SECP521R1 SIG ON Z/OS AND Z/LINUX - IJ08530 IBMPKCS11IMPL PROVIDER USES THE WRONG RSA CIPHER MECHANISM FOR THE RSA/ECB/PKCS1PADDING CIPHER - IJ08723 JAAS THROWS A ‘ARRAY INDEX OUT OF RANGE’ EXCEPTION - IJ08704 THE SECURITY PROPERTY ‘JDK.CERTPATH.DISABLEDAL GORITHMS’ IS MISTAKENLY BEING USED TO FILTER JAR SIGNING ALGORITHMS * z/OS Extentions - PH03889 ADD SUPPORT FOR TRY-WITH-RESOURCES TO COM.IBM.JZOS.ENQUEUE - PH03414 ROLLOVER FROM SYE TO SAE FOR ICSF REASON CODE 3059 - PH04008 ZERTJSSE – Z SYSTEMS ENCRYPTION READINESS TOOL (ZERT) NEW SUPPORT IN THE Z/OS JAVA SDK This includes the update to Java 8.0 Service Refresh 5 Fix Pack 22: * Java Virtual Machine - IJ09139 CUDA4J NOT AVAILABLE ON ALL PLATFORMS * JIT Compiler - IJ09089 CRASH DURING COMPILATION IN USEREGISTER ON X86-32 - IJ08655 FLOATING POINT ERROR (SIGFPE) IN ZJ9SYM1 OR ANY VM/JIT MODULE ON AN INSTRUCTION FOLLOWING A VECTOR INSTRUCTION - IJ08850 CRASH IN ARRAYLIST$ITR.NEXT() - IJ09601 JVM CRASHES ON A SIGBUS SIGNAL WHEN ACCESSING A DIRECTBYTEBUFFER * z/OS Extentions - PH02999 JZOS data management classes accept dataset names in code pages supported by z/OS system services - PH01244 OUTPUT BUFFER TOO SHORT FOR GCM MODE ENCRYPTION USING IBMJCEHYBRID Also the update to Java 8.0 Service Refresh 5 Fix Pack 21 * Class Libraries - IJ08569 JAVA.IO.IOEXCEPTION OCCURS WHEN A FILECHANNEL IS BIGGER THAN 2GB ON AIX PLATFORM - IJ08570 JAVA.LANG.UNSATISFIEDLIN KERROR WITH JAVA OPTION -DSUN.JAVA2D.CMM=SUN.JAV A2D.CMM.KCMS.KCMSSERVICE PROVIDER ON AIX PLATFORM * Java Virtual Machine - IJ08001 30% THROUGHPUT DROP FOR CERTAIN SYNCHRONIZATION WORKLOADS - IJ07997 TRACEASSERT IN GARBAGE COLLECTOR(MEMORYSUBSPACE) * JIT Compiler - IJ08503 ASSERTION IS HIT DUE TO UNEXPECTED STACK HEIGHT IN DEBUGGING MODE - IJ08375 CRASH DURING HARDWARE GENERATED GUARDED STORAGE EVENT WITHIN A TRANSACTIONAL EXECUTION REGION WHEN RUNNING WITH -XGC:CONCURRENTS - IJ08205 CRASH WHILE COMPILING - IJ09575 INCORRECT RESULT WHEN USING JAVA.LANG.MATH.MIN OR MAX ON 31-BIT JVM - IJ07886 INCORRECT CALUCATIONS WHEN USING NUMBERFORMAT.FORMAT() AND BIGDECIMAL.{FLOAT/DOUBLE }VALUE() Important SUSE bug 1116574 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sles-espos:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ghostscript to version 9.26 fixes the following issues: Security issues fixed: - CVE-2018-19475: Fixed bypass of an intended access restriction in psi/zdevice2.c (bsc#1117327) - CVE-2018-19476: Fixed bypass of an intended access restriction in psi/zicc.c (bsc#1117313) - CVE-2018-19477: Fixed bypass of an intended access restriction in psi/zfjbig2.c (bsc#1117274) - CVE-2018-19409: Check if another device is used correctly in LockSafetyParams (bsc#1117022) - CVE-2018-18284: Fixed potential sandbox escape through 1Policy operator (bsc#1112229) - CVE-2018-18073: Fixed leaks through operator in saved execution stacks (bsc#1111480) - CVE-2018-17961: Fixed a -dSAFER sandbox escape by bypassing executeonly (bsc#1111479) - CVE-2018-17183: Fixed a potential code injection by specially crafted PostScript files (bsc#1109105) Version update to 9.26 (bsc#1117331): - Security issues have been the primary focus - Minor bug fixes and improvements - For release summary see: http://www.ghostscript.com/doc/9.26/News.htm Important SUSE bug 1109105 SUSE bug 1111479 SUSE bug 1111480 SUSE bug 1112229 SUSE bug 1117022 SUSE bug 1117274 SUSE bug 1117313 SUSE bug 1117327 SUSE bug 1117331 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 cpe:/o:suse:sles-espos:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for git fixes the following issue: - CVE-2018-17456: Git allowed remote code execution during processing of a recursive 'git clone' of a superproject if a .gitmodules file has a URL field beginning with a '-' character. (boo#1110949). Important SUSE bug 1110949 CVE-2018-17456 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.103-92_56 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.103-92_53 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed: - CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356). Important SUSE bug 1097356 CVE-2018-5848 cpe:/o:suse:sles-espos:12:sp2 Security update for libqt5-qtbase (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2018-15518: Fixed double free in QXmlStreamReader (bsc#1118595) - CVE-2018-19873: Fixed Denial of Service on malformed BMP file in QBmpHandler (bsc#1118596) Moderate SUSE bug 1118595 SUSE bug 1118596 CVE-2018-15518 CVE-2018-19873 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 (bsc#1119105) - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a use-after-free with select element - CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia - CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs - CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images - CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: - Update mozilla-nspr to 4.20 (bsc#1119105) Important SUSE bug 1097410 SUSE bug 1106873 SUSE bug 1119069 SUSE bug 1119105 CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/o:suse:sles-espos:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Moderate SUSE bug 1106222 SUSE bug 1110910 SUSE bug 1111006 SUSE bug 1111010 SUSE bug 1111013 SUSE bug 1114422 CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 cpe:/o:suse:sles-espos:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for apache2 fixes the following issues: * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \'Session\' header leading to unexpected behavior [bsc#1086814]. * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, a specially crafted request could lead to remote denial of service. [bsc#1086817] * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read while preparing data to be cached in shared memory.[bsc#1086813] * CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774] * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775] * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. [bsc#1086820] * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. [bsc#1086820] Moderate SUSE bug 1086774 SUSE bug 1086775 SUSE bug 1086813 SUSE bug 1086814 SUSE bug 1086817 SUSE bug 1086820 CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301 CVE-2018-1302 CVE-2018-1303 CVE-2018-1312 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The following non-security bugs were fixed: - alsa: hda/realtek - Fix speaker no sound after system resume (bsc#1031717). - alsa: hda: Add a power_save blacklist (bnc#1012382). - alsa: usb-audio: Add a quirck for B&W PX headphones (bnc#1012382). - arm: dts: LogicPD Torpedo: Fix I2C1 pinmux (bnc#1012382). - arm: mvebu: Fix broken PL310_ERRATA_753970 selects (bnc#1012382). - kvm: mmu: Fix overlap between public and private memslots (bnc#1012382). - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (bsc#1075428). - Revert 'e1000e: Separate signaling for link check/link up' (bsc#1075428). - Revert 'led: core: Fix brightness setting when setting delay_off=0' (bnc#1012382). - Revert 'watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185).' This reverts commit 5d4a2355a2a1c2ec6fdf9d18b68ca0a04ff73c70. - bpf, x64: implement retpoline for tail call (bnc#1012382). - bridge: check brport attr show in brport_show (bnc#1012382). - btrfs: Only check first key for committed tree blocks (bsc#1084721). - btrfs: Validate child tree block's level and first key (bsc#1084721). - btrfs: preserve i_mode if __btrfs_set_acl() fails (bnc#1012382). - ch9200: use skb_cow_head() to deal with cloned skbs (bsc#1088684). - cpufreq: s3c24xx: Fix broken s3c_cpufreq_init() (bnc#1012382). - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - dm io: fix duplicate bio completion due to missing ref count (bnc#1012382). - drm/i915/cmdparser: Do not check past the cmd length (bsc#1031717). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1031717). - e1000e: Avoid missed interrupts following ICR read (bsc#1075428). - e1000e: Avoid receiver overrun interrupt bursts (bsc#1075428). - e1000e: Fix check_for_link return value with autoneg off (bsc#1075428). - e1000e: Fix link check race condition (bsc#1075428). - e1000e: Fix queue interrupt re-raising in Other interrupt (bsc#1075428). - e1000e: Remove Other from EIAC (bsc#1075428). - fib_semantics: Do not match route with mismatching tclassid (bnc#1012382). - fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (git-fixes, bsc#1083745). - hdlc_ppp: carrier detect ok, do not turn off negotiation (bnc#1012382). - hugetlbfs: fix offset overflow in hugetlbfs mmap (bnc#1084353). - ibmvfc: Avoid unnecessary port relogin (bsc#1085404). - ibmvnic: Clear pending interrupt after device reset (bsc#1089644). - ibmvnic: Define vnic_login_client_data name field as unsized array (bsc#1089198). - ibmvnic: Disable irqs before exiting reset from closed state (bsc#1084610). - ibmvnic: Do not notify peers on parameter change resets (bsc#1089198). - ibmvnic: Do not reset CRQ for Mobility driver resets (bsc#1088600). - ibmvnic: Fix DMA mapping mistakes (bsc#1088600). - ibmvnic: Fix failover case for non-redundant configuration (bsc#1088600). - ibmvnic: Fix reset return from closed state (bsc#1084610). - ibmvnic: Fix reset scheduler error handling (bsc#1088600). - ibmvnic: Handle all login error conditions (bsc#1089198). - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - ibmvnic: Remove unused TSO resources in TX pool structure (bsc#1085224). - ibmvnic: Update TX pool cleaning routine (bsc#1085224). - ibmvnic: Zero used TX descriptor counter on reset (bsc#1088600). - ipv6 sit: work around bogus gcc-8 -Wrestrict warning (bnc#1012382). - kGraft: fix small race in reversion code (bsc#1083125). - kabi/severities: Ignore kgr_shadow_* kABI changes - kvm/x86: fix icebp instruction handling (bnc#1012382). - livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296). - livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296). - mac80211: do not WARN on bad WMM parameters from buggy APs (bsc#1031717). - md-cluster: fix wrong condition check in raid1_write_request (bsc#1085402). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1031717). - media: cx25821: prevent out-of-bounds read on array card (bsc#1031717). - media: m88ds3103: do not call a non-initalized function (bnc#1012382). - media: s3c-camif: fix out-of-bounds array access (bsc#1031717). - mm/hugetlb.c: do not call region_abort if region_chg fails (bnc#1084353). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012382). - net: fix race on decreasing number of TX queues (bnc#1012382). - net: ipv4: avoid unused variable warning for sysctl (git-fixes). - net: ipv4: do not allow setting net.ipv4.route.min_pmtu below 68 (bnc#1012382). - net: mpls: Pull common label check into helper (bnc#1012382). - netlink: ensure to loop over all netns in genlmsg_multicast_allns() (bnc#1012382). - nospec: Allow index argument to have const-qualified type (bnc#1012382). - perf/x86/intel: Add model number for Skylake Server to perf (FATE#321269). - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1088242). - powerpc: Do not send system reset request through the oops path (bsc#1088242). - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1088242). - ppp: prevent unregistered channels from connecting to PPP units (bnc#1012382). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1031717). - regmap: Do not use format_val in regmap_bulk_read (bsc#1031717). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1031717). - regmap: Format data for raw write in regmap_bulk_write (bsc#1031717). - rpm/config.sh: ensure sorted patches. - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390/qeth: fix IPA command submission race (bnc#1012382). - s390/qeth: fix SETIP command handling (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v4_get_dst (bnc#1012382). - sctp: fix dst refcnt leak in sctp_v6_get_dst() (bnc#1012382). - sctp: verify size of a new chunk in _sctp_make_chunk() (bnc#1012382). - storvsc: do not schedule work elements during host reset (bsc#1070536, bsc#1057734). - storvsc_drv: use embedded work structure for host rescan (bsc#1070536, bsc#1057734). - storvsc_drv: use separate workqueue for rescan (bsc#1070536, bsc#1057734). - swap: divide-by-zero when zero length swap file on ssd (bsc#1082153). - tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus (bnc#1012382). - udplite: fix partial checksum initialization (bnc#1012382). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1085185). - x86/apic/vector: Handle legacy irq data correctly (bnc#1012382). - x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088). - x86/kaiser: Duplicate cpu_tss for an entry trampoline usage (bsc#1077560 bsc#1083836). - x86/kaiser: Remove a user mapping of cpu_tss structure (bsc#1077560 bsc#1083836). - x86/kaiser: Use a per-CPU trampoline stack for kernel entry (bsc#1077560). - x86/kaiser: enforce trampoline stack alignment (bsc#1087260). - x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist (bsc#1087845). - xen-blkfront: fix mq start/stop race (bsc#1085042). - xen-netback: use skb to determine number of required guest Rx requests (bsc#1046610). Important SUSE bug 1012382 SUSE bug 1031717 SUSE bug 1046610 SUSE bug 1057734 SUSE bug 1070536 SUSE bug 1075428 SUSE bug 1076847 SUSE bug 1077560 SUSE bug 1082153 SUSE bug 1082299 SUSE bug 1083125 SUSE bug 1083745 SUSE bug 1083836 SUSE bug 1084353 SUSE bug 1084610 SUSE bug 1084721 SUSE bug 1084829 SUSE bug 1085042 SUSE bug 1085185 SUSE bug 1085224 SUSE bug 1085402 SUSE bug 1085404 SUSE bug 1086162 SUSE bug 1086194 SUSE bug 1087088 SUSE bug 1087260 SUSE bug 1087845 SUSE bug 1088241 SUSE bug 1088242 SUSE bug 1088600 SUSE bug 1088684 SUSE bug 1089198 SUSE bug 1089608 SUSE bug 1089644 SUSE bug 1089752 SUSE bug 1090643 CVE-2017-18257 CVE-2018-10087 CVE-2018-10124 CVE-2018-1087 CVE-2018-7740 CVE-2018-8043 CVE-2018-8781 CVE-2018-8822 CVE-2018-8897 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes several issues. These security issues were fixed: - CVE-2018-8897: Prevent mishandling of debug exceptions on x86 (XSA-260, bsc#1090820) - Handle HPET timers in IO-APIC mode correctly to prevent malicious or buggy HVM guests from causing a hypervisor crash or potentially privilege escalation/information leaks (XSA-261, bsc#1090822) - Prevent unbounded loop, induced by qemu allowing an attacker to permanently keep a physical CPU core busy (XSA-262, bsc#1090823) - CVE-2018-10472: x86 HVM guest OS users (in certain configurations) were able to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot (bsc#1089152). - CVE-2018-10471: x86 PV guest OS users were able to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754 (bsc#1089635). These non-security issues were fixed: - bsc#1086039: Ensure that Dom0 does represent DomU cpu flags correctly - bsc#1027519: Fixed shadow mode guests Important SUSE bug 1027519 SUSE bug 1086039 SUSE bug 1089152 SUSE bug 1089635 SUSE bug 1090820 SUSE bug 1090822 SUSE bug 1090823 CVE-2017-5754 CVE-2018-10471 CVE-2018-10472 CVE-2018-8897 cpe:/o:suse:sles-espos:12:sp2 Security update for curl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for curl fixes several issues: Security issues fixed: - CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098) Non security issues fixed: - If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825) Moderate SUSE bug 1086825 SUSE bug 1092098 CVE-2018-1000301 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox to the ESR 52.8 release fixes the following issues: Mozil to Firefox ESR 52.8 (bsc#1092548) Security issues fixed: - MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia - MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer - MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction - MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths - MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia - MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files - MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths - MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension Important SUSE bug 1092548 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 cpe:/o:suse:sles-espos:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests (bsc#1092885). Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. This patch permits the new x86 cpu feature flag named 'ssbd' to be presented to the guest, given that the host has this feature, and KVM exposes it to the guest as well. For this feature to be enabled please use the qemu commandline -cpu $MODEL,+spec-ctrl,+ssbd so the guest OS can take advantage of the feature. spec-ctrl and ssbd support is also required in the host. This feature was added: - Add support for block resize support for xen disks through the monitor This non-security issue was fixed: - bsc#1079405: Add new look up path 'sys/class/tpm' for tpm cancel path based on Linux 4.0 change Important SUSE bug 1079405 SUSE bug 1092885 CVE-2018-3639 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot commandline option was introduced, 'spec_store_bypass_disable', which can have following values: - auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation. - on: disable Speculative Store Bypass - off: enable Speculative Store Bypass - prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork. - seccomp: Same as 'prctl' above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is 'seccomp', meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing: - 'Vulnerable' - 'Mitigation: Speculative Store Bypass disabled' - 'Mitigation: Speculative Store Bypass disabled via prctl' - 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp' The following related and non-security bugs were fixed: - cpuid: Fix cpuid.edx.7.0 propagation to guest - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - kvm: Introduce nopvspin kernel parameter (bsc#1056427). - kvm: Fix nopvspin static branch init usage (bsc#1056427). - powerpc/64: Use barrier_nospec in syscall entry (bsc#1068032, bsc#1080157). - powerpc/64s: Add barrier_nospec (bsc#1068032, bsc#1080157). - powerpc/64s: Add support for ori barrier_nospec patching (bsc#1068032, bsc#1080157). - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Patch barrier_nospec in modules (bsc#1068032, bsc#1080157). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Restore default security feature flags on setup (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Set or clear security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Always enable fallback flush on pseries (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Differentiate enabled and patched flush types (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Move default security feature flags (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). Important SUSE bug 1056427 SUSE bug 1068032 SUSE bug 1075087 SUSE bug 1080157 SUSE bug 1087082 SUSE bug 1090953 SUSE bug 1091041 SUSE bug 1092289 SUSE bug 1093215 SUSE bug 1094019 CVE-2018-3639 cpe:/o:suse:sles-espos:12:sp2 Security update for bash (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed (bsc#1001299) - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed (bsc#1000396) Non-security issues fixed: - Fix repeating self-calling of traps due the combination of a non-interactive shell, a trap handler for SIGINT, an external process in the trap handler, and a SIGINT within the trap after the external process runs. (bsc#1086247) Moderate SUSE bug 1000396 SUSE bug 1001299 SUSE bug 1086247 CVE-2016-0634 CVE-2016-7543 cpe:/o:suse:sles-espos:12:sp2 Security update for icu (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999) Moderate SUSE bug 1034674 SUSE bug 1034678 SUSE bug 1067203 SUSE bug 1072193 SUSE bug 1077999 SUSE bug 1087932 SUSE bug 929629 SUSE bug 990636 CVE-2014-8146 CVE-2014-8147 CVE-2016-6293 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-7867 CVE-2017-7868 cpe:/o:suse:sles-espos:12:sp2 Security update for ImageMagick (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel() (bsc#1130330). - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage() (bsc#1131317). - CVE-2019-7175: Fixed multiple memory leaks in DecodeImage function (bsc#1128649). - CVE-2018-20467: Fixed infinite loop in coders/bmp.c (bsc#1120381). - CVE-2019-7398: Fixed a memory leak in the function WriteDIBImage (bsc#1124365). - CVE-2019-7397: Fixed a memory leak in the function WritePDFImage (bsc#1124366). - CVE-2019-7395: Fixed a memory leak in the function WritePSDChannel (bsc#1124368). - CVE-2018-16413: Fixed a heap-based buffer over-read in PushShortPixel() (bsc#1106989). - CVE-2018-16412: Fixed a heap-based buffer over-read in ParseImageResourceBlocks() (bsc#1106996). - CVE-2018-16644: Fixed a regression in dcm coder (bsc#1107609). - CVE-2019-11007: Fixed a heap-based buffer overflow in ReadMNGImage() (bsc#1132060). - CVE-2019-11008: Fixed a heap-based buffer overflow in WriteXWDImage() (bsc#1132054). - CVE-2019-11009: Fixed a heap-based buffer over-read in ReadXWDImage() (bsc#1132053). - Added extra -config- packages with Postscript/EPS/PDF readers still enabled. Removing the PS decoders is used to harden ImageMagick against security issues within ghostscript. Enabling them might impact security. (bsc#1122033) These are two packages that can be selected: - ImageMagick-config-6-SUSE: This has the PS decoders disabled. - ImageMagick-config-6-upstream: This has the PS decoders enabled. Depending on your local needs install either one of them. The default is the -SUSE configuration. Moderate SUSE bug 1106989 SUSE bug 1106996 SUSE bug 1107609 SUSE bug 1120381 SUSE bug 1122033 SUSE bug 1124365 SUSE bug 1124366 SUSE bug 1124368 SUSE bug 1128649 SUSE bug 1130330 SUSE bug 1131317 SUSE bug 1132053 SUSE bug 1132054 SUSE bug 1132060 CVE-2018-16412 CVE-2018-16413 CVE-2018-16644 CVE-2018-20467 CVE-2019-10650 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-7175 CVE-2019-7395 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956 cpe:/o:suse:sles-espos:12:sp2 Security update for freeradius-server (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). Important SUSE bug 1132549 SUSE bug 1132664 CVE-2019-11234 CVE-2019-11235 cpe:/o:suse:sles-espos:12:sp2 Security update for libssh2_org (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] Important SUSE bug 1130103 SUSE bug 1133528 CVE-2019-3859 cpe:/o:suse:sles-espos:12:sp2 Security update for wpa_supplicant (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for wpa_supplicant fixes the following issues: This security issue was fixed: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the vulnerability to recover sensitive information (bsc#1104205). This non-security issue was fixed: - Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209). Moderate SUSE bug 1104205 SUSE bug 1109209 CVE-2018-14526 cpe:/o:suse:sles-espos:12:sp2 Security update for atftp (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for atftp fixes the following issues: Security issues fixed: - CVE-2019-11366: Fixed a denial of service caused by a NULL pointer dereference because thread_list_mutex was not locked (bsc#1133145). - CVE-2019-11365: Fixed a buffer overflow which could lead to remote code execution caused by an insecure use of strncpy() (bsc#1133114). Important SUSE bug 1133114 SUSE bug 1133145 CVE-2019-11365 CVE-2019-11366 cpe:/o:suse:sles-espos:12:sp2 Security update for krb5 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for krb5 fixes the following issues: Security issue fixed: - CVE-2018-20217: Fixed an assertion issue with older encryption types (bsc#1120489) Important SUSE bug 1120489 CVE-2018-20217 cpe:/o:suse:sles-espos:12:sp2 Security update for hostinfo, supportutils (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) Important SUSE bug 1054979 SUSE bug 1099498 SUSE bug 1115245 SUSE bug 1117751 SUSE bug 1117776 SUSE bug 1118460 SUSE bug 1118462 SUSE bug 1118463 SUSE bug 1125623 SUSE bug 1125666 CVE-2018-19636 CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: - Reject invalid EC point coordinates (bsc#1131291) This helps openssl using services that do not do this verification on their own. Moderate SUSE bug 1131291 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 to version 2.24.1 fixes the following issues: Security issues fixed: - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). Important SUSE bug 1132256 CVE-2019-11070 CVE-2019-6201 CVE-2019-6251 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8506 CVE-2019-8515 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Save registry file outside share as unprivileged user (bsc#1131060). Non-security issue fixed: - Backport changes to support quotas with SMB2 (bsc#1106119). Moderate SUSE bug 1106119 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). Non-security issues fixed: - Fixed an issue where the first login failed and subsequent ones work (bsc#1126463). - Fixed winbind running out of memory with high number of domain groups (bsc#1114459). - Backport changes to support quotas with SMB2 (bsc#1106119). Moderate SUSE bug 1087481 SUSE bug 1106119 SUSE bug 1114459 SUSE bug 1126463 SUSE bug 1131060 CVE-2019-3880 cpe:/o:suse:sles-espos:12:sp2 Security update for jakarta-commons-fileupload (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution (bsc#1128963, bsc#1128829). Important SUSE bug 1128829 SUSE bug 1128963 CVE-2016-1000031 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk to version 8u212 fixes the following issues: Security issues fixed: - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: - Disable LTO (bsc#1133135). - Added Japanese new era name. Important SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1133135 CVE-2018-11212 CVE-2018-3639 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CLX-SP B1 6-55-7/bf 05000021 Xeon Scalable Gen2 - ---- updated platforms ------------------------------------ - SNB D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2 - IVB E1/L1 6-3a-9/12 00000020->00000021 Core Gen3 - HSW C0 6-3c-3/32 00000025->00000027 Core Gen4 - BDW-U/Y E0/F0 6-3d-4/c0 0000002b->0000002d Core Gen5 - IVB-E/EP C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2 - IVB-EX D1 6-3e-7/ed 00000714->00000715 Xeon E7 v2 - HSX-E/EP Cx/M1 6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000013->00000014 Xeon E7 v3 - HSW-U C0/D0 6-45-1/72 00000024->00000025 Core Gen4 - HSW-H C0 6-46-1/32 0000001a->0000001b Core Gen4 - BDW-H/E3 E0/G0 6-47-1/22 0000001e->00000020 Core Gen5 - SKL-U/Y D0/K1 6-4e-3/c0 000000c6->000000cc Core Gen6 - SKX-SP H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable - SKX-D M1 6-55-4/b7 0200005a->0000005e Xeon D-21xx - BDX-DE V1 6-56-2/10 00000019->0000001a Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - SKL-H/S R0/N0 6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5 - DNV B0 6-5f-1/01 00000024->0000002e Atom Processor C Series - GLK B0 6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx - AML-Y22 H0 6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile - KBL-G/H/S/E3 B0 6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000aa->000000b4 Core Gen8 - CFL-H/S P0 6-9e-c/22 000000a2->000000ae Core Gen9 Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-espos:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-6954: Fixed a vulnerability in the symlink handling of systemd-tmpfiles which allowed a local user to obtain ownership of arbitrary files (bsc#1080919). - CVE-2019-3842: Fixed a vulnerability in pam_systemd which allowed a local user to escalate privileges (bsc#1132348). - CVE-2019-6454: Fixed a denial of service caused by long dbus messages (bsc#1125352). Non-security issues fixed: - systemd-coredump: generate a stack trace of all core dumps (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - core: only watch processes when it's really necessary (bsc#955942 bsc#1128657) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - Do not automatically online memory on s390x (bsc#1127557) Important SUSE bug 1080919 SUSE bug 1121563 SUSE bug 1125352 SUSE bug 1126056 SUSE bug 1127557 SUSE bug 1128657 SUSE bug 1130230 SUSE bug 1132348 SUSE bug 1132400 SUSE bug 1132721 SUSE bug 955942 CVE-2018-6954 CVE-2019-3842 CVE-2019-6454 cpe:/o:suse:sles-espos:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for qemu fixes the following issues: Following security issues were fixed: - CVE-2019-9824: Fixed an information leak in slirp (bsc#1129622) - CVE-2018-20815: Fix DOS possibility in device tree processing (bsc#1130675) - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature 'md-clear' (bsc#1111331) Important SUSE bug 1111331 SUSE bug 1129622 SUSE bug 1130675 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-9824 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: - CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network could use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. (bnc#1096748). - CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. (bnc#1096748). - CVE-2016-8636: Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c allowed local users to cause a denial of service (memory corruption), obtain sensitive information or possibly have unspecified other impact via a write or read request involving the 'RDMA protocol over infiniband' (aka Soft RoCE) technology (bnc#1024908). - CVE-2017-18174: In the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533). - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c has multiple race conditions (bnc#1133188). - CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (bsc#1131427). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2019-9503, CVE-2019-8564: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828, bnc#1132673). The following non-security bugs were fixed: - ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - add mainline tags to four hyperv patches - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - Drivers: hv: vmbus: Define an API to retrieve virtual processor index (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the event page (bsc#1122822). - Drivers: hv: vmbus: Define APIs to manipulate the message page (bsc#1122822).++ kernel-source.spec (revision 4)Release: &lt;RELEASE>.gbd4498d - Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt controller (bsc#1122822). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (bsc#1111331). - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (bsc#1111331). - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file (bsc#1111331). - MDS: Add CVE refs - net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1129279). - net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1129279). - net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1129279). - net: ena: complete host info to match latest ENA spec (bsc#1129279). - net: ena: enable Low Latency Queues (bsc#1129279). - net: ena: explicit casting and initialization, and clearer error handling (bsc#1129279). - net: ena: fix auto casting to boolean (bsc#1129279). - net: ena: fix compilation error in xtensa architecture (bsc#1129279). - net: ena: fix crash during ena_remove() (bsc#1129279). - net: ena: fix crash during failed resume from hibernation (bsc#1129279). - net: ena: fix indentations in ena_defs for better readability (bsc#1129279). - net: ena: Fix Kconfig dependency on X86 (bsc#1129279). - net: ena: fix NULL dereference due to untimely napi initialization (bsc#1129279). - net: ena: fix race between link up and device initalization (bsc#1129279). - net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1129279). - net: ena: fix warning in rmmod caused by double iounmap (bsc#1129279). - net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1129279). - net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1129279). - net: ena: minor performance improvement (bsc#1129279). - net: ena: remove ndo_poll_controller (bsc#1129279). - net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1129279). - net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1129279). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129279). - net: ena: update driver version to 2.0.1 (bsc#1129279). - net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1129279). - PCI: hv: Add vPCI version protocol negotiation (bnc#1043485, bsc#1122822). - PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC (bnc#1034113, bsc#1122822). - PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg() (bnc#1094268, bsc#1122822). - PCI: hv: Do not sleep in compose_msi_msg() (bsc#1082632, bsc#1122822). - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (bsc#1087659, bsc#1087906, bsc#1122822). - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (bsc#1087659, bsc#1122822). - PCI: hv: Fix comment formatting and use proper integer fields (bnc#1043485, bsc#1122822). - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (bsc#1087659, bsc#1122822). - PCI: hv: Remove the bogus test in hv_eject_device_work() (bsc#1087659, bsc#1122822). - PCI: hv: Serialize the present and eject work items (bsc#1087659, bsc#1122822). - PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs (bnc#1043485, bsc#1122822). - PCI: hv: Temporary own CPU-number-to-vCPU-number infra (bnc#1043485, bsc#1122822). - PCI: hv: Use effective affinity mask (bsc#1109772, bsc#1122822). - PCI: hv: Use page allocation for hbus structure (bnc#1043485, bsc#1122822). - PCI: hv: Use vPCI protocol version 1.2 (bnc#1043485, bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - powerpc/64: Disable the speculation barrier from the command line (bsc#1068032). - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032, git-fixes). - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (bsc#1068032, bsc#1080157, git-fixes). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - s390: add explicit <linux/stringify.h> for jump label (bsc#1111331). - sched/core: Optimize SCHED_SMT (bsc#1111331). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - sched/smt: Update sched_smt_present at runtime (bsc#1111331). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - Use upstream variant of two pci-hyperv patches - vti6: flush x-netns xfrm cache when vti interface is removed (bnc#1012382 bsc#1100152). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/bugs: Add AMD's variant of SSB_NO (bsc#1111331). - x86/bugs: Rename SSBD_NO to SSB_NO (bsc#1111331). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#1111331). - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772, bsc#1122822). - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bsc#1111331). - x86/kvm/vmx: Add MDS protection when L1D Flush is not active (bsc#1111331). - x86/msr-index: Cleanup bit defines (bsc#1111331). - x86/speculation: Consolidate CPU whitelists (bsc#1111331). - x86/speculation/mds: Add basic bug infrastructure for MDS (bsc#1111331). - x86/speculation/mds: Add BUG_MSBDS_ONLY (bsc#1111331). - x86/speculation/mds: Add mds_clear_cpu_buffers() (bsc#1111331). - x86/speculation/mds: Add mds=full,nosmt cmdline option (bsc#1111331). - x86/speculation/mds: Add mitigation control for MDS (bsc#1111331). - x86/speculation/mds: Add mitigation mode VMWERV (bsc#1111331). - x86/speculation/mds: Add 'mitigations=' support for MDS (bsc#1111331). - x86/speculation/mds: Add SMT warning message (bsc#1111331). - x86/speculation/mds: Add sysfs reporting for MDS (bsc#1111331). - x86/speculation/mds: Clear CPU buffers on exit to user (bsc#1111331). - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (bsc#1111331). - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (bsc#1111331). - x86/speculation: Move arch_smt_update() call to after mitigation decisions (bsc#1111331). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Rework SMT state change (bsc#1111331). - x86/speculation: Simplify the CPU bug detection logic (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86: stop exporting msr-index.h to userland (bsc#1111331). - xfrm6: call kfree_skb when skb is toobig (bnc#1012382 bsc#1100152). - xfrm: fix missing dst_release() after policy blocking lbcast and multicast (bnc#1012382 bsc#1100152). Important SUSE bug 1012382 SUSE bug 1024908 SUSE bug 1034113 SUSE bug 1043485 SUSE bug 1068032 SUSE bug 1073311 SUSE bug 1080157 SUSE bug 1080533 SUSE bug 1082632 SUSE bug 1087231 SUSE bug 1087659 SUSE bug 1087906 SUSE bug 1093158 SUSE bug 1094268 SUSE bug 1096748 SUSE bug 1100152 SUSE bug 1103186 SUSE bug 1106913 SUSE bug 1109772 SUSE bug 1111331 SUSE bug 1112178 SUSE bug 1113399 SUSE bug 1116841 SUSE bug 1118338 SUSE bug 1119019 SUSE bug 1122822 SUSE bug 1124832 SUSE bug 1125580 SUSE bug 1129279 SUSE bug 1131416 SUSE bug 1131427 SUSE bug 1131587 SUSE bug 1132673 SUSE bug 1132828 SUSE bug 1133188 CVE-2016-8636 CVE-2017-17741 CVE-2017-18174 CVE-2018-1091 CVE-2018-1120 CVE-2018-1128 CVE-2018-1129 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-19407 CVE-2019-11091 CVE-2019-11486 CVE-2019-3882 CVE-2019-8564 CVE-2019-9503 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: ucode-intel was updated to official QSR 2019.1 microcode release (bsc#1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091) ---- new platforms ---------------------------------------- VLV C0 6-37-8/02 00000838 Atom Z series VLV C0 6-37-8/0C 00000838 Celeron N2xxx, Pentium N35xx VLV D0 6-37-9/0F 0000090c Atom E38xx CHV C0 6-4c-3/01 00000368 Atom X series CHV D0 6-4c-4/01 00000411 Atom X series Readded Broadwell CPU ucode that was missing in last update: BDX-ML B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-espos:12:sp2 Security update for openssh (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Important SUSE bug 1121571 SUSE bug 1121816 SUSE bug 1121818 SUSE bug 1121821 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles-espos:12:sp2 Security update for systemd (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - core: Queue loading transient units after setting their properties. (bsc#1115518) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - terminal-util: introduce vt_release() and vt_restore() helpers. - terminal: Unify code for resetting kbd utf8 mode a bit. - terminal Reset should honour default_utf8 kernel setting. - logind: Make session_restore_vt() static. - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - log: Never log into foreign fd #2 in PID 1 or its pre-execve() children. (bsc#1114981) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) Moderate SUSE bug 1005023 SUSE bug 1076696 SUSE bug 1101591 SUSE bug 1114981 SUSE bug 1115518 SUSE bug 1119971 SUSE bug 1120323 CVE-2018-16864 CVE-2018-16865 CVE-2018-16866 cpe:/o:suse:sles-espos:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). Important SUSE bug 1135170 CVE-2019-5436 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the XEN Hypervisor adjustments, that additionally also use CPU Microcode updates. The mitigation can be controlled via the 'mds' commandline option, see the documentation. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other fixes: - CVE-2018-20815: Fixed a heap buffer overflow while loading device tree blob (bsc#1130680). - Fixed an issue with live migration when spectre is enabled on xen boot cmdline (bsc#1116380). - Fixed an issue with live migration (bsc#1133818). - Added upstream bug fix (bsc#1027519). Important SUSE bug 1027519 SUSE bug 1111331 SUSE bug 1116380 SUSE bug 1130680 SUSE bug 1133818 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: Security issues fixed: - CVE-2019-11691: Use-after-free in XMLHttpRequest - CVE-2019-11692: Use-after-free removing listeners in the event listener manager - CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux - CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox - CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks - CVE-2019-7317: Use-after-free in png_image_free of libpng library - CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 - CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS - CVE-2019-9816: Type confusion with object groups and UnboxedObjects - CVE-2019-9817: Stealing of cross-domain images using canvas - CVE-2019-9818: Use-after-free in crash generation server - CVE-2019-9819: Compartment mismatch with fetch API - CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell Non-security issues fixed: - Font and date adjustments to accommodate the new Reiwa era in Japan - Update to Firefox ESR 60.7 (bsc#1135824) Important SUSE bug 1135824 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11694 CVE-2019-11698 CVE-2019-7317 CVE-2019-9800 CVE-2019-9815 CVE-2019-9816 CVE-2019-9817 CVE-2019-9818 CVE-2019-9819 CVE-2019-9820 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_0-openjdk fixes the following issues: Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed: - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: - Please check the package Changelog for detailed information. Moderate SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1134297 CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698 cpe:/o:suse:sles-espos:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for bind fixes the following issues: Security issues fixed: - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129). - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068) - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185) Important SUSE bug 1104129 SUSE bug 1126068 SUSE bug 1126069 SUSE bug 1133185 CVE-2018-5740 CVE-2018-5743 CVE-2018-5745 CVE-2019-6465 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes one issue. The following security issue was fixed: - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Important SUSE bug 1102682 CVE-2018-5390 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_85 fixes one issue. The following security issue was fixed: - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free) (bsc#1131390). Important SUSE bug 1131390 CVE-2018-14734 cpe:/o:suse:sles-espos:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Other security issues fixed: - CVE-2019-3886: Fixed an information leak which allowed to retrieve the guest hostname under readonly mode (bsc#1131595). - qemu: Add support for using AES secret for SCSI hotplug Important SUSE bug 1111331 SUSE bug 1131595 SUSE bug 1135273 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-3886 cpe:/o:suse:sles-espos:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847). - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 SUSE bug 1130847 CVE-2019-9636 CVE-2019-9948 cpe:/o:suse:sles-espos:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators (bsc#1122319) Important SUSE bug 1122319 CVE-2019-6116 cpe:/o:suse:sles-espos:12:sp2 Security update for vim (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for vim fixes the following issue: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c (bsc#1137443). Important SUSE bug 1137443 CVE-2019-12735 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 to version 2.22.5 fixes the following issues: Security issues fixed: - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554) - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558) Important SUSE bug 1119553 SUSE bug 1119554 SUSE bug 1119555 SUSE bug 1119556 SUSE bug 1119557 SUSE bug 1119558 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 cpe:/o:suse:sles-espos:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Moderate SUSE bug 1065237 SUSE bug 1090671 SUSE bug 1119183 SUSE bug 1121816 SUSE bug 1121821 SUSE bug 1131709 CVE-2019-6109 CVE-2019-6111 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) - CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There is an unchecked kstrdup of fwstr, which may have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) - CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) - CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) - CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) - CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1131543) - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not have ended with a '\0' character. (bnc#1134848) - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) The following non-security bugs were fixed: - cifs: keep FileInfo handle live during oplock break (bsc#1106284, bsc#1131565). - ftrace/x86_64: Emulate call function while updating in breakpoint handler (bsc#1099658). - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter (bsc#1137586). - kabi: move sysctl_tcp_min_snd_mss to preserve struct net layout (bsc#1137586). - mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (bsc#1136935). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586). - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586). - tcp: limit payload size of sacked skbs (bsc#1137586). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586). - x86_64: Add gap to int3 to allow for call emulation (bsc#1099658). - x86_64: Allow breakpoints to emulate call instructions (bsc#1099658). - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (bnc#1134596). - xen-swiotlb: use actually allocated size on check physical continuous (bnc#1134596). Important SUSE bug 1099658 SUSE bug 1106284 SUSE bug 1110785 SUSE bug 1113769 SUSE bug 1120843 SUSE bug 1120885 SUSE bug 1131543 SUSE bug 1131565 SUSE bug 1132374 SUSE bug 1132472 SUSE bug 1134537 SUSE bug 1134596 SUSE bug 1134848 SUSE bug 1135281 SUSE bug 1135603 SUSE bug 1136424 SUSE bug 1136446 SUSE bug 1136586 SUSE bug 1136935 SUSE bug 1137586 CVE-2018-17972 CVE-2018-7191 CVE-2019-11190 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-3846 CVE-2019-5489 cpe:/o:suse:sles-espos:12:sp2 Security update for dbus-1 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for dbus-1 fixes the following issue: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). Important SUSE bug 1137832 CVE-2019-12749 cpe:/o:suse:sles-espos:12:sp2 Security update for gstreamer-plugins-base (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for gstreamer-plugins-base fixes the following issue: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sles-espos:12:sp2 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-8457: Fixed a Heap out-of-bound read in rtreenode() when handling invalid rtree tables (bsc#1136976). Important SUSE bug 1136976 CVE-2019-8457 cpe:/o:suse:sles-espos:12:sp2 Security update for gstreamer-0_10-plugins-base (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for gstreamer-0_10-plugins-base fixes the following issues: Security issue fixed: - CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375). Important SUSE bug 1133375 CVE-2019-9928 cpe:/o:suse:sles-espos:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libssh2_org fixes the following issues: - Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets) Moderate SUSE bug 1128481 SUSE bug 1136570 CVE-2019-3860 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Important SUSE bug 1132728 SUSE bug 1132729 SUSE bug 1132732 SUSE bug 1132734 SUSE bug 1134718 CVE-2019-10245 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_85 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Important SUSE bug 1133191 SUSE bug 1136446 SUSE bug 1136935 SUSE bug 1137597 CVE-2019-11477 CVE-2019-11478 CVE-2019-11487 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Mozilla Firefox Firefox 60.7.2 MFSA 2019-19 (bsc#1138872) - CVE-2019-11708: Fix sandbox escape using Prompt:Open. * Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes could result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. Important SUSE bug 1138872 CVE-2019-11708 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). - CVE-2018-5390: Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Important SUSE bug 1102682 SUSE bug 1133191 CVE-2018-5390 CVE-2019-11487 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql10 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql10 to version 10.9 fixes the following issue: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing (bsc#1138034). More information at https://www.postgresql.org/docs/10/release-10-9.html Important SUSE bug 1138034 CVE-2019-10164 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker's web page, then WebRTC or gQUIC could be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace. (bnc#) - CVE-2019-10126: A flaw was found in the Linux kernel that might lead to memory corruption in the marvell mwifiex driver. (bnc#1136935) - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (bnc#1134395) - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (bnc#1133738) - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#) - CVE-2019-12818: An issue was discovered in the Linux kernel The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c. (bnc#1137194) - CVE-2019-12819: An issue was discovered in the Linux kernel The function __mdiobus_register() in drivers/net/phy/mdio_bus.c called put_device(), which would trigger a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bnc#1138291) - CVE-2019-12456 a double-fetch bug in _ctl_ioctl_main() could allow local users to create a denial of service (bsc#1136922). - CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it. (bnc#) - CVE-2019-11487: The Linux kernel allowed page-_refcount reference count to overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (bnc#1133190) The following non-security bugs were fixed: - Drop multiversion(kernel) from the KMP template (bsc#1127155). - Revert 'KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).' This reverts commit 4cc83da426b53d47f1fde9328112364eab1e9a19. - sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254). - x86/cpu: Unify CPU family, model, stepping calculation (bsc#1134701). - x86/entry/64/compat: Fix stack switching for XEN PV (bsc#1108382). - x86/microcode/AMD: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/AMD: Fix load of builtin microcode with randomized memory (bsc#1134701). - x86/microcode/AMD: Reload proper initrd start address (bsc#1134701). - x86/microcode/amd: Hand down the CPU family (bsc#1134701). - x86/microcode/amd: Move private inlines to .c and mark local functions static (bsc#1134701). - x86/microcode/intel: Drop stashed AP patch pointer optimization (bsc#1134701). - x86/microcode/intel: Fix allocation size of struct ucode_patch (bsc#1134701). - x86/microcode/intel: Fix initrd loading with CONFIG_RANDOMIZE_MEMORY=y (bsc#1134701). - x86/microcode/intel: Remove intel_lib.c (bsc#1134701). - x86/microcode/intel: Remove unused arg of get_matching_model_microcode() (bsc#1134701). - x86/microcode/intel: Rename load_microcode_early() to find_microcode_patch() (bsc#1134701). - x86/microcode/intel: Rename local variables of type struct mc_saved_data (bsc#1134701). - x86/microcode/intel: Rename mc_intel variable to mc (bsc#1134701). - x86/microcode/intel: Rename mc_saved_in_initrd (bsc#1134701). - x86/microcode/intel: Simplify generic_load_microcode() (bsc#1134701). - x86/microcode/intel: Unexport save_mc_for_early() (bsc#1134701). - x86/microcode/intel: Use correct buffer size for saving microcode data (bsc#1134701). - x86/microcode: Collect CPU info on resume (bsc#1134701). - x86/microcode: Export the microcode cache linked list (bsc#1134701). - x86/microcode: Fix loading precedence (bsc#1134701). - x86/microcode: Get rid of find_cpio_data()'s dummy offset arg (bsc#1134701). - x86/microcode: Issue the debug printk on resume only on success (bsc#1134701). - x86/microcode: Rework microcode loading (bsc#1134701). - x86/microcode: Run the AP-loading routine only on the application processors (bsc#1134701). Important SUSE bug 1096254 SUSE bug 1108382 SUSE bug 1109137 SUSE bug 1127155 SUSE bug 1133190 SUSE bug 1133738 SUSE bug 1134395 SUSE bug 1134701 SUSE bug 1136922 SUSE bug 1136935 SUSE bug 1137194 SUSE bug 1138291 SUSE bug 1140575 CVE-2018-20836 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11487 CVE-2019-11599 CVE-2019-12380 CVE-2019-12456 CVE-2019-12614 CVE-2019-12818 CVE-2019-12819 cpe:/o:suse:sles-espos:12:sp2 Security update for glib2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). Non-security issue fixed: - Added explicit requires between libglib2 and libgio2 (bsc#1140122). Important SUSE bug 1139959 SUSE bug 1140122 CVE-2019-13012 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox, mozilla-nss fixes the following issues: MozillaFirefox to version ESR 60.8: - CVE-2019-9811: Sandbox escape via installation of malicious language pack (bsc#1140868). - CVE-2019-11711: Script injection within domain through inner window reuse (bsc#1140868). - CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (bsc#1140868). - CVE-2019-11713: Use-after-free with HTTP/2 cached stream (bsc#1140868). - CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (bsc#1140868). - CVE-2019-11715: HTML parsing error can contribute to content XSS (bsc#1140868). - CVE-2019-11717: Caret character improperly escaped in origins (bsc#1140868). - CVE-2019-11719: Out-of-bounds read when importing curve25519 private key (bsc#1140868). - CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin (bsc#1140868). - CVE-2019-11709: Multiple Memory safety bugs fixed (bsc#1140868). mozilla-nss to version 3.44.1: * Added IPSEC IKE support to softoken * Many new FIPS test cases Important SUSE bug 1140868 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11719 CVE-2019-11729 CVE-2019-11730 CVE-2019-9811 cpe:/o:suse:sles-espos:12:sp2 Security update for polkit (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for polkit fixes the following issues: Security issue fixed: - CVE-2018-19788: Fixed handling of UIDs over MAX_UINT (bsc#1118277) Moderate SUSE bug 1118277 CVE-2018-19788 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Important SUSE bug 1136446 SUSE bug 1137597 SUSE bug 1140747 CVE-2019-11477 CVE-2019-11478 CVE-2019-3846 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes one issue. The following security issue was fixed: This update contains a regression fix for CVE-2019-11478 (bsc#1140747). Important SUSE bug 1140747 CVE-2019-11478 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: This update contains the Intel QSR 2019.1 Microcode release (bsc#1111331) Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the CPU Microcode adjustments for the software mitigations. For more information on this set of vulnerabilities, check out https://www.suse.com/support/kb/doc/?id=7023736 Release notes: ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X Important SUSE bug 1111331 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 cpe:/o:suse:sles-espos:12:sp2 Security update for bzip2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). Important SUSE bug 1139083 SUSE bug 985657 CVE-2016-3189 CVE-2019-12900 cpe:/o:suse:sles-espos:12:sp2 Security update for glibc (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Moderate SUSE bug 1127223 SUSE bug 1127308 SUSE bug 1128574 CVE-2009-5155 CVE-2019-9169 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) - CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) - CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS). (XSA-280) (bsc#1115047) - CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). - CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) Other bugs fixed: - Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) - Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) - Fixed an issue with live migrations, which used to fail when spectre is enabled on xen boot cmdline (bsc#1116380) - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1105528 SUSE bug 1108940 SUSE bug 1114423 SUSE bug 1115040 SUSE bug 1115045 SUSE bug 1115047 SUSE bug 1116380 SUSE bug 1117756 CVE-2018-18849 CVE-2018-19665 CVE-2018-19961 CVE-2018-19962 CVE-2018-19965 CVE-2018-19966 cpe:/o:suse:sles-espos:12:sp2 Security update for bzip2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). Important SUSE bug 1139083 CVE-2019-12900 cpe:/o:suse:sles-espos:12:sp2 Security update for polkit (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Important SUSE bug 1121826 CVE-2019-6133 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation (bsc#1141784). - CVE-2019-2762: Exceptional throw cases (bsc#1141782). - CVE-2019-2766: Improve file protocol handling (bsc#1141789). - CVE-2019-2769: Better copies of CopiesList (bsc#1141783). - CVE-2019-2786: More limited privilege usage (bsc#1141787). - CVE-2019-2816: Normalize normalization (bsc#1141785). - CVE-2019-2842: Extended AES support (bsc#1141786). - CVE-2019-7317: Improve PNG support (bsc#1141780). - Certificate validation improvements Non-security issue fixed: - Fixed an issue where the installation failed when the manpages are not present (bsc#1115375) Important SUSE bug 1115375 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141784 SUSE bug 1141785 SUSE bug 1141786 SUSE bug 1141787 SUSE bug 1141789 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-7317 cpe:/o:suse:sles-espos:12:sp2 Security update for mariadb (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mariadb fixes the following issues: Update to MariaDB 10.0.38 GA (bsc#1136037). Security issues fixed: - CVE-2019-2537: Denial of service via multiple protocols (bsc#1136037) - CVE-2019-2529: Denial of service via multiple protocols (bsc#1136037) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: - Removed PerconaFT from the package as it has AGPL licence (bsc#1118754). - Do not just remove tokudb plugin but don't build it at all (missing jemalloc dependency). - Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). - Removed 'umask 077' from mysql-systemd-helper that caused new datadirs created with wrong permissions (bsc#1132666). Release notes and changelog: - https://kb.askmonty.org/en/mariadb-10038-release-notes - https://kb.askmonty.org/en/mariadb-10038-changelog - https://kb.askmonty.org/en/mariadb-10037-release-notes - https://kb.askmonty.org/en/mariadb-10037-changelog - https://kb.askmonty.org/en/mariadb-10036-release-notes - https://kb.askmonty.org/en/mariadb-10036-changelog Important SUSE bug 1013882 SUSE bug 1101676 SUSE bug 1101677 SUSE bug 1101678 SUSE bug 1103342 SUSE bug 1112368 SUSE bug 1112397 SUSE bug 1112417 SUSE bug 1112421 SUSE bug 1112432 SUSE bug 1116686 SUSE bug 1118754 SUSE bug 1132666 SUSE bug 1136037 CVE-2016-9843 CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3143 CVE-2018-3156 CVE-2018-3174 CVE-2018-3251 CVE-2018-3282 CVE-2019-2529 CVE-2019-2537 cpe:/o:suse:sles-espos:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847). - CVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663). Important SUSE bug 1109663 SUSE bug 1109847 SUSE bug 1138459 CVE-2018-1000802 CVE-2018-14647 CVE-2019-10160 cpe:/o:suse:sles-espos:12:sp2 Security update for evince (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for evince fixes the following issues: Security issues fixed: - CVE-2019-11459: Fixed an improper error handling in which could have led to use of uninitialized use of memory (bsc#1133037). - CVE-2019-1010006: Fixed a buffer overflow in backend/tiff/tiff-document.c (bsc#1141619). Important SUSE bug 1133037 SUSE bug 1141619 CVE-2019-1010006 CVE-2019-11459 cpe:/o:suse:sles-espos:12:sp2 Security update for squid (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for squid fixes the following issues: Security issue fixed: - CVE-2019-12529: Fixed a potential denial of service associated with HTTP Basic Authentication credentials (bsc#1141329). - CVE-2019-12525: Fixed a denial of service during processing of HTTP Digest Authentication credentials (bsc#1141332). - CVE-2019-13345: Fixed a cross site scripting vulnerability via user_name or auth parameter in cachemgr.cgi (bsc#1140738). Moderate SUSE bug 1140738 SUSE bug 1141329 SUSE bug 1141332 CVE-2019-12525 CVE-2019-12529 CVE-2019-13345 cpe:/o:suse:sles-espos:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Important SUSE bug 1138459 SUSE bug 1141853 CVE-2018-20852 CVE-2019-10160 cpe:/o:suse:sles-espos:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd (bsc#1138301). - CVE-2019-10167: Fixed an issue with virConnectGetDomainCapabilities API which could have been used to execute arbitrary emulators (bsc#1138303). Non-security issue fixed: - qemu: Add support for overriding max threads per process limit (bsc#1133719) Important SUSE bug 1133719 SUSE bug 1138301 SUSE bug 1138303 CVE-2019-10161 CVE-2019-10167 cpe:/o:suse:sles-espos:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input (bsc#1143794). - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources (bsc#1135902). - CVE-2019-13164: Security fix for qemu-bridge-helper ACL can be bypassed when names are too long (bsc#1140402). Important SUSE bug 1135902 SUSE bug 1140402 SUSE bug 1143794 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql94 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner (bsc#1145092). Important SUSE bug 1145092 CVE-2019-10208 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_117 fixes one issue. The following security issue was fixed: - CVE-2018-5390: Fixed expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could have led to a denial of service (bsc#1102682). Important SUSE bug 1102682 CVE-2018-5390 cpe:/o:suse:sles-espos:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for perl fixes the following issues: Security issue fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). Important SUSE bug 1114674 CVE-2018-18311 cpe:/o:suse:sles-espos:12:sp2 Security update for libsolv, libzypp, zypper (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libsolv, libzypp and zypper fixes the following issues: libsolv was updated to version 0.6.36 and fixes the following issues: Security issues fixed: - CVE-2018-20532: Fixed a NULL pointer dereference in testcase_read() (bsc#1120629). - CVE-2018-20533: Fixed a NULL pointer dereference in testcase_str2dep_complex() (bsc#1120630). - CVE-2018-20534: Fixed a NULL pointer dereference in pool_whatprovides() (bsc#1120631). Non-security issues fixed: - Made cleandeps jobs on patterns work (bsc#1137977). - Fixed an issue multiversion packages that obsolete their own name (bsc#1127155). - Keep consistent package name if there are multiple alternatives (bsc#1131823). Fixes for libzypp: - Fixes a bug where locking the kernel was not possible (bsc#1113296) - Fixes a file descriptor leak (bsc#1116995) - Will now run file conflict check on dry-run (best with download-only) (bsc#1140039) Fixes for zypper: - Fixes a bug where the wrong exit code was set when refreshing repos if --root was used (bsc#1134226) - Improved the displaying of locks (bsc#1112911) - Fixes an issue where `https` repository urls caused an error prompt to appear twice (bsc#1110542) - zypper will now always warn when no repositories are defined (bsc#1109893) - Fixes bash completion option detection (bsc#1049825) Moderate SUSE bug 1049825 SUSE bug 1109893 SUSE bug 1110542 SUSE bug 1111319 SUSE bug 1112911 SUSE bug 1113296 SUSE bug 1116995 SUSE bug 1120629 SUSE bug 1120630 SUSE bug 1120631 SUSE bug 1127155 SUSE bug 1131823 SUSE bug 1134226 SUSE bug 1137977 SUSE bug 1140039 SUSE bug 1145521 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') could have caused a system lock up and a denial of service (bnc#1123161). - CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922). - CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920). - CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). - CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). - CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). - CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). - CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). - CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857). - CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048). - CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). - CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). The following non-security bugs were fixed: - bcache: add reclaimed_journal_buckets to struct cache_set (bsc#1140652, bsc#1144288). - bcache: fix race in btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: fix stack corruption by PRECEDING_KEY() (bsc#1130972, bsc#1144257). - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached (bsc#1130972, bsc#1144273). - bcache: performance improvement for btree_flush_write() (bsc#1140652, bsc#1144288). - bcache: remove retry_flush_write from struct cache_set (bsc#1140652, bsc#1144288). - btrfs: improve delayed refs iterations (bsc#1076033, bsc#1107256). - i40e: add functions to control default VSI (bsc#1141628). - i40e: set default VSI without a reset (bsc#1141628). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1142098). - nfs: Fix the inode request accounting when pages have subrequests (bsc#1140012). - powerpc/watchpoint: Restore NV GPRs while returning from exception (bsc#1140945,bsc#1141401,bsc#1141402,bsc#1141452,bsc#1141453,bsc#1141454). - qib/hfi1: Fix MR reference count leak on write with immediate (bsc#1045640). - sched/fair: Do not free p->numa_faults with concurrent readers (bsc#1144920). - sched/fair: Use RCU accessors consistently for ->numa_group (bsc#1144920). - x86, mm: fix fast GUP with hyper-based TLB flushing (VM Functionality, bsc#1140903). - xen: let alloc_xenballooned_pages() fail if not enough memory free (XSA-300). Important SUSE bug 1045640 SUSE bug 1076033 SUSE bug 1107256 SUSE bug 1123161 SUSE bug 1130972 SUSE bug 1134399 SUSE bug 1139358 SUSE bug 1140012 SUSE bug 1140652 SUSE bug 1140903 SUSE bug 1140945 SUSE bug 1141401 SUSE bug 1141402 SUSE bug 1141452 SUSE bug 1141453 SUSE bug 1141454 SUSE bug 1141628 SUSE bug 1142023 SUSE bug 1142098 SUSE bug 1142857 SUSE bug 1143045 SUSE bug 1143048 SUSE bug 1143189 SUSE bug 1143191 SUSE bug 1144257 SUSE bug 1144273 SUSE bug 1144288 SUSE bug 1144920 SUSE bug 1145920 SUSE bug 1145922 SUSE bug 1146163 CVE-2017-18551 CVE-2018-20855 CVE-2018-20856 CVE-2019-10207 CVE-2019-1125 CVE-2019-11810 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 CVE-2019-15117 CVE-2019-15118 CVE-2019-3819 cpe:/o:suse:sles-espos:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for spice fixes the following issues: Security issue fixed: - CVE-2019-3813: Fixed a out-of-bounds read in the memslot_get_virt function that could lead to denial-of-service or code-execution (bsc#1122706). Important SUSE bug 1122706 CVE-2019-3813 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 50. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). Important SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141789 SUSE bug 1147021 CVE-2019-11771 CVE-2019-11775 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles-espos:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). Important SUSE bug 1149496 CVE-2019-5482 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 fixes the following issues: Updated to version 2.24.4 (bsc#1148931). Security issues fixed: - CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690 Non-security issues fixed: - Improved loading of multimedia streams to avoid memory exhaustion due to excessive caching. - Updated the user agent string to make happy certain websites which would claim that the browser being used was unsupported. Important SUSE bug 1135715 SUSE bug 1148931 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 40. Security issues fixed: - CVE-2019-11771: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11772: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-11775: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-4473: IBM Security Update July 2019 (bsc#1147021) - CVE-2019-7317: Fixed issue inside Component AWT (libpng)(bsc#1141780). - CVE-2019-2769: Fixed issue inside Component Utilities (bsc#1141783). - CVE-2019-2762: Fixed issue inside Component Utilities (bsc#1141782). - CVE-2019-2816: Fixed issue inside Component Networking (bsc#1141785). - CVE-2019-2766: Fixed issue inside Component Networking (bsc#1141789). - CVE-2019-2786: Fixed issue inside Component Security (bsc#1141787). Important SUSE bug 1122292 SUSE bug 1122299 SUSE bug 1141780 SUSE bug 1141782 SUSE bug 1141783 SUSE bug 1141785 SUSE bug 1141787 SUSE bug 1141789 SUSE bug 1147021 CVE-2018-11212 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-4473 CVE-2019-7317 cpe:/o:suse:sles-espos:12:sp2 Security update for ibus (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ibus fixes the following issues: Security issue fixed: - CVE-2019-14822: Fixed a misconfiguration of the DBus server that allowed an unprivileged user to monitor and send method calls to the ibus bus of another user. (bsc#1150011) Important SUSE bug 1150011 CVE-2019-14822 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: OpenSSL Security Advisory [10 September 2019] - CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance (bsc#1150003). - CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250). Moderate SUSE bug 1150003 SUSE bug 1150250 CVE-2019-1547 CVE-2019-1563 cpe:/o:suse:sles-espos:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) - CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644) Important SUSE bug 1120644 SUSE bug 1122191 CVE-2018-20406 CVE-2019-5010 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox to ESR 60.9 fixes the following issues: Security issues fixed: - CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. (bsc#1149303) - CVE-2019-11746: Fixed a use-after-free while manipulating video. (bsc#1149297) - CVE-2019-11744: Fixed an XSS caused by breaking out of title and textarea elements using innerHTML. (bsc#1149304) - CVE-2019-11753: Fixed a privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (bsc#1149295) - CVE-2019-11752: Fixed a use-after-free while extracting a key value in IndexedDB. (bsc#1149296) - CVE-2019-11743: Fixed a timing side-channel attack on cross-origin information, utilizing unload event attributes. (bsc#1149298) - CVE-2019-11740: Fixed several memory safety bugs. (bsc#1149299) Important SUSE bug 1149294 SUSE bug 1149295 SUSE bug 1149296 SUSE bug 1149297 SUSE bug 1149298 SUSE bug 1149299 SUSE bug 1149303 SUSE bug 1149304 SUSE bug 1149324 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-11753 CVE-2019-9812 cpe:/o:suse:sles-espos:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for dovecot22 fixes the following issues: - CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers (bsc#1145559). Important SUSE bug 1145559 CVE-2019-11500 cpe:/o:suse:sles-espos:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ghostscript to 9.27 fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. (bsc#1129180) - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators. (bsc#1134156) - CVE-2019-12973: Fixed a denial-of-service vulnerability in the OpenJPEG function opj_t1_encode_cblks. (bsc#1140359) - CVE-2019-14811: Fixed a safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator. (bsc#1146882) - CVE-2019-14812: Fixed a safer mode bypass by .forceput exposure in setuserparams. (bsc#1146882) - CVE-2019-14813: Fixed a safer mode bypass by .forceput exposure in setsystemparams. (bsc#1146882) - CVE-2019-14817: Fixed a safer mode bypass by .forceput exposure in .pdfexectoken and other procedures. (bsc#1146884) Important SUSE bug 1129180 SUSE bug 1131863 SUSE bug 1134156 SUSE bug 1140359 SUSE bug 1146882 SUSE bug 1146884 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-3835 CVE-2019-3839 cpe:/o:suse:sles-espos:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). Important SUSE bug 1123371 SUSE bug 1123377 SUSE bug 1123378 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 cpe:/o:suse:sles-espos:12:sp2 Security update for libgcrypt (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987) Moderate SUSE bug 1148987 CVE-2019-13627 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_95 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_98 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). - CVE-2018-5390: Fixed a denial of service ('SegmentSmack') in tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet (bsc#1102682). Important SUSE bug 1102682 SUSE bug 1151021 CVE-2018-5390 CVE-2019-14835 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_117 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_104 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_101 fixes one issue. The following security issue was fixed: - CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). Important SUSE bug 1151021 CVE-2019-14835 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: Updated to new ESR version 68.1 (bsc#1149323). In addition to the already fixed vulnerabilities released in previous ESR updates, the following were also fixed: CVE-2019-11751, CVE-2019-11736, CVE-2019-9812, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735. Several run-time issues were also resolved (bsc#1117473, bsc#1124525, bsc#1133810). The version displayed in Help > About is now correct (bsc#1087200). Important SUSE bug 1087200 SUSE bug 1109465 SUSE bug 1117473 SUSE bug 1123482 SUSE bug 1124525 SUSE bug 1133810 SUSE bug 1140868 SUSE bug 1145665 SUSE bug 1149323 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-9811 CVE-2019-9812 cpe:/o:suse:sles-espos:12:sp2 Security update for binutils (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for binutils fixes the following issues: binutils was updated to current 2.32 branch @7b468db3 [jsc#ECO-368]: Includes the following security fixes: - CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412) - CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413) - CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414) - CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827) - CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996) - CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535) - CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534) - CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255) - CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252) - CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247) - CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831) - CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830) - CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035) - CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034) - CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056) - CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640) - CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772) - Enable xtensa architecture (Tensilica lc6 and related) - Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913). - Fixed some LTO problems (bsc#1133131 bsc#1133232). - riscv: Don't check ABI flags if no code section Update to binutils 2.32: * The binutils now support for the C-SKY processor series. * The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes. * The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE. * The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary. * Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function. * The BFD linker will now report property change in linker map file when merging GNU properties. * The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report. * The GOLD linker has improved warning messages for relocations that refer to discarded sections. - Improve relro support on s390 [fate#326356] - Handle ELF compressed header alignment correctly. Moderate SUSE bug 1109412 SUSE bug 1109413 SUSE bug 1109414 SUSE bug 1111996 SUSE bug 1112534 SUSE bug 1112535 SUSE bug 1113247 SUSE bug 1113252 SUSE bug 1113255 SUSE bug 1116827 SUSE bug 1118830 SUSE bug 1118831 SUSE bug 1120640 SUSE bug 1121034 SUSE bug 1121035 SUSE bug 1121056 SUSE bug 1133131 SUSE bug 1133232 SUSE bug 1141913 SUSE bug 1142772 CVE-2018-1000876 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2019-1010180 cpe:/o:suse:sles-espos:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers (bsc#1153674). Important SUSE bug 1153674 CVE-2019-14287 cpe:/o:suse:sles-espos:12:sp2 Security update for libpcap (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libpcap fixes the following issues: - CVE-2019-15165: Added sanity checks for PHB header length before allocating memory (bsc#1153332). - CVE-2018-16301: Fixed a buffer overflow (bsc#1153332). Important SUSE bug 1153332 CVE-2018-16301 CVE-2019-15165 cpe:/o:suse:sles-espos:12:sp2 Security update for nfs-utils (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for nfs-utils fixes the following issues: - CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733) Moderate SUSE bug 1150733 CVE-2019-3689 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813). - CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874). - CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797). Important SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1143797 SUSE bug 1146874 SUSE bug 1149813 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). - CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Important SUSE bug 1144903 SUSE bug 1153108 SUSE bug 1153158 SUSE bug 1153161 CVE-2019-10220 CVE-2019-17133 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR (bsc#1154738). Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429). - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738). - CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738). - CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738). - CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738). - CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738). - CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738). - CVE-2019-11763: Fixed an XSS bypass (bsc#1154738). - CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738). Non-security issues fixed: - Firefox 60.7 ESR changed the user interface language (bsc#1137990). - Wrong Firefox GUI Language (bsc#1120374). - Fixed an inadvertent crash report transmission without user opt-in (bsc#1074235). - Firefox hangs randomly when browsing and scrolling (bsc#1043008). - Firefox stops loading page until mouse is moved (bsc#1025108). Important SUSE bug 1010399 SUSE bug 1010405 SUSE bug 1010406 SUSE bug 1010408 SUSE bug 1010409 SUSE bug 1010421 SUSE bug 1010423 SUSE bug 1010424 SUSE bug 1010425 SUSE bug 1010426 SUSE bug 1025108 SUSE bug 1043008 SUSE bug 1047281 SUSE bug 1074235 SUSE bug 1092611 SUSE bug 1120374 SUSE bug 1137990 SUSE bug 1149429 SUSE bug 1154738 SUSE bug 959933 SUSE bug 983922 CVE-2016-2830 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-7789 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issues: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Important SUSE bug 1144902 CVE-2019-10218 cpe:/o:suse:sles-espos:12:sp2 Security update for gdb (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for gdb fixes the following issues: Update to gdb 8.3.1: (jsc#ECO-368) Security issues fixed: - CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772) Upgrade libipt from v2.0 to v2.0.1. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Add %build test to check for 'zypper install <rpm-packagename>' message - Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python. Rebase to 8.3 release (as in fedora 30 @ 1e222a3). * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile. * Terminal styling is now available for the CLI and the TUI. * Removed support for old demangling styles arm, edg, gnu, hp and lucid. * Support for new native configuration RISC-V GNU/Linux (riscv*-*-linux*). - Implemented access to more POWER8 registers. [fate#326120, fate#325178] - Add gdb-s390-handle-arch13.diff to handle most new s390 arch13 instructions. [fate#327369, jsc#ECO-368] Moderate SUSE bug 1115034 SUSE bug 1142772 SUSE bug 1145692 CVE-2019-1010180 cpe:/o:suse:sles-espos:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). Moderate SUSE bug 1154862 CVE-2019-17498 cpe:/o:suse:sles-espos:12:sp2 Security update for libseccomp (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libseccomp fixes the following issues: Update to new upstream release 2.4.1: * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. Updated to 2.4.0 (bsc#1128828 CVE-2019-9893): * Update the syscall table for Linux v5.0-rc5 * Added support for the SCMP_ACT_KILL_PROCESS action * Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute * Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension * Added support for the parisc and parisc64 architectures * Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) * Return -EDOM on an endian mismatch when adding an architecture to a filter * Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() * Fix PFC generation when a syscall is prioritized, but no rule exists * Numerous fixes to the seccomp-bpf filter generation code * Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 * Numerous tests added to the included test suite, coverage now at ~92% * Update our Travis CI configuration to use Ubuntu 16.04 * Numerous documentation fixes and updates Update to release 2.3.3: * Updated the syscall table for Linux v4.15-rc7 Update to release 2.3.2: * Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the '--enable-code-coverage' configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes - ignore make check error for ppc64/ppc64le, bypass bsc#1142614 Moderate SUSE bug 1082318 SUSE bug 1128828 SUSE bug 1142614 CVE-2019-9893 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: - Updated to 20191112 security release (bsc#1155988) - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old->New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL-U D0 6-66-3/80 0000002a Core Gen8 Mobile - SKX-SP B1 6-55-3/97 01000150 Xeon Scalable - ICL U/Y D1 6-7e-5/80 00000046 Core Gen10 Mobile - ---- updated platforms ------------------------------------ - SKL U/Y D0 6-4e-3/c0 000000cc->000000d4 Core Gen6 Mobile - SKL H/S/E3 R0/N0 6-5e-3/36 000000cc->000000d4 Core Gen6 - AML-Y22 H0 6-8e-9/10 000000b4->000000c6 Core Gen8 Mobile - KBL-U/Y H0 6-8e-9/c0 000000b4->000000c6 Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 000000b4->000000c6 Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000b8->000000c6 Core Gen8 Mobile - AML-Y V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - CML-U42 V0 6-8e-c/94 000000b8->000000c6 Core Gen10 Mobile - WHL-U V0 6-8e-c/94 000000b8->000000c6 Core Gen8 Mobile - KBL-G/X H0 6-9e-9/2a 000000b4->000000c6 Core Gen7/Gen8 - KBL-H/S/E3 B0 6-9e-9/2a 000000b4->000000c6 Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 000000b4->000000c6 Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 000000b4->000000c6 Core Gen8 - CFL-H R0 6-9e-d/22 000000b8->000000c6 Core Gen9 Mobile - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) - requires coreutils for the %post script (bsc#1154043) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1154043 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles-espos:12:sp2 Security update for libjpeg-turbo (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libjpeg-turbo fixes the following issues: - CVE-2019-2201: Several integer overflow issues and subsequent segfaults occurred in libjpeg-turbo, when attempting to compress or decompress gigapixel images. [bsc#1156402] Important SUSE bug 1156402 CVE-2019-2201 cpe:/o:suse:sles-espos:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ghostscript fixes the following issue: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code (bsc#1156275). Important SUSE bug 1156275 CVE-2019-14869 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described 'Microarchitectural Data Sampling' attack. The Linux kernel was supplemented with the option to disable TSX operation altogether (requiring CPU Microcode updates on older systems) and better flushing of microarchitectural buffers (VERW). The set of options available is described in our TID at https://www.suse.com/support/kb/doc/?id=7024251 - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903). - CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). - CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID IE, leading to a Buffer Overflow (bsc#1153158). - CVE-2019-16232: Fix a potential NULL pointer dereference in the Marwell libertas driver (bsc#1150465). - CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150452). - CVE-2019-17055: The AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bnc#1152782). - CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). - CVE-2019-16413: The 9p filesystem did not protect i_size_write() properly, which caused an i_size_read() infinite loop and denial of service on SMP systems (bnc#1151347). - CVE-2019-15902: A backporting issue was discovered that re-introduced the Spectre vulnerability it had aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376). - CVE-2019-15291: Fixed a NULL pointer dereference issue that could be caused by a malicious USB device (bnc#1146519). - CVE-2019-15807: Fixed a memory leak in the SCSI module that could be abused to cause denial of service (bnc#1148938). - CVE-2019-13272: Fixed a mishandled the recording of the credentials of a process that wants to create a ptrace relationship, which allowed local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). (bnc#1140671). - CVE-2019-14821: An out-of-bounds access issue was fixed in the kernel's kvm hypervisor. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350). - CVE-2019-15505: An out-of-bounds issue had been fixed that could be caused by crafted USB device traffic (bnc#1147122). - CVE-2017-18595: A double free in allocate_trace_buffer was fixed (bnc#1149555). - CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost functionality that translates virtqueue buffers to IOVs. A privileged guest user able to pass descriptors with invalid length to the host could use this flaw to increase their privileges on the host (bnc#1150112). - CVE-2019-15216: A NULL pointer dereference was fixed that could be malicious USB device (bnc#1146361). - CVE-2019-15924: A a NULL pointer dereference has been fixed in the drivers/net/ethernet/intel/fm10k module (bnc#1149612). - CVE-2019-9456: An out-of-bounds write in the USB monitor driver has been fixed. This issue could lead to local escalation of privilege with System execution privileges needed. (bnc#1150025). - CVE-2019-15926: An out-of-bounds access was fixed in the drivers/net/wireless/ath/ath6kl module. (bnc#1149527). - CVE-2019-15927: An out-of-bounds access was fixed in the sound/usb/mixer module (bnc#1149522). - CVE-2019-15666: There was an out-of-bounds array access in the net/xfrm module that could cause denial of service (bnc#1148394). - CVE-2019-15219: A NULL pointer dereference was fixed that could be abused by a malicious USB device (bnc#1146519 1146524). - CVE-2019-15220: A use-after-free issue was fixed that could be caused by a malicious USB device (bnc#1146519 1146526). - CVE-2019-15221: A NULL pointer dereference was fixed that could be caused by a malicious USB device (bnc#1146519 1146529). - CVE-2019-14814: A heap-based buffer overflow was fixed in the marvell wifi chip driver. That issue allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512). - CVE-2019-14815: A missing length check while parsing WMM IEs was fixed (bsc#1146512, bsc#1146514, bsc#1146516). - CVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip driver was fixed. Local users would have abused this issue to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516). - CVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific socket option, an attacker could control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477) - CVE-2019-9506: The Bluetooth BR/EDR specification used to permit sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865). - CVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath was fixed (bnc#1146378). - CVE-2019-15290: A NULL pointer dereference in ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378). - CVE-2019-15212: A double-free issue was fixed in drivers/usb driver (bnc#1146391). - CVE-2016-10906: A use-after-free issue was fixed in drivers/net/ethernet/arc (bnc#1146584). - CVE-2019-15211: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/v4l2-core driver (bnc#1146519). - CVE-2019-15217: A a NULL pointer dereference issue caused by a malicious USB device was fixed in the drivers/media/usb/zr364xx driver (bnc#1146519). - CVE-2019-15214: An a use-after-free issue in the sound subsystem was fixed (bnc#1146519). - CVE-2019-15218: A NULL pointer dereference caused by a malicious USB device was fixed in the drivers/media/usb/siano driver (bnc#1146413). - CVE-2019-15215: A use-after-free issue caused by a malicious USB device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425). - CVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver (bnc#1146285). - CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966) - CVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967) - CVE-2019-16231: The fjes driver did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bnc#1150466) - CVE-2019-18805: Fix signed integer overflow in tcp_ack_update_rtt() that could have lead to a denial of service or possibly unspecified other impact (bsc#1156187) - CVE-2019-18680: A NULL pointer dereference in rds_tcp_kill_sock() could cause denial of service (bnc#1155898) The following non-security bugs were fixed: - cpu/speculation: Uninline and export CPU mitigations helpers (bnc#1117665). - documentation: Add ITLB_MULTIHIT documentation (bnc#1117665). - ib/core: Add mitigation for Spectre V1 (bsc#1155671) - ib/core: array_index_nospec: Sanitize speculative array (bsc#1155671) - ipv6: Update ipv6 defrag code (add bsc#1141054). - ksm: cleanup stable_node chain collapse case (bnc#1144338). - ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338). - ksm: introduce ksm_max_page_sharing per page deduplication limit (bnc#1144338). - ksm: optimize refile of stable_node_dup at the head of the chain (bnc#1144338). - ksm: swap the two output parameters of chain/chain_prune (bnc#1144338). - kvm kABI Fix for NX patches (bsc#1117665). - kvm: Convert kvm_lock to a mutex (bsc#1117665). - kvm: MMU: drop vcpu param in gpte_access (bsc#1117665). - kvm: MMU: introduce kvm_mmu_gfn_{allow,disallow}_lpage (bsc#1117665). - kvm: MMU: rename has_wrprotected_page to mmu_gfn_lpage_is_disallowed (bsc#1117665). - kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (bsc#1117665). - kvm: x86, powerpc: do not allow clearing largepages debugfs entry (bsc#1117665). - kvm: x86: Do not release the page inside mmu_set_spte() (bsc#1117665). - kvm: x86: MMU: Consolidate quickly_check_mmio_pf() and is_mmio_page_fault() (bsc#1117665). - kvm: x86: MMU: Encapsulate the type of rmap-chain head in a new struct (bsc#1117665). - kvm: x86: MMU: Move handle_mmio_page_fault() call to kvm_mmu_page_fault() (bsc#1117665). - kvm: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (bsc#1117665). - kvm: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (bsc#1117665). - kvm: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() (bsc#1117665). - kvm: x86: MMU: always set accessed bit in shadow PTEs (bsc#1117665). - kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (bsc#1117665). - kvm: x86: adjust kvm_mmu_page member to save 8 bytes (bsc#1117665). - kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (bsc#1117665). - kvm: x86: extend usage of RET_MMIO_PF_* constants (bsc#1117665). - kvm: x86: make FNAME(fetch) and __direct_map more similar (bsc#1117665). - kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT (bnc#1117665). - kvm: x86: remove now unneeded hugepage gfn adjustment (bsc#1117665). - kvm: x86: simplify ept_misconfig (bsc#1117665). - media: smsusb: better handle optional alignment (bsc#1146413). - mm: use upstream patch for bsc#1106913 - scsi: scsi_transport_fc: Drop double list_del() (bsc#1084878) - x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1068032, bsc#1092497). - x86/cpu: Add Atom Tremont (Jacobsville) (bsc#1117665). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bsc#1150223). - x86/mitigations: Backport the STIBP pile See bsc#1139550 - xen-blkfront: avoid ENOMEM in blkif_recover after migration (bsc#1149849). Important SUSE bug 1068032 SUSE bug 1084878 SUSE bug 1092497 SUSE bug 1106913 SUSE bug 1117665 SUSE bug 1135966 SUSE bug 1135967 SUSE bug 1137865 SUSE bug 1139550 SUSE bug 1140671 SUSE bug 1141054 SUSE bug 1144338 SUSE bug 1144903 SUSE bug 1145477 SUSE bug 1146285 SUSE bug 1146361 SUSE bug 1146378 SUSE bug 1146391 SUSE bug 1146413 SUSE bug 1146425 SUSE bug 1146512 SUSE bug 1146514 SUSE bug 1146516 SUSE bug 1146519 SUSE bug 1146584 SUSE bug 1147122 SUSE bug 1148394 SUSE bug 1148938 SUSE bug 1149376 SUSE bug 1149522 SUSE bug 1149527 SUSE bug 1149555 SUSE bug 1149612 SUSE bug 1149849 SUSE bug 1150025 SUSE bug 1150112 SUSE bug 1150223 SUSE bug 1150452 SUSE bug 1150457 SUSE bug 1150465 SUSE bug 1150466 SUSE bug 1151347 SUSE bug 1151350 SUSE bug 1152685 SUSE bug 1152782 SUSE bug 1152788 SUSE bug 1153158 SUSE bug 1154372 SUSE bug 1155671 SUSE bug 1155898 SUSE bug 1156187 CVE-2016-10906 CVE-2017-18509 CVE-2017-18595 CVE-2018-12207 CVE-2018-20976 CVE-2019-0154 CVE-2019-0155 CVE-2019-10220 CVE-2019-11135 CVE-2019-13272 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15098 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15290 CVE-2019-15291 CVE-2019-15505 CVE-2019-15666 CVE-2019-15807 CVE-2019-15902 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16413 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18680 CVE-2019-18805 CVE-2019-9456 CVE-2019-9506 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: - Updated to 20191112 official security release (bsc#1155988) - Includes security fixes for: - CVE-2019-11135: Added feature allowing to disable TSX RTM (bsc#1139073) - CVE-2019-11139: A CPU microcode only fix for Voltage modulation issues (bsc#1141035) Important SUSE bug 1139073 SUSE bug 1141035 SUSE bug 1155988 CVE-2019-11135 CVE-2019-11139 cpe:/o:suse:sles-espos:12:sp2 Security update for sqlite3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for sqlite3 fixes the following issues: - CVE-2017-2518: Fixed a use-after-free vulnerability which could have led to buffer overflow via a crafted SQL statement (bsc#1155787). Important SUSE bug 1155787 CVE-2017-2518 cpe:/o:suse:sles-espos:12:sp2 Security update for cups (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). Important SUSE bug 1146358 SUSE bug 1146359 CVE-2019-8675 CVE-2019-8696 cpe:/o:suse:sles-espos:12:sp2 Security update for clamav (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for clamav fixes the following issues: Security issue fixed: - CVE-2019-12625: Fixed a ZIP bomb issue by adding detection and heuristics for zips with overlapping files (bsc#1144504). - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1149458). Non-security issues fixed: - Added the --max-scantime clamscan option and MaxScanTime clamd configuration option (bsc#1144504). - Increased the startup timeout of clamd to 5 minutes to cater for the grown virus database as a workaround until clamd has learned to talk to systemd to extend the timeout as long as needed (bsc#1151839). Moderate SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1151839 CVE-2019-12625 CVE-2019-12900 cpe:/o:suse:sles-espos:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mailman fixes the following issues: - CVE-2019-3693: Fixed a local privilege escalation from wwwrun to root (bsc#1154328). Important SUSE bug 1154328 CVE-2019-3693 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_0-openjdk fixes the following issues: Security issues fixed (October 2019 CPU bsc#1154212): - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Important SUSE bug 1152856 SUSE bug 1154212 CVE-2019-2894 CVE-2019-2933 CVE-2019-2945 CVE-2019-2949 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles-espos:12:sp2 Security update for LibVNCServer (Critical) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) Critical SUSE bug 1123823 SUSE bug 1123828 SUSE bug 1123832 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 cpe:/o:suse:sles-espos:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for clamav fixes the following issues: - CVE-2019-15961: Fixed a denial of service which might occur when scanning a specially crafted email file as (bsc#1157763). Important SUSE bug 1157763 CVE-2019-15961 cpe:/o:suse:sles-espos:12:sp2 Security update for permissions (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused segmentation fault (bsc#1157198). Moderate SUSE bug 1093414 SUSE bug 1150734 SUSE bug 1157198 CVE-2019-3688 CVE-2019-3690 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 SUSE bug 1157770 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331). - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1156331 SUSE bug 1157770 CVE-2018-20856 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). The following bugs were fixed: - Fixed boot up hang revealed by int3 self test (bsc#1157770). Important SUSE bug 1153108 SUSE bug 1156321 SUSE bug 1157770 CVE-2019-10220 CVE-2019-13272 cpe:/o:suse:sles-espos:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for git fixes the following issues: Security issues fixed: - CVE-2019-1349: Fixed issue on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787). - CVE-2019-19604: Fixed a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795). - CVE-2019-1387: Fixed recursive clones that are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793). - CVE-2019-1354: Fixed issue on Windows that refuses to write tracked files with filenames that contain backslashes (bsc#1158792). - CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791). - CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790). - CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789). - CVE-2019-1350: Fixed incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788). - CVE-2019-1348: Fixed the --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785). - Fixed an issue where git send-email fails to authenticate with SMTP server (bsc#1082023) Important SUSE bug 1082023 SUSE bug 1158785 SUSE bug 1158787 SUSE bug 1158788 SUSE bug 1158789 SUSE bug 1158790 SUSE bug 1158791 SUSE bug 1158792 SUSE bug 1158793 SUSE bug 1158795 CVE-2019-1348 CVE-2019-1349 CVE-2019-1350 CVE-2019-1351 CVE-2019-1352 CVE-2019-1353 CVE-2019-1354 CVE-2019-1387 CVE-2019-19604 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Important SUSE bug 1158328 CVE-2019-11745 CVE-2019-13722 CVE-2019-17005 CVE-2019-17008 CVE-2019-17009 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: Security issues fixed: CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (boo#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (boo#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (boo#1122983). Important SUSE bug 1120374 SUSE bug 1122983 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_80 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_85 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.120-92_70 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_73 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_92 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.114-92_64 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.114-92_67 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_98 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_95 fixes one issue. The following security issue was fixed: - CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time could make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user could cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bsc#1119947). Important SUSE bug 1119947 CVE-2018-16884 cpe:/o:suse:sles-espos:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for systemd fixes the following issues: Security vulnerability fixed: - CVE-2019-6454: Fixed a crash of PID1 by sending specially crafted D-BUS message on the system bus by an unprivileged user (bsc#1125352) Other bug fixes and changes: - journal-remote: set a limit on the number of fields in a message - journal-remote: verify entry length from header - journald: set a limit on the number of fields (1k) - journald: do not store the iovec entry for process commandline on stack - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - manager: don't skip sigchld handler for main and control pid for services (#3738) - core: Add helper functions unit_{main, control}_pid - manager: Fixing a debug printf formatting mistake (#3640) - manager: Only invoke a single sigchld per unit within a cleanup cycle (bsc#1117382) - core: update invoke_sigchld_event() to handle NULL ->sigchld_event() - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#3631) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (bsc#1122344) - core: when restarting services, don't close fds - cryptsetup: Add dependency on loopback setup to generated units - journal-gateway: use localStorage['cursor'] only when it has valid value - journal-gateway: explicitly declare local variables - analyze: actually select longest activated-time of services - sd-bus: fix implicit downcast of bitfield reported by LGTM - core: free lines after reading them (bsc#1123892) - pam_systemd: reword message about not creating a session (bsc#1111498) - pam_systemd: suppress LOG_DEBUG log messages if debugging is off (bsc#1111498) - main: improve RLIMIT_NOFILE handling (#5795) (bsc#1120658) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (bsc#1123333) Important SUSE bug 1111498 SUSE bug 1117025 SUSE bug 1117382 SUSE bug 1120658 SUSE bug 1122000 SUSE bug 1122344 SUSE bug 1123333 SUSE bug 1123892 SUSE bug 1125352 CVE-2019-6454 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). - CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108498). - CVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). The following non-security bugs were fixed: - aio: hold an extra file reference over AIO read/write operations (bsc#1116027). - ata: Fix racy link clearance (bsc#1107866). - btrfs: Fix wrong first_key parameter in replace_path (follow up fixes for bsc#1084721). - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (bsc#1113192) - fscache: fix race between enablement and dropping of object (bsc#1107385). - ibmvnic: fix index in release_rx_pools (bsc#1115440). - ip: hash fragments consistently (bsc#1042286 bsc#1108145). - ipv4: ipv6: netfilter: Adjust the frag mem limit when truesize changes (bsc#1110286). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ipv6: set rt6i_protocol properly in the route when it is installed (bsc#1114190). - ixgbe: Add function for checking to see if we can reuse page (bsc#1100105). - ixgbe: Add support for build_skb (bsc#1100105). - ixgbe: Add support for padding packet (bsc#1100105). - ixgbe: Break out Rx buffer page management (bsc#1100105). - ixgbe: Fix output from ixgbe_dump (bsc#1100105). - ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE (bsc#1100105). - ixgbe: Only DMA sync frame length (bsc#1100105). - ixgbe: Update code to better handle incrementing page count (bsc#1100105). - ixgbe: Update driver to make use of DMA attributes in Rx path (bsc#1100105). - ixgbe: Use length to determine if descriptor is done (bsc#1100105). - libfc: sync strings with upstream versions (bsc#1114763). - md: reorder flag_bits to match upstream commits The ordering in the patches was backward. - mm: add support for releasing multiple instances of a page (bsc#1100105). - mm: rename __page_frag functions to __page_frag_cache, drop order from drain (bsc#1100105). - net: ipv4: do not handle duplicate fragments as overlapping (bsc#1116345). - NFS: add nostatflush mount option (bsc#1065726). - nospec: Include <asm/barrier.h> dependency (bsc#1114648). - ovl: after setting xattributes, you need to copy the attributes in order to make sure the mode and ctime/mtime is set (bsc#1107299). - powerpc/boot: Request no dynamic linker for boot wrapper (bsc#1070805). - Revert 'kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)' This reverts commit 54da5757cbbb39ab15b3cd09cf922a8a9e32209c. - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1042286 bsc#1108145). - scsi: devinfo: apply to HP XP the same flags as Hitachi VSP (bnc#1091197). - scsi: libfc: check fc_frame_payload_get() return value for null (bsc#1103624, bsc#1104731). - sd: disable logical block provisioning if 'lpbme' is not set (bsc#1086095). - tcp: prevent bogus FRTO undos with non-SACK flows (bsc#1086535). - Update ibmvnic: Fix RX queue buffer cleanup (bsc#1115440, bsc#1115433). - x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs (bsc#1105931). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bsc#1105931). - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597). - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555, bsc#1117187). - xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062). - xen/blkfront: correct purging of persistent grants (bnc#1065600). - xen: fix race in xen_qlock_wait() (bnc#1107256). - xen: fix xen_qlock_wait() (bnc#1107256). - xen: make xen_qlock_wait() nestable (bnc#1107256). - xen/netback: dont overflow meta array (bnc#1099523). - xen/netfront: do not bug in case of too many frags (bnc#1012382). - xen/netfront: do not cache skb_shinfo() (bnc#1012382). - xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs/dmapi: restore event in xfs_getbmap (bsc#1095344, bsc#1114763). - xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621). Important SUSE bug 1012382 SUSE bug 1023175 SUSE bug 1042286 SUSE bug 1065600 SUSE bug 1065726 SUSE bug 1070805 SUSE bug 1084721 SUSE bug 1086095 SUSE bug 1086535 SUSE bug 1091158 SUSE bug 1091171 SUSE bug 1091197 SUSE bug 1094825 SUSE bug 1095344 SUSE bug 1098996 SUSE bug 1099523 SUSE bug 1099597 SUSE bug 1100105 SUSE bug 1101555 SUSE bug 1103624 SUSE bug 1104731 SUSE bug 1105025 SUSE bug 1105931 SUSE bug 1106293 SUSE bug 1107256 SUSE bug 1107299 SUSE bug 1107385 SUSE bug 1107866 SUSE bug 1108145 SUSE bug 1108498 SUSE bug 1109330 SUSE bug 1110286 SUSE bug 1110837 SUSE bug 1111062 SUSE bug 1113192 SUSE bug 1113751 SUSE bug 1113769 SUSE bug 1114190 SUSE bug 1114648 SUSE bug 1114763 SUSE bug 1115433 SUSE bug 1115440 SUSE bug 1116027 SUSE bug 1116183 SUSE bug 1116345 SUSE bug 1117186 SUSE bug 1117187 SUSE bug 1118152 SUSE bug 1118319 SUSE bug 1119714 SUSE bug 1119946 SUSE bug 1119947 SUSE bug 1120743 SUSE bug 1120758 SUSE bug 1121621 SUSE bug 1123161 CVE-2018-16862 CVE-2018-16884 CVE-2018-18281 CVE-2018-18386 CVE-2018-18690 CVE-2018-18710 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9516 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 cpe:/o:suse:sles-espos:12:sp2 Security update for procps (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for procps fixes the following security issues: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) Important SUSE bug 1092100 SUSE bug 1121753 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 cpe:/o:suse:sles-espos:12:sp2 Security update for texlive (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for texlive fixes the following issue: - CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts allowed arbitrary code execution when a malicious font was loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673) Important SUSE bug 1109673 CVE-2018-17407 cpe:/o:suse:sles-espos:12:sp2 Security update for kernel-firmware (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange (bsc#1104301). Important SUSE bug 1104301 CVE-2018-5383 cpe:/o:suse:sles-espos:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python fixes the following issues: Security issues fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191). - CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847). Non-security issue fixed: - Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748). Important SUSE bug 1073748 SUSE bug 1109847 SUSE bug 1122191 CVE-2018-14647 CVE-2019-5010 cpe:/o:suse:sles-espos:12:sp2 Security update for qemu (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156). - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493). - CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275). - CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717). - CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604). - CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function. - CVE-2017-13672: Fixed a denial of service via vectors involving display update. Non-security issues fixed: - Fixed bad guest time after migration (bsc#1113231). Important SUSE bug 1084604 SUSE bug 1113231 SUSE bug 1116717 SUSE bug 1117275 SUSE bug 1119493 SUSE bug 1123156 CVE-2017-13672 CVE-2017-13673 CVE-2018-16872 CVE-2018-19364 CVE-2018-19489 CVE-2018-7858 CVE-2019-6778 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_0-openjdk to version 7u201 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile - CVE-2018-2938: Support Derby connections (bsc#1101644) - CVE-2018-2940: Better stack walking (bsc#1101645) - CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651) - CVE-2018-2973: Improve LDAP support (bsc#1101656) - CVE-2018-3639 cpu speculative store bypass mitigation Important SUSE bug 1101644 SUSE bug 1101645 SUSE bug 1101651 SUSE bug 1101656 SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3639 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 to version 2.22.6 fixes the following issues: Security issues fixed: - CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6215: Fixed a type confusion vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6227: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6229: Fixed a logic issue by improving validation which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6233: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. - CVE-2019-6234: Fixed a memory corruption vulnerability which could allow arbitrary code execution during the processing of special crafted web-content. Other issues addressed: - Update to version 2.22.6 (bsc#1124937). - Kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour. - Fixed Web inspector magnifier under Wayland. - Fixed garbled rendering of some websites (e.g. YouTube) while scrolling under X11. - Fixed several crashes, race conditions, and rendering issues. Important SUSE bug 1124937 CVE-2019-6212 CVE-2019-6215 CVE-2019-6216 CVE-2019-6217 CVE-2019-6226 CVE-2019-6227 CVE-2019-6229 CVE-2019-6233 CVE-2019-6234 cpe:/o:suse:sles-espos:12:sp2 Security update for libvirt (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-3840: Fixed a null pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent (bsc#1127458). Other issues fixed: - libxl: save current memory value after successful balloon (bsc#1120813). - spec: Don't restart libvirt-guests when updating libvirt-client (bsc#1104662). Moderate SUSE bug 1104662 SUSE bug 1120813 SUSE bug 1127458 CVE-2019-3840 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk to version 8u191 fixes the following issues: Security issues fixed: - CVE-2018-3136: Manifest better support (bsc#1112142) - CVE-2018-3139: Better HTTP Redirection (bsc#1112143) - CVE-2018-3149: Enhance JNDI lookups (bsc#1112144) - CVE-2018-3169: Improve field accesses (bsc#1112146) - CVE-2018-3180: Improve TLS connections stability (bsc#1112147) - CVE-2018-3214: Better RIFF reading support (bsc#1112152) - CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153) - CVE-2018-3183: Improve script engine support (bsc#1112148) - CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile Important SUSE bug 1112142 SUSE bug 1112143 SUSE bug 1112144 SUSE bug 1112146 SUSE bug 1112147 SUSE bug 1112148 SUSE bug 1112152 SUSE bug 1112153 CVE-2018-13785 CVE-2018-16435 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 to version 2.22.4 fixes the following issues: Security issues fixed: CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4392, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361, CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4416, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386 (bsc#1110279, bsc#1116998). Important SUSE bug 1110279 SUSE bug 1116998 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 cpe:/o:suse:sles-espos:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Important SUSE bug 1120114 SUSE bug 1120115 SUSE bug 1120116 SUSE bug 1120117 SUSE bug 1120118 SUSE bug 1120119 SUSE bug 1120120 SUSE bug 1120121 SUSE bug 1120122 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm to version 7.1.4.40 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). More information: https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_February_2019 Important SUSE bug 1122293 SUSE bug 1122299 CVE-2018-11212 CVE-2019-2422 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm to version 8.0.5.30 fixes the following issues: Security issues fixed: - CVE-2019-2422: Fixed a memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed an issue in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2018-1890: Fixed a local privilege escalation via RPATHs (bsc#1128158). - CVE-2019-2449: Fixed a vulnerabilit which could allow remote atackers to delete arbitrary files (bsc#1122292). More information: https://www-01.ibm.com/support/docview.wss?uid=ibm10873332 Important SUSE bug 1122292 SUSE bug 1122293 SUSE bug 1122299 SUSE bug 1128158 CVE-2018-11212 CVE-2018-1890 CVE-2019-2422 CVE-2019-2449 cpe:/o:suse:sles-espos:12:sp2 Security update for libssh2_org (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Moderate SUSE bug 1091236 SUSE bug 1128471 SUSE bug 1128472 SUSE bug 1128474 SUSE bug 1128476 SUSE bug 1128480 SUSE bug 1128481 SUSE bug 1128490 SUSE bug 1128492 SUSE bug 1128493 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_85 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.120-92_70 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_80 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ghostscript fixes the following issue: Security issue fixed: - CVE-2019-3838: Fixed a vulnerability which made forceput operator in DefineResource to be still accessible which could allow access to file system outside of the constraints of -dSAFER (bsc#1129186). Important SUSE bug 1129186 CVE-2019-3838 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Important SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: Updated to the 20190312 bundle release (bsc#1129231) New Platforms: - AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile - WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile - WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile - CFL-S P0 6-9e-c/22 000000a2 Core Gen9 Desktop - CFL-H R0 6-9e-d/22 000000b0 Core Gen9 Mobile Updated Platforms: - HSX-E/EP Cx/M1 6-3f-2/6f 0000003d->00000041 Core Gen4 X series; Xeon E5 v3 - HSX-EX E0 6-3f-4/80 00000012->00000013 Xeon E7 v3 - SKX-SP H0/M0/U0 6-55-4/b7 0200004d->0000005a Xeon Scalable - SKX-D M1 6-55-4/b7 0200004d->0000005a Xeon D-21xx - BDX-DE V1 6-56-2/10 00000017->00000019 Xeon D-1520/40 - BDX-DE V2/3 6-56-3/10 07000013->07000016 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 - BDX-DE Y0 6-56-4/10 0f000012->0f000014 Xeon D-1557/59/67/71/77/81/87 - BDX-NS A0 6-56-5/10 0e00000a->0e00000c Xeon D-1513N/23/33/43/53 - APL D0 6-5c-9/03 00000032->00000036 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx - APL E0 6-5c-a/03 0000000c->00000010 Atom x5/7-E39xx - GLK B0 6-7a-1/01 00000028->0000002c Pentium Silver N/J5xxx, Celeron N/J4xxx - KBL-U/Y H0 6-8e-9/c0 0000008e->0000009a Core Gen7 Mobile - CFL-U43e D0 6-8e-a/c0 00000096->0000009e Core Gen8 Mobile - KBL-H/S/E3 B0 6-9e-9/2a 0000008e->0000009a Core Gen7; Xeon E3 v6 - CFL-H/S/E3 U0 6-9e-a/22 00000096->000000aa Core Gen8 Desktop, Mobile, Xeon E - CFL-S B0 6-9e-b/02 0000008e->000000aa Core Gen8 Moderate SUSE bug 1129231 cpe:/o:suse:sles-espos:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd (bsc#1128525). Other isses addressed: - Fixed an issue which caused openSSL mismatch (bsc#1125401) - Fixed several bugs in the BANCOMM reclock driver. - Fixed ntp_loopfilter.c snprintf compilation warnings. - Fixed spurious initgroups() error message. - Fixed STA_NANO struct timex units. - Fixed GPS week rollover in libparse. - Fixed incorrect poll interval in packet. - Added a missing check for ENABLE_CMAC. Moderate SUSE bug 1125401 SUSE bug 1128525 CVE-2019-8936 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host (bsc#1107832). - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which could have led to a denial of service (bsc#1102682). Important SUSE bug 1102682 SUSE bug 1107832 SUSE bug 1124729 SUSE bug 1124734 SUSE bug 1128378 CVE-2018-14633 CVE-2018-5390 CVE-2019-6974 CVE-2019-7221 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: Security issues fixed: - The 9 Lives of Bleichenbacher's CAT: Cache Attacks on TLS Implementations (bsc#1117951) - CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080). Other issues addressed: - Fixed IV handling in SHAEXT paths: aes/asm/aesni-sha*-x86_64.pl (bsc#1113975). - Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Moderate SUSE bug 1100078 SUSE bug 1113975 SUSE bug 1117951 SUSE bug 1127080 CVE-2019-1559 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829). - CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732). - CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735). - CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728). The following non-security bugs were fixed: - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - ipv4: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - kmps: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - netfilter: ipv6: Adjust the frag mem limit after truesize has been changed (bsc#1110286). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - restore cond_resched() in shrink_dcache_parent() (bsc#1098599, bsc#1105402, bsc#1127758). - rps: flow_dissector: Fix uninitialized flow_keys used in __skb_get_hash possibly (bsc#1108145). - scsi: megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (bsc#1121698). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: respect memory size limiting via mem= parameter (bsc#1117645). - x86/spectre_v2: Do not check microcode versions when running under hypervisors (bsc#1122821). - x86/xen: dont add memory above max allowed allocation (bsc#1117645). - xen-netfront: Fix hang on device removal (bnc#1012382). - xfrm: use complete IPv6 addresses for hash (bsc#1109330). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Important SUSE bug 1012382 SUSE bug 1075697 SUSE bug 1082943 SUSE bug 1098599 SUSE bug 1102959 SUSE bug 1105402 SUSE bug 1107829 SUSE bug 1108145 SUSE bug 1109137 SUSE bug 1109330 SUSE bug 1110286 SUSE bug 1117645 SUSE bug 1119019 SUSE bug 1120691 SUSE bug 1121698 SUSE bug 1121805 SUSE bug 1122821 SUSE bug 1124728 SUSE bug 1124732 SUSE bug 1124735 SUSE bug 1125315 SUSE bug 1127155 SUSE bug 1127758 SUSE bug 1127961 SUSE bug 1128166 SUSE bug 1129080 SUSE bug 1129179 CVE-2018-14633 CVE-2019-2024 CVE-2019-6974 CVE-2019-7221 CVE-2019-7222 CVE-2019-9213 cpe:/o:suse:sles-espos:12:sp2 Security update for bash (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASH_CMDS allowing the user to execute any command with the permissions of the shell (bsc#1130324). Important SUSE bug 1130324 CVE-2019-9924 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: Security issuess addressed: - update to Firefox ESR 60.6.1 (bsc#1130262): - CVE-2019-9813: Fixed Ionmonkey type confusion with __proto__ mutations - CVE-2019-9810: Fixed IonMonkey MArraySlice incorrect alias information - Update to Firefox ESR 60.6 (bsc#1129821): - CVE-2018-18506: Fixed an issue with Proxy Auto-Configuration file - CVE-2019-9801: Fixed an issue which could allow Windows programs to be exposed to web content - CVE-2019-9788: Fixed multiple memory safety bugs - CVE-2019-9790: Fixed a Use-after-free vulnerability when removing in-use DOM elements - CVE-2019-9791: Fixed an incorrect Type inference for constructors entered through on-stack replacement with IonMonkey - CVE-2019-9792: Fixed an issue where IonMonkey leaks JS_OPTIMIZED_OUT magic value to script - CVE-2019-9793: Fixed multiple improper bounds checks when Spectre mitigations are disabled - CVE-2019-9794: Fixed an issue where command line arguments not discarded during execution - CVE-2019-9795: Fixed a Type-confusion vulnerability in IonMonkey JIT compiler - CVE-2019-9796: Fixed a Use-after-free vulnerability in SMIL animation controller - Update to Firefox ESR 60.5.1 (bsc#1125330): - CVE-2018-18356: Fixed a use-after-free vulnerability in the Skia library which can occur when creating a path, leading to a potentially exploitable crash. - CVE-2019-5785: Fixed an integer overflow vulnerability in the Skia library which can occur after specific transform operations, leading to a potentially exploitable crash. - CVE-2018-18335: Fixed a buffer overflow vulnerability in the Skia library which can occur with Canvas 2D acceleration on macOS. This issue was addressed by disabling Canvas 2D acceleration in Firefox ESR. Note: this does not affect other versions and platforms where Canvas 2D acceleration is already disabled by default. Other issue addressed: - Fixed an issue with MozillaFirefox-translations-common which was causing error on update (bsc#1127987). Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/ Release notes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/ Important SUSE bug 1125330 SUSE bug 1127987 SUSE bug 1129821 SUSE bug 1130262 CVE-2018-18335 CVE-2018-18356 CVE-2018-18506 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9794 CVE-2019-9795 CVE-2019-9796 CVE-2019-9801 CVE-2019-9810 CVE-2019-9813 cpe:/o:suse:sles-espos:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for apache2 fixes the following issues: * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241] * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239] * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233] * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected. [bsc#1131245] * CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly. [bsc#1131237] Important SUSE bug 1131233 SUSE bug 1131237 SUSE bug 1131239 SUSE bug 1131241 SUSE bug 1131245 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 cpe:/o:suse:sles-espos:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for clamav to version 0.100.3 fixes the following issues: Security issues fixed (bsc#1130721): - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Important SUSE bug 1130721 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 cpe:/o:suse:sles-espos:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation (bsc#1130116). - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication (bsc#1123022). Other issue fixed: - Fixed handling of command continuation(bsc#1111789) Important SUSE bug 1111789 SUSE bug 1123022 SUSE bug 1130116 CVE-2019-3814 CVE-2019-7524 cpe:/o:suse:sles-espos:12:sp2 Security update for sqlite3 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for sqlite3 fixes the following issues: Security issues fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). - CVE-2018-20506: Fixed an integer overflow when FTS3 extension is enabled (bsc#1131576). Moderate SUSE bug 1119687 SUSE bug 1131576 CVE-2018-20346 CVE-2018-20506 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: Security issues fixed: - Fixed an issue which could allow malicious PV guests may cause a host crash or gain access to data pertaining to other guests.Additionally, vulnerable configurations are likely to be unstable even in the absence of an attack (bsc#1126198). - Fixed multiple access violations introduced by XENMEM_exchange hypercall which could allow a single PV guest to leak arbitrary amounts of memory, leading to a denial of service (bsc#1126192). - Fixed an issue which could allow a malicious unprivileged guest userspace process to escalate its privilege to that of other userspace processes in the same guest and potentially thereby to that of the guest operating system (bsc#1126201). - Fixed an issue which could allow a malicious or buggy x86 PV guest kernels can mount a Denial of Service attack affecting the whole system (bsc#1126196). - Fixed an issue which could allow an untrusted PV domain with access to a physical device to DMA into its own pagetables leading to privilege escalation (bsc#1126195). - CVE-2019-6778: Fixed a heap buffer overflow in tcp_emu() found in slirp (bsc#1123157). - Fixed an issue which could allow malicious 64bit PV guests to cause a host crash (bsc#1127400). - Fixed an issue which could allow malicious or buggy guests with passed through PCI devices to be able to escalate their privileges, crash the host, or access data belonging to other guests. Additionally memory leaks were also possible (bsc#1126140). - Fixed a race condition issue which could allow malicious PV guests to escalate their privilege to that of the hypervisor (bsc#1126141). - CVE-2019-9824: Fixed an information leak in SLiRP networking implementation which could allow a user/process to read uninitialised stack memory contents (bsc#1129623). - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) Other issue addressed: - Added Xen cmdline option 'suse_vtsc_tolerance' to avoid TSC emulation for HVM domUs (bsc#1026236). Important SUSE bug 1026236 SUSE bug 1114988 SUSE bug 1123157 SUSE bug 1126140 SUSE bug 1126141 SUSE bug 1126192 SUSE bug 1126195 SUSE bug 1126196 SUSE bug 1126198 SUSE bug 1126201 SUSE bug 1127400 SUSE bug 1129623 CVE-2018-19967 CVE-2019-6778 CVE-2019-9824 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_104 fixes one issue. The following security issue was fixed: - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Important SUSE bug 1102682 CVE-2018-5390 cpe:/o:suse:sles-espos:12:sp2 Security update for wget (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for wget fixes the following issues: Security issue fixed: - CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution (bsc#1131493). Important SUSE bug 1131493 CVE-2019-5953 cpe:/o:suse:sles-espos:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346). Important SUSE bug 1129346 CVE-2019-9636 cpe:/o:suse:sles-espos:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for curl fixes the following issues: Security issue fixed: - CVE-2018-16839: Fixed a buffer overflow in the SASL authentication code (bsc#1112758). Important SUSE bug 1112758 SUSE bug 1131886 CVE-2018-16839 cpe:/o:suse:sles-espos:12:sp2 Security update for cups (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). Important SUSE bug 1168422 CVE-2020-3898 cpe:/o:suse:sles-espos:12:sp2 Security update for pam_radius (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for pam_radius fixes the following issues: - CVE-2015-9542: Fixed a buffer overflow in password field (bsc#1163933). - On s390x didn't decrypt passwords correctly (bsc#1141670). Important SUSE bug 1141670 SUSE bug 1163933 CVE-2015-9542 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 to version 2.28.1 fixes the following issues: Security issues fixed: - CVE-2020-10018: Fixed a denial of service because the m_deferredFocusedNodeChange data structure was mishandled (bsc#1165528). - CVE-2020-11793: Fixed a potential arbitrary code execution caused by a use-after-free vulnerability (bsc#1169658). - CVE-2019-8835: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8844: Fixed multiple memory corruption issues (bsc#1161719). - CVE-2019-8846: Fixed a use-after-free issue (bsc#1161719). - CVE-2020-3862: Fixed a memory handling issue (bsc#1163809). - CVE-2020-3867: Fixed an XSS issue (bsc#1163809). - CVE-2020-3868: Fixed multiple memory corruption issues that could have lead to arbitrary code execution (bsc#1163809). - CVE-2020-3864,CVE-2020-3865: Fixed logic issues in the DOM object context handling (bsc#1163809). Non-security issues fixed: - Add API to enable Process Swap on (Cross-site) Navigation. - Add user messages API for the communication with the web extension. - Add support for same-site cookies. - Service workers are enabled by default. - Add support for Pointer Lock API. - Add flatpak sandbox support. - Make ondemand hardware acceleration policy never leave accelerated compositing mode. - Always use a light theme for rendering form controls. - Add about:gpu to show information about the graphics stack. - Fixed issues while trying to play a video on NextCloud. - Fixed vertical alignment of text containing arabic diacritics. - Fixed build with icu 65.1. - Fixed page loading errors with websites using HSTS. - Fixed web process crash when displaying a KaTeX formula. - Fixed several crashes and rendering issues. - Switched to a single web process for Evolution and geary (bsc#1159329). Important SUSE bug 1155321 SUSE bug 1156318 SUSE bug 1159329 SUSE bug 1161719 SUSE bug 1163809 SUSE bug 1165528 SUSE bug 1169658 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 cpe:/o:suse:sles-espos:12:sp2 Security update for shibboleth-sp (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files (bsc#1157471). Moderate SUSE bug 1157471 CVE-2019-19191 cpe:/o:suse:sles-espos:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). Important SUSE bug 1155419 SUSE bug 1160471 SUSE bug 1170441 CVE-2019-15681 CVE-2019-15690 CVE-2019-20788 cpe:/o:suse:sles-espos:12:sp2 Security update for icu (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for icu fixes the following issues: - CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend() (bsc#1166844). Moderate SUSE bug 1166844 CVE-2020-10531 cpe:/o:suse:sles-espos:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). Important SUSE bug 1170771 CVE-2020-12243 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 fixes the following issues: Security issue fixed: - CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643). Non-security issues fixed: - Update to version 2.28.2 (bsc#1170643): + Fix excessive CPU usage due to GdkFrameClock not being stopped. + Fix UI process crash when EGL_WL_bind_wayland_display extension is not available. + Fix position of select popup menus in X11. + Fix playing of Youtube 'live stream'/H264 URLs. + Fix a crash under X11 when cairo uses xcb. + Fix the build in MIPS64. + Fix several crashes and rendering issues. Important SUSE bug 1170643 CVE-2020-3899 cpe:/o:suse:sles-espos:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2_image_compose (bsc#1170603). Important SUSE bug 1170603 CVE-2020-12268 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: Update to version 68.8.0 ESR (bsc#1171186): - CVE-2020-12387: Use-after-free during worker shutdown - CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens - CVE-2020-12389: Sandbox escape with improperly separated process types - CVE-2020-6831: Buffer overflow in SCTP chunk input validation - CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection - CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 Important SUSE bug 1171186 CVE-2020-12387 CVE-2020-12388 CVE-2020-12389 CVE-2020-12392 CVE-2020-12393 CVE-2020-12395 CVE-2020-6831 cpe:/o:suse:sles-espos:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (bsc#1169659). - CVE-2020-11945: fixes a potential remote execution vulnerability when using HTTP Digest Authentication (bsc#1170313). - CVE-2019-12520, CVE-2019-12524: fixes a potential ACL bypass, cache-bypass and cross-site scripting attack when processing invalid HTTP Request messages (bsc#1170423). Important SUSE bug 1169659 SUSE bug 1170313 SUSE bug 1170423 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12524 CVE-2020-11945 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/slcan.c, which allowed attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424). - CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls (bnc#1167629). - CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize function in drivers/tty/vt/vt.c (bnc#1162929). - CVE-2020-8649: Fixed a use-after-free vulnerability in the vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#1162931). - CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which leads to a wait_til_ready out-of-bounds read (bnc#1165111). - CVE-2019-9458: In the video driver there was a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed (bnc#1168295). - CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system crash (bnc#1120386). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). - CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem caused by mishandling invalid descriptors (bnc#1168854). - CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778). - CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056). - CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bnc#1170345). - CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by a NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints (bnc#1168829). - CVE-2017-18255: The perf_cpu_time_max_percent_handler function in kernel/events/core.c allowed local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation (bnc#1087813). - CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928). - CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest (bnc#1163971). - CVE-2019-5108: Fixed a denial-of-service vulnerability caused by triggering AP to send IAPP location updates for stations before the required authentication process has completed (bnc#1159912). - CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c allowed attackers to cause a denial of service (soft lockup) via a crafted journal size (bnc#1164069). - CVE-2018-21008: Fixed a use-after-free which could be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155). - CVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allowed local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation (bnc#1157804). - CVE-2019-14615: Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may have allowed an unauthenticated user to potentially enable information disclosure via local access (bnc#1160195, bsc#1165881). - CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition (bnc#1159911). - CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910). - CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908). - CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841). - CVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem image, performing some operations, and unmounting could lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819). - CVE-2019-19319: Fixed an issue with a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). - CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). - CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). - CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827). - CVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904). - CVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). - CVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). - CVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). - CVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). - CVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823). - CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). - CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). - CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). - CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). - CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). - CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). - CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: Fixed a information disclosure on powerpc related to the Spectre-RSB mitigation. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038 1157923). - CVE-2019-18683: Fixed a privilege escalation where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem) (bnc#1155897). - CVE-2019-19062: Fixed a memory leak in the crypto_report() function in crypto/crypto_user_base.c, which allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). - CVE-2019-11091,CVE-2018-12126,CVE-2018-12130,CVE-2018-12127: Earlier mitigations for the 'MDS' Microarchitectural Data Sampling attacks were not complete. An additional fix was added to the x86_64 fast systemcall path to further mitigate these attacks. (bsc#1164846 bsc#1170847) The following non-security bugs were fixed: - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (bsc#1155311). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bsc#1155311). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1155311). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1155311). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1155311). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1155311). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1155311). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1155311). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1155311). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1155311). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1155311). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bsc#1155311). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1155311). - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1155311). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1155311). - cgroup: avoid copying strings longer than the buffers (bsc#1146544). - cgroup: use strlcpy() instead of strscpy() to avoid spurious warning (bsc#1146544). - enic: prevent waking up stopped tx queues over watchdog reset (bsc#1133147). - ext4: fix use-after-free race with debug_want_extra_isize (bsc#1136449). - fix PageHeadHuge() race with THP split (VM Functionality, bsc#1165311). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279 bsc#1156060). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - futex: Use smp_store_release() in mark_wake_futex() (bsc#1157464). - Input: add safety guards to input_set_keycode() (bsc#1168075). - ipv4: correct gso_size for UFO (bsc#1154844). - ipv6: fix memory accounting during ipv6 queue expire (bsc#1162227) (bsc#1162227). - ipvlan: do not add hardware address of master to its unicast filter list (bsc#1137325). - media: ov519: add missing endpoint sanity checks (bsc#1168829). - media: stv06xx: add missing descriptor sanity checks (bsc#1168854). - netfilter: conntrack: sctp: use distinct states for new SCTP connections (bsc#1159199). - netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Make meltdown reporting Book3S 64 specific (bsc#1091041). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/64s: support nospectre_v2 cmdline option (bsc#1131107). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Add nospectre_v2 command line argument (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security/book3s64: Report L1TF status in sysfs (bsc#1091041). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/security: Fix wrong message when RFI Flush is disable (bsc#1131107). - powerpc/security: Show powerpc_security_features in debugfs (bsc#1131107). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (bsc#1037216). - sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132). - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup (bsc#1146544). - x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811). - x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#1153811). - x86/mitigations: Clear CPU buffers on the SYSCALL fast path (bsc#1164846). - xen/pv: Fix a boot up hang revealed by int3 self test (bsc#1153811). - xfs: also remove cached ACLs when removing the underlying attr (bsc#1165873). - xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#1165984). Important SUSE bug 1037216 SUSE bug 1075091 SUSE bug 1075994 SUSE bug 1087082 SUSE bug 1087813 SUSE bug 1091041 SUSE bug 1099279 SUSE bug 1120386 SUSE bug 1131107 SUSE bug 1133147 SUSE bug 1136449 SUSE bug 1137325 SUSE bug 1146519 SUSE bug 1146544 SUSE bug 1146612 SUSE bug 1149591 SUSE bug 1153811 SUSE bug 1154844 SUSE bug 1155311 SUSE bug 1155897 SUSE bug 1156060 SUSE bug 1157038 SUSE bug 1157042 SUSE bug 1157070 SUSE bug 1157143 SUSE bug 1157155 SUSE bug 1157157 SUSE bug 1157158 SUSE bug 1157303 SUSE bug 1157324 SUSE bug 1157333 SUSE bug 1157464 SUSE bug 1157804 SUSE bug 1157923 SUSE bug 1158021 SUSE bug 1158132 SUSE bug 1158381 SUSE bug 1158394 SUSE bug 1158398 SUSE bug 1158410 SUSE bug 1158413 SUSE bug 1158417 SUSE bug 1158427 SUSE bug 1158445 SUSE bug 1158819 SUSE bug 1158823 SUSE bug 1158824 SUSE bug 1158827 SUSE bug 1158834 SUSE bug 1158900 SUSE bug 1158903 SUSE bug 1158904 SUSE bug 1159199 SUSE bug 1159285 SUSE bug 1159297 SUSE bug 1159841 SUSE bug 1159908 SUSE bug 1159910 SUSE bug 1159911 SUSE bug 1159912 SUSE bug 1160195 SUSE bug 1162227 SUSE bug 1162298 SUSE bug 1162928 SUSE bug 1162929 SUSE bug 1162931 SUSE bug 1163971 SUSE bug 1164069 SUSE bug 1164078 SUSE bug 1164846 SUSE bug 1165111 SUSE bug 1165311 SUSE bug 1165873 SUSE bug 1165881 SUSE bug 1165984 SUSE bug 1165985 SUSE bug 1167629 SUSE bug 1168075 SUSE bug 1168295 SUSE bug 1168424 SUSE bug 1168829 SUSE bug 1168854 SUSE bug 1170056 SUSE bug 1170345 SUSE bug 1170778 CVE-2017-18255 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-21008 CVE-2019-11091 CVE-2019-14615 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-15213 CVE-2019-18660 CVE-2019-18675 CVE-2019-18683 CVE-2019-19052 CVE-2019-19062 CVE-2019-19066 CVE-2019-19073 CVE-2019-19074 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19767 CVE-2019-19768 CVE-2019-19965 CVE-2019-19966 CVE-2019-20054 CVE-2019-20096 CVE-2019-3701 CVE-2019-5108 CVE-2019-9455 CVE-2019-9458 CVE-2020-10690 CVE-2020-10720 CVE-2020-10942 CVE-2020-11494 CVE-2020-11608 CVE-2020-11609 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-8992 CVE-2020-9383 cpe:/o:suse:sles-espos:12:sp2 Security update for apache2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). Important SUSE bug 1168404 SUSE bug 1168407 SUSE bug 1169066 CVE-2020-1927 CVE-2020-1934 CVE-2020-1938 cpe:/o:suse:sles-espos:12:sp2 Security update for git (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for git to 2.26.2 fixes the following issues: Security issue fixed: - CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted (bsc#1169936). Non-security issue fixed: - Fixed git-daemon not starting after conversion from sysvinit to systemd service (bsc#1169605). - Enabled access for git-daemon in firewall configuration (bsc#1170302). - Fixed problems with recent switch to protocol v2, which caused fetches transferring unreasonable amount of data (bsc#1170741). Moderate SUSE bug 1149792 SUSE bug 1168930 SUSE bug 1169605 SUSE bug 1169786 SUSE bug 1169936 SUSE bug 1170302 SUSE bug 1170741 SUSE bug 1170939 CVE-2020-11008 CVE-2020-5260 cpe:/o:suse:sles-espos:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mailman fixes the following issues: Security issue fixed: - CVE-2020-12108: Fixed a content injection bug (bsc#1171363). - CVE-2020-12137: Fixed a XSS vulnerability caused by MIME type confusion (bsc#1170558). Non-security issue fixed: - Fixed rights and ownership on /var/lib/mailman/archives (bsc#1167068). - Don't default to invalid hosts for DEFAULT_EMAIL_HOST (bsc#682920). Important SUSE bug 1167068 SUSE bug 1170558 SUSE bug 1171363 SUSE bug 682920 CVE-2020-12108 CVE-2020-12137 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). Important SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-12653: Fixed a buffer overflow in mwifiex_cmd_append_vsie_tlv() which could have allowed local users to gain privileges or cause a denial of service (bsc#1171254). - CVE-2020-12654: Fixed a heap-based buffer overflow in mwifiex_ret_wmm_get_status() which could have been triggered by a remote AP to trigger (bsc#1171252). - CVE-2020-1749: Fixed an improper implementation in some IPsec protocols where the data were sent unencrypted allowing an attacker to read them (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1171252 SUSE bug 1171254 CVE-2020-12653 CVE-2020-12654 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for tomcat fixes the following issues: CVE-2020-9484 (bsc#1171928) Apache Tomcat Remote Code Execution via session persistence If an attacker was able to control the contents and name of a file on a server configured to use the PersistenceManager, then the attacker could have triggered a remote code execution via deserialization of the file under their control. CVE-2019-12418 (bsc#1159723) Local privilege escalation by manipulating the RMI registry and performing a man-in-the-middle attack When Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files was able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker could then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. CVE-2019-0221 (bsc#1136085) The SSI printenv command echoed user provided data without escaping, which made it vulnerable to XSS. CVE-2019-17563 (bsc#1159729) When using FORM authentication there was a narrow window where an attacker could perform a session fixation attack. CVE-2019-17569 (bsc#1164825) Invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header. Important SUSE bug 1136085 SUSE bug 1159723 SUSE bug 1159729 SUSE bug 1164825 SUSE bug 1171928 CVE-2019-0221 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-9484 cpe:/o:suse:sles-espos:12:sp2 Security update for python (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). Additionally a new 'shared-python-startup' package is provided containing startup files. python-rpm-macros was updated to fix: - Do not write .pyc files for tests (bsc#1171561) Moderate SUSE bug 1027282 SUSE bug 1041090 SUSE bug 1042670 SUSE bug 1073269 SUSE bug 1073748 SUSE bug 1078326 SUSE bug 1078485 SUSE bug 1081750 SUSE bug 1084650 SUSE bug 1086001 SUSE bug 1149792 SUSE bug 1153830 SUSE bug 1155094 SUSE bug 1159035 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 SUSE bug 1170411 SUSE bug 1171561 SUSE bug 945401 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles-espos:12:sp2 Security update for qemu (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code (bsc#1166240). - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation (bsc#1146873). - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). - CVE-2020-8608: Fixed a potential OOB access in slirp (bsc#1163018). - CVE-2020-7039: Fixed a potential OOB access in slirp (bsc#1161066). - CVE-2019-15890: Fixed a use-after-free during packet reassembly in slirp (bsc#1149811). - Fixed multiple potential DoS issues in SLIRP, similar to CVE-2019-6778 (bsc#1123156). Moderate SUSE bug 1123156 SUSE bug 1146873 SUSE bug 1149811 SUSE bug 1161066 SUSE bug 1163018 SUSE bug 1166240 SUSE bug 1170940 CVE-2019-12068 CVE-2019-15890 CVE-2019-6778 CVE-2020-1711 CVE-2020-1983 CVE-2020-7039 CVE-2020-8608 cpe:/o:suse:sles-espos:12:sp2 Security update for krb5-appl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for krb5-appl fixes the following issues: - CVE-2020-10188: Fixed a remote root execution (bsc#1165787). Important SUSE bug 1165787 CVE-2020-10188 cpe:/o:suse:sles-espos:12:sp2 Security update for libexif (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libexif fixes the following issues: Security issues fixed: - CVE-2016-6328: Fixed an integer overflow in parsing MNOTE entry data of the input file (bsc#1055857). - CVE-2017-7544: Fixed an out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c (bsc#1059893). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2020-0093: Fixed an out-of-bounds read in exif_data_save_data_entry (bsc#1171847). - CVE-2020-12767: Fixed a divide-by-zero error in exif_entry_get_value (bsc#1171475). - CVE-2020-13112: Fixed a time consumption DoS when parsing canon array markers (bsc#1172121). - CVE-2020-13113: Fixed a potential use of uninitialized memory (bsc#1172105). - CVE-2020-13114: Fixed various buffer overread fixes due to integer overflows in maker notes (bsc#1172116). Non-security issues fixed: - libexif was updated to version 0.6.22: * New translations: ms * Updated translations for most languages * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER Moderate SUSE bug 1055857 SUSE bug 1059893 SUSE bug 1120943 SUSE bug 1160770 SUSE bug 1171475 SUSE bug 1171847 SUSE bug 1172105 SUSE bug 1172116 SUSE bug 1172121 CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114 cpe:/o:suse:sles-espos:12:sp2 Security update for vim (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for vim fixes the following issues: - CVE-2019-20807: Fixed an issue where escaping from the restrictive mode of vim was possible using interfaces (bsc#1172225 and bsc#1172031). Moderate SUSE bug 1172031 SUSE bug 1172225 CVE-2019-20807 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402). - CVE-2020-12405: Fixed a use-after-free in SharedWorkerService. - CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes. - CVE-2020-12410: Fixed multiple memory safety bugs. Important SUSE bug 1172402 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/o:suse:sles-espos:12:sp2 Security update for ruby2.1 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983). - CVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265). - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755). - CVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286). - CVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286). - CVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286). - CVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286). - CVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452). - CVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607). - CVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632). - CVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754). - CVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757). - CVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782). - CVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002). - CVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434). - CVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782). - CVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441). - CVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436). - CVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433). - CVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440). - CVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437). - CVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530). - CVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532). - CVE-2018-1000073: Fixed a path traversal issue (bsc#1082007). - CVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008). - CVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014). - CVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009). - CVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010). - CVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011). - CVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058). - CVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627). - CVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623). - CVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622). - CVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620). - CVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617). - CVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611). - CVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994). - CVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995). - CVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992). - CVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990). - CVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517). Non-security issue fixed: - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072). Also yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275) Important SUSE bug 1043983 SUSE bug 1048072 SUSE bug 1055265 SUSE bug 1056286 SUSE bug 1056782 SUSE bug 1058754 SUSE bug 1058755 SUSE bug 1058757 SUSE bug 1062452 SUSE bug 1069607 SUSE bug 1069632 SUSE bug 1073002 SUSE bug 1078782 SUSE bug 1082007 SUSE bug 1082008 SUSE bug 1082009 SUSE bug 1082010 SUSE bug 1082011 SUSE bug 1082014 SUSE bug 1082058 SUSE bug 1087433 SUSE bug 1087434 SUSE bug 1087436 SUSE bug 1087437 SUSE bug 1087440 SUSE bug 1087441 SUSE bug 1112530 SUSE bug 1112532 SUSE bug 1130611 SUSE bug 1130617 SUSE bug 1130620 SUSE bug 1130622 SUSE bug 1130623 SUSE bug 1130627 SUSE bug 1152990 SUSE bug 1152992 SUSE bug 1152994 SUSE bug 1152995 SUSE bug 1171517 SUSE bug 1172275 CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2017-9228 CVE-2017-9229 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16395 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2020-10663 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_0-openjdk to version 7u261 fixes the following issues: - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1169511 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-espos:12:sp2 Security update for tigervnc (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Important SUSE bug 1159856 SUSE bug 1159858 SUSE bug 1159860 SUSE bug 1160250 SUSE bug 1160251 SUSE bug 1160937 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 (prerelease) (bsc#1172466) This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka 'CacheOutAttack' attacks. (bsc#1156353) Microcode Table: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile Also contains the Intel CPU Microcode update to 20200520: Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New ---- new platforms ---------------------------------------- ---- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X Moderate SUSE bug 1154824 SUSE bug 1156353 SUSE bug 1172466 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824). - CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219). - CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202). - CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195). - CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218). - CVE-2020-12114: Fixed A pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098). - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317). The following non-security bugs were fixed: - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (bsc#1171698). - KEYS: allow reaching the keys quotas exactly (bsc#1171689). - KEYS: reaching the keys quotas correctly (bsc#1171689). - Revert 'ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()' (bsc#1172221). - random: always use batched entropy for get_random_u{32,64} (bsc#1164871). Important SUSE bug 1154824 SUSE bug 1164871 SUSE bug 1171098 SUSE bug 1171195 SUSE bug 1171202 SUSE bug 1171218 SUSE bug 1171219 SUSE bug 1171689 SUSE bug 1171698 SUSE bug 1172221 SUSE bug 1172317 CVE-2020-0543 CVE-2020-10757 CVE-2020-12114 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12656 cpe:/o:suse:sles-espos:12:sp2 Security update for virglrenderer (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for virglrenderer fixes the following issues: - CVE-2019-18388: Fixed a null pointer dereference which could have led to denial of service (bsc#1159479). - CVE-2019-18390: Fixed an out of bound read which could have led to denial of service (bsc#1159478). - CVE-2019-18389: Fixed a heap buffer overflow which could have led to guest escape or denial of service (bsc#1159482). - CVE-2019-18391: Fixed a heap based buffer overflow which could have led to guest escape or denial of service (bsc#1159486). Important SUSE bug 1159478 SUSE bug 1159479 SUSE bug 1159482 SUSE bug 1159486 CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391 cpe:/o:suse:sles-espos:12:sp2 Security update for adns (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for adns fixes the following issues: - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue in local recursive resolver which could have led to remote code execution (bsc#1172265). - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could have led to denial of service (bsc#1172265). - CVE-2017-9107: Fixed an issue when quering domain names which could have led to denial of service (bsc#1172265). - CVE-2017-9108: Fixed an issue which could have led to denial of service (bsc#1172265). Important SUSE bug 1172265 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 cpe:/o:suse:sles-espos:12:sp2 Security update for perl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed utf8 handling in perldoc by useing 'term' instead of 'man' (bsc#1170601). - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) Important SUSE bug 1102840 SUSE bug 1160039 SUSE bug 1170601 SUSE bug 1171863 SUSE bug 1171864 SUSE bug 1171866 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: java-1_7_1-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 (bsc#1172277 and bsc#1169511) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions Important SUSE bug 1169511 SUSE bug 1172277 CVE-2020-2654 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm fixes the following issues: java-1_8_0-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 (bsc#1172277,bsc#1169511,bsc#1160968) - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754: Forwarded references to Nashorn - CVE-2020-2755: Improved Nashorn matching - CVE-2020-2756: Improved mapping of serial ENUMs - CVE-2020-2757: Less Blocking Array Queues - CVE-2020-2781: Improved TLS session handling - CVE-2020-2800: Improved Headings for HTTP Servers - CVE-2020-2803: Enhanced buffering of byte buffers - CVE-2020-2805: Enhanced typing of methods - CVE-2020-2830: Improved Scanner conversions - CVE-2019-2949: Fixed an issue which could have resulted in unauthorized access to critical data - Added RSA PSS SUPPORT TO IBMPKCS11IMPL - The pack200 and unpack200 alternatives should be slaves of java (bsc#1171352). Important SUSE bug 1160968 SUSE bug 1169511 SUSE bug 1171352 SUSE bug 1172277 CVE-2019-2949 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn (bsc#1169511) - CVE-2020-2755: Improve Nashorn matching (bsc#1169511) - CVE-2020-2756: Better mapping of serial ENUMs (bsc#1169511) - CVE-2020-2757: Less Blocking Array Queues (bsc#1169511) - CVE-2020-2773: Better signatures in XML (bsc#1169511) - CVE-2020-2781: Improve TLS session handling (bsc#1169511) - CVE-2020-2800: Better Headings for HTTP Servers (bsc#1169511) - CVE-2020-2803: Enhance buffering of byte buffers (bsc#1169511) - CVE-2020-2805: Enhance typing of methods (bsc#1169511) - CVE-2020-2830: Better Scanner conversions (bsc#1169511) Important SUSE bug 1160398 SUSE bug 1169511 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 cpe:/o:suse:sles-espos:12:sp2 Security update for curl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). Important SUSE bug 1173027 CVE-2020-8177 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_129 fixes one issue. The following security issue was fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). Important SUSE bug 1172437 CVE-2020-10757 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_125 fixes one issue. The following security issue was fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). Important SUSE bug 1172437 CVE-2020-10757 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). Important SUSE bug 1172140 SUSE bug 1172437 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). Important SUSE bug 1172140 SUSE bug 1172437 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172437). - CVE-2019-15666: Fixed an out of bounds read __xfrm_policy_unlink, which could have led to denial of service (bsc#1172140). Important SUSE bug 1172140 SUSE bug 1172437 CVE-2019-15666 CVE-2020-10757 cpe:/o:suse:sles-espos:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for tomcat fixes the following issues: - CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405) Important SUSE bug 1172405 CVE-2020-8022 cpe:/o:suse:sles-espos:12:sp2 Security update for python3-requests (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3-requests provides the following fix: python-requests was updated to 2.20.1. Update to version 2.20.1: * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. Update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging Update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. - Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https connections will fail. Moderate SUSE bug 1054413 SUSE bug 1073879 SUSE bug 1111622 SUSE bug 1122668 SUSE bug 761500 SUSE bug 922448 SUSE bug 929736 SUSE bug 935252 SUSE bug 945455 SUSE bug 947357 SUSE bug 961596 SUSE bug 967128 CVE-2015-2296 CVE-2018-18074 cpe:/o:suse:sles-espos:12:sp2 Security update for mutt (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mutt fixes the following issues: - CVE-2020-14954: Fixed a response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 (bsc#1173197). - CVE-2020-14093: Fixed a potential IMAP Man-in-the-Middle attack via a PREAUTH response (bsc#1172906, bsc#1172935). - CVE-2020-14154: Fixed an issue where Mutt was ignoring an expired certificate and was proceeding with a connection (bsc#1172906, bsc#1172935). Important SUSE bug 1172906 SUSE bug 1172935 SUSE bug 1173197 CVE-2020-14093 CVE-2020-14154 CVE-2020-14954 cpe:/o:suse:sles-espos:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for squid fixes the following issues: - CVE-2020-14059: Fixed an issue where a client could potentially deny the service of a server during TLS Handshake (bsc#1173304). - CVE-2019-18860: Fixed handling of invalid domain names in cachemgr.cgi (bsc#1167373). Important SUSE bug 1167373 SUSE bug 1173304 CVE-2019-18860 CVE-2020-14059 cpe:/o:suse:sles-espos:12:sp2 Security update for ntp (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ntp fixes the following issues: ntp was updated to 4.2.8p15 - CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service (bsc#1169740). - CVE-2018-8956: Fixed an issue which could have allowed remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets (bsc#1171355). - CVE-2020-13817: Fixed an issue which an off-path attacker with the ability to query time from victim's ntpd instance could have modified the victim's clock by a limited amount (bsc#1172651). - CVE-2020-15025: Fixed an issue which remote attacker could have caused denial of service by consuming the memory when a CMAC key was used andassociated with a CMAC algorithm in the ntp.keys (bsc#1173334). Moderate SUSE bug 1169740 SUSE bug 1171355 SUSE bug 1172651 SUSE bug 1173334 CVE-2018-8956 CVE-2020-11868 CVE-2020-13817 CVE-2020-15025 cpe:/o:suse:sles-espos:12:sp2 Security update for mozilla-nspr, mozilla-nss (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). - Fixed an issue where Firefox tab was crashing (bsc#1170908). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes mozilla-nspr to version 4.25 Important SUSE bug 1159819 SUSE bug 1168669 SUSE bug 1169746 SUSE bug 1170908 SUSE bug 1171978 SUSE bug 1173022 CVE-2019-17006 CVE-2020-12399 CVE-2020-12402 cpe:/o:suse:sles-espos:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). - Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715). Important SUSE bug 1170715 SUSE bug 1172698 SUSE bug 1172704 CVE-2020-8023 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231). Non-security issues fixed: - Fixed interaction with freetype6 (bsc#1173613). Important SUSE bug 1167231 SUSE bug 1173576 SUSE bug 1173613 CVE-2020-12402 CVE-2020-12415 CVE-2020-12416 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-12422 CVE-2020-12423 CVE-2020-12424 CVE-2020-12425 CVE-2020-12426 cpe:/o:suse:sles-espos:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for bind fixes the following issues: - Amended documentation referring to rule types 'krb5-subdomain' and 'ms-subdomain'. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. [CVE-2018-5741] - Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server address records are limited to 4 for any domain. [CVE-2020-8616] - Replaying a TSIG BADTIME response as a request could trigger an assertion failure. [CVE-2020-8617] [bsc#1109160, bsc#1171740, CVE-2018-5741, bind-CVE-2018-5741.patch, CVE-2020-8616, bind-CVE-2020-8616.patch, CVE-2020-8617, bind-CVE-2020-8617.patch] - Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367 bsc#1118368) - Using a drop-in file Important SUSE bug 1109160 SUSE bug 1118367 SUSE bug 1118368 SUSE bug 1171740 CVE-2018-5741 CVE-2020-8616 CVE-2020-8617 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-espos:12:sp2 Security update for xrdp (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xrdp provides the following fix: - CVE-2020-4044: xrdp-sesman can be crashed remotely over port 3350 (bsc#1173580). - Fixed an issue where xrdp-sesman could not restart (bsc#1155952). - Fixed an issue where xrdp could not start due to an error in the service file use absolute path in ExecStart (bsc#1155789). - Fixed a PAM error after 2nd xrdp session after logout (bsc#1153471). - Fixed a crash in xrdp-sesman, caused by terminating and reconnecting an xrdp session (bsc#1152711). - Fixed a failure in RDP session recovery (bsc#1150584). - Fixed a process leak (bsc#1144379). - Let systemd handle the daemons, fixing daemon start failures. (bsc#1138954, bsc#1144327) - Don't try to create .vnc directory if it already exists. (bsc#1157860) Important SUSE bug 1138954 SUSE bug 1144327 SUSE bug 1144379 SUSE bug 1150584 SUSE bug 1152711 SUSE bug 1153471 SUSE bug 1155789 SUSE bug 1155952 SUSE bug 1157860 SUSE bug 1173580 CVE-2017-6967 CVE-2020-4044 cpe:/o:suse:sles-espos:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for squid fixes the following issues: - CVE-2020-15049.patch: fixes a Cache Poisoning and Request Smuggling attack (CVE-2020-15049, bsc#1173455) Important SUSE bug 1173455 CVE-2020-15049 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_101 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). Important SUSE bug 1160467 SUSE bug 1160468 CVE-2019-14896 CVE-2019-14897 cpe:/o:suse:sles-espos:12:sp2 Security update for mailman (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mailman fixes the following issues: - CVE-2020-15011: Fixed a possible Arbitrary Content Injection via the private archive login page (bsc#1173369). Important SUSE bug 1173369 CVE-2020-15011 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.3 (bsc#1173998): + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. Important SUSE bug 1173998 CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 cpe:/o:suse:sles-espos:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data - Use gcc-9 compiler for overflow check builtins - Backport gcc-9 build fixes - Fix packed-not-aligned error on GCC 8 (bsc#1084632) - Backport gcc-7 build fixes Important SUSE bug 1084632 SUSE bug 1168994 SUSE bug 1173812 SUSE bug 1174463 SUSE bug 1174570 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 cpe:/o:suse:sles-espos:12:sp2 Security update for ghostscript (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ghostscript fixes the following issues: - fixed CVE-2020-15900 Memory Corruption (SAFER Sandbox Breakout) cf. https://bugs.ghostscript.com/show_bug.cgi?id=702582 (bsc#1174415) Important SUSE bug 1174415 CVE-2020-15900 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR * Fixed: Various stability, functionality, and security fixes (bsc#1174538) * CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514: WebRTC data channel leaks internal address to peer * CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653: Bypassing iframe sandbox when allowing popups * CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656: Type confusion for special arguments in IonMonkey * CVE-2020-15658: Overriding file type when saving to disk * CVE-2020-15657: DLL hijacking due to incorrect loading path * CVE-2020-15654: Custom cursor can overlay user interface * CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 Moderate SUSE bug 1173948 SUSE bug 1174538 CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/o:suse:sles-espos:12:sp2 Security update for libX11 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628) Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988). - CVE-2020-10711: A NULL pointer dereference flaw was found in the SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. This flaw allowed a remote network user to crash the system kernel, resulting in a denial of service (bnc#1171191). - CVE-2020-10751: A flaw was found in the SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing (bnc#1171189). - CVE-2019-20812: An issue was discovered in the prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067 (bnc#1172453). - CVE-2020-10732: A flaw was found in the implementation of userspace core dumps. This flaw allowed an attacker with a local account to crash a trivial program and exfiltrate private kernel data (bnc#1171220). - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732). - CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999). - CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002). - CVE-2020-10768: Indirect branch speculation could have been enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (bnc#1172783). - CVE-2020-10766: Fixed Rogue cross-process SSBD shutdown, where a Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (bnc#1172781). - CVE-2020-10767: Indirect Branch Prediction Barrier was force-disabled when STIBP is unavailable or enhanced IBRS is available. (bnc#1172782). - CVE-2020-13974: drivers/tty/vt/keyboard.c had an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. (bnc#1172775). - CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel did not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586 (bnc#1172458). The following non-security bugs were fixed: - intel_idle: Graceful probe failure when MWAIT is disabled (bsc#1174115). - x86/dumpstack/64: Handle faults when printing the 'Stack: ' part of an OOPS (bsc#1170383). - xfs: Fix tail rounding in xfs_alloc_file_space() (bsc#1172049). Important SUSE bug 1162002 SUSE bug 1170383 SUSE bug 1171189 SUSE bug 1171191 SUSE bug 1171220 SUSE bug 1171732 SUSE bug 1171988 SUSE bug 1172049 SUSE bug 1172453 SUSE bug 1172458 SUSE bug 1172775 SUSE bug 1172781 SUSE bug 1172782 SUSE bug 1172783 SUSE bug 1172999 SUSE bug 1174115 SUSE bug 1174462 SUSE bug 1174543 CVE-2019-20810 CVE-2019-20812 CVE-2020-0305 CVE-2020-10135 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10773 CVE-2020-12771 CVE-2020-13974 CVE-2020-14416 cpe:/o:suse:sles-espos:12:sp2 Security update for python-ipaddress (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python-ipaddress fixes the following issues: - Add CVE-2020-14422-ipaddress-hash-collision.patch fixing CVE-2020-14422 (bsc#1173274, bpo#41004), where hash collisions in IPv4Interface and IPv6Interface could lead to DOS. Important SUSE bug 1173274 CVE-2020-14422 cpe:/o:suse:sles-espos:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Important SUSE bug 1173477 SUSE bug 1173691 SUSE bug 1173694 SUSE bug 1173700 SUSE bug 1173701 SUSE bug 1173743 SUSE bug 1173874 SUSE bug 1173875 SUSE bug 1173876 SUSE bug 1173880 CVE-2017-18922 CVE-2018-21247 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 cpe:/o:suse:sles-espos:12:sp2 Security update for libX11 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libX11 fixes the following issues: - Fixed XIM client heap overflows (CVE-2020-14344, bsc#1174628). Important SUSE bug 1174628 CVE-2020-14344 cpe:/o:suse:sles-espos:12:sp2 Security update for xerces-c (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xerces-c fixes the following issues: - CVE-2017-12627: Processing of external DTD paths could have resulted in a null pointer dereference under certain conditions (bsc#1083630) Moderate SUSE bug 1083630 CVE-2017-12627 cpe:/o:suse:sles-espos:12:sp2 Security update for webkit2gtk3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for webkit2gtk3 fixes the following issues: - Update to version 2.28.4 (bsc#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. Important SUSE bug 1174662 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: - bsc#1174543 - secure boot related fixes - bsc#1163019 - CVE-2020-8608: Potential OOB access due to unsafe snprintf() usages - bsc#1169392 - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy - bsc#1168140 - CVE-2020-11740, CVE-2020-11741: Multiple xenoprof issues - bsc#1168142 - CVE-2020-11739: Missing memory barriers in read-write unlock paths Important SUSE bug 1163019 SUSE bug 1168140 SUSE bug 1168142 SUSE bug 1169392 SUSE bug 1174543 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-8608 cpe:/o:suse:sles-espos:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for dovecot22 fixes the following issues: - CVE-2020-12673: improper implementation of NTLM does not check message buffer size (bsc#1174922). - CVE-2020-12674: improper implementation of RPA mechanism (bsc#1174923). Important SUSE bug 1174922 SUSE bug 1174923 CVE-2020-12673 CVE-2020-12674 cpe:/o:suse:sles-espos:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for grub2 fixes the following issues: - CVE-2020-15705: Fail kernel validation without shim protocol (bsc#1174421). Important SUSE bug 1174421 CVE-2020-15705 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issues: - CVE-2020-10745: Fixed an issue which parsing and packing of NBT and DNS packets containing dots could potentially have consumed excessive CPU (bsc#1173160). Moderate SUSE bug 1173160 SUSE bug 1174120 CVE-2020-10745 cpe:/o:suse:sles-espos:12:sp2 Security update for xorg-x11-server (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Moderate SUSE bug 1174633 SUSE bug 1174635 SUSE bug 1174638 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 cpe:/o:suse:sles-espos:12:sp2 Security update for freeradius-server (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd (bsc#1144524). - CVE-2019-17185: Fixed a debial of service due to multithreaded BN_CTX access (bsc#1166847). Moderate SUSE bug 1144524 SUSE bug 1166847 CVE-2019-13456 CVE-2019-17185 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-17631 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 cpe:/o:suse:sles-espos:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2020-14361: Fix XkbSelectEvents() integer underflow (bsc#1174910 ZDI-CAN-11573). - CVE-2020-14362: Fix XRecordRegisterClients() Integer underflow (bsc#1174913 ZDI-CAN-11574). Important SUSE bug 1174910 SUSE bug 1174913 CVE-2020-14361 CVE-2020-14362 cpe:/o:suse:sles-espos:12:sp2 Security update for apache2 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for apache2 fixes the following issues: - CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request (bsc#1175071). - CVE-2020-11985: IP address spoofing when proxying using mod_remoteip and mod_rewrite (bsc#1175072). - CVE-2020-11993: When trace/debug was enabled for the HTTP/2 module logging statements were made on the wrong connection (bsc#1175070). Moderate SUSE bug 1175070 SUSE bug 1175071 SUSE bug 1175072 CVE-2020-11985 CVE-2020-11993 CVE-2020-9490 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 15 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14556 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - JAVA.UTIL.ZIP.DEFLATER OPERATIONS THROW JAVA.LANG.INTERNALERROR - JAVA 8 DECODER OBJECTS CONSUME A LARGE AMOUNT OF JAVA HEAP - TRANSLATION MESSAGES UPDATE FOR JCL - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Java Virtual Machine: - IBM JAVA REGISTERS A HANDLER BY DEFAULT FOR SIGABRT - LARGE MEMORY FOOTPRINT HELD BY TRACECONTEXT OBJECT * JIT Compiler: - CRASH IN THE INTERPRETER AFTER OSR FROM INLINED SYNCHRONIZED METHOD IN DEBUGGING MODE - INTERMITTENT ASSERTION FAILURE REPORTED - CRASH IN RESOLVECLASSREF() DURING AOT LOAD - JIT CRASH DURING CLASS UNLOADING IN J9METHOD_HT::ONCLASSUNLOADING() - SEGMENTATION FAULT WHILE COMPILING A METHOD - UNEXPECTED CLASSCASTEXCEPTION THROWN IN HIGH LEVEL PARALLEL APPLICATION ON IBM Z PLATFORM * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE - CHANGES TO IBMJCE AND IBMJCEPLUS PROVIDERS - IBMJCEPLUS FAILS, WHEN THE SECURITY MANAGER IS ENABLED, WITH DEFAULT PERMISSIONS, SPECIFIED IN JAVA.POLICY FILE - IN CERTAIN INSTANCES, IBMJCEPLUS PROVIDER THROWS EXCEPTION FROM KEYFACTORY CLASS Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-espos:12:sp2 Security update for squid (Critical) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for squid fixes the following issues: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). Critical SUSE bug 1175664 SUSE bug 1175665 SUSE bug 1175671 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 cpe:/o:suse:sles-espos:12:sp2 Security update for libX11 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libX11 fixes the following issues: - CVE-2020-14363: Fix an integer overflow in init_om() (bsc#1175239). Moderate SUSE bug 1175239 CVE-2020-14363 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 70 [bsc#1175259, bsc#1174157] CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14621 CVE-2020-14593 CVE-2020-14583 CVE-2019-17639 * Class Libraries: - UPDATE TIMEZONE INFORMATION TO TZDATA2020A * Security: - CERTIFICATEEXCEPTION OCCURS WHEN FILE.ENCODING PROPERTY SET TO NON DEFAULT VALUE Moderate SUSE bug 1174157 SUSE bug 1175259 CVE-2019-17639 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-0155: Fixed a privilege escalation in the i915 graphics driver (bsc#1173663). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-18680: Fixed a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c (bsc#1173867). - CVE-2019-14816: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173666). - CVE-2019-14814: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173664). - CVE-2019-14815: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173665). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Important SUSE bug 1173100 SUSE bug 1173659 SUSE bug 1173661 SUSE bug 1173663 SUSE bug 1173664 SUSE bug 1173665 SUSE bug 1173666 SUSE bug 1173867 SUSE bug 1173869 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174247 CVE-2019-0155 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-18680 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2019-9458: Fixed a use-after-free in media/v4l (bsc#1173963). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2019-19447: Fixed a use-after-free in ext4_put_super (bsc#1173869). - CVE-2019-14901: Fixed a heap overflow in the Marvell WiFi driver (bsc#1173661). - CVE-2019-14895: Fixed a heap-based buffer overflow in the Marvell WiFi driver (bsc#1173100). Important SUSE bug 1173100 SUSE bug 1173659 SUSE bug 1173661 SUSE bug 1173869 SUSE bug 1173942 SUSE bug 1173963 SUSE bug 1174247 CVE-2019-14895 CVE-2019-14901 CVE-2019-16746 CVE-2019-19447 CVE-2019-9458 CVE-2020-11668 CVE-2020-14331 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). Important SUSE bug 1173659 SUSE bug 1173942 SUSE bug 1174247 CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1173659 SUSE bug 1173942 SUSE bug 1174247 CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2020-14331: Fixed a buffer over-write in vgacon_scroll (bsc#1174247). - CVE-2019-16746: Fixed a buffer overflow in net/wireless/nl80211.c (bsc#1173659). - CVE-2020-11668: Fixed a memory corruption issue in the Xirlink camera USB driver (bsc#1173942). - CVE-2020-1749: Fixed a flaw in IPsec where some IPv6 protocols were not encrypted (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1173659 SUSE bug 1173942 SUSE bug 1174247 CVE-2019-16746 CVE-2020-11668 CVE-2020-14331 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes - Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - Fixed Firefox tab crash in FIPS mode (bsc#1174284). - Fix broken translation-loading. (bsc#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more Moderate SUSE bug 1173991 SUSE bug 1174284 SUSE bug 1175686 CVE-2020-15663 CVE-2020-15664 CVE-2020-15670 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205). - CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757). - CVE-2019-16746: Fixed an improper check of the length of variable elements in a beacon head, leading to a buffer overflow (bsc#1152107). - CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069). The following non-security bug was fixed: - mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691). Important SUSE bug 1152107 SUSE bug 1173798 SUSE bug 1174205 SUSE bug 1174757 SUSE bug 1175691 SUSE bug 1176069 CVE-2019-16746 CVE-2020-14314 CVE-2020-14331 CVE-2020-14386 CVE-2020-16166 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk fixes the following issues: Update java-1_8_0-openjdk to version jdk8u242 (icedtea 3.15.0) (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sles-espos:12:sp2 Security update for tomcat (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for tomcat fixes the following issues: - CVE-2020-1935: Fixed an HTTP request smuggling vulnerability (bsc#1164860). - CVE-2020-13935: Fixed a WebSocket DoS (bsc#1174117). Moderate SUSE bug 1164860 SUSE bug 1174117 CVE-2020-13935 CVE-2020-1935 cpe:/o:suse:sles-espos:12:sp2 Security update for perl-DBI (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for perl-DBI fixes the following issues: Security issues fixed: - CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412). - CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409). Important SUSE bug 1176409 SUSE bug 1176412 CVE-2020-14392 CVE-2020-14393 cpe:/o:suse:sles-espos:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3 fixes the following issues: - CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball (bsc#1174091). - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238). - CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840). - If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423). Important SUSE bug 1088004 SUSE bug 1088009 SUSE bug 1130840 SUSE bug 1141853 SUSE bug 1149955 SUSE bug 1153238 SUSE bug 1162423 SUSE bug 1173274 SUSE bug 1174091 SUSE bug 1174701 CVE-2018-14647 CVE-2018-20852 CVE-2019-16056 CVE-2019-16935 CVE-2019-20907 CVE-2019-9947 CVE-2020-14422 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issues: - ZeroLogon: An elevation of privilege was possible with some configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC) (CVE-2020-1472, bsc#1176579). Important SUSE bug 1176579 CVE-2020-1472 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: -Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43) - CVE-2020-15677: Download origin spoofing via redirect - CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario - CVE-2020-15673: Fixed memory safety bugs - Enhance fix for wayland-detection (bsc#1174420) - Attempt to fix langpack-parallelization by introducing separate obj-dirs for each lang (bsc#1173986, bsc#1167976) Important SUSE bug 1167976 SUSE bug 1173986 SUSE bug 1174420 SUSE bug 1176756 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678 cpe:/o:suse:sles-espos:12:sp2 Security update for libqt5-qtbase (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser (bsc#1176315) - Made handling of XDG_RUNTIME_DIR more secure (bsc#1172515) Important SUSE bug 1172515 SUSE bug 1176315 CVE-2020-17507 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: - CVE-2020-25604: Fixed a race condition when migrating timers between x86 HVM vCPU-s (bsc#1176343,XSA-336) - CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back hardware registers (bsc#1176344,XSA-337) - CVE-2020-25597: Fixed an issue where a valid event channels may not turn invalid (bsc#1176346,XSA-338) - CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel via SYSENTER (bsc#1176345,XSA-339) - CVE-2020-25603: Fixed an issue due to missing barriers when accessing/allocating an event channel (bsc#1176347,XSA-340) - CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86 domains (bsc#1176348,XSA-342) - CVE-2020-25599: Fixed race conditions with evtchn_reset() (bsc#1176349,XSA-343) - CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset() / evtchn_destroy() (bsc#1176350,XSA-344) - CVE-2020-14364: Fixed an out-of-bounds read/write access while processing usb packets (bsc#1175534). - CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205,XSA-320) - CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321). - CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE (bsc#1173380,XSA-328) Important SUSE bug 1172205 SUSE bug 1173378 SUSE bug 1173380 SUSE bug 1175534 SUSE bug 1176343 SUSE bug 1176344 SUSE bug 1176345 SUSE bug 1176346 SUSE bug 1176347 SUSE bug 1176348 SUSE bug 1176349 SUSE bug 1176350 CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 cpe:/o:suse:sles-espos:12:sp2 Security update for perl-DBI (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for perl-DBI fixes the following issues: - CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764). - CVE-2013-7490: Fixed memory corruption when using many arguments to methods for CallbacksUsing (bsc#1176496). Important SUSE bug 1176496 SUSE bug 1176764 CVE-2013-7490 CVE-2019-20919 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_0-openjdk fixes the following issues: - java-1_7_0-openjdk was updated to 2.6.23 (July 2020 CPU, bsc#1174157) - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in - sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling - JDK-8040113: File not initialized in src/share/native/sun/awt/giflib/dgif_lib.c - JDK-8054446: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError - JDK-8077982: GIFLIB upgrade - JDK-8081315: 8077982 giflib upgrade breaks system giflib builds with earlier versions - JDK-8147087: Race when reusing PerRegionTable bitmaps may result in dropped remembered set entries - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' - JDK-8155691: Update GIFlib library to the latest up-to-date - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - JDK-8203190: SessionId.hashCode generates too many collisions - JDK-8217676: Upgrade libpng to 1.6.37 - JDK-8220495: Update GIFlib library to the 5.1.8 - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - JDK-8229899: Make java.io.File.isInvalid() less racy - JDK-8230597: Update GIFlib library to the 5.2.1 - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result Important SUSE bug 1174157 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 cpe:/o:suse:sles-espos:12:sp2 Security update for tigervnc (Critical) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for tigervnc fixes the following issues: - CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733). Critical SUSE bug 1176733 CVE-2020-26117 cpe:/o:suse:sles-espos:12:sp2 Security update for libproxy (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). Important SUSE bug 1176410 SUSE bug 1177143 CVE-2020-25219 CVE-2020-26154 cpe:/o:suse:sles-espos:12:sp2 Security update for freetype2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). Important SUSE bug 1177914 CVE-2020-15999 cpe:/o:suse:sles-espos:12:sp2 Security update for glibc (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a stack corruption from range reduction of pseudo-zero (bsc#1165784) - Use posix_spawn on popen (bsc#1149332, bsc#1176013) - Correct locking and cancellation cleanup in syslog functions (bsc#1172085) - Fixed concurrent changes on nscd aware files (bsc#1171878) Moderate SUSE bug 1149332 SUSE bug 1165784 SUSE bug 1171878 SUSE bug 1172085 SUSE bug 1176013 CVE-2020-10029 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756) * CVE-2020-15969 Use-after-free in usersctp * CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * Fixed: Fixed legacy preferences not being properly applied when set via GPO Important SUSE bug 1176756 SUSE bug 1177872 CVE-2020-15683 CVE-2020-15969 cpe:/o:suse:sles-espos:12:sp2 Security update for samba (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for samba fixes the following issues: - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994). - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902). Important SUSE bug 1173902 SUSE bug 1173994 CVE-2020-14318 CVE-2020-14323 cpe:/o:suse:sles-espos:12:sp2 Security update for sane-backends (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for sane-backends fixes the following issues: - sane-backends version upgrade to 1.0.31: * sane-backends version upgrade to 1.0.30 fixes memory corruption bugs CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 (bsc#1172524) * sane-backends version upgrade to 1.0.31 to further improve hardware enablement for scanner devices (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) * The new escl backend cannot be provided for SLE12 because it requires more additional software (avahi-client, libcurl, and libpoppler-glib-devel) where in particular for libcurl the one that is in SLE12 (via libcurl-devel-7.37.0) is likely too old because with that building the escl backend fails with 'escl/escl.c:1267:34: error: 'CURLOPT_UNIX_SOCKET_PATH' undeclared curl_easy_setopt(handle, CURLOPT_UNIX_SOCKET_PATH' Important SUSE bug 1172524 CVE-2017-6318 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 cpe:/o:suse:sles-espos:12:sp2 Security update for ovmf (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ovmf fixes the following issues: - CVE-2019-14562: Fixed an overflow in DxeImageVerificationHandler (bsc#1175476). - CVE-2019-14559: Fixed a memory leak in ArpOnFrameRcvdDpc() (bsc#1163927). Moderate SUSE bug 1163927 SUSE bug 1175476 CVE-2019-14559 CVE-2019-14562 cpe:/o:suse:sles-espos:12:sp2 Security update for libvirt (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libvirt fixes the following issues: - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros (bsc#1174955). - CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces() (bsc#1177155). Important SUSE bug 1174955 SUSE bug 1177155 CVE-2020-15708 CVE-2020-25637 cpe:/o:suse:sles-espos:12:sp2 Security update for apache-commons-httpclient (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Important SUSE bug 1178171 SUSE bug 945190 CVE-2014-3577 CVE-2015-5262 cpe:/o:suse:sles-espos:12:sp2 Security update for libqt5-qtbase (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libqt5-qtbase fixes the following issue: Security issue fixed: - CVE-2020-0569: Fixed a potential local code execution by loading plugins from CWD (bsc#1161167). - CVE-2018-19870: Fixed an improper check in QImage allocation which could allow Denial of Service when opening crafted gif files (bsc#1118597). - CVE-2018-19872: Fixed an issue which could allow a division by zero leading to crash (bsc#1130246). Other issue addressed: - Fixed an issue with rendering animated gifs (QTBUG-55141). Important SUSE bug 1118597 SUSE bug 1130246 SUSE bug 1161167 CVE-2018-19870 CVE-2018-19872 CVE-2020-0569 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk fixes the following issues: - Fix regression '8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)', introduced in October 2020 CPU. - Update to version jdk8u272 (icedtea 3.17.0) (July 2020 CPU, bsc#1174157, and October 2020 CPU, bsc#1177943) * New features + JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3796: Allow the number of curves supported to be specified * Security fixes + JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233255: Better Swing Buttons + JDK-8233624: Enhance JNI linkage + JDK-8234032: Improve basic calendar services + JDK-8234042: Better factory production of certificates + JDK-8234418: Better parsing with CertificateFactory + JDK-8234836: Improve serialization handling + JDK-8236191: Enhance OID processing + JDK-8236196: Improve string pooling + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + JDK-8237592, CVE-2020-14577: Enhance certificate verification + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8238002, CVE-2020-14581: Better matrix operations + JDK-8238804: Enhance key handling process + JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + JDK-8238843: Enhanced font handing + JDK-8238920, CVE-2020-14583: Better Buffer support + JDK-8238925: Enhance WAV file playback + JDK-8240119, CVE-2020-14593: Less Affine Transformations + JDK-8240124: Better VM Interning + JDK-8240482: Improved WAV file playback + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8241379: Update JCEKS support + JDK-8241522: Manifest improved jar headers redux + JDK-8242136, CVE-2020-14621: Better XML namespace handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 8 u262 build 01 + JDK-4949105: Access Bridge lacks html tags parsing + JDK-8003209: JFR events for network utilization + JDK-8030680: 292 cleanup from default method code assessment + JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + JDK-8041626: Shutdown tracing event + JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + JDK-8151582: (ch) test java/nio/channels/ /AsyncCloseAndInterrupt.java failing due to 'Connection succeeded' + JDK-8165675: Trace event for thread park has incorrect unit for timeout + JDK-8176182: 4 security tests are not run + JDK-8178910: Problemlist sample tests + JDK-8183925: Decouple crash protection from watcher thread + JDK-8191393: Random crashes during cfree+0x1c + JDK-8195817: JFR.stop should require name of recording + JDK-8195818: JFR.start should increase autogenerated name by one + JDK-8195819: Remove recording=x from jcmd JFR.check output + JDK-8199712: Flight Recorder + JDK-8202578: Revisit location for class unload events + JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + JDK-8203929: Limit amount of data for JFR.dump + JDK-8205516: JFR tool + JDK-8207392: [PPC64] Implement JFR profiling + JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + JDK-8209960: -Xlog:jfr* doesn't work with the JFR + JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + JDK-8213421: Line number information for execution samples always 0 + JDK-8213617: JFR should record the PID of the recorded process + JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + JDK-8213966: The ZGC JFR events should be marked as experimental + JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + JDK-8214750: Unnecessary <p> tags in jfr classes + JDK-8214896: JFR Tool left files behind + JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + JDK-8214925: JFR tool fails to execute + JDK-8215175: Inconsistencies in JFR event metadata + JDK-8215237: jdk.jfr.Recording javadoc does not compile + JDK-8215284: Reduce noise induced by periodic task getFileSize() + JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + JDK-8215771: The jfr tool should pretty print reference chains + JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + JDK-8216528: test/jdk/java/rmi/transport/ /runtimeThreadInheritanceLeak/ /RuntimeThreadInheritanceLeak.java failing with Xcomp + JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + JDK-8216578: Remove unused/obsolete method in JFR code + JDK-8216995: Clean up JFR command line processing + JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + JDK-8223147: JFR Backport + JDK-8223689: Add JFR Thread Sampling Support + JDK-8223690: Add JFR BiasedLock Event Support + JDK-8223691: Add JFR G1 Region Type Change Event Support + JDK-8223692: Add JFR G1 Heap Summary Event Support + JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + JDK-8224475: JTextPane does not show images in HTML rendering + JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + JDK-8226779: [TESTBUG] Test JFR API from Java agent + JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + JDK-8227605: Kitchensink fails 'assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant' + JDK-8229366: JFR backport allows unchecked writing to memory + JDK-8229401: Fix JFR code cache test failures + JDK-8229708: JFR backport code does not initialize + JDK-8229873: 8229401 broke jdk8u-jfr-incubator + JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + JDK-8230707: JFR related tests are failing + JDK-8230782: Robot.createScreenCapture() fails if 'awt.robot.gtk' is set to false + JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + JDK-8231995: two jtreg tests failed after 8229366 is fixed + JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + JDK-8236008: Some backup files were accidentally left in the hotspot tree + JDK-8236074: Missed package-info + JDK-8236174: Should update javadoc since tags + JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + JDK-8238589: Necessary code cleanup in JFR for JDK8u + JDK-8238590: Enable JFR by default during compilation in 8u + JDK-8239055: Wrong implementation of VMState.hasListener + JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + JDK-8239479: minimal1 and zero builds are failing + JDK-8239867: correct over use of INCLUDE_JFR macro + JDK-8240375: Disable JFR by default for July 2020 release + JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + JDK-8242788: Non-PCH build is broken after JDK-8191393 * Import of OpenJDK 8 u262 build 02 + JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + JDK-8230926: [macosx] Two apostrophes are entered instead of one with 'U.S. International - PC' layout + JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + JDK-8242883: Incomplete backport of JDK-8078268: backport test part * Import of OpenJDK 8 u262 build 03 + JDK-8037866: Replace the Fun class in tests with lambdas + JDK-8146612: C2: Precedence edges specification violated + JDK-8150986: serviceability/sa/jmap-hprof/ /JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + JDK-8230597: Update GIFlib library to the 5.2.1 + JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + JDK-8233880, PR3798: Support compilers with multi-digit major version numbers + JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + JDK-8243059: Build fails when --with-vendor-name contains a comma + JDK-8243474: [TESTBUG] removed three tests of 0 bytes + JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result * Import of OpenJDK 8 u262 build 04 + JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + JDK-8244777: ClassLoaderStats VM Op uses constant hash value * Import of OpenJDK 8 u262 build 05 + JDK-7147060: com/sun/org/apache/xml/internal/security/ /transforms/ClassLoaderTest.java doesn't run in agentvm mode + JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + JDK-8227269: Slow class loading when running with JDWP + JDK-8229899: Make java.io.File.isInvalid() less racy + JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + JDK-8241750: x86_32 build failure after JDK-8227269 + JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + JDK-8244843: JapanEraNameCompatTest fails * Import of OpenJDK 8 u262 build 06 + JDK-8246223: Windows build fails after JDK-8227269 * Import of OpenJDK 8 u262 build 07 + JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + JDK-8245167: Top package in method profiling shows null in JMC + JDK-8246703: [TESTBUG] Add test for JDK-8233197 * Import of OpenJDK 8 u262 build 08 + JDK-8220293: Deadlock in JFR string pool + JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 * Import of OpenJDK 8 u262 build 09 + JDK-8248399: Build installs jfr binary when JFR is disabled * Import of OpenJDK 8 u262 build 10 + JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package * Import of OpenJDK 8 u265 build 01 + JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + JDK-8250546: Expect changed behaviour reported in JDK-8249846 * Import of OpenJDK 8 u272 build 01 + JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + JDK-8039082: [TEST_BUG] Test java/awt/dnd/ /BadSerializationTest/BadSerializationTest.java fails + JDK-8075774: Small readability and performance improvements for zipfs + JDK-8132206: move ScanTest.java into OpenJDK + JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/ /appletviewer/IOExceptionIfEncodedURLTest/ /IOExceptionIfEncodedURLTest.sh + JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/ /MTGraphicsAccessTest.java hangs on Win. 8 + JDK-8151788: NullPointerException from ntlm.Client.type3 + JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + JDK-8166148: Fix for JDK-8165936 broke solaris builds + JDK-8167300: Scheduling failures during gcm should be fatal + JDK-8167615: Opensource unit/regression tests for JavaSound + JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + JDK-8177628: Opensource unit/regression tests for ImageIO + JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/ /AppletContextTest/BadPluginConfigurationTest.sh + JDK-8193137: Nashorn crashes when given an empty script file + JDK-8194298: Add support for per Socket configuration of TCP keepalive + JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + JDK-8210147: adjust some WSAGetLastError usages in windows network coding + JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + JDK-8214862: assert(proj != __null) at compile.cpp:3251 + JDK-8217606: LdapContext#reconnect always opens a new connection + JDK-8217647: JFR: recordings on 32-bit systems unreadable + JDK-8226697: Several tests which need the @key headful keyword are missing it. + JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + JDK-8230303: JDB hangs when running monitor command + JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + JDK-8235325: build failure on Linux after 8235243 + JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + JDK-8237951: CTW: C2 compilation fails with 'malformed control flow' + JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + JDK-8239819: XToolkit: Misread of screen information memory + JDK-8240295: hs_err elapsed time in seconds is not accurate enough + JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + JDK-8242498: Invalid 'sun.awt.TimedWindowEvent' object leads to JVM crash + JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + JDK-8246310: Clean commented-out code about ModuleEntry and PackageEntry in JFR + JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public * Import of OpenJDK 8 u272 build 02 + JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + JDK-8025886: replace [[ and == bash extensions in regtest + JDK-8046274: Removing dependency on jakarta-regexp + JDK-8048933: -XX:+TraceExceptions output should include the message + JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/ /fileaccess/FontFile.java fails + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8154313: Generated javadoc scattered all over the place + JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + JDK-8183349: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + JDK-8201633: Problems with AES-GCM native acceleration + JDK-8211049: Second parameter of 'initialize' method is not used + JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + JDK-8224217: RecordingInfo should use textual representation of path + JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + JDK-8238380, PR3798: java.base/unix/native/libjava/childproc.c 'multiple definition' link errors with GCC10 + JDK-8238386, PR3798: (sctp) jdk.sctp/unix/native/libsctp/ /SctpNet.c 'multiple definition' link errors with GCC10 + JDK-8238388, PR3798: libj2gss/NativeFunc.o 'multiple definition' link errors with GCC10 + JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + JDK-8250755: Better cleanup for jdk/test/javax/imageio/ /plugins/shared/CanWriteSequence.java * Import of OpenJDK 8 u272 build 03 + JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + JDK-8203357: Container Metrics + JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + JDK-8216283: Allow shorter method sampling interval than 10 ms + JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + JDK-8233097: Fontmetrics for large Fonts has zero width + JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update * Import of OpenJDK 8 u272 build 04 + JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + JDK-8243138: Enhance BaseLdapServer to support starttls extended request * Import of OpenJDK 8 u272 build 05 + JDK-8026236: Add PrimeTest for BigInteger + JDK-8057003: Large reference arrays cause extremely long synchronization times + JDK-8060721: Test runtime/SharedArchiveFile/ /LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled * Import of OpenJDK 8 u272 build 06 + JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + JDK-8080462, PR3801: Update SunPKCS11 provider with PKCS11 v2.40 support + JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + JDK-8169925, PR3801: PKCS #11 Cryptographic Token Interface license + JDK-8184762: ZapStackSegments should use optimized memset + JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + JDK-8226575: OperatingSystemMXBean should be made container aware + JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + JDK-8238898, PR3801: Missing hash characters for header on license file + JDK-8243320: Add SSL root certificates to Oracle Root CA program + JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + JDK-8245467: Remove 8u TLSv1.2 implementation files + JDK-8245469: Remove DTLS protocol implementation + JDK-8245470: Fix JDK8 compatibility issues + JDK-8245471: Revert JDK-8148188 + JDK-8245472: Backport JDK-8038893 to JDK8 + JDK-8245473: OCSP stapling support + JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + JDK-8245477: Adjust TLS tests location + JDK-8245653: Remove 8u TLS tests + JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + JDK-8251120, PR3793: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + JDK-8251341: Minimal Java specification change + JDK-8251478: Backport TLSv1.3 regression tests to JDK8u * Import of OpenJDK 8 u272 build 07 + JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ * Import of OpenJDK 8 u272 build 08 + JDK-8062947: Fix exception message to correctly represent LDAP connection failure + JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + JDK-8252573: 8u: Windows build failed after 8222079 backport * Import of OpenJDK 8 u272 build 09 + JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed * Import of OpenJDK 8 u272 build 10 + JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + JDK-8254937: Revert JDK-8148854 for 8u272 * Backports + JDK-8038723, PR3806: Openup some PrinterJob tests + JDK-8041480, PR3806: ArrayIndexOutOfBoundsException when JTable contains certain string + JDK-8058779, PR3805: Faster implementation of String.replace(CharSequence, CharSequence) + JDK-8130125, PR3806: [TEST_BUG] add @modules to the several client tests unaffected by the automated bulk update + JDK-8144015, PR3806: [PIT] failures of text layout font tests + JDK-8144023, PR3806: [PIT] failure of text measurements in javax/swing/text/html/parser/Parser/6836089/bug6836089.java + JDK-8144240, PR3806: [macosx][PIT] AIOOB in closed/javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8145542, PR3806: The case failed automatically and thrown java.lang.ArrayIndexOutOfBoundsException exception + JDK-8151725, PR3806: [macosx] ArrayIndexOOB exception when displaying Devanagari text in JEditorPane + JDK-8152358, PR3800: code and comment cleanups found during the hunt for 8077392 + JDK-8152545, PR3804: Use preprocessor instead of compiling a program to generate native nio constants + JDK-8152680, PR3806: Regression in GlyphVector.getGlyphCharIndex behaviour + JDK-8158924, PR3806: Incorrect i18n text document layout + JDK-8166003, PR3806: [PIT][TEST_BUG] missing helper for javax/swing/text/GlyphPainter2/6427244/bug6427244.java + JDK-8166068, PR3806: test/java/awt/font/GlyphVector/ /GetGlyphCharIndexTest.java does not compile + JDK-8169879, PR3806: [TEST_BUG] javax/swing/text/ /GlyphPainter2/6427244/bug6427244.java - compilation failed + JDK-8191512, PR3806: T2K font rasterizer code removal + JDK-8191522, PR3806: Remove Bigelow&Holmes Lucida fonts from JDK sources + JDK-8236512, PR3801: PKCS11 Connection closed after Cipher.doFinal and NoPadding + JDK-8254177, PR3809: (tz) Upgrade time-zone data to tzdata2020b * Bug fixes + PR3798: Fix format-overflow error on GCC 10, caused by passing NULL to a '%s' directive + PR3795: ECDSAUtils for XML digital signatures should support the same curve set as the rest of the JDK + PR3799: Adapt elliptic curve patches to JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 + PR3808: IcedTea does not install the JFR *.jfc files + PR3810: Enable JFR on x86 (32-bit) now that JDK-8252096 has fixed its use with Shenandoah + PR3811: Don't attempt to install JFR files when JFR is disabled * Shenandoah + [backport] 8221435: Shenandoah should not mark through weak roots + [backport] 8221629: Shenandoah: Cleanup class unloading logic + [backport] 8222992: Shenandoah: Pre-evacuate all roots + [backport] 8223215: Shenandoah: Support verifying subset of roots + [backport] 8223774: Shenandoah: Refactor ShenandoahRootProcessor and family + [backport] 8224210: Shenandoah: Refactor ShenandoahRootScanner to support scanning CSet codecache roots + [backport] 8224508: Shenandoah: Need to update thread roots in final mark for piggyback ref update cycle + [backport] 8224579: ResourceMark not declared in shenandoahRootProcessor.inline.hpp with --disable-precompiled-headers + [backport] 8224679: Shenandoah: Make ShenandoahParallelCodeCacheIterator noncopyable + [backport] 8224751: Shenandoah: Shenandoah Verifier should select proper roots according to current GC cycle + [backport] 8225014: Separate ShenandoahRootScanner method for object_iterate + [backport] 8225216: gc/logging/TestMetaSpaceLog.java doesn't work for Shenandoah + [backport] 8225573: Shenandoah: Enhance ShenandoahVerifier to ensure roots to-space invariant + [backport] 8225590: Shenandoah: Refactor ShenandoahClassLoaderDataRoots API + [backport] 8226413: Shenandoah: Separate root scanner for SH::object_iterate() + [backport] 8230853: Shenandoah: replace leftover assert(is_in(...)) with rich asserts + [backport] 8231198: Shenandoah: heap walking should visit all roots most of the time + [backport] 8231244: Shenandoah: all-roots heap walking misses some weak roots + [backport] 8237632: Shenandoah: accept NULL fwdptr to cooperate with JVMTI and JFR + [backport] 8239786: Shenandoah: print per-cycle statistics + [backport] 8239926: Shenandoah: Shenandoah needs to mark nmethod's metadata + [backport] 8240671: Shenandoah: refactor ShenandoahPhaseTimings + [backport] 8240749: Shenandoah: refactor ShenandoahUtils + [backport] 8240750: Shenandoah: remove leftover files and mentions of ShenandoahAllocTracker + [backport] 8240868: Shenandoah: remove CM-with-UR piggybacking cycles + [backport] 8240872: Shenandoah: Avoid updating new regions from start of evacuation + [backport] 8240873: Shenandoah: Short-cut arraycopy barriers + [backport] 8240915: Shenandoah: Remove unused fields in init mark tasks + [backport] 8240948: Shenandoah: cleanup not-forwarded-objects paths after JDK-8240868 + [backport] 8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support + [backport] 8241062: Shenandoah: rich asserts trigger 'empty statement' inspection + [backport] 8241081: Shenandoah: Do not modify update-watermark concurrently + [backport] 8241093: Shenandoah: editorial changes in flag descriptions + [backport] 8241139: Shenandoah: distribute mark-compact work exactly to minimize fragmentation + [backport] 8241142: Shenandoah: should not use parallel reference processing with single GC thread + [backport] 8241351: Shenandoah: fragmentation metrics overhaul + [backport] 8241435: Shenandoah: avoid disabling pacing with 'aggressive' + [backport] 8241520: Shenandoah: simplify region sequence numbers handling + [backport] 8241534: Shenandoah: region status should include update watermark + [backport] 8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure + [backport] 8241583: Shenandoah: turn heap lock asserts into macros + [backport] 8241668: Shenandoah: make ShenandoahHeapRegion not derive from ContiguousSpace + [backport] 8241673: Shenandoah: refactor anti-false-sharing padding + [backport] 8241675: Shenandoah: assert(n->outcnt() > 0) at shenandoahSupport.cpp:2858 with java/util/Collections/FindSubList.java + [backport] 8241692: Shenandoah: remove ShenandoahHeapRegion::_reserved + [backport] 8241700: Shenandoah: Fold ShenandoahKeepAliveBarrier flag into ShenandoahSATBBarrier + [backport] 8241740: Shenandoah: remove ShenandoahHeapRegion::_heap + [backport] 8241743: Shenandoah: refactor and inline ShenandoahHeap::heap() + [backport] 8241748: Shenandoah: inline MarkingContext TAMS methods + [backport] 8241838: Shenandoah: no need to trash cset during final mark + [backport] 8241841: Shenandoah: ditch one of allocation type counters in ShenandoahHeapRegion + [backport] 8241842: Shenandoah: inline ShenandoahHeapRegion::region_number + [backport] 8241844: Shenandoah: rename ShenandoahHeapRegion::region_number + [backport] 8241845: Shenandoah: align ShenandoahHeapRegions to cache lines + [backport] 8241926: Shenandoah: only print heap changes for operations that directly affect it + [backport] 8241983: Shenandoah: simplify FreeSet logging + [backport] 8241985: Shenandoah: simplify collectable garbage logging + [backport] 8242040: Shenandoah: print allocation failure type + [backport] 8242041: Shenandoah: adaptive heuristics should account evac reserve in free target + [backport] 8242042: Shenandoah: tune down ShenandoahGarbageThreshold + [backport] 8242054: Shenandoah: New incremental-update mode + [backport] 8242075: Shenandoah: rename ShenandoahHeapRegionSize flag + [backport] 8242082: Shenandoah: Purge Traversal mode + [backport] 8242083: Shenandoah: split 'Prepare Evacuation' tracking into cset/freeset counters + [backport] 8242089: Shenandoah: per-worker stats should be summed up, not averaged + [backport] 8242101: Shenandoah: coalesce and parallelise heap region walks during the pauses + [backport] 8242114: Shenandoah: remove ShenandoahHeapRegion::reset_alloc_metadata_to_shared + [backport] 8242130: Shenandoah: Simplify arraycopy-barrier dispatching + [backport] 8242211: Shenandoah: remove ShenandoahHeuristics::RegionData::_seqnum_last_alloc + [backport] 8242212: Shenandoah: initialize ShenandoahHeuristics::_region_data eagerly + [backport] 8242213: Shenandoah: remove ShenandoahHeuristics::_bytes_in_cset + [backport] 8242217: Shenandoah: Enable GC mode to be diagnostic/experimental and have a name + [backport] 8242227: Shenandoah: transit regions to cset state when adding to collection set + [backport] 8242228: Shenandoah: remove unused ShenandoahCollectionSet methods + [backport] 8242229: Shenandoah: inline ShenandoahHeapRegion liveness-related methods + [backport] 8242267: Shenandoah: regions space needs to be aligned by os::vm_allocation_granularity() + [backport] 8242271: Shenandoah: add test to verify GC mode unlock + [backport] 8242273: Shenandoah: accept either SATB or IU barriers, but not both + [backport] 8242301: Shenandoah: Inline LRB runtime call + [backport] 8242316: Shenandoah: Turn NULL-check into assert in SATB slow-path entry + [backport] 8242353: Shenandoah: micro-optimize region liveness handling + [backport] 8242365: Shenandoah: use uint16_t instead of jushort for liveness cache + [backport] 8242375: Shenandoah: Remove ShenandoahHeuristic::record_gc_start/end methods + [backport] 8242641: Shenandoah: clear live data and update TAMS optimistically + [backport] 8243238: Shenandoah: explicit GC request should wait for a complete GC cycle + [backport] 8243301: Shenandoah: ditch ShenandoahAllowMixedAllocs + [backport] 8243307: Shenandoah: remove ShCollectionSet::live_data + [backport] 8243395: Shenandoah: demote guarantee in ShenandoahPhaseTimings::record_workers_end + [backport] 8243463: Shenandoah: ditch total_pause counters + [backport] 8243464: Shenandoah: print statistic counters in time order + [backport] 8243465: Shenandoah: ditch unused pause_other, conc_other counters + [backport] 8243487: Shenandoah: make _num_phases illegal phase type + [backport] 8243494: Shenandoah: set counters once per cycle + [backport] 8243573: Shenandoah: rename GCParPhases and related code + [backport] 8243848: Shenandoah: Windows build fails after JDK-8239786 + [backport] 8244180: Shenandoah: carry Phase to ShWorkerTimingsTracker explicitly + [backport] 8244200: Shenandoah: build breakages after JDK-8241743 + [backport] 8244226: Shenandoah: per-cycle statistics contain worker data from previous cycles + [backport] 8244326: Shenandoah: global statistics should not accept bogus samples + [backport] 8244509: Shenandoah: refactor ShenandoahBarrierC2Support::test_* methods + [backport] 8244551: Shenandoah: Fix racy update of update_watermark + [backport] 8244667: Shenandoah: SBC2Support::test_gc_state takes loop for wrong control + [backport] 8244730: Shenandoah: gc/shenandoah/options/ /TestHeuristicsUnlock.java should only verify the heuristics + [backport] 8244732: Shenandoah: move heuristics code to gc/shenandoah/heuristics + [backport] 8244737: Shenandoah: move mode code to gc/shenandoah/mode + [backport] 8244739: Shenandoah: break superclass dependency on ShenandoahNormalMode + [backport] 8244740: Shenandoah: rename ShenandoahNormalMode to ShenandoahSATBMode + [backport] 8245461: Shenandoah: refine mode name()-s + [backport] 8245463: Shenandoah: refine ShenandoahPhaseTimings constructor arguments + [backport] 8245464: Shenandoah: allocate collection set bitmap at lower addresses + [backport] 8245465: Shenandoah: test_in_cset can use more efficient encoding + [backport] 8245726: Shenandoah: lift/cleanup ShenandoahHeuristics names and properties + [backport] 8245754: Shenandoah: ditch ShenandoahAlwaysPreTouch + [backport] 8245757: Shenandoah: AlwaysPreTouch should not disable heap resizing or uncommits + [backport] 8245773: Shenandoah: Windows assertion failure after JDK-8245464 + [backport] 8245812: Shenandoah: compute root phase parallelism + [backport] 8245814: Shenandoah: reconsider format specifiers for stats + [backport] 8245825: Shenandoah: Remove diagnostic flag ShenandoahConcurrentScanCodeRoots + [backport] 8246162: Shenandoah: full GC does not mark code roots when class unloading is off + [backport] 8247310: Shenandoah: pacer should not affect interrupt status + [backport] 8247358: Shenandoah: reconsider free budget slice for marking + [backport] 8247367: Shenandoah: pacer should wait on lock instead of exponential backoff + [backport] 8247474: Shenandoah: Windows build warning after JDK-8247310 + [backport] 8247560: Shenandoah: heap iteration holds root locks all the time + [backport] 8247593: Shenandoah: should not block pacing reporters + [backport] 8247751: Shenandoah: options tests should run with smaller heaps + [backport] 8247754: Shenandoah: mxbeans tests can be shorter + [backport] 8247757: Shenandoah: split heavy tests by heuristics to improve parallelism + [backport] 8247860: Shenandoah: add update watermark line in rich assert failure message + [backport] 8248041: Shenandoah: pre-Full GC root updates may miss some roots + [backport] 8248652: Shenandoah: SATB buffer handling may assume no forwarded objects + [backport] 8249560: Shenandoah: Fix racy GC request handling + [backport] 8249649: Shenandoah: provide per-cycle pacing stats + [backport] 8249801: Shenandoah: Clear soft-refs on requested GC cycle + [backport] 8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases + Fix slowdebug build after JDK-8230853 backport + JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR + JDK-8252366: Shenandoah: revert/cleanup changes in graphKit.cpp + Shenandoah: add JFR roots to root processor after JFR integration + Shenandoah: add root statistics for string dedup table/queues + Shenandoah: enable low-frequency STW class unloading + Shenandoah: fix build failures after JDK-8244737 backport + Shenandoah: Fix build failure with +JFR -PCH + Shenandoah: fix forceful pacer claim + Shenandoah: fix formats in ShenandoahStringSymbolTableUnlinkTask + Shenandoah: fix runtime linking failure due to non-compiled shenandoahBarrierSetC1 + Shenandoah: hook statistics printing to PrintGCDetails, not PrintGC + Shenandoah: JNI weak roots are always cleared before Full GC mark + Shenandoah: missing SystemDictionary roots in ShenandoahHeapIterationRootScanner + Shenandoah: move barrier sets to their proper locations + Shenandoah: move parallelCleaning.* to shenandoah/ + Shenandoah: pacer should use proper Atomics for intptr_t + Shenandoah: properly deallocates class loader metadata + Shenandoah: specialize String Table scans for better pause performance + Shenandoah: Zero build fails after recent Atomic cleanup in Pacer * AArch64 port + JDK-8161072, PR3797: AArch64: jtreg compiler/uncommontrap/TestDeoptOOM failure + JDK-8171537, PR3797: aarch64: compiler/c1/Test6849574.java generates guarantee failure in C1 + JDK-8183925, PR3797: [AArch64] Decouple crash protection from watcher thread + JDK-8199712, PR3797: [AArch64] Flight Recorder + JDK-8203481, PR3797: Incorrect constraint for unextended_sp in frame:safe_for_sender + JDK-8203699, PR3797: java/lang/invoke/SpecialInterfaceCall fails with SIGILL on aarch64 + JDK-8209413, PR3797: AArch64: NPE in clhsdb jstack command + JDK-8215961, PR3797: jdk/jfr/event/os/TestCPUInformation.java fails on AArch64 + JDK-8216989, PR3797: CardTableBarrierSetAssembler::gen_write_ref_array_post_barrier() does not check for zero length on AARCH64 + JDK-8217368, PR3797: AArch64: C2 recursive stack locking optimisation not triggered + JDK-8221658, PR3797: aarch64: add necessary predicate for ubfx patterns + JDK-8237512, PR3797: AArch64: aarch64TestHook leaks a BufferBlob + JDK-8246482, PR3797: Build failures with +JFR -PCH + JDK-8247979, PR3797: aarch64: missing side effect of killing flags for clearArray_reg_reg + JDK-8248219, PR3797: aarch64: missing memory barrier in fast_storefield and fast_accessfield - Ignore whitespaces after the header or footer in PEM X.509 cert (bsc#1171352) Important SUSE bug 1171352 SUSE bug 1174157 SUSE bug 1177943 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_141 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952). - CVE-2020-1749: A flaw was found in the implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link, rather sending the data unencrypted. This would have allowed anyone in between the two endpoints to read the traffic unencrypted. (bsc#1165629) Important SUSE bug 1165631 SUSE bug 1173942 SUSE bug 1176012 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-11668 CVE-2020-14381 CVE-2020-1749 CVE-2020-25212 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). Important SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-25212 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). Important SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-25212 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). Important SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-25212 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. (bsc#1176724) - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722) - CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381). - CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069). Important SUSE bug 1176012 SUSE bug 1176072 SUSE bug 1176382 SUSE bug 1176896 SUSE bug 1176931 CVE-2020-0429 CVE-2020-0431 CVE-2020-14381 CVE-2020-14386 CVE-2020-25212 cpe:/o:suse:sles-espos:12:sp2 Security update for gcc10 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for gcc10 fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Moderate SUSE bug 1172798 SUSE bug 1172846 SUSE bug 1173972 SUSE bug 1174753 SUSE bug 1174817 SUSE bug 1175168 CVE-2020-13844 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: - Intel CPU Microcode updated to 20201027 prerelease - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) # New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile # Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173594 CVE-2020-8695 CVE-2020-8698 cpe:/o:suse:sles-espos:12:sp2 Security update for systemd (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Unconfirmed fix for prevent hanging of systemctl during restart. (bsc#1139459) - Fix warnings thrown during package installation. (bsc#1154043) - Fix for system-udevd prevent crash within OES2018. (bsc#1151506) - Fragments of masked units ought not be considered for 'NeedDaemonReload'. (bsc#1156482) - Wait for workers to finish when exiting. (bsc#1106383) - Improve log message when inotify limit is reached. (bsc#1155574) - Mention in the man pages that alias names are only effective after command 'systemctl enable'. (bsc#1151377) - Introduce function for reading virtual files in 'sysfs' and 'procfs'. (bsc#1133495, bsc#1159814) Important SUSE bug 1106383 SUSE bug 1133495 SUSE bug 1139459 SUSE bug 1151377 SUSE bug 1151506 SUSE bug 1154043 SUSE bug 1155574 SUSE bug 1156482 SUSE bug 1159814 SUSE bug 1162108 CVE-2020-1712 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing + JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better range handling + JDK-8242680, CVE-2020-14796: Improved URI Support + JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695, CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports + JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412: Better class definitions + JDK-8245417: Improve certificate chain handling + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding * Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal(PhaseGVN*, bool) Important SUSE bug 1177943 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). Important SUSE bug 1178387 CVE-2020-25692 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.4.1 ESR * Fixed: Security fix MFSA 2020-49 (bsc#1178588) * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for Important SUSE bug 1178588 CVE-2020-26950 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: - CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). - CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888). - CVE-2019-19581: find_next_bit() issues (bsc#1158003). - CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004). - CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005). - CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006). - CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007). - CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448). - CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456). - CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458). - CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461). - CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945). - CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497). Important SUSE bug 1152497 SUSE bug 1154448 SUSE bug 1154456 SUSE bug 1154458 SUSE bug 1154461 SUSE bug 1155945 SUSE bug 1157888 SUSE bug 1158003 SUSE bug 1158004 SUSE bug 1158005 SUSE bug 1158006 SUSE bug 1158007 SUSE bug 1161181 CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19583 CVE-2020-7211 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update changes the internal packaging for postgresql, and so contains all currently maintained postgresql versions across our SUSE Linux Enterprise 12 products. * postgresql12 is shipped new in version 12.3 (bsc#1171924). The server and client packages only on SUSE Linux Enterprise Server 12 SP5, the libraries on SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/12/release-12-3.html * postgresql10 is updated to 10.13 (bsc#1171924). On SUSE Linux Enterprise Server 12 SP2 LTSS up to 12 SP5. + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/10/release-10-13.html * postgresql96 is updated to 9.6.18 (bsc#1171924): + https://www.postgresql.org/about/news/2038/ + https://www.postgresql.org/docs/9.6/release-9-6-18.html On SUSE Linux Enterprise Server 12-SP2 and 12-SP3 LTSS only. * postgresql 9.4 is updated to 9.4.26: + https://www.postgresql.org/about/news/2011/ + https://www.postgresql.org/docs/9.4/release-9-4-26.html + https://www.postgresql.org/about/news/1994/ + https://www.postgresql.org/docs/9.4/release-9-4-25.html Moderate SUSE bug 1171924 cpe:/o:suse:sles-espos:12:sp2 Security update for raptor (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for raptor fixes the following issues: - Fixed a heap overflow vulnerability (bsc#1178593, CVE-2017-18926). - Update raptor to version 2.0.15 * Made several fixes to Turtle / N-Triples family of parsers and serializers * Added utility functions for re-entrant sorting of objects and sequences. * Made other fixes and improvements including fixing reported issues: 0000574, 0000575, 0000576, 0000577, 0000579, 0000581 and 0000584. Important SUSE bug 1178593 CVE-2017-18926 cpe:/o:suse:sles-espos:12:sp2 Security update for kernel-firmware (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for kernel-firmware fixes the following issue: - CVE-2020-12321: Updated the Intel Bluetooth firmware for buffer overflow security bugs (bsc#1178671). Important SUSE bug 1178671 CVE-2020-12321 cpe:/o:suse:sles-espos:12:sp2 Security update for libzypp, zypper (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libzypp, zypper fixes the following issues: libzypp fixes the following security issue: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). zypper was updated to fix the following issues: - Fixed an issue, where zypper crashed when the system language is set to Spanish and the user tried to patch their system with 'zypper patch --category security' (bsc#1178038) - Fixed a typo in man page (bsc#1169947) Moderate SUSE bug 1158763 SUSE bug 1169947 SUSE bug 1178038 CVE-2019-18900 cpe:/o:suse:sles-espos:12:sp2 Security update for krb5 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). Moderate SUSE bug 1178512 CVE-2020-28196 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_141 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_138 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_135 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_129 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_125 fixes one issue. The following security issue was fixed: - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Important SUSE bug 1177513 CVE-2020-25645 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql10 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql10 fixes the following issues: Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html Update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql96 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql96 fixes the following issues: Upgrade to version 9.6.20: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/9.6/release-9-6-20.html Changes from 9.6.19: * CVE-2020-14350, bsc#1175194: Make contrib modules installation Important SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed: - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software and services that rely on UDP source port randomization (like DNS) are indirectly affected as well. Kernel versions may be vulnerable to this issue (bsc#1175721, bsc#1178782). - CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766). - CVE-2017-18204: Fixed a denial of service in the ocfs2_setattr function of fs/ocfs2/file.c (bnc#1083244). - CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-8694: Restricted energy meter to root access (bsc#1170415). - CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511). - CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011). - CVE-2020-25212: Fixed A TOCTOU mismatch in the NFS client code which could have been used by local attackers to corrupt memory (bsc#1176381). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-25643: Fixed a memory corruption and a read overflow which could have caused by improper input validation in the ppp_cp_parse_cr function (bsc#1177206). - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). The following non-security bugs were fixed: - btrfs: fix race with relocation recovery and fs_root setup (bsc#1131277). - btrfs: flush_space always takes fs_info->fs_root (bsc#1131277). - btrfs: btrfs_init_new_device should use fs_info->dev_root (bsc#1131277, bsc#1176922). - btrfs: btrfs_test_opt and friends should take a btrfs_fs_info (bsc#1131277, bsc#1176922). - btrfs: call functions that always use the same root with fs_info instead (bsc#1131277, bsc#1176922). - btrfs: call functions that overwrite their root parameter with fs_info (bsc#1131277, bsc#1176922). - btrfs: flush_space always takes fs_info->fs_root (bsc#1131277, bsc#1176922). - btrfs: pull node/sector/stripe sizes out of root and into fs_info (bsc#1131277, bsc#1176922). - btrfs: Remove fs_info argument of btrfs_write_and_wait_transaction (bsc#1131277, bsc#1176922). - btrfs: remove root parameter from transaction commit/end routines (bsc#1131277, bsc#1176922). - btrfs: remove root usage from can_overcommit (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, access fs_info->delayed_root directly (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, add fs_info convenience variables (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, btrfs_calc_{trans,trunc}_metadata_size (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, update_block_group{,flags} (bsc#1131277, bsc#1176922). - btrfs: root->fs_info cleanup, use fs_info->dev_root everywhere (bsc#1131277, bsc#1176922). - btrfs: split btrfs_wait_marked_extents into normal and tree log functions (bsc#1131277, bsc#1176922). - btrfs: struct btrfsic_state->root should be an fs_info (bsc#1131277, bsc#1176922). - btrfs: take an fs_info directly when the root is not used otherwise (bsc#1131277, bsc#1176922). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600). Important SUSE bug 1065600 SUSE bug 1083244 SUSE bug 1131277 SUSE bug 1170415 SUSE bug 1175721 SUSE bug 1175749 SUSE bug 1176011 SUSE bug 1176235 SUSE bug 1176253 SUSE bug 1176278 SUSE bug 1176381 SUSE bug 1176382 SUSE bug 1176423 SUSE bug 1176482 SUSE bug 1176721 SUSE bug 1176722 SUSE bug 1176725 SUSE bug 1176896 SUSE bug 1176922 SUSE bug 1176990 SUSE bug 1177027 SUSE bug 1177086 SUSE bug 1177165 SUSE bug 1177206 SUSE bug 1177226 SUSE bug 1177410 SUSE bug 1177411 SUSE bug 1177511 SUSE bug 1177513 SUSE bug 1177725 SUSE bug 1177766 SUSE bug 1178782 CVE-2017-18204 CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-12352 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-26088 CVE-2020-8694 cpe:/o:suse:sles-espos:12:sp2 Security update for ucode-intel (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) - CVE-2020-8696: Vector Register Sampling Active INTEL-SA-00381 (bsc#1173592) - Release notes: - Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html). - Security updates for [INTEL-SA-00389](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html). - Update for functional issues. Refer to [Second Generation Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details. - Update for functional issues. Refer to [Intel? Xeon? Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details. - Update for functional issues. Refer to [10th Gen Intel? Core™ Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details. - Update for functional issues. Refer to [8th and 9th Gen Intel? Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details. - Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel? Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details. - Update for functional issues. Refer to [6th Gen Intel? Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details. - Update for functional issues. Refer to [Intel? Xeon? E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details. - Update for functional issues. Refer to [Intel? Xeon? E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details. ### New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CPX-SP | A1 | 06-55-0b/bf | | 0700001e | Xeon Scalable Gen3 | LKF | B2/B3 | 06-8a-01/10 | | 00000028 | Core w/Hybrid Technology | TGL | B1 | 06-8c-01/80 | | 00000068 | Core Gen11 Mobile | CML-H | R1 | 06-a5-02/20 | | 000000e0 | Core Gen10 Mobile | CML-S62 | G1 | 06-a5-03/22 | | 000000e0 | Core Gen10 | CML-S102 | Q0 | 06-a5-05/22 | | 000000e0 | Core Gen10 | CML-U62 V2 | K0 | 06-a6-01/80 | | 000000e0 | Core Gen10 Mobile ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000043 | 00000044 | Core Gen4 X series; Xeon E5 v3 | SKL-U/Y | D0 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKL-U23e | K1 | 06-4e-03/c0 | 000000d6 | 000000e2 | Core Gen6 Mobile | SKX-SP | B1 | 06-55-03/97 | 01000157 | 01000159 | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006906 | 02006a08 | Xeon D-21xx | CLX-SP | B0 | 06-55-06/bf | 04002f01 | 04003003 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05002f01 | 05003003 | Xeon Scalable Gen2 | APL | D0 | 06-5c-09/03 | 00000038 | 00000040 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx | APL | E0 | 06-5c-0a/03 | 00000016 | 0000001e | Atom x5-E39xx | SKL-H/S | R0/N0 | 06-5e-03/36 | 000000d6 | 000000e2 | Core Gen6; Xeon E3 v5 | GKL-R | R0 | 06-7a-08/01 | 00000016 | 00000018 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 00000078 | 000000a0 | Core Gen10 Mobile | AML-Y22 | H0 | 06-8e-09/10 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000d6 | 000000de | Core Gen7 Mobile | CFL-U43e | D0 | 06-8e-0a/c0 | 000000d6 | 000000e0 | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000d6 | 000000de | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen10 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000d6 | 000000de | Core Gen8 Mobile | KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000d6 | 000000de | Core Gen7; Xeon E3 v6 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000d6 | 000000de | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000d6 | 000000de | Core Gen8 | CFL-H/S | P0 | 06-9e-0c/22 | 000000d6 | 000000de | Core Gen9 | CFL-H | R0 | 06-9e-0d/22 | 000000d6 | 000000de | Core Gen9 Mobile | CML-U62 | A0 | 06-a6-00/80 | 000000ca | 000000e0 | Core Gen10 Mobile Moderate SUSE bug 1170446 SUSE bug 1173592 SUSE bug 1173594 SUSE bug 1178971 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/o:suse:sles-espos:12:sp2 Security update for bluez (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for bluez fixes the following issues: - CVE-2020-0556: Fixed improper access control which may lead to escalation of privilege and denial of service by an unauthenticated user (bsc#1166751). Important SUSE bug 1166751 CVE-2020-0556 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 Important SUSE bug 1178824 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 cpe:/o:suse:sles-espos:12:sp2 Security update for LibVNCServer (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for LibVNCServer fixes the following issues: - CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS Important SUSE bug 1178682 CVE-2020-25708 cpe:/o:suse:sles-espos:12:sp2 Security update for xorg-x11-server (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xorg-x11-server fixes the following issues: - CVE-2020-25712: Fixed a heap-based buffer overflow which could have led to privilege escalation (bsc#1177596). - CVE-2020-14360: Fixed an out of bounds memory accesses on too short request which could lead to denial of service (bsc#1174908). Important SUSE bug 1174908 SUSE bug 1177596 CVE-2020-14360 CVE-2020-25712 cpe:/o:suse:sles-espos:12:sp2 Security update for python-setuptools (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-espos:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3 fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-espos:12:sp2 Security update for gdm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for gdm fixes the following issues: - CVE-2020-16125: Fixed a privilege escalation (bsc#1178150). Important SUSE bug 1178150 CVE-2020-16125 cpe:/o:suse:sles-espos:12:sp2 Security update for python-cryptography (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). Moderate SUSE bug 1178168 CVE-2020-25659 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql12 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql12 fixes the following issues: Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html The previous postgresql12 update already addressed: Update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Important SUSE bug 1175193 SUSE bug 1175194 SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 CVE-2020-14349 CVE-2020-14350 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-espos:12:sp2 Security update for mutt (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mutt fixes the following issues: - Find and display the content of messages properly. (bsc#1179461) - CVE-2020-28896: incomplete connection termination could send credentials over unencrypted connections. (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes. (bsc#1179113) Important SUSE bug 1179035 SUSE bug 1179113 SUSE bug 1179461 CVE-2020-28896 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Important SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Important SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Important SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_141 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-8694: Fixed an insufficient access control in the Linux kernel driver for some Intel(R) Processors which might have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1178700). - CVE-2020-25705: Fixed a flaw which could have allowed an off-path remote user to effectively bypass source port UDP randomization (bsc#1178783). Important SUSE bug 1178622 SUSE bug 1178700 SUSE bug 1178783 CVE-2020-25668 CVE-2020-25705 CVE-2020-8694 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_146 fixes several issues. The following security issues were fixed: - CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). - CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a memory corruption due to a use after free which could have led to to local privilege escalation (bsc#1176931). - CVE-2020-11668: Fixed an issue where the Xirlink camera USB driver mishandled invalid descriptors (bsc#1173942). - CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1173942 SUSE bug 1176931 SUSE bug 1177513 SUSE bug 1178622 CVE-2020-0429 CVE-2020-11668 CVE-2020-1749 CVE-2020-25645 CVE-2020-25668 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: - bsc#1178963 - stack corruption from XSA-346 change (XSA-355) - bsc#1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) - bsc#1177412 - CVE-2020-27672: Race condition in Xen mapping code (XSA-345) - bsc#1177413 - CVE-2020-27671: undue deferral of IOMMU TLB flushes (XSA-346) - bsc#1177414 - CVE-2020-27670: unsafe AMD IOMMU page table updates (XSA-347) - bsc#1178591 - CVE-2020-28368: Intel RAPL sidechannel attack aka PLATYPUS attack aka XSA-351 Important SUSE bug 1177409 SUSE bug 1177412 SUSE bug 1177413 SUSE bug 1177414 SUSE bug 1178591 SUSE bug 1178963 CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). Important SUSE bug 1179491 CVE-2020-1971 cpe:/o:suse:sles-espos:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Important SUSE bug 1176262 CVE-2019-20916 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.5.0 ESR * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Fixed: Fixed various issues opening files with spaces in their path (bmo#1601905, bmo#1602726) Important SUSE bug 1161799 CVE-2020-6796 CVE-2020-6797 CVE-2020-6798 CVE-2020-6799 CVE-2020-6800 cpe:/o:suse:sles-espos:12:sp2 Security update for spice-gtk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for spice-gtk fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Fixed a buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles-espos:12:sp2 Security update for spice (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for spice fixes the following issues: - CVE-2018-10873: Fixed a potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Fixed a buffer overflow on image lz checks (bsc#1101295) Important SUSE bug 1101295 SUSE bug 1104448 CVE-2018-10873 CVE-2018-10893 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Critical) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2020-55 (bsc#1180039) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 Critical SUSE bug 1180039 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests (bsc#117949 XSA-115). - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions (bsc#1179498 XSA-322). - CVE-2020-29483: Fixed an issue where guests could disturb domain cleanup (bsc#1179502 XSA-325). - CVE-2020-29484: Fixed an issue where guests could crash xenstored via watchs (bsc#1179501 XSA-324). - CVE-2020-29566: Fixed an undue recursion in x86 HVM context switch code (bsc#1179506 XSA-348). - CVE-2020-29570: Fixed an issue where FIFO event channels control block related ordering (bsc#1179514 XSA-358). - CVE-2020-29571: Fixed an issue where FIFO event channels control structure ordering (bsc#1179516 XSA-359). - CVE-2020-29130: Fixed an out-of-bounds access while processing ARP packets (bsc#1179477). - Fixed an issue where dump-core shows missing nr_pages during core (bsc#1176782). - Multiple other bugs (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1176782 SUSE bug 1179477 SUSE bug 1179496 SUSE bug 1179498 SUSE bug 1179501 SUSE bug 1179502 SUSE bug 1179506 SUSE bug 1179514 SUSE bug 1179516 CVE-2020-29130 CVE-2020-29480 CVE-2020-29481 CVE-2020-29483 CVE-2020-29484 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571 cpe:/o:suse:sles-espos:12:sp2 Security update for clamav (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for clamav fixes the following issues: clamav was updated to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459. * clamd can now reload the signature database without blocking scanning. This multi-threaded database reload improvement was made possible thanks to a community effort. - Non-blocking database reloads are now the default behavior. Some systems that are more constrained on RAM may need to disable non-blocking reloads as it will temporarily consume two times as much memory. We added a new clamd config option ConcurrentDatabaseReload, which may be set to no. * Fix clamav-milter.service (requires clamd.service to run) * bsc#1119353, clamav-fips.patch: Fix freshclam crash in FIPS mode. * Partial sync with SLE15. Update to version 0.102.4 Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. * CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. (bsc#1157763). * CVE-2019-12900: An out of bounds write in the NSIS bzip2 (bsc#1149458) * CVE-2019-12625: Introduce a configurable time limit to mitigate zip bomb vulnerability completely. Default is 2 minutes, configurable useing the clamscan --max-scantime and for clamd using the MaxScanTime config option (bsc#1144504) Update to version 0.101.3: * ZIP bomb causes extreme CPU spikes (bsc#1144504) Update to version 0.101.2 (bsc#1118459): * Support for RAR v5 archive extraction. * Incompatible changes to the arguments of cl_scandesc, cl_scandesc_callback, and cl_scanmap_callback. * Scanning options have been converted from a single flag bit-field into a structure of multiple categorized flag bit-fields. * The CL_SCAN_HEURISTIC_ENCRYPTED scan option was replaced by 2 new scan options: CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE, and CL_SCAN_HEURISTIC_ENCRYPTED_DOC * Incompatible clamd.conf and command line interface changes. * Heuristic Alerts' (aka 'Algorithmic Detection') options have been changed to make the names more consistent. The original options are deprecated in 0.101, and will be removed in a future feature release. * For details, see https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html Important SUSE bug 1118459 SUSE bug 1119353 SUSE bug 1144504 SUSE bug 1149458 SUSE bug 1157763 SUSE bug 1171981 SUSE bug 1174250 SUSE bug 1174255 CVE-2019-12900 CVE-2019-15961 CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 cpe:/o:suse:sles-espos:12:sp2 Security update for cyrus-sasl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Important SUSE bug 1159635 CVE-2019-19906 cpe:/o:suse:sles-espos:12:sp2 Security update for gcc9 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for gcc9 fixes the following issues: The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these compilers, install e.g. gcc9, gcc9-c++ and build with CC=gcc-9 CXX=g++-9 set. For SUSE Linux Enterprise base products, the libstdc++6, libgcc_s1 and other compiler libraries have been switched from their gcc8 variants to their gcc9 variants. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) Moderate SUSE bug 1114592 SUSE bug 1135254 SUSE bug 1141897 SUSE bug 1142649 SUSE bug 1142654 SUSE bug 1148517 SUSE bug 1149145 CVE-2019-14250 CVE-2019-15847 cpe:/o:suse:sles-espos:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for sudo fixes the following issue: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers (bsc#1162202). Important SUSE bug 1162202 CVE-2019-18634 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: Java was updated to 7.1 Service Refresh 4 Fix Pack 60 [bsc#1162972, bsc#1160968]. Security issues fixed: - CVE-2020-2583: Fixed a serialization vulnerability in BeanContextSupport (bsc#1162972). - CVE-2020-2593: Fixed an incorrect check in isBuiltinStreamHandler, causing URL normalization issues (bsc#1162972). - CVE-2020-2604: Fixed a serialization issue in jdk.serialFilter (bsc#1162972). - CVE-2020-2659: Fixed the incomplete enforcement of the maxDatagramSockets limit in DatagramChannelImpl (bsc#1162972). Non-security issues fixed: * Class Libraries: IJ22333 HANG IN JAVA_JAVA_NET_SOCKETINPUTSTREAM_SOCKETREAD0 EVEN WHEN TIMEOUT IS SET IJ22350 JAVA 7 AND JAVA 8 NOT WORKING WELL WITH TRADITIONAL/SIMPLIFIED CHINESE EDITION OF WINDOWS CLIENT SYSTEM IJ22337 THE NAME OF THE REPUBLIC OF BELARUS IN THE RUSSIAN LOCALE INCONSISTENT WITH CLDR IJ22349 UPDATE TIMEZONE INFORMATION TO TZDATA2019C * JIT Compiler: IJ11368 JAVA JIT PPC: CRASH IN JIT COMPILED CODE ON PPC MACHINES Important SUSE bug 1160968 SUSE bug 1162972 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles-espos:12:sp2 Security update for libexif (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libexif fixes the following issues: - CVE-2019-9278: Fixed an integer overflow (bsc#1160770). - CVE-2018-20030: Fixed a denial of service by endless recursion (bsc#1120943). Moderate SUSE bug 1120943 SUSE bug 1160770 CVE-2018-20030 CVE-2019-9278 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Non-security issue fixed: - Fixed a crash in BN_copy (bsc#1160163). Moderate SUSE bug 1117951 SUSE bug 1158809 SUSE bug 1160163 CVE-2019-1551 cpe:/o:suse:sles-espos:12:sp2 Security update for ppp (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ppp fixes the following security issue: - CVE-2020-8597: Fixed a buffer overflow in the eap_request and eap_response functions (bsc#1162610). Important SUSE bug 1162610 CVE-2020-8597 cpe:/o:suse:sles-espos:12:sp2 Security update for python3 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3 fixes the following issues: Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6: Security issues fixed: - Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 - CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664). Moderate SUSE bug 1068664 SUSE bug 1159208 SUSE bug 1159623 CVE-2012-0876 CVE-2016-0718 CVE-2016-4472 CVE-2016-9063 CVE-2017-1000158 CVE-2017-9233 cpe:/o:suse:sles-espos:12:sp2 Security update for mariadb (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mariadb fixes the following issues: Security issue fixed: - CVE-2019-2974: Fixed Server Optimizer (bsc#1154162). Moderate SUSE bug 1154162 CVE-2019-2974 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Moderate SUSE bug 1154212 SUSE bug 1158442 CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm fixes the following issues: Java 8.0 was updated to Service Refresh 6 Fix Pack 5 (bsc#1162972, bsc#1160968) - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2019-4732: Untrusted DLL search path vulnerability - CVE-2020-2593: Normalize normalization for all - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support Important SUSE bug 1160968 SUSE bug 1162972 CVE-2019-4732 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 cpe:/o:suse:sles-espos:12:sp2 Security update for log4j (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for log4j fixes the following issues: - CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646). Important SUSE bug 1159646 CVE-2019-17571 cpe:/o:suse:sles-espos:12:sp2 Security update for permissions (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for permissions fixes the following issues: Security issues fixed: - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). Moderate SUSE bug 1123886 SUSE bug 1160594 SUSE bug 1160764 SUSE bug 1161779 SUSE bug 1163922 CVE-2020-8013 cpe:/o:suse:sles-espos:12:sp2 Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues: python-cfn-lint was included as a new package in 0.21.4. python-aws-sam-translator was updated to 1.11.0: * Add ReservedConcurrentExecutions to globals * Fix ElasticsearchHttpPostPolicy resource reference * Support using AWS::Region in Ref and Sub * Documentation and examples updates * Add VersionDescription property to Serverless::Function * Update ServerlessRepoReadWriteAccessPolicy * Add additional template validation Upgrade to 1.10.0: * Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy * Add DynamoDBReconfigurePolicy * Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy * Add EKSDescribePolicy * Add SESBulkTemplatedCrudPolicy * Add FilterLogEventsPolicy * Add SSMParameterReadPolicy * Add SESEmailTemplateCrudPolicy * Add s3:PutObjectAcl to S3CrudPolicy * Add allow_credentials CORS option * Add support for AccessLogSetting and CanarySetting Serverless::Api properties * Add support for X-Ray in Serverless::Api * Add support for MinimumCompressionSize in Serverless::Api * Add Auth to Serverless::Api globals * Remove trailing slashes from APIGW permissions * Add SNS FilterPolicy and an example application * Add Enabled property to Serverless::Function event sources * Add support for PermissionsBoundary in Serverless::Function * Fix boto3 client initialization * Add PublicAccessBlockConfiguration property to S3 bucket resource * Make PAY_PER_REQUEST default mode for Serverless::SimpleTable * Add limited support for resolving intrinsics in Serverless::LayerVersion * SAM now uses Flake8 * Add example application for S3 Events written in Go * Updated several example applications - Initial build + Version 1.9.0 - Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old + ast_drop-compatible-releases-operator.patch python-jsonschema was updated to 2.6.0: * Improved performance on CPython by adding caching around ref resolution Update to version 2.5.0: * Improved performance on CPython by adding caching around ref resolution (#203) Update to version 2.4.0: * Added a CLI (#134) * Added absolute path and absolute schema path to errors (#120) * Added ``relevance`` * Meta-schemas are now loaded via ``pkgutil`` * Added ``by_relevance`` and ``best_match`` (#91) * Fixed ``format`` to allow adding formats for non-strings (#125) * Fixed the ``uri`` format to reject URI references (#131) - Install /usr/bin/jsonschema with update-alternatives support python-nose2 was updated to 0.9.1: * the prof plugin now uses cProfile instead of hotshot for profiling * skipped tests now include the user's reason in junit XML's message field * the prettyassert plugin mishandled multi-line function definitions * Using a plugin's CLI flag when the plugin is already enabled via config no longer errors * nose2.plugins.prettyassert, enabled with --pretty-assert * Cleanup code for EOLed python versions * Dropped support for distutils. * Result reporter respects failure status set by other plugins * JUnit XML plugin now includes the skip reason in its output Upgrade to 0.8.0: List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0 Update to 0.7.0: * Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!) * Fix DeprecationWarning on `inspect.getargs` (thanks @brettdh; https://github.com/wolever/parameterized/issues/67) * Make sure that `setUp` and `tearDown` methods work correctly (#40) * Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48) * Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49) python-scandir was included in version 2.3.2. python-requests was updated to version 2.20.1 (bsc#1111622) * Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443). * remove restriction for urllib3 < 1.24 Update to version 2.20.0: * Bugfixes + Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8). + Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions. + Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074) + should_bypass_proxies now handles URIs without hostnames (e.g. files). * Dependencies + Requests now supports urllib3 v1.24. * Deprecations + Requests has officially stopped support for Python 2.6. Update to version 2.19.1: * Fixed issue where status_codes.py’s init function failed trying to append to a __doc__ value of None. Update to version 2.19.0: * Improvements + Warn about possible slowdown with cryptography version < 1.3.4 + Check host in proxy URL, before forwarding request to adapter. + Maintain fragments properly across redirects. (RFC7231 7.1.2) + Removed use of cgi module to expedite library load time. + Added support for SHA-256 and SHA-512 digest auth algorithms. + Minor performance improvement to Request.content. + Migrate to using collections.abc for 3.7 compatibility. * Bugfixes + Parsing empty Link headers with parse_header_links() no longer return one bogus entry. + Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError. + Fixed issue with unexpected ImportError on windows system which do not support winreg module. + DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS. + Properly normalize adapter prefixes for url comparison. + Passing None as a file pointer to the files param no longer raises an exception. + Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly. * We now support idna v2.7 and urllib3 v1.23. update to version 2.18.4: * Improvements + Error messages for invalid headers now include the header name for easier debugging * Dependencies + We now support idna v2.6. update to version 2.18.3: * Improvements + Running $ python -m requests.help now includes the installed version of idna. * Bugfixes + Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22. Moderate SUSE bug 1111622 SUSE bug 1122668 CVE-2018-18074 cpe:/o:suse:sles-espos:12:sp2 Security update for libpng16 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2017-12652: Fixed an Input Validation Error related to the length of chunks (bsc#1141493). Moderate SUSE bug 1124211 SUSE bug 1141493 CVE-2017-12652 CVE-2019-7317 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql96 (Low) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql96 fixes the following issues: PostgreSQL was updated to version 9.6.17. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_0-openjdk (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_0-openjdk fixes the following issues: Update java-1_7_0-openjdk to version jdk7u251 (January 2020 CPU, bsc#1160968): - CVE-2020-2583: Unlink Set of LinkedHashSets - CVE-2020-2590: Improve Kerberos interop capabilities - CVE-2020-2593: Normalize normalization for all - CVE-2020-2601: Better Ticket Granting Services - CVE-2020-2604: Better serial filter handling - CVE-2020-2659: Enhance datagram socket support - CVE-2020-2654: Improve Object Identifier Processing Important SUSE bug 1160968 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 cpe:/o:suse:sles-espos:12:sp2 Security update for squid (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for squid fixes the following issues: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway (bsc#1162689). - CVE-2019-12526: Fixed potential remote code execution during URN processing (bsc#1156326). - CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI processing (bsc#1156329). - CVE-2019-18677: Fixed Cross-Site Request Forgery in HTTP Request processing (bsc#1156328). - CVE-2019-18678: Fixed incorrect message parsing which could have led to HTTP request splitting issue (bsc#1156323). - CVE-2019-18679: Fixed information disclosure when processing HTTP Digest Authentication (bsc#1156324). - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8450: Fixed a buffer overflow when squid is acting as reverse-proxy (bsc#1162687). - CVE-2020-8517: Fixed a buffer overflow in ext_lm_group_acl when processing NTLM Authentication credentials (bsc#1162691). Important SUSE bug 1156323 SUSE bug 1156324 SUSE bug 1156326 SUSE bug 1156328 SUSE bug 1156329 SUSE bug 1162687 SUSE bug 1162689 SUSE bug 1162691 CVE-2019-12523 CVE-2019-12526 CVE-2019-12528 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR * Fixed: Security fix MFSA 2020-03 (bsc#1160498) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR * Fixed: Various security fixes MFSA 2020-02 (bsc#1160305) * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826) Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 Important SUSE bug 1160305 SUSE bug 1160498 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql10 (Low) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql10 fixes the following issues: PostgreSQL was updated to version 10.12. Security issue fixed: - CVE-2020-1720: Fixed a missing authorization check in the ALTER ... DEPENDS ON extension (bsc#1163985). Low SUSE bug 1163985 CVE-2020-1720 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs - Fixed an issue with minimizing a window (bsc#1132665). Important SUSE bug 1132665 SUSE bug 1166238 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 cpe:/o:suse:sles-espos:12:sp2 Security update for tomcat (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for tomcat fixes the following issues: - CVE-2020-1938: Fixed a file contents disclosure vulnerability (bsc#1164692). Important SUSE bug 1164692 CVE-2020-1938 cpe:/o:suse:sles-espos:12:sp2 Security update for python-cffi, python-cryptography (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python-cffi, python-cryptography fixes the following issues: Security issue fixed: - CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalize_with_tag API (bsc#1101820). Non-security issues fixed: python-cffi was updated to 1.11.2 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598): - fixed a build failure on i586 (bsc#1111657) - Salt was unable to highstate in snapshot 20171129 (bsc#1070737) - Update pytest in spec to add c directory tests in addition to testing directory. - update to version 1.11.2: * Fix Windows issue with managing the thread-state on CPython 3.0 to 3.5 - Update pytest in spec to add c directory tests in addition to testing directory. - Omit test_init_once_multithread tests as they rely on multiple threads finishing in a given time. Returns sporadic pass/fail within build. - Update to 1.11.1: * Fix tests, remove deprecated C API usage * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary extensions (cpython issue #29943) * Fix for 3.7.0a1+ - Update to 1.11.0: * Support the modern standard types char16_t and char32_t. These work like wchar_t: they represent one unicode character, or when used as charN_t * or charN_t[] they represent a unicode string. The difference with wchar_t is that they have a known, fixed size. They should work at all places that used to work with wchar_t (please report an issue if I missed something). Note that with set_source(), you need to make sure that these types are actually defined by the C source you provide (if used in cdef()). * Support the C99 types float _Complex and double _Complex. Note that libffi doesn't support them, which means that in the ABI mode you still cannot call C functions that take complex numbers directly as arguments or return type. * Fixed a rare race condition when creating multiple FFI instances from multiple threads. (Note that you aren't meant to create many FFI instances: in inline mode, you should write ffi = cffi.FFI() at module level just after import cffi; and in out-of-line mode you don't instantiate FFI explicitly at all.) * Windows: using callbacks can be messy because the CFFI internal error messages show up to stderr-but stderr goes nowhere in many applications. This makes it particularly hard to get started with the embedding mode. (Once you get started, you can at least use @ffi.def_extern(onerror=...) and send the error logs where it makes sense for your application, or record them in log files, and so on.) So what is new in CFFI is that now, on Windows CFFI will try to open a non-modal MessageBox (in addition to sending raw messages to stderr). The MessageBox is only visible if the process stays alive: typically, console applications that crash close immediately, but that is also the situation where stderr should be visible anyway. * Progress on support for callbacks in NetBSD. * Functions returning booleans would in some case still return 0 or 1 instead of False or True. Fixed. * ffi.gc() now takes an optional third parameter, which gives an estimate of the size (in bytes) of the object. So far, this is only used by PyPy, to make the next GC occur more quickly (issue #320). In the future, this might have an effect on CPython too (provided the CPython issue 31105 is addressed). * Add a note to the documentation: the ABI mode gives function objects that are slower to call than the API mode does. For some reason it is often thought to be faster. It is not! - Update to 1.10.1: * Fixed the line numbers reported in case of cdef() errors. Also, I just noticed, but pycparser always supported the preprocessor directive # 42 'foo.h' to mean 'from the next line, we're in file foo.h starting from line 42';, which it puts in the error messages. - update to 1.10.0: * Issue #295: use calloc() directly instead of PyObject_Malloc()+memset() to handle ffi.new() with a default allocator. Speeds up ffi.new(large-array) where most of the time you never touch most of the array. * Some OS/X build fixes ('only with Xcode but without CLT';). * Improve a couple of error messages: when getting mismatched versions of cffi and its backend; and when calling functions which cannot be called with libffi because an argument is a struct that is 'too complicated'; (and not a struct pointer, which always works). * Add support for some unusual compilers (non-msvc, non-gcc, non-icc, non-clang) * Implemented the remaining cases for ffi.from_buffer. Now all buffer/memoryview objects can be passed. The one remaining check is against passing unicode strings in Python 2. (They support the buffer interface, but that gives the raw bytes behind the UTF16/UCS4 storage, which is most of the times not what you expect. In Python 3 this has been fixed and the unicode strings don't support the memoryview interface any more.) * The C type _Bool or bool now converts to a Python boolean when reading, instead of the content of the byte as an integer. The potential incompatibility here is what occurs if the byte contains a value different from 0 and 1. Previously, it would just return it; with this change, CFFI raises an exception in this case. But this case means 'undefined behavior'; in C; if you really have to interface with a library relying on this, don't use bool in the CFFI side. Also, it is still valid to use a byte string as initializer for a bool[], but now it must only contain \x00 or \x01. As an aside, ffi.string() no longer works on bool[] (but it never made much sense, as this function stops at the first zero). * ffi.buffer is now the name of cffi's buffer type, and ffi.buffer() works like before but is the constructor of that type. * ffi.addressof(lib, 'name') now works also in in-line mode, not only in out-of-line mode. This is useful for taking the address of global variables. * Issue #255: cdata objects of a primitive type (integers, floats, char) are now compared and ordered by value. For example, <cdata 'int' 42> compares equal to 42 and <cdata 'char' b'A'> compares equal to b'A'. Unlike C, <cdata 'int' -1> does not compare equal to ffi.cast('unsigned int', -1): it compares smaller, because -1 < 4294967295. * PyPy: ffi.new() and ffi.new_allocator()() did not record 'memory pressure';, causing the GC to run too infrequently if you call ffi.new() very often and/or with large arrays. Fixed in PyPy 5.7. * Support in ffi.cdef() for numeric expressions with + or -. Assumes that there is no overflow; it should be fixed first before we add more general support for arbitrary arithmetic on constants. - do not generate HTML documentation for packages that are indirect dependencies of Sphinx (see docs at https://cffi.readthedocs.org/ ) - update to 1.9.1 - Structs with variable-sized arrays as their last field: now we track the length of the array after ffi.new() is called, just like we always tracked the length of ffi.new('int[]', 42). This lets us detect out-of-range accesses to array items. This also lets us display a better repr(), and have the total size returned by ffi.sizeof() and ffi.buffer(). Previously both functions would return a result based on the size of the declared structure type, with an assumed empty array. (Thanks andrew for starting this refactoring.) - Add support in cdef()/set_source() for unspecified-length arrays in typedefs: typedef int foo_t[...];. It was already supported for global variables or structure fields. - I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has no values explicitly defined: refusing to guess which integer type it is meant to be (unsigned/signed, int/long). Now I'm turning it back to a warning again; it seems that guessing that the enum has size int is a 99%-safe bet. (But not 100%, so it stays as a warning.) - Fix leaks in the code handling FILE * arguments. In CPython 3 there is a remaining issue that is hard to fix: if you pass a Python file object to a FILE * argument, then os.dup() is used and the new file descriptor is only closed when the GC reclaims the Python file object-and not at the earlier time when you call close(), which only closes the original file descriptor. If this is an issue, you should avoid this automatic convertion of Python file objects: instead, explicitly manipulate file descriptors and call fdopen() from C (...via cffi). - When passing a void * argument to a function with a different pointer type, or vice-versa, the cast occurs automatically, like in C. The same occurs for initialization with ffi.new() and a few other places. However, I thought that char * had the same property-but I was mistaken. In C you get the usual warning if you try to give a char * to a char ** argument, for example. Sorry about the confusion. This has been fixed in CFFI by giving for now a warning, too. It will turn into an error in a future version. - Issue #283: fixed ffi.new() on structures/unions with nested anonymous structures/unions, when there is at least one union in the mix. When initialized with a list or a dict, it should now behave more closely like the { } syntax does in GCC. - CPython 3.x: experimental: the generated C extension modules now use the 'limited API';, which means that, as a compiled .so/.dll, it should work directly on any version of CPython >= 3.2. The name produced by distutils is still version-specific. To get the version-independent name, you can rename it manually to NAME.abi3.so, or use the very recent setuptools 26. - Added ffi.compile(debug=...), similar to python setup.py build --debug but defaulting to True if we are running a debugging version of Python itself. - Removed the restriction that ffi.from_buffer() cannot be used on byte strings. Now you can get a char * out of a byte string, which is valid as long as the string object is kept alive. (But don't use it to modify the string object! If you need this, use bytearray or other official techniques.) - PyPy 5.4 can now pass a byte string directly to a char * argument (in older versions, a copy would be made). This used to be a CPython-only optimization. - ffi.gc(p, None) removes the destructor on an object previously created by another call to ffi.gc() - bool(ffi.cast('primitive type', x)) now returns False if the value is zero (including -0.0), and True otherwise. Previously this would only return False for cdata objects of a pointer type when the pointer is NULL. - bytearrays: ffi.from_buffer(bytearray-object) is now supported. (The reason it was not supported was that it was hard to do in PyPy, but it works since PyPy 5.3.) To call a C function with a char * argument from a buffer object-now including bytearrays-you write lib.foo(ffi.from_buffer(x)). Additionally, this is now supported: p[0:length] = bytearray-object. The problem with this was that a iterating over bytearrays gives numbers instead of characters. (Now it is implemented with just a memcpy, of course, not actually iterating over the characters.) - C++: compiling the generated C code with C++ was supposed to work, but failed if you make use the bool type (because that is rendered as the C _Bool type, which doesn't exist in C++). - help(lib) and help(lib.myfunc) now give useful information, as well as dir(p) where p is a struct or pointer-to-struct. - update for multipython build - disable 'negative left shift' warning in test suite to prevent failures with gcc6, until upstream fixes the undefined code in question (bsc#981848) - Update to version 1.6.0: * ffi.list_types() * ffi.unpack() * extern 'Python+C'; * in API mode, lib.foo.__doc__ contains the C signature now. * Yet another attempt at robustness of ffi.def_extern() against CPython's interpreter shutdown logic. - Update in SLE-12 (bsc#1138748, jsc#ECO-1256, jsc#PM-1598) - Make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Add proper conditional for the python2, the ifpython works only for the requires/etc - add missing dependency on python ssl - update to version 2.1.4: * Added X509_up_ref for an upcoming pyOpenSSL release. - update to version 2.1.3: * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0g. - update to version 2.1.2: * Corrected a bug with the manylinux1 wheels where OpenSSL's stack was marked executable. - fix BuildRequires conditions for python3 - update to 2.1.1 - Fix cffi version requirement. - Disable memleak tests to fix build with OpenSSL 1.1 (bsc#1055478) - update to 2.0.3 - update to 2.0.2 - update to 2.0 - update to 1.9 - add python-packaging to requirements explicitly instead of relying on setuptools to pull it in - Switch to singlespec approach - update to 1.8.1 - Adust Requires and BuildRequires Moderate SUSE bug 1055478 SUSE bug 1070737 SUSE bug 1101820 SUSE bug 1111657 SUSE bug 1138748 SUSE bug 1149792 SUSE bug 981848 CVE-2018-10903 cpe:/o:suse:sles-espos:12:sp2 Security update for spamassassin (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for spamassassin fixes the following issues: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Important SUSE bug 1118987 SUSE bug 1162197 SUSE bug 1162200 CVE-2018-11805 CVE-2020-1930 CVE-2020-1931 cpe:/o:suse:sles-espos:12:sp2 Security update for python3 (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3 fixes the following issue: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed an issue with version missmatch (bsc#1162224). - Rename idle icons to idle3 in order to not conflict with python2 variant of the package. (bsc#1165894) Moderate SUSE bug 1155094 SUSE bug 1162224 SUSE bug 1162367 SUSE bug 1162825 SUSE bug 1165894 CVE-2019-18348 CVE-2019-9674 CVE-2020-8492 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_125 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_120 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_117 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_114 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_109 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed: - CVE-2020-1749: Fixed an issue in the networking protocols in encrypted IPsec tunnel (bsc#1165631) - CVE-2019-5108: Fixed an issue where by triggering AP to send IAPP location updates for stations before the required authentication process has completed could have led to denial-of-service (bsc#1159913). Important SUSE bug 1159913 SUSE bug 1165631 CVE-2019-5108 CVE-2020-1749 cpe:/o:suse:sles-espos:12:sp2 Security update for mozilla-nspr, mozilla-nss (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Moderate SUSE bug 1141322 SUSE bug 1158527 SUSE bug 1159819 CVE-2019-11745 CVE-2019-17006 cpe:/o:suse:sles-espos:12:sp2 Security update for libxslt (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). Moderate SUSE bug 1154609 CVE-2019-18197 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Mozilla Firefox 68.6.1esr MFSA 2020-11 (bsc#1168630) * CVE-2020-6819 (bmo#1620818) Use-after-free while running the nsDocShell destructor * CVE-2020-6820 (bmo#1626728) Use-after-free when handling a ReadableStream Important SUSE bug 1168630 CVE-2020-6819 CVE-2020-6820 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues: - CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874). - CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874). - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874). - CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874). - CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874). Important SUSE bug 1168874 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 CVE-2020-6827 CVE-2020-6828 cpe:/o:suse:sles-espos:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for git fixes the following issues: Security issue fixed: - CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host (bsc#1168930). Non-security issue fixed: git was updated to 2.26.0 for SHA256 support (bsc#1167890, jsc#SLE-11608): - the xinetd snippet was removed - the System V init script for the git-daemon was replaced by a systemd service file of the same name. git 2.26.0: * 'git rebase' now uses a different backend that is based on the 'merge' machinery by default. The 'rebase.backend' configuration variable reverts to old behaviour when set to 'apply' * Improved handling of sparse checkouts * Improvements to many commands and internal features git 2.25.1: * 'git commit' now honors advise.statusHints * various updates, bug fixes and documentation updates git 2.25.0: * The branch description ('git branch --edit-description') has been used to fill the body of the cover letters by the format-patch command; this has been enhanced so that the subject can also be filled. * A few commands learned to take the pathspec from the standard input or a named file, instead of taking it as the command line arguments, with the '--pathspec-from-file' option. * Test updates to prepare for SHA-2 transition continues. * Redo 'git name-rev' to avoid recursive calls. * When all files from some subdirectory were renamed to the root directory, the directory rename heuristics would fail to detect that as a rename/merge of the subdirectory to the root directory, which has been corrected. * HTTP transport had possible allocator/deallocator mismatch, which has been corrected. git 2.24.1: * CVE-2019-1348: The --export-marks option of fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths (bsc#1158785) * CVE-2019-1349: on Windows, when submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice (bsc#1158787) * CVE-2019-1350: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone in conjunction with SSH URLs (bsc#1158788) * CVE-2019-1351: on Windows mistakes drive letters outside of the US-English alphabet as relative paths (bsc#1158789) * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams (bsc#1158790) * CVE-2019-1353: when run in the Windows Subsystem for Linux while accessing a working directory on a regular Windows drive, none of the NTFS protections were active (bsc#1158791) * CVE-2019-1354: on Windows refuses to write tracked files with filenames that contain backslashes (bsc#1158792) * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones (bsc#1158793) * CVE-2019-19604: a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that (bsc#1158795) - Fix building with asciidoctor and without DocBook4 stylesheets. git 2.24.0 * The command line parser learned '--end-of-options' notation. * A mechanism to affect the default setting for a (related) group of configuration variables is introduced. * 'git fetch' learned '--set-upstream' option to help those who first clone from their private fork they intend to push to, add the true upstream via 'git remote add' and then 'git fetch' from it. * fixes and improvements to UI, workflow and features, bash completion fixes * part of it merged upstream * the Makefile attempted to download some documentation, banned git 2.23.0: * The '--base' option of 'format-patch' computed the patch-ids for prerequisite patches in an unstable way, which has been updated to compute in a way that is compatible with 'git patch-id --stable'. * The 'git log' command by default behaves as if the --mailmap option was given. * fixes and improvements to UI, workflow and features git 2.22.1: * A relative pathname given to 'git init --template=<path> <repo>' ought to be relative to the directory 'git init' gets invoked in, but it instead was made relative to the repository, which has been corrected. * 'git worktree add' used to fail when another worktree connected to the same repository was corrupt, which has been corrected. * 'git am -i --resolved' segfaulted after trying to see a commit as if it were a tree, which has been corrected. * 'git merge --squash' is designed to update the working tree and the index without creating the commit, and this cannot be countermanded by adding the '--commit' option; the command now refuses to work when both options are given. * Update to Unicode 12.1 width table. * 'git request-pull' learned to warn when the ref we ask them to pull from in the local repository and in the published repository are different. * 'git fetch' into a lazy clone forgot to fetch base objects that are necessary to complete delta in a thin packfile, which has been corrected. * The URL decoding code has been updated to avoid going past the end of the string while parsing %-<hex>-<hex> sequence. * 'git clean' silently skipped a path when it cannot lstat() it; now it gives a warning. * 'git rm' to resolve a conflicted path leaked an internal message 'needs merge' before actually removing the path, which was confusing. This has been corrected. * Many more bugfixes and code cleanups. - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html git 2.22.0: * The filter specification '--filter=sparse:path=<path>' used to create a lazy/partial clone has been removed. Using a blob that is part of the project as sparse specification is still supported with the '--filter=sparse:oid=<blob>' option * 'git checkout --no-overlay' can be used to trigger a new mode of checking out paths out of the tree-ish, that allows paths that match the pathspec that are in the current index and working tree and are not in the tree-ish. * Four new configuration variables {author,committer}.{name,email} have been introduced to override user.{name,email} in more specific cases. * 'git branch' learned a new subcommand '--show-current'. * The command line completion (in contrib/) has been taught to complete more subcommand parameters. * The completion helper code now pays attention to repository-local configuration (when available), which allows --list-cmds to honour a repository specific setting of completion.commands, for example. * The list of conflicted paths shown in the editor while concluding a conflicted merge was shown above the scissors line when the clean-up mode is set to 'scissors', even though it was commented out just like the list of updated paths and other information to help the user explain the merge better. * 'git rebase' that was reimplemented in C did not set ORIG_HEAD correctly, which has been corrected. * 'git worktree add' used to do a 'find an available name with stat and then mkdir', which is race-prone. This has been fixed by using mkdir and reacting to EEXIST in a loop. - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350) git 2.21.0: * Historically, the '-m' (mainline) option can only be used for 'git cherry-pick' and 'git revert' when working with a merge commit. This version of Git no longer warns or errors out when working with a single-parent commit, as long as the argument to the '-m' option is 1 (i.e. it has only one parent, and the request is to pick or revert relative to that first parent). Scripts that relied on the behaviour may get broken with this change. * Small fixes and features for fast-export and fast-import. * The 'http.version' configuration variable can be used with recent enough versions of cURL library to force the version of HTTP used to talk when fetching and pushing. * 'git push $there $src:$dst' rejects when $dst is not a fully qualified refname and it is not clear what the end user meant. * Update 'git multimail' from the upstream. * A new date format '--date=human' that morphs its output depending on how far the time is from the current time has been introduced. '--date=auto:human' can be used to use this new format (or any existing format) when the output is going to the pager or to the terminal, and otherwise the default format. - Fix worktree creation race (bsc#1114225). git 2.20.1: * portability fixes * 'git help -a' did not work well when an overly long alias was defined * no longer squelched an error message when the run_command API failed to run a missing command git 2.20.0: * 'git help -a' now gives verbose output (same as 'git help -av'). Those who want the old output may say 'git help --no-verbose -a'.. * 'git send-email' learned to grab address-looking string on any trailer whose name ends with '-by'. * 'git format-patch' learned new '--interdiff' and '--range-diff' options to explain the difference between this version and the previous attempt in the cover letter (or after the three-dashes as a comment). * Developer builds now use -Wunused-function compilation option. * Fix a bug in which the same path could be registered under multiple worktree entries if the path was missing (for instance, was removed manually). Also, as a convenience, expand the number of cases in which --force is applicable. * The overly large Documentation/config.txt file have been split into million little pieces. This potentially allows each individual piece to be included into the manual page of the command it affects more easily. * Malformed or crafted data in packstream can make our code attempt to read or write past the allocated buffer and abort, instead of reporting an error, which has been fixed. * Fix for a long-standing bug that leaves the index file corrupt when it shrinks during a partial commit. * 'git merge' and 'git pull' that merges into an unborn branch used to completely ignore '--verify-signatures', which has been corrected. * ...and much more features and fixes - fix CVE-2018-19486 (bsc#1117257) git 2.19.2: * various bug fixes for multiple subcommands and operations git 2.19.1: * CVE-2018-17456: Specially crafted .gitmodules files may have allowed arbitrary code execution when the repository is cloned with --recurse-submodules (bsc#1110949) git 2.19.0: * 'git diff' compares the index and the working tree. For paths added with intent-to-add bit, the command shows the full contents of them as added, but the paths themselves were not marked as new files. They are now shown as new by default. * 'git apply' learned the '--intent-to-add' option so that an otherwise working-tree-only application of a patch will add new paths to the index marked with the 'intent-to-add' bit. * 'git grep' learned the '--column' option that gives not just the line number but the column number of the hit. * The '-l' option in 'git branch -l' is an unfortunate short-hand for '--create-reflog', but many users, both old and new, somehow expect it to be something else, perhaps '--list'. This step warns when '-l' is used as a short-hand for '--create-reflog' and warns about the future repurposing of the it when it is used. * The userdiff pattern for .php has been updated. * The content-transfer-encoding of the message 'git send-email' sends out by default was 8bit, which can cause trouble when there is an overlong line to bust RFC 5322/2822 limit. A new option 'auto' to automatically switch to quoted-printable when there is such a line in the payload has been introduced and is made the default. * 'git checkout' and 'git worktree add' learned to honor checkout.defaultRemote when auto-vivifying a local branch out of a remote tracking branch in a repository with multiple remotes that have tracking branches that share the same names. (merge 8d7b558bae ab/checkout-default-remote later to maint). * 'git grep' learned the '--only-matching' option. * 'git rebase --rebase-merges' mode now handles octopus merges as well. * Add a server-side knob to skip commits in exponential/fibbonacci stride in an attempt to cover wider swath of history with a smaller number of iterations, potentially accepting a larger packfile transfer, instead of going back one commit a time during common ancestor discovery during the 'git fetch' transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping later to maint). * A new configuration variable core.usereplacerefs has been added, primarily to help server installations that want to ignore the replace mechanism altogether. * Teach 'git tag -s' etc. a few configuration variables (gpg.format that can be set to 'openpgp' or 'x509', and gpg.<format>.program that is used to specify what program to use to deal with the format) to allow x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via 'gnupg'. * Many more strings are prepared for l10n. * 'git p4 submit' learns to ask its own pre-submit hook if it should continue with submitting. * The test performed at the receiving end of 'git push' to prevent bad objects from entering repository can be customized via receive.fsck.* configuration variables; we now have gained a counterpart to do the same on the 'git fetch' side, with fetch.fsck.* configuration variables. * 'git pull --rebase=interactive' learned 'i' as a short-hand for 'interactive'. * 'git instaweb' has been adjusted to run better with newer Apache on RedHat based distros. * 'git range-diff' is a reimplementation of 'git tbdiff' that lets us compare individual patches in two iterations of a topic. * The sideband code learned to optionally paint selected keywords at the beginning of incoming lines on the receiving end. * 'git branch --list' learned to take the default sort order from the 'branch.sort' configuration variable, just like 'git tag --list' pays attention to 'tag.sort'. * 'git worktree' command learned '--quiet' option to make it less verbose. git 2.18.0: * improvements to rename detection logic * When built with more recent cURL, GIT_SSL_VERSION can now specify 'tlsv1.3' as its value. * 'git mergetools' learned talking to guiffy. * various other workflow improvements and fixes * performance improvements and other developer visible fixes Update to git 2.16.4: security fix release git 2.17.1: * Submodule 'names' come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting '../' into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235, bsc#1095219) * It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233, bsc#1095218) * Support on the server side to reject pushes to repositories that attempt to create such problematic .gitmodules file etc. as tracked contents, to help hosting sites protect their customers by preventing malicious contents from spreading. git 2.17.0: * 'diff' family of commands learned '--find-object=<object-id>' option to limit the findings to changes that involve the named object. * 'git format-patch' learned to give 72-cols to diffstat, which is consistent with other line length limits the subcommand uses for its output meant for e-mails. * The log from 'git daemon' can be redirected with a new option; one relevant use case is to send the log to standard error (instead of syslog) when running it from inetd. * 'git rebase' learned to take '--allow-empty-message' option. * 'git am' has learned the '--quit' option, in addition to the existing '--abort' option; having the pair mirrors a few other commands like 'rebase' and 'cherry-pick'. * 'git worktree add' learned to run the post-checkout hook, just like 'git clone' runs it upon the initial checkout. * 'git tag' learned an explicit '--edit' option that allows the message given via '-m' and '-F' to be further edited. * 'git fetch --prune-tags' may be used as a handy short-hand for getting rid of stale tags that are locally held. * The new '--show-current-patch' option gives an end-user facing way to get the diff being applied when 'git rebase' (and 'git am') stops with a conflict. * 'git add -p' used to offer '/' (look for a matching hunk) as a choice, even there was only one hunk, which has been corrected. Also the single-key help is now given only for keys that are enabled (e.g. help for '/' won't be shown when there is only one hunk). * Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the side branch being merged is a descendant of the current commit, create a merge commit instead of fast-forwarding) when merging a tag object. This was appropriate default for integrators who pull signed tags from their downstream contributors, but caused an unnecessary merges when used by downstream contributors who habitually 'catch up' their topic branches with tagged releases from the upstream. Update 'git merge' to default to --no-ff only when merging a tag object that does *not* sit at its usual place in refs/tags/ hierarchy, and allow fast-forwarding otherwise, to mitigate the problem. * 'git status' can spend a lot of cycles to compute the relation between the current branch and its upstream, which can now be disabled with '--no-ahead-behind' option. * 'git diff' and friends learned funcname patterns for Go language source files. * 'git send-email' learned '--reply-to=<address>' option. * Funcname pattern used for C# now recognizes 'async' keyword. * In a way similar to how 'git tag' learned to honor the pager setting only in the list mode, 'git config' learned to ignore the pager setting when it is used for setting values (i.e. when the purpose of the operation is not to 'show'). - Use %license instead of %doc [bsc#1082318] git 2.16.3: * 'git status' after moving a path in the working tree (hence making it appear 'removed') and then adding with the -N option (hence making that appear 'added') detected it as a rename, but did not report the old and new pathnames correctly. * 'git commit --fixup' did not allow '-m<message>' option to be used at the same time; allow it to annotate resulting commit with more text. * When resetting the working tree files recursively, the working tree of submodules are now also reset to match. * Fix for a commented-out code to adjust it to a rather old API change around object ID. * When there are too many changed paths, 'git diff' showed a warning message but in the middle of a line. * The http tracing code, often used to debug connection issues, learned to redact potentially sensitive information from its output so that it can be more safely sharable. * Crash fix for a corner case where an error codepath tried to unlock what it did not acquire lock on. * The split-index mode had a few corner case bugs fixed. * Assorted fixes to 'git daemon'. * Completion of 'git merge -s<strategy>' (in contrib/) did not work well in non-C locale. * Workaround for segfault with more recent versions of SVN. * Recently introduced leaks in fsck have been plugged. * Travis CI integration now builds the executable in 'script' phase to follow the established practice, rather than during 'before_script' phase. This allows the CI categorize the failures better ('failed' is project's fault, 'errored' is build environment's). - Drop superfluous xinetd snippet, no longer used (bsc#1084460) - Build with asciidoctor for the recent distros (bsc#1075764) - Move %{?systemd_requires} to daemon subpackage - Create subpackage for libsecret credential helper. git 2.16.2: * An old regression in 'git describe --all $annotated_tag^0' has been fixed. * 'git svn dcommit' did not take into account the fact that a svn+ssh:// URL with a username@ (typically used for pushing) refers to the same SVN repository without the username@ and failed when svn.pushmergeinfo option is set. * 'git merge -Xours/-Xtheirs' learned to use our/their version when resolving a conflicting updates to a symbolic link. * 'git clone $there $here' is allowed even when here directory exists as long as it is an empty directory, but the command incorrectly removed it upon a failure of the operation. * 'git stash -- <pathspec>' incorrectly blew away untracked files in the directory that matched the pathspec, which has been corrected. * 'git add -p' was taught to ignore local changes to submodules as they do not interfere with the partial addition of regular changes anyway. git 2.16.1: * 'git clone' segfaulted when cloning a project that happens to track two paths that differ only in case on a case insensitive filesystem git 2.16.0 (CVE-2017-15298, bsc#1063412): * See https://raw.github.com/git/git/master/Documentation/RelNotes/2.16.0.txt git 2.15.1: * fix 'auto' column output * fixes to moved lines diffing * documentation updates * fix use of repositories immediately under the root directory * improve usage of libsecret * fixes to various error conditions in git commands - Rewrite from sysv init to systemd unit file for git-daemon (bsc#1069803) - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (bsc#1069468) - split off p4 to a subpackage (bsc#1067502) - Build with the external libsha1detectcoll (bsc#1042644) git 2.15.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is still warned and Git asks users to use a more explicit '.' for that instead. Removal scheduled for 2.16 * Git now avoids blindly falling back to '.git' when the setup sequence said we are _not_ in Git repository (another corner case removed) * 'branch --set-upstream' was retired, deprecated since 1.8 * many other improvements and updates git 2.14.3: * git send-email understands more cc: formats * fixes so gitk --bisect * git commit-tree fixed to handle -F file alike * Prevent segfault in 'git cat-file --textconv' * Fix function header parsing for HTML * Various small fixes to user commands and and internal functions git 2.14.2: * fixes to color output * http.{sslkey,sslCert} now interpret '~[username]/' prefix * fixes to walking of reflogs via 'log -g' and friends * various fixes to output correctness * 'git push --recurse-submodules $there HEAD:$target' is now propagated down to the submodules * 'git clone --recurse-submodules --quiet' c$how propagates quiet option down to submodules. * 'git svn --localtime' correctness fixes * 'git grep -L' and 'git grep --quiet -L' now report same exit code * fixes to 'git apply' when converting line endings * Various Perl scripts did not use safe_pipe_capture() instead of backticks, leaving them susceptible to end-user input. CVE-2017-14867 bsc#1061041 * 'git cvsserver' no longer is invoked by 'git daemon' by default git 2.14.1 (bsc#1052481): * Security fix for CVE-2017-1000117: A malicious third-party can give a crafted 'ssh://...' URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running 'git clone --recurse-submodules' to trigger the vulnerability. * A 'ssh://...' URL can result in a 'ssh' command line with a hostname that begins with a dash '-', which would cause the 'ssh' command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage). * Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from 'ssh://...' URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash '-' as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage). * In the same spirit, a repository name that begins with a dash '-' is also forbidden now. git 2.14.0: * Use of an empty string as a pathspec element that is used for 'everything matches' is deprecated, use '.' * Avoid blindly falling back to '.git' when the setup sequence indicates operation not on a Git repository * 'indent heuristics' are now the default. * Builds with pcre2 * Many bug fixes, improvements and updates git 2.13.4: * Update the character width tables. * Fix an alias that contained an uppercase letter * Progress meter fixes * git gc concurrency fixes git 2.13.3: * various internal bug fixes * Fix a regression to 'git rebase -i' * Correct unaligned 32-bit access in pack-bitmap code * Tighten error checks for invalid 'git apply' input * The split index code did not honor core.sharedrepository setting correctly * Fix 'git branch --list' handling of color.branch.local git 2.13.2: * 'collision detecting' SHA-1 update for platform fixes * 'git checkout --recurse-submodules' did not quite work with a submodule that itself has submodules. * The 'run-command' API implementation has been made more robust against dead-locking in a threaded environment. * 'git clean -d' now only cleans ignored files with '-x' * 'git status --ignored' did not list ignored and untracked files without '-uall' * 'git pull --rebase --autostash' didn't auto-stash when the local history fast-forwards to the upstream. * 'git describe --contains' gives as much weight to lightweight tags as annotated tags * Fix 'git stash push <pathspec>' from a subdirectory git 2.13.1: * Setting 'log.decorate=false' in the configuration file did not take effect in v2.13, which has been corrected. * corrections to documentation and command help output * garbage collection fixes * memory leaks fixed * receive-pack now makes sure that the push certificate records the same set of push options used for pushing * shell completion corrections for git stash * fix 'git clone --config var=val' with empty strings * internal efficiency improvements * Update sha1 collision detection code for big-endian platforms and platforms not supporting unaligned fetches - Fix packaging of documentation git 2.13.0: * empty string as a pathspec element for 'everything matches' is still warned, for future removal. * deprecated argument order 'git merge <msg> HEAD <commit>...' was removed * default location '~/.git-credential-cache/socket' for the socket used to communicate with the credential-cache daemon moved to '~/.cache/git/credential/socket'. * now avoid blindly falling back to '.git' when the setup sequence indicated otherwise * many workflow features, improvements and bug fixes * add a hardened implementation of SHA1 in response to practical collision attacks (CVE-2005-4900, bsc#1042640) * CVE-2017-8386: On a server running git-shell as login shell to restrict user to git commands, remote users may have been able to have git service programs spawn an interactive pager and thus escape the shell restrictions. (bsc#1038395) Changes in pcre2: - Include the libraries, development and tools packages. git uses only libpcre2-8 so far, but this allows further application usage of pcre2. Important SUSE bug 1167890 SUSE bug 1168930 CVE-2020-5260 cpe:/o:suse:sles-espos:12:sp2 Security update for fwupdate (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) Important SUSE bug 1182057 cpe:/o:suse:sles-espos:12:sp2 Security update for xen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for xen fixes the following issues: - CVE-2021-27379: Fixed an issue where entries in the IOMMU were not being updated under certain circumstances due to improper backport of XSA-321 (XSA-366, bsc#1182431) - Fixed an issue where xenstored was crashing with segfault (bsc#1182155). Important SUSE bug 1182155 SUSE bug 1182431 CVE-2021-27379 cpe:/o:suse:sles-espos:12:sp2 Security update for dnsmasq (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Important SUSE bug 1176076 SUSE bug 1177077 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 cpe:/o:suse:sles-espos:12:sp2 Security update for flac (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). Moderate SUSE bug 1180099 CVE-2020-0499 cpe:/o:suse:sles-espos:12:sp2 Security update for dovecot22 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for dovecot22 fixes the following issues: - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). Important SUSE bug 1180405 CVE-2020-24386 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp2 Security update for ImageMagick (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). Important SUSE bug 1179103 SUSE bug 1179202 SUSE bug 1179208 SUSE bug 1179212 SUSE bug 1179223 SUSE bug 1179240 SUSE bug 1179244 SUSE bug 1179260 SUSE bug 1179268 SUSE bug 1179269 SUSE bug 1179278 SUSE bug 1179281 SUSE bug 1179285 SUSE bug 1179311 SUSE bug 1179312 SUSE bug 1179313 SUSE bug 1179315 SUSE bug 1179317 SUSE bug 1179321 SUSE bug 1179322 SUSE bug 1179327 SUSE bug 1179333 SUSE bug 1179336 SUSE bug 1179338 SUSE bug 1179339 SUSE bug 1179343 SUSE bug 1179345 SUSE bug 1179346 SUSE bug 1179347 SUSE bug 1179361 SUSE bug 1179362 SUSE bug 1179397 CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27757 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 cpe:/o:suse:sles-espos:12:sp2 Security update for postgresql, postgresql12, postgresql13 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresql12: - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix a DST problem in the test suite. Changes in postgresql13: - Add postgresql-icu68.patch: fix build with ICU 68 - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html - Fix a DST problem in the test suite. Important SUSE bug 1178666 SUSE bug 1178667 SUSE bug 1178668 SUSE bug 1178961 SUSE bug 1179765 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/o:suse:sles-espos:12:sp2 Security update for openssh (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). Moderate SUSE bug 1173513 CVE-2020-14145 cpe:/o:suse:sles-espos:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] Important SUSE bug 1180684 SUSE bug 1181090 CVE-2021-23239 CVE-2021-3156 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Important SUSE bug 1181414 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 cpe:/o:suse:sles-espos:12:sp2 Security update for openvswitch (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openvswitch fixes the following issues: - openvswitch was updated to 2.5.11 - CVE-2020-27827: Fixed a memory leak when parsing lldp packets (bsc#1181345) - datapath: Clear the L4 portion of the key for 'later' fragments - datapath: Properly set L4 keys on 'later' IP fragments - ofproto-dpif: Fix using uninitialised memory in user_action_cookie. - stream-ssl: Fix crash on NULL private key and valid certificate. - datapath: fix flow actions reallocation Important SUSE bug 1117483 SUSE bug 1181345 CVE-2020-27827 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform Moderate SUSE bug 1177943 SUSE bug 1180063 CVE-2020-14779 CVE-2020-14781 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp2 Security update for python3 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python3 fixes the following issues: - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 CVE-2019-20916 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_146 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_141 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179877). Important SUSE bug 1179877 SUSE bug 1180008 SUSE bug 1180030 SUSE bug 1180032 SUSE bug 1180562 CVE-2020-0465 CVE-2020-0466 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 cpe:/o:suse:sles-espos:12:sp2 Security update for python (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126, CVE-2021-3177). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Important SUSE bug 1176262 SUSE bug 1180686 SUSE bug 1181126 CVE-2019-20916 CVE-2021-3177 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349). - CVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509). - CVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508). - CVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411) - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663). - CVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ). - CVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172). The following non-security bugs were fixed: - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - epoll: Keep a reference on files added to the check list (bsc#1180031). - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755). - futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755). - futex,rt_mutex: Provide futex specific rt_mutex API (bsc#969755). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bsc#969755). - futex: Avoid freeing an active timer (bsc#969755). - futex: Avoid violating the 10th rule of futex (bsc#969755). - futex: Change locking rules (bsc#969755). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#969755). - futex: Drop hb->lock before enqueueing on the rtmutex (bsc#969755). - futex: Fix OWNER_DEAD fixup (bsc#969755). - futex: Fix incorrect should_fail_futex() handling (bsc#969755). - futex: Fix more put_pi_state() vs. exit_pi_state_list() races (bsc#969755). - futex: Fix pi_state->owner serialization (bsc#969755). - futex: Fix small (and harmless looking) inconsistencies (bsc#969755). - futex: Futex_unlock_pi() determinism (bsc#969755). - futex: Handle early deadlock return correctly (bsc#969755). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#969755). - futex: Pull rt_mutex_futex_unlock() out from under hb->lock (bsc#969755). - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() (bsc#969755). - futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755). - locking/futex: Allow low-level atomic operations to return -EAGAIN (bsc#969755). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). Important SUSE bug 1070943 SUSE bug 1121826 SUSE bug 1121872 SUSE bug 1157298 SUSE bug 1168952 SUSE bug 1173942 SUSE bug 1176395 SUSE bug 1176485 SUSE bug 1177411 SUSE bug 1178123 SUSE bug 1178182 SUSE bug 1178589 SUSE bug 1178622 SUSE bug 1178886 SUSE bug 1179107 SUSE bug 1179140 SUSE bug 1179141 SUSE bug 1179204 SUSE bug 1179419 SUSE bug 1179508 SUSE bug 1179509 SUSE bug 1179601 SUSE bug 1179616 SUSE bug 1179663 SUSE bug 1179666 SUSE bug 1179745 SUSE bug 1179877 SUSE bug 1179960 SUSE bug 1179961 SUSE bug 1180008 SUSE bug 1180027 SUSE bug 1180028 SUSE bug 1180029 SUSE bug 1180030 SUSE bug 1180031 SUSE bug 1180032 SUSE bug 1180052 SUSE bug 1180086 SUSE bug 1180559 SUSE bug 1180562 SUSE bug 1181349 SUSE bug 969755 CVE-2019-19063 CVE-2019-20934 CVE-2019-6133 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-15437 CVE-2020-25211 CVE-2020-25285 CVE-2020-25668 CVE-2020-25669 CVE-2020-27068 CVE-2020-27673 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28915 CVE-2020-28974 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 cpe:/o:suse:sles-espos:12:sp2 Security update for openvswitch (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding (bsc#1181742). Important SUSE bug 1181742 CVE-2020-35498 cpe:/o:suse:sles-espos:12:sp2 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for wpa_supplicant fixes the following issues: - CVE-2021-0326: P2P group information processing vulnerability (bsc#1181777). - CVE-2019-16275: AP mode PMF disconnection protection bypass (bsc#1150934) Important SUSE bug 1150934 SUSE bug 1181777 CVE-2019-16275 CVE-2021-0326 cpe:/o:suse:sles-espos:12:sp2 Security update for jasper (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode Important SUSE bug 1179748 SUSE bug 1181483 CVE-2020-27828 CVE-2021-3272 cpe:/o:suse:sles-espos:12:sp2 Security update for screen (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution (bsc#1182092). Important SUSE bug 1182092 CVE-2021-26937 cpe:/o:suse:sles-espos:12:sp2 Security update for bind (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack [bsc#1182246, CVE-2020-8625] Important SUSE bug 1182246 CVE-2020-8625 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_7_1-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 80 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-espos:12:sp2 Security update for krb5-appl (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). Important SUSE bug 1131109 CVE-2019-25017 CVE-2019-25018 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-openjdk (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u282 (icedtea 3.18.0) * January 2021 CPU (bsc#1181239) * Security fixes + JDK-8247619: Improve Direct Buffering of Characters (CVE-2020-14803) * Import of OpenJDK 8 u282 build 01 + JDK-6962725: Regtest javax/swing/JFileChooser/6738668/ /bug6738668.java fails under Linux + JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + JDK-8030350: Enable additional compiler warnings for GCC + JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/ /DisposeFrameOnDragTest.java fails by Timeout on Windows + JDK-8036122: Fix warning 'format not a string literal' + JDK-8051853: new URI('x/').resolve('..').getSchemeSpecificPart() returns null! + JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/ /DefaultNoDrop.java locks on Windows + JDK-8134632: Mark javax/sound/midi/Devices/ /InitializationHang.java as headful + JDK-8148854: Class names 'SomeClass' and 'LSomeClass;' treated by JVM as an equivalent + JDK-8148916: Mark bug6400879.java as intermittently failing + JDK-8148983: Fix extra comma in changes for JDK-8148916 + JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + JDK-8165808: Add release barriers when allocating objects with concurrent collection + JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + JDK-8207766: [testbug] Adapt tests for Aix. + JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + JDK-8220657: JFR.dump does not work when filename is set + JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + JDK-8232114: JVM crashed at imjpapi.dll in native code + JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + JDK-8234339: replace JLI_StrTok in java_md_solinux.c + JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + JDK-8242335: Additional Tests for RSASSA-PSS + JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + JDK-8245400: Upgrade to LittleCMS 2.11 + JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + JDK-8249176: Update GlobalSignR6CA test certificates + JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + JDK-8250928: JFR: Improve hash algorithm for stack traces + JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + JDK-8252497: Incorrect numeric currency code for ROL + JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + JDK-8253284: Zero OrderAccess barrier mappings are incorrect + JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + JDK-8253752: test/sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java fails randomly + JDK-8254081: java/security/cert/PolicyNode/ /GetPolicyQualifiers.java fails due to an expired certificate + JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/ /WorkerDeadlockTest.java fails + JDK-8255003: Build failures on Solaris Moderate SUSE bug 1181239 CVE-2020-14803 cpe:/o:suse:sles-espos:12:sp2 Security update for java-1_8_0-ibm (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803] * CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. * CVE-2020-14803: Unauthenticated attacker with network access via multiple protocols allows to compromise Java SE. Important SUSE bug 1181239 SUSE bug 1182186 CVE-2020-14803 CVE-2020-27221 cpe:/o:suse:sles-espos:12:sp2 Security update for perl-XML-Twig (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for perl-XML-Twig fixes the following issues: - Security fix [bsc#1008644, CVE-2016-9180] * Added: the no_xxe option to XML::Twig::new, which causes the parse to fail if external entities are used (to prevent malicious XML to access the filesystem). * Setting expand_external_ents to 0 or -1 currently doesn't work as expected; To completely turn off expanding external entities use no_xxe. * Update documentation for XML::Twig to mention problems with expand_external_ents and add information about new no_xxe argument Moderate SUSE bug 1008644 CVE-2016-9180 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.8.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2021-08 (bsc#1182614) * CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Important SUSE bug 1182357 SUSE bug 1182614 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978 cpe:/o:suse:sles-espos:12:sp2 Security update for python-cryptography (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). Important SUSE bug 1182066 CVE-2020-36242 cpe:/o:suse:sles-espos:12:sp2 Security update for grub2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for grub2 fixes the following issues: grub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057) Following security issues are fixed that can violate secure boot constraints: - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711) - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883) - CVE-2020-27749: Fixed a stack buffer overflow in grub_parser_split_cmdline (bsc#1179264) - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970) - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262) - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263) grub2 was bumped to version 2.02, same as SUSE Linux Enterprise 12 SP3. Important SUSE bug 1175970 SUSE bug 1176711 SUSE bug 1177883 SUSE bug 1179264 SUSE bug 1179265 SUSE bug 1182057 SUSE bug 1182262 SUSE bug 1182263 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233 cpe:/o:suse:sles-espos:12:sp2 Security update for openldap2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. Important SUSE bug 1182279 SUSE bug 1182408 SUSE bug 1182411 SUSE bug 1182412 SUSE bug 1182413 SUSE bug 1182415 SUSE bug 1182416 SUSE bug 1182417 SUSE bug 1182418 SUSE bug 1182419 SUSE bug 1182420 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843). - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753). - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372). The following non-security bug was fixed: - xen/netback: fix spurious event detection for common event case (bsc#1182175). Important SUSE bug 1178372 SUSE bug 1181747 SUSE bug 1181753 SUSE bug 1181843 SUSE bug 1182175 CVE-2020-28374 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 cpe:/o:suse:sles-espos:12:sp2 Security update for wpa_supplicant (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: P2P provision discovery processing vulnerability (bsc#1182805) Important SUSE bug 1182805 CVE-2021-27803 cpe:/o:suse:sles-espos:12:sp2 Security update for git (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) Important SUSE bug 1183026 CVE-2021-21300 cpe:/o:suse:sles-espos:12:sp2 Security update for python (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). Moderate SUSE bug 1182379 CVE-2019-18348 CVE-2021-23336 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Important SUSE bug 1180623 CVE-2020-16044 cpe:/o:suse:sles-espos:12:sp2 Security update for glib2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) Important SUSE bug 1182328 SUSE bug 1182362 CVE-2021-27218 CVE-2021-27219 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_149 fixes several issues. The following security issues were fixed: - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). - CVE-2020-25645: Fixed an issue where the traffic between two Geneve endpoints may have been unencrypted when IPsec was configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted (bsc#1177513). - CVE-2020-0429: Fixed a potential memory corruption due to a use after free which could have led local escalation of privilege with System execution privileges needed (bsc#1176931). - CVE-2020-1749: Fixed an issue in some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6 where the kernel was not correctly routing tunneled data over the encrypted link rather sending the data unencrypted (bsc#1165631). Important SUSE bug 1165631 SUSE bug 1176931 SUSE bug 1177513 SUSE bug 1178684 SUSE bug 1179616 CVE-2020-0429 CVE-2020-1749 CVE-2020-25645 CVE-2020-27786 CVE-2020-28374 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_146 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_141 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_135 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_129 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-espos:12:sp2 Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for the Linux Kernel 4.4.121-92_138 fixes several issues. The following security issues were fixed: - CVE-2021-3347: Fixed a use-after-free in the PI futexes during fault handling, allowing local users to execute code in the kernel (bsc#1181553). - CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation (bsc#1179616). - CVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#1178684). Important SUSE bug 1178684 SUSE bug 1179616 SUSE bug 1181553 CVE-2020-27786 CVE-2020-28374 CVE-2021-3347 cpe:/o:suse:sles-espos:12:sp2 Security update for sudo (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for sudo fixes the following issues: - Fixed a potential crash on exit as a result of the fix of CVE-2021-3156 [bsc#1181090] Important SUSE bug 1181090 CVE-2021-3156 cpe:/o:suse:sles-espos:12:sp2 Security update for wavpack (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for wavpack fixes the following issues: - CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414). Important SUSE bug 1180414 CVE-2020-35738 cpe:/o:suse:sles-espos:12:sp2 Security update for nghttp2 (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182). - CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639). - CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514). Bug fixes and enhancements: - Packages must not mark license files as %doc (bsc#1082318) - Typo in description of libnghttp2_asio1 (bsc#962914) - Fixed mistake in spec file (bsc#1125689) - Fixed build issue with boost 1.70.0 (bsc#1134616) - Fixed build issue with GCC 6 (bsc#964140) - Feature: Add W&S module (FATE#326776, bsc#1112438) Important SUSE bug 1082318 SUSE bug 1088639 SUSE bug 1112438 SUSE bug 1125689 SUSE bug 1134616 SUSE bug 1146182 SUSE bug 1146184 SUSE bug 1181358 SUSE bug 962914 SUSE bug 964140 SUSE bug 966514 CVE-2016-1544 CVE-2018-1000168 CVE-2019-9511 CVE-2019-9513 CVE-2020-11080 cpe:/o:suse:sles-espos:12:sp2 Security update for openssl (Moderate) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) Moderate SUSE bug 1182331 SUSE bug 1182333 CVE-2021-23840 CVE-2021-23841 cpe:/o:suse:sles-espos:12:sp2 Security update for MozillaFirefox (Important) SUSE Linux Enterprise Server 12 SP2-ESPOS This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942) * CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Malicious extensions could have spoofed popup information * CVE-2021-23987: Memory safety bugs Important SUSE bug 1183942 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 cpe:/o:suse:sles-espos:12:sp2 DirectFB lib++dfb-1_7-1 libdirectfb-1_7-1 sles-release MozillaFirefox MozillaFirefox-translations aaa_base aaa_base-extras accountsservice accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 alsa alsa-docs libasound2 libasound2-32bit ant apache-commons-beanutils apache-commons-beanutils-javadoc apache-commons-daemon apache-commons-daemon-javadoc apache-commons-httpclient apache2 apache2-doc apache2-example-pages apache2-prefork apache2-utils apache2-worker apache2-mod_jk apache2-mod_nss apache2-mod_perl at flex flex-32bit libQtWebKit4 libQtWebKit4-32bit libbonobo libbonobo-32bit libbonobo-doc libbonobo-lang libkde4 libkde4-32bit libkdecore4 libkdecore4-32bit libksuseinstall1 libksuseinstall1-32bit libnetpbm11 libnetpbm11-32bit netpbm augeas augeas-lenses libaugeas0 autofs automake m4 avahi avahi-lang avahi-utils libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 libdns_sd libdns_sd-32bit bash bash-doc libreadline6 libreadline6-32bit readline-doc bind bind-chrootenv bind-doc bind-libs bind-libs-32bit bind-utils binutils busybox bzip2 bzip2-doc libbz2-1 libbz2-1-32bit chrony cifs-utils clamav colord-gtk-lang libcolord-gtk1 libcolord2 libcolord2-32bit libcolorhug2 coolkey coreutils coreutils-lang cpio cpio-lang cpp48 gcc48 gcc48-32bit gcc48-c++ gcc48-info gcc48-locale libasan0 libasan0-32bit libstdc++48-devel libstdc++48-devel-32bit cracklib libcrack2 libcrack2-32bit cron cronie ctags cups cups-client cups-libs cups-libs-32bit cups-filters cups-filters-cups-browsed cups-filters-foomatic-rip cups-filters-ghostscript cups-pk-helper cups-pk-helper-lang curl libcurl4 libcurl4-32bit cvs cvs-doc cyrus-sasl cyrus-sasl-32bit cyrus-sasl-crammd5 cyrus-sasl-crammd5-32bit cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-gssapi-32bit cyrus-sasl-otp cyrus-sasl-otp-32bit cyrus-sasl-plain cyrus-sasl-plain-32bit cyrus-sasl-saslauthd cyrus-sasl-sqlauxprop cyrus-sasl-sqlauxprop-32bit libsasl2-3 libsasl2-3-32bit davfs2 dbus-1 dbus-1-x11 libdbus-1-3 libdbus-1-3-32bit dbus-1-glib dbus-1-glib-32bit dhcp dhcp-client dhcp-relay dhcp-server dnsmasq dosfstools dovecot22 dovecot22-backend-mysql dovecot22-backend-pgsql dovecot22-backend-sqlite dracut dracut-fips dstat e2fsprogs libcom_err2 libcom_err2-32bit libext2fs2 ecryptfs-utils ecryptfs-utils-32bit elfutils libasm1 libasm1-32bit libdw1 libdw1-32bit libebl1 libebl1-32bit libelf1 libelf1-32bit emacs emacs-el emacs-info emacs-nox emacs-x11 etags eog eog-lang evince evince-browser-plugin evince-lang evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-psdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 nautilus-evince expat libexpat1 libexpat1-32bit fetchmail fetchmailconf file file-magic libmagic1 libmagic1-32bit fontconfig fontconfig-32bit freeradius-server freeradius-server-doc freeradius-server-krb5 freeradius-server-ldap freeradius-server-libs freeradius-server-mysql freeradius-server-perl freeradius-server-postgresql freeradius-server-python freeradius-server-sqlite freeradius-server-utils ft2demos fuse libfuse2 gd gdk-pixbuf-lang gdk-pixbuf-query-loaders gdk-pixbuf-query-loaders-32bit libgdk_pixbuf-2_0-0 libgdk_pixbuf-2_0-0-32bit typelib-1_0-GdkPixbuf-2_0 gdk-pixbuf-loader-rsvg librsvg-2-2 librsvg-2-2-32bit rsvg-view gdm gdm-lang gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 ghostscript ghostscript-x11 giflib-progs libgif6 libgif6-32bit git-core glib2-lang glib2-tools libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgthread-2_0-0-32bit glibc glibc-32bit glibc-devel glibc-devel-32bit glibc-html glibc-i18ndata glibc-info glibc-locale glibc-locale-32bit glibc-profile glibc-profile-32bit nscd gnome-keyring gnome-keyring-32bit gnome-keyring-lang gnome-keyring-pam gnome-keyring-pam-32bit libgck-modules-gnome-keyring gnome-settings-daemon gnome-settings-daemon-lang gnome-shell gnome-shell-browser-plugin gnome-shell-lang gnutls libgnutls-openssl27 libgnutls28 libgnutls28-32bit gpg2 gpg2-lang gpgme libgpgme11 groff groff-full gxditview grub2 grub2-arm64-efi grub2-i386-pc grub2-powerpc-ieee1275 grub2-s390x-emu grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen gtk2-data gtk2-lang gtk2-tools gtk2-tools-32bit libgtk-2_0-0 libgtk-2_0-0-32bit guestfs-data guestfs-tools guestfsd libguestfs0 perl-Sys-Guestfs python-libguestfs virt-p2v virt-v2v gv wdiff gvim vim vim-data gzip hardlink hplip hplip-hpijs hplip-sane hyper-v ibus-chewing ibus-pinyin ipsec-tools iputils jakarta-commons-fileupload jakarta-commons-fileupload-javadoc java-1_7_0-openjdk java-1_7_0-openjdk-demo java-1_7_0-openjdk-devel java-1_7_0-openjdk-headless java-1_7_1-ibm java-1_7_1-ibm-alsa java-1_7_1-ibm-jdbc java-1_7_1-ibm-plugin java-1_8_0-ibm java-1_8_0-ibm-alsa java-1_8_0-ibm-plugin java-1_8_0-openjdk java-1_8_0-openjdk-demo java-1_8_0-openjdk-devel java-1_8_0-openjdk-headless kbd kdump kernel-default kernel-default-base kernel-default-devel kernel-default-man kernel-devel kernel-macros kernel-source kernel-syms krb5 krb5-32bit krb5-client krb5-doc krb5-plugin-kdb-ldap krb5-plugin-preauth-otp krb5-plugin-preauth-pkinit krb5-server krb5-appl-clients krb5-appl-servers libFLAC++6 libFLAC8 libFLAC8-32bit libHX28 libHX28-32bit libIlmImf-Imf_2_1-21 openexr libMagickCore-6_Q16-1 libMagickWand-6_Q16-1 libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-postgresql libQt5Sql5-sqlite libQt5Sql5-unixODBC libQt5Test5 libQt5Widgets5 libQt5Xml5 libQt5WebKit5 libQt5WebKit5-imports libQt5WebKitWidgets5 libX11-6 libX11-6-32bit libX11-data libX11-xcb1 libX11-xcb1-32bit libXRes1 libXRes1-32bit libXcursor1 libXcursor1-32bit libXext6 libXext6-32bit libXfixes3 libXfixes3-32bit libXfont1 libXi6 libXi6-32bit libXinerama1 libXinerama1-32bit libXp6 libXp6-32bit libXrandr2 libXrandr2-32bit libXrender1 libXrender1-32bit libXt6 libXt6-32bit libXtst6 libXtst6-32bit libXv1 libXv1-32bit libXvMC1 libXvnc1 tigervnc xorg-x11-Xvnc libXxf86dga1 libXxf86vm1 libXxf86vm1-32bit libapr-util1 libapr-util1-dbd-sqlite3 libapr1 libarchive13 libasan2 libasan2-32bit libffi4 libffi4-32bit libmpx0 libmpx0-32bit libmpxwrappers0 libmpxwrappers0-32bit libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid1 libuuid1-32bit python-libmount util-linux util-linux-lang util-linux-systemd uuidd libcgroup-tools libcgroup1 libdcerpc-atsvc0 libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbclient0-32bit libsmbconf0 libsmbconf0-32bit libsmbldap0 libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit libdmx1 libecpg6 libpq5 libpq5-32bit postgresql94 postgresql94-contrib postgresql94-docs postgresql94-server libevent-2_0-5 libexif12 libexif12-32bit libfreebl3 libfreebl3-32bit libfreebl3-hmac libfreebl3-hmac-32bit libsoftokn3 libsoftokn3-32bit libsoftokn3-hmac libsoftokn3-hmac-32bit mozilla-nss mozilla-nss-32bit mozilla-nss-certs mozilla-nss-certs-32bit mozilla-nss-sysinit mozilla-nss-sysinit-32bit mozilla-nss-tools libfreetype6 libfreetype6-32bit libgc1 libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac libgcrypt20-hmac-32bit libgnomesu libgnomesu-lang libgnomesu0 libgoa-1_0-0 libgoa-backend-1_0-1 libgraphite2-3 libgraphite2-3-32bit libgssglue1 libgssglue1-32bit libgypsy0 libhivex0 perl-Win-Hivex libhogweed2 libhogweed2-32bit libnettle4 libnettle4-32bit libicu-doc libicu52_1 libicu52_1-32bit libicu52_1-data libidn-tools libidn11 libidn11-32bit libimobiledevice6 libipa_hbac0 libsss_idmap0 libsss_sudo python-sssd-config sssd sssd-32bit sssd-ad sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libjansson4 libjasper1 libjasper1-32bit libjavascriptcoregtk-3_0-0 libwebkitgtk-3_0-0 libwebkitgtk3-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles libjbig2 libjbig2-32bit libjpeg-turbo libjpeg62 libjpeg62-32bit libjpeg62-turbo libjpeg8 libjpeg8-32bit libturbojpeg0 libjson-c2 libjson-c2-32bit libksba8 liblcms1 liblcms1-32bit libldap-2_4-2 libldap-2_4-2-32bit openldap2 openldap2-back-meta openldap2-client libldb1 libldb1-32bit libltdl7 libltdl7-32bit libtool libtool-32bit liblua5_2 liblua5_2-32bit lua liblzo2-2 liblzo2-2-32bit libmms0 libmodplug1 libmpfr4 libmpfr4-32bit libmspack0 libmusicbrainz4 libmysqlclient18 libmysqlclient18-32bit mariadb mariadb-client mariadb-errormessages mariadb-tools libneon27 libneon27-32bit libnghttp2-14 libnm-glib-vpn1 libnm-glib4 libnm-util2 libnm0 typelib-1_0-NMClient-1_0 typelib-1_0-NetworkManager-1_0 libopenssl-devel libopenssl1_0_0 libopenssl1_0_0-32bit libopenssl1_0_0-hmac libopenssl1_0_0-hmac-32bit openssl openssl-doc libotr5 libpango-1_0-0 libpango-1_0-0-32bit typelib-1_0-Pango-1_0 libpcsclite1 pcsc-lite libpng12-0 libpng12-0-32bit libpng15-15 libpng16-16 libpng16-16-32bit libpolkit0 polkit typelib-1_0-Polkit-1_0 libpoppler-glib8 libpoppler-qt4-4 libpoppler60 poppler-tools libpoppler44 libproxy1 libproxy1-32bit libproxy1-config-gnome3 libproxy1-config-gnome3-32bit libproxy1-networkmanager libproxy1-pacrunner-webkit libpulse-mainloop-glib0 libpulse-mainloop-glib0-32bit libpulse0 libpulse0-32bit pulseaudio pulseaudio-esound-compat pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils libpython2_7-1_0 libpython2_7-1_0-32bit python-base python-base-32bit python-xml libpython3_4m1_0 python3-base libqt4 libqt4-32bit libqt4-qt3support libqt4-qt3support-32bit libqt4-sql libqt4-sql-32bit libqt4-sql-mysql libqt4-sql-sqlite libqt4-x11 libqt4-x11-32bit qt4-x11-tools libraptor2-0 libruby2_1-2_1 ruby2.1 ruby2.1-stdlib libsmi libsmi2 libsndfile1 libsndfile1-32bit libsnmp30 libsnmp30-32bit net-snmp perl-SNMP snmp-mibs libsoup-2_4-1 libsoup-2_4-1-32bit libsoup-lang typelib-1_0-Soup-2_4 libspice-client-glib-2_0-8 libspice-client-glib-helper libspice-client-gtk-2_0-4 libspice-client-gtk-3_0-4 libspice-controller0 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 libspice-server1 libsqlite3-0 libsqlite3-0-32bit sqlite3 libsrtp1 libssh2-1 libssh2-1-32bit libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd systemd-32bit systemd-bash-completion systemd-sysvinit udev libtag1 libtag_c0 taglib libtasn1 libtasn1-6 libtasn1-6-32bit libtcnative-1-0 libthai-data libthai0 libthai0-32bit libtiff5 libtiff5-32bit tiff libudisks2-0 udisks2 udisks2-lang libupsclient1 nut nut-drivers-net libusbmuxd4 libvdpau1 libvirt libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-doc libvirt-lock-sanlock libvirt-nss libvncclient0 libvncserver0 libvorbis-doc libvorbis0 libvorbis0-32bit libvorbisenc2 libvorbisenc2-32bit libvorbisfile3 libvorbisfile3-32bit libvte9 python-vte vte2-lang libxcb-dri2-0 libxcb-dri2-0-32bit libxcb-dri3-0 libxcb-dri3-0-32bit libxcb-glx0 libxcb-glx0-32bit libxcb-present0 libxcb-present0-32bit libxcb-randr0 libxcb-render0 libxcb-render0-32bit libxcb-shape0 libxcb-shm0 libxcb-shm0-32bit libxcb-sync1 libxcb-sync1-32bit libxcb-xf86dri0 libxcb-xfixes0 libxcb-xfixes0-32bit libxcb-xinerama0 libxcb-xkb1 libxcb-xkb1-32bit libxcb-xv0 libxcb1 libxcb1-32bit libxerces-c-3_1 libxerces-c-3_1-32bit libxml2-2 libxml2-2-32bit libxml2-doc libxml2-tools libyaml-0-2 libzip2 logrotate logwatch mailman mailx mipv6d mozilla-nspr mozilla-nspr-32bit mutt ntp ntp-doc opensc openslp openslp-32bit openslp-server openssh openssh-fips openssh-helpers openvpn openvpn-auth-pam-plugin openvswitch openvswitch-dpdk openvswitch-dpdk-switch openvswitch-switch opie opie-32bit p7zip pam pam-32bit pam-doc pam-modules pam-modules-32bit pam_krb5 pam_krb5-32bit pam_ssh pam_ssh-32bit patch pcsc-ccid perl perl-32bit perl-base perl-doc perl-Config-IniFiles perl-HTML-Parser perl-LWP-Protocol-https perl-Tk perl-XML-LibXML perl-YAML-LibYAML pigz powerpc-utils ppc64-diag ppp procmail python python-32bit python-curses python-demo python-gdbm python-idle python-tk python3 python3-curses python-cupshelpers system-config-printer system-config-printer-common system-config-printer-common-lang system-config-printer-dbus-service udev-configure-printer python-imaging python-libxml2 python-pyOpenSSL python-pywbem python-requests qemu qemu-arm qemu-block-curl qemu-block-rbd qemu-block-ssh qemu-guest-agent qemu-ipxe qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 quagga radvd res-signingkeys smt smt-support rpcbind rpm rpm-32bit rpm-build rsync rsyslog rsyslog-diag-tools rsyslog-doc rsyslog-module-gssapi rsyslog-module-gtls rsyslog-module-mysql rsyslog-module-pgsql rsyslog-module-relp rsyslog-module-snmp rsyslog-module-udpspoof rtkit ruby sblim-sfcb shim socat squashfs squid squidGuard squidGuard-doc strongswan strongswan-doc strongswan-hmac strongswan-ipsec strongswan-libs0 stunnel sudo supportutils sysconfig sysconfig-netconfig syslog-service systemtap systemtap-runtime systemtap-server sysvinit-tools whois tar tar-lang tcpdump tftp tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-3_0-api tomcat-javadoc tomcat-jsp-2_3-api tomcat-lib tomcat-servlet-3_1-api tomcat-webapps unixODBC unixODBC-32bit unzip update-alternatives vino vino-lang vorbis-tools vorbis-tools-lang vsftpd w3m wget wireshark wpa_supplicant xalan-j2 xdg-utils xen xen-doc-html xen-libs xen-libs-32bit xen-tools xen-tools-domU xf86-video-intel xfsprogs xinetd xlockmore xorg-x11 xorg-x11-essentials xrdb xorg-x11-libs xorg-x11-server xorg-x11-server-extra xscreensaver xscreensaver-data yast2 yast2-core yast2-users zoo python-tablib suse-openstack-cloud-release nodejs-common nodejs6 python-pycrypto python-XStatic-jquery-ui dnsmasq-utils openstack-glance openstack-glance-api openstack-glance-doc openstack-glance-glare openstack-glance-registry python-glance openstack-aodh openstack-aodh-api openstack-aodh-doc openstack-aodh-evaluator openstack-aodh-expirer openstack-aodh-listener openstack-aodh-notifier python-aodh ruby2.1-rubygem-actionmailer-4_2 ruby2.1-rubygem-actionpack-4_2 ruby2.1-rubygem-actionview-4_2 ruby2.1-rubygem-activejob-4_2 ruby2.1-rubygem-activemodel-4_2 ruby2.1-rubygem-activerecord-4_2 ruby2.1-rubygem-activesupport-4_2 ruby2.1-rubygem-rails-4_2 ruby2.1-rubygem-rails-html-sanitizer ruby2.1-rubygem-railties-4_2 ansible monasca-installer storm storm-nimbus storm-supervisor openstack-nova openstack-nova-api openstack-nova-cells openstack-nova-cert openstack-nova-compute openstack-nova-conductor openstack-nova-console openstack-nova-consoleauth openstack-nova-doc openstack-nova-novncproxy openstack-nova-placement-api openstack-nova-scheduler openstack-nova-serialproxy openstack-nova-vncproxy python-nova python-PyJWT python-oslo.middleware openstack-magnum openstack-magnum-api openstack-magnum-conductor openstack-magnum-doc python-magnum openstack-ceilometer openstack-ceilometer-agent-central openstack-ceilometer-agent-compute openstack-ceilometer-agent-ipmi openstack-ceilometer-agent-notification openstack-ceilometer-api openstack-ceilometer-collector openstack-ceilometer-doc openstack-ceilometer-polling openstack-cinder openstack-cinder-api openstack-cinder-backup openstack-cinder-doc openstack-cinder-scheduler openstack-cinder-volume openstack-dashboard openstack-heat openstack-heat-api openstack-heat-api-cfn openstack-heat-api-cloudwatch openstack-heat-doc openstack-heat-engine openstack-heat-plugin-heat_docker openstack-heat-test openstack-keystone openstack-keystone-doc openstack-manila openstack-manila-api openstack-manila-data openstack-manila-doc openstack-manila-scheduler openstack-manila-share python-ceilometer python-cinder python-heat python-horizon python-keystone python-manila git-doc kernel-firmware ucode-amd libvirt-daemon-hooks ucode-intel java-1_8_0-ibm-devel java-1_7_1-ibm-devel MozillaFirefox-devel kgraft-patch-4_4_121-92_85-default galera-3-wsrep-provider libmariadb3 mariadb-galera ruby2.1-rubygem-mysql2 xtrabackup shadow ruby2.1-rubygem-sprockets-2_12 kgraft-patch-4_4_121-92_92-default lttng-modules lttng-modules-kmp-default openssh-askpass-gnome grafana kafka logstash couchdb openstack-horizon-plugin-designate-ui python-horizon-plugin-designate-ui python-os-vif crowbar crowbar-core crowbar-core-branding-upstream crowbar-devel crowbar-ha crowbar-openstack crowbar-ui libzypp zypper zypper-log libwireshark9 libwiretap7 libwscodecs1 libwsutil8 wireshark-gtk yast2-smt libqpdf18 qpdf postgresql-init postgresql10 postgresql10-contrib postgresql10-docs postgresql10-server kgraft-patch-4_4_121-92_95-default postgresql96 postgresql96-contrib postgresql96-docs postgresql96-server MozillaFirefox-branding-SLE MozillaFirefox-translations-common python3-rpm rpm-python python-oslo.cache python-oslo.concurrency python-oslo.db python-oslo.log python-oslo.messaging python-oslo.serialization python-oslo.service python-oslo.utils python-oslo.versionedobjects python-oslo.vmware python-oslotest python-cryptography python-setuptools python3-cryptography python3-pyOpenSSL python3-setuptools libspectre1 memcached python-paramiko erlang erlang-epmd python-Django kgraft-patch-4_4_121-92_73-default python-Pillow python-pysaml2 kgraft-patch-4_4_121-92_80-default ImageMagick-config-6-SUSE ImageMagick-config-6-upstream atftp hostinfo libwebkit2gtk3-lang typelib-1_0-WebKit2WebExtension-4_0 webkit2gtk3-devel libudev-devel kgraft-patch-4_4_121-92_109-default python-devel python-doc python-doc-pdf ruby2.1-rubygem-rack caasp-openstack-heat-templates galera-python-clustercheck openstack-heat-gbp python-PyKMIP python-heat-gbp ruby2.1-rubygem-crowbar-client kgraft-patch-4_4_121-92_114-default python-Jinja2 gstreamer-plugins-base gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstapp-1_0-0-32bit libgstaudio-1_0-0 libgstaudio-1_0-0-32bit libgstfft-1_0-0 libgstpbutils-1_0-0 libgstpbutils-1_0-0-32bit libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgsttag-1_0-0-32bit libgstvideo-1_0-0 libgstvideo-1_0-0-32bit gstreamer-0_10-plugins-base-32bit libgstapp-0_10-0-32bit libgstinterfaces-0_10-0-32bit postgresql10-plperl postgresql10-plpython postgresql10-pltcl kgraft-patch-4_4_121-92_117-default xrdp python-Twisted postgresql94-plperl postgresql94-plpython postgresql94-pltcl postgresql96-plperl postgresql96-plpython postgresql96-pltcl ruby2.1-rubygem-loofah libsolv-tools perl-solv python-solv kgraft-patch-4_4_121-92_120-default python-SQLAlchemy ibus ibus-gtk ibus-gtk3 ibus-lang libibus-1_0-5 typelib-1_0-IBus-1_0 python-urllib3 binutils-devel libpcap1 novnc openstack-neutron openstack-neutron-dhcp-agent openstack-neutron-doc openstack-neutron-ha-tool openstack-neutron-l3-agent openstack-neutron-lbaas openstack-neutron-lbaas-agent openstack-neutron-lbaas-doc openstack-neutron-linuxbridge-agent openstack-neutron-macvtap-agent openstack-neutron-metadata-agent openstack-neutron-metering-agent openstack-neutron-openvswitch-agent openstack-neutron-server openstack-tempest openstack-tempest-test python-neutron python-neutron-lbaas python-tempest ruby2.1-rubygem-chef ruby2.1-rubygem-easy_diff rubygem-chef sleshammer-aarch64 sleshammer-ppc64le sleshammer-s390x sleshammer-x86_64 nfs-client nfs-doc nfs-kernel-server gdb ruby2.1-rubygem-haml libseccomp2 libseccomp2-32bit kgraft-patch-4_4_121-92_125-default python-ecdsa permissions openstack-dashboard-theme-SUSE openstack-heat-templates patterns-cloud-admin patterns-cloud-compute patterns-cloud-controller patterns-cloud-network patterns-cloud-user haproxy kgraft-patch-4_4_121-92_101-default libprocps3 procps libkpathsea6 python-amqp python-ovs python-psql2mysql kgraft-patch-4_4_121-92_104-default pam_radius pam_radius-32bit libshibsp-lite6 libshibsp6 shibboleth-sp openldap2-doc openldap2-ppolicy-check-password kgraft-patch-4_4_121-92_129-default python-PyYAML python-rpm-macros shared-python-startup yast2-ruby-bindings kgraft-patch-4_4_121-92_135-default libvirglrenderer0 libadns1 python3-certifi python3-chardet python3-requests python3-urllib3 kgraft-patch-4_4_121-92_138-default python-ipaddress kgraft-patch-4_4_121-92_141-default perl-DBI python-pip python3-devel grafana-natel-discrete-panel openstack-barbican openstack-barbican-api openstack-barbican-doc openstack-barbican-keystone-listener openstack-barbican-retry openstack-barbican-worker openstack-gnocchi openstack-gnocchi-api openstack-gnocchi-carbonara openstack-gnocchi-indexer-sqlalchemy openstack-gnocchi-metricd openstack-gnocchi-statsd openstack-ironic openstack-ironic-api openstack-ironic-conductor openstack-ironic-doc openstack-monasca-agent openstack-murano openstack-murano-api openstack-murano-doc openstack-murano-engine openstack-neutron-vpn-agent openstack-neutron-vpnaas openstack-neutron-vpnaas-doc openstack-neutron-vyatta-agent openstack-sahara openstack-sahara-api openstack-sahara-doc openstack-sahara-engine python-barbican python-gnocchi python-ironic python-monasca-agent python-murano python-neutron-vpnaas python-sahara openstack-neutron-fwaas openstack-neutron-fwaas-doc python-neutron-fwaas sane-backends ovmf ovmf-tools qemu-ovmf-x86_64 libasan6 libasan6-32bit libatomic1 libatomic1-32bit libgcc_s1 libgcc_s1-32bit libgfortran5 libgfortran5-32bit libgo16 libgo16-32bit libgomp1 libgomp1-32bit libitm1 libitm1-32bit liblsan0 libobjc4 libobjc4-32bit libquadmath0 libquadmath0-32bit libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp-gcc10 libstdc++6-pp-gcc10-32bit libtsan0 libubsan1 libubsan1-32bit postgresql postgresql-contrib postgresql-docs postgresql-plperl postgresql-plpython postgresql-pltcl postgresql-server libzypp-devel kgraft-patch-4_4_121-92_146-default bluez libbluetooth3 influxdb libasan5 libasan5-32bit libgo14 libgo14-32bit log4j python-asn1crypto python-jsonpatch python-jsonpointer python-packaging python-pyparsing python3-asn1crypto python3-jsonpointer python3-packaging python3-pyparsing python-cffi python-xattr python3-cffi grafana-monasca-ui-drilldown openstack-horizon-plugin-monasca-ui openstack-monasca-api openstack-monasca-log-api python-horizon-plugin-monasca-ui python-monasca-api python-monasca-log-api ruby2.1-rubygem-puma perl-Mail-SpamAssassin spamassassin libxslt-tools libxslt1 libxslt1-32bit libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 libpcre2-posix2 perl-CGI fwupdate fwupdate-efi libfwup0 python-httplib2 libwebpmux1 kibana python-py ruby2.1-rubygem-activerecord-session_store ruby2.1-rubygem-nokogiri python-rsa kgraft-patch-4_4_121-92_149-default screen perl-XML-Twig kgraft-patch-4_4_121-92_152-default git git-cvs git-daemon git-email git-gui git-svn git-web gitk libwavpack1 libpcre1 libpcre1-32bit libpcre16-0 libass5 libgme0 libopenjp2-7 libcares2 libgstegl-1_0-0 gstreamer-plugins-bad gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 gstreamer-plugins-good gstreamer-plugins-good-lang libwireshark8 libwiretap6 libwsutil7 libcairo-gobject2 libcairo-gobject2-32bit libcairo-script-interpreter2 libcairo2 libcairo2-32bit unrar libquicktime0 libncurses5 libncurses5-32bit libncurses6 libncurses6-32bit ncurses-devel ncurses-devel-32bit ncurses-utils tack terminfo terminfo-base libICE6 libICE6-32bit libXdmcp6 libXdmcp6-32bit libical1 libical1-32bit libplist3 libfpm_pb0 libospf0 libospfapiclient0 libquagga_pb0 libzebra1 liblouis-data liblouis9 python-louis python3-louis tcmu-runner xerces-j2 xerces-j2-xml-apis xerces-j2-xml-resolver policycoreutils policycoreutils-python SuSEfirewall2 ceph-common libcephfs1 librados2 libradosstriper1 librbd1 python-cephfs python-rados python-rbd tboot guile guile-modules-2_0 libguile-2_0-22 libz1 libz1-32bit zlib-devel libsaml8 opensaml-bin opensaml-schemas libopus0 libXpm4 libXpm4-32bit libvmtools0 open-vm-tools open-vm-tools-desktop rrdtool rrdtool-cached audiofile libaudiofile1 libaudiofile1-32bit gstreamer gstreamer-lang gstreamer-utils libgstreamer-1_0-0 libgstreamer-1_0-0-32bit typelib-1_0-Gst-1_0 minicom perl-DBD-mysql apache2-mod_apparmor apparmor-docs apparmor-parser apparmor-profiles apparmor-utils libapparmor1 libapparmor1-32bit pam_apparmor pam_apparmor-32bit perl-apparmor dovecot libtirpc-netconfig libtirpc3 libtirpc3-32bit jakarta-taglibs-standard jakarta-taglibs-standard-javadoc libmicrohttpd10 libQtQuick5 kgraft-patch-4_4_120-92_70-default kgraft-patch-4_4_90-92_50-default kgraft-patch-4_4_90-92_45-default kgraft-patch-4_4_103-92_56-default kgraft-patch-4_4_103-92_53-default kgraft-patch-4_4_74-92_32-default kgraft-patch-4_4_74-92_29-default kgraft-patch-4_4_74-92_38-default kgraft-patch-4_4_74-92_35-default kgraft-patch-4_4_114-92_67-default kgraft-patch-4_4_114-92_64-default libxmltooling6 xmltooling-schemas kgraft-patch-4_4_59-92_20-default kgraft-patch-4_4_59-92_24-default libvpx1 transfig spice-vdagent kgraft-patch-4_4_121-92_98-default db48-utils libdb-4_8 libdb-4_8-32bit libcdio14 libcdio14-32bit crash crash-kmp-default librelp0 kgraft-patch-4_4_59-92_17-default libavahi-glib1 libavahi-glib1-32bit libdjvulibre21 graphviz graphviz-gd graphviz-gnome graphviz-tcl libwebp5 libwebp5-32bit libwebpdemux1 caribou-common libcaribou0 typelib-1_0-Caribou-1_0 xterm libsolv-devel arpwatch systemd-devel linuxptp aspell aspell-ispell libaspell15 libaspell15-32bit libesmtp Mesa Mesa-32bit Mesa-libEGL1 Mesa-libEGL1-32bit Mesa-libGL1 Mesa-libGL1-32bit Mesa-libGLESv2-2 Mesa-libglapi0 Mesa-libglapi0-32bit libgbm1 libgbm1-32bit libxatracker2 libgtk-vnc-1_0-0 libgtk-vnc-2_0-0 libgvnc-1_0-0 python-gtk-vnc typelib-1_0-GVnc-1_0 typelib-1_0-GtkVnc-2_0 ghostscript-devel libspectre-devel sqlite3-devel libctf-nobfd0 libctf0 selinux-policy selinux-policy-devel selinux-policy-minimum glib-networking glib-networking-lang liblzma5 liblzma5-32bit xz xz-lang javapackages-filesystem libSDL-1_2-0 libSDL-1_2-0-32bit aide zsh libcaca0 0:1.7.1-6.1 12.2 0:45.4.0esr-81.1 0:13.2+git20140911.61c1681-28.1 0:0.6.42-14.2 0:1.0.27.2-11.4 0:1.0.27.2-11.10 0:1.9.4-1.6 0:1.9.2-1.27 0:1.0.15-4.221 0:3.1-4.498 0:2.4.23-14.7 0:1.2.40-5.2 0:1.0.14-18.3 0:2.0.8-11.43 0:3.1.14-7.3 0:2.5.37-8.1 0:4.8.6+2.3.3-3.1 0:2.32.1-16.1 0:4.12.0-7.3 0:10.66.3-4.1 0:1.2.0-10.1 0:5.0.9-21.6 0:1.13.4-6.2 0:1.4.16-15.74 0:0.6.32-30.36 0:4.3-78.39 0:6.3-78.39 0:9.9.9P1-46.1 0:2.26.1-9.12.1 0:1.21.1-3.3 0:1.0.6-29.2 0:2.3-3.110 0:6.5-8.9 0:0.99.2-25.1 0:0.1.26-6.3 0:1.3.3-10.14 0:1.1.0-147.71 0:8.25-12.8 0:2.11-29.1 0:4.8.5-30.1 0:2.9.0-7.1 0:4.2-58.3 0:1.4.11-58.3 0:5.8-7.1 0:1.7.5-12.4 0:1.0.58-13.1 0:0.2.5-3.75 0:7.37.0-28.1 0:7.37.0-31.1 0:1.12.12-181.63 0:2.1.26-7.1 0:1.5.2-2.3 0:1.8.16-19.1 0:0.100.2-3.58 0:4.3.3-9.1 0:2.71-10.1 0:3.0.26-6.5 0:2.2.13-2.7 0:044-87.1 0:0.7.2-1.2 0:1.42.11-7.1 0:103-7.1 0:0.158-6.1 0:24.3-16.32 0:3.20.4-7.7 0:3.20.1-5.66 0:2.1.0-17.1 0:6.3.26-12.3 0:5.19-9.1 0:2.11.1-7.1 0:3.0.3-10.1 0:2.6.3-7.8.3 0:2.9.3-5.1 0:2.1.0-12.1 0:2.34.0-16.2 0:2.40.15-4.5 0:3.10.0.1-52.5 0:9.15-6.5 0:5.0.5-12.1 0:1.8.5.6-18.1 0:2.48.2-10.2 0:2.22-49.16 0:3.20.0-27.2 0:3.20.1-40.5 0:3.20.4-70.4 0:3.2.15-11.1 0:2.0.24-3.2 0:1.5.1-1.12 0:1.22.2-5.429 0:2.02~beta2-104.16 0:2.24.31-7.11 0:1.32.4-14.18 0:3.7.4-1.39 0:1.2.1-3.64 0:7.4.326-2.62 0:1.6-7.392 0:1.0-6.45 0:3.14.6-3.5 0:7-13.1 0:1.4.14-4.11 0:1.5.0-7.10 0:0.8.0-15.16 0:s20121221-2.19 0:1.1.1-120.238 0:1.7.0.111-33.1 0:1.7.1_sr3.50-28.2 0:1.8.0_sr3.0-10.1 0:1.8.0.101-14.3 0:1.15.5-8.7.1 0:0.8.15-28.5 0:4.4.21-69.1 0:1.12.5-39.1 0:1.0.3-1.5 0:1.3.0-11.1 0:3.18-1.19 0:2.1.0-4.5 0:6.8.8.1-33.1 0:5.6.1-11.7 0:5.6.1-9.4 0:1.6.2-4.12 0:1.0.7-3.54 0:1.1.14-3.60 0:1.3.2-3.61 0:5.0.1-3.53 0:1.5.1-10.3 0:1.7.4-9.2 0:1.1.3-3.55 0:1.0.2-3.58 0:1.5.0-6.2 0:0.9.8-3.56 0:1.1.4-3.59 0:1.2.2-3.60 0:1.0.10-3.57 0:1.0.8-3.57 0:1.6.0-12.6 0:1.1.3-3.54 0:1.5.3-1.77 0:1.5.1-2.7 0:3.1.2-22.1 0:5.3.1+r233831-9.1 0:2.28-40.28 0:2.28-40.17 0:2.28-40.1 0:0.41.rc1-4.1 0:4.2.4-26.2 0:4.4.2-29.4 0:1.1.3-3.52 0:9.4.9-14.1 0:2.0.21-4.1 0:0.6.21-6.4 0:3.21.1-46.2 0:2.6.3-7.8.2 0:7.2d-3.77 0:1.6.1-16.33.1 0:2.0.0-353.6.2 0:3.20.4-7.2 0:1.3.1-6.1 0:0.4-3.83 0:0.9-6.24 0:1.3.10-4.1 0:2.7.1-9.1 0:52.1-7.1 0:1.28-4.1 0:1.2.0-7.31 0:1.13.4-18.10 0:2.7-1.2 0:1.900.1-170.1 0:2.4.11-23.20 0:2.12.5-1.12 0:2.0-12.6 0:2.0-12.13 0:1.3.1-30.3 0:62.1.0-30.1 0:1.3.1-30.1 0:8.0.2-30.3 0:0.11-2.22 0:1.3.0-23.1 0:1.19-17.31 0:2.4.41-18.25.1 0:1.1.26-10.4 0:2.4.2-14.60 0:5.2.2-4.2 0:2.08-1.6 0:2.08-1.13 0:0.6.2-15.8 0:0.8.8.4-13.69 0:3.1.2-7.1 0:0.4-14.4 0:2.1.5-27.86 0:10.0.27-12.1 0:0.30.0-3.65 0:1.7.1-1.84 0:1.0.12-8.6 0:1.0.2j-55.1 0:4.0.0-9.1 0:1.40.1-9.5 0:1.8.10-3.7 0:1.2.50-13.1 0:1.5.22-4.1 0:1.6.8-11.1 0:0.113-5.6.1 0:0.43.0-15.1 0:0.24.4-12.1 0:0.4.13-16.3 0:0.4.13-16.6 0:5.0-2.7 0:2.7.9-24.2 0:3.4.1-12.1 0:4.8.6-7.1 0:4.8.6-7.3 0:2.0.10-3.67 0:2.1.2-12.3 0:0.4.8-18.63 0:1.0.25-25.1 0:5.7.3-4.2 0:2.54.1-4.5 0:0.31-7.2 0:0.12.7-6.3 0:3.8.10.2-3.1 0:1.5.2-2.1 0:1.4.3-19.1 0:228-117.12 0:1.9.1-1.265 0:3.7-11.1 0:1.1.32-9.1 0:0.1.25-4.2 0:4.0.6-26.3 0:2.1.3-1.14 0:2.7.1-4.84 0:1.0.10-2.3 0:1.1.1-6.73 0:2.0.0-26.2 0:0.9.9-16.1 0:1.3.3-8.6 0:1.3.3-8.23 0:0.28.2-19.7 0:1.10-3.1 0:3.1.1-12.3 0:2.9.4-27.1 0:0.1.6-7.1 0:0.11.1-12.1 0:3.8.7-3.21 0:7.4.3-15.65 0:2.1.17-1.18 0:12.5-28.1 0:2.0.2.umip.0.4-19.77 0:4.12-15.2 0:1.6.0-54.1 0:4.2.8p8-14.1 0:0.13.0-1.122 0:2.0.0-11.1 0:7.2p2-55.1 0:2.3.8-16.6.4 0:2.5.1-24.15 0:2.4-724.65 0:9.20.1-6.1 0:1.1.8-14.1 0:12.1-23.6 0:12.1-23.12 0:2.4.4-4.5 0:2.0-1.40 0:2.7.5-7.1 0:1.4.14-1.45 0:5.18.2-11.1 0:2.82-3.14 0:3.71-1.178 0:6.04-5.4 0:804.031-3.82 0:2.0019-5.3 0:0.38-10.1 0:2.3-5.1 0:1.3.2-17.1 0:2.7.1-5.6 0:2.4.7-1.7 0:3.22-267.3 0:2.7.9-24.1 0:1.5.7-7.5 0:1.1.7-21.8 0:16.0.0-2.3.2 0:0.7.0-4.7 0:2.8.1-6.11.1 0:2.6.1-27.15 0:1.0.0-27.15 0:1.9.1-27.15 0:8-27.15 0:0.99.22.1-12.1 0:1.9.7-2.17 0:3.0.18-26.1 0:0.2.3-21.4 0:4.11.2-15.1 0:3.1.0-12.1 0:8.4.0-14.1 0:0.11_git201205151338-8.17 0:2.1-1.6 0:1.4.8-8.2 0:0.9-20.3 0:1.7.2.4-3.1 0:4.3-6.2 0:3.5.21-23.4 0:1.4-23.1 0:5.1.3-22.1 0:5.00-3.1 0:1.8.10p3-6.16 0:3.0-85.1 0:0.84.0-13.1 0:2.0-778.1 0:3.0-7.15 0:2.88+-96.1 0:5.1.1-1.17 0:1.27.1-8.1 0:4.5.1-10.1 0:5.2-10.3 0:8.0.36-11.4 0:2.3.4-6.5 0:6.00-32.1 0:1.18.4-14.216 0:3.20.2-5.8 0:1.4.0-26.1 0:3.0.2-31.1 0:0.5.3-157.1 0:1.14-10.3 0:1.12.13-31.1 0:2.2-14.2 0:2.7.0-264.38 0:20140630-5.1 0:4.7.0_12-23.4 0:2.99.917.641_ge4ef6e9-12.3 0:4.3.0-8.8 0:2.3.15-7.7 0:5.43-5.33 0:7.6_1-14.8 0:1.1.0-3.58 0:7.6-45.7 0:7.6_1.18.3-57.34 0:5.22-7.1 0:3.1.206-37.1.2 0:3.1.23-6.38 0:3.1.57-16.7 0:2.10-1020.62 (noarch) 0:0.9.11-3.1 7 (noarch) 0:1.0-2.1 (aarch64|s390x|x86_64) 0:6.11.1-11.5.1 (aarch64|s390x|x86_64) 0:2.6.1-10.3.1 (noarch) 0:1.11.0.1-2.3.1 (aarch64|s390x|x86_64) 0:2.78-18.3.1 (noarch) 0:13.0.1~a0~dev6-4.3.1 (noarch) 0:13.0.1~a0~dev6-4.3.4 (noarch) 0:3.0.4~a0~dev1-2.3.1 (aarch64|s390x|x86_64) 0:4.2.9-3.3.1 (aarch64|s390x|x86_64) 0:4.2.9-7.3.1 (aarch64|s390x|x86_64) 0:4.2.9-9.3.1 (aarch64|s390x|x86_64) 0:4.2.9-6.3.1 (aarch64|s390x|x86_64) 0:1.0.3-8.3.1 (noarch) 0:2.2.3.0-5.1 (noarch) 0:20170912_10.45-5.1 (x86_64) 0:1.0.5-5.3 (noarch) 0:14.0.10~dev13-4.11.1 (noarch) 0:14.0.10~dev13-4.11.3 (noarch) 0:1.4.2-3.3.1 (noarch) 0:3.19.0-3.1 (noarch) 0:3.1.2~a0~dev20-9.4 (noarch) 0:3.1.2~a0~dev20-9.3 (noarch) 0:7.0.4~a0~dev7-3.1 (noarch) 0:7.0.4~a0~dev7-3.2 (noarch) 0:9.1.5~a0~dev1-3.1 (noarch) 0:10.0.4~a0~dev2-3.1 (noarch) 0:13.0.1~a0~dev6-3.1 (noarch) 0:13.0.1~a0~dev6-3.3 (noarch) 0:7.0.4~a0~dev4-4.1 (noarch) 0:7.0.4~a0~dev4-4.2 (noarch) 0:10.0.2~a0~dev2-6.1 (noarch) 0:10.0.2~a0~dev2-6.2 (noarch) 0:3.1.2~a0~dev22-13.1 (noarch) 0:3.0.1~a0~dev27-3.1 (noarch) 0:14.0.6~a0~dev16-3.1 (noarch) 0:14.0.6~a0~dev16-3.3 (s390x|x86_64) 0:2.22-62.13.2 (noarch) 0:2.22-62.13.2 (s390x|x86_64) 0:2.12.3-27.14.1 (noarch) 0:2.12.3-27.14.1 (noarch) 0:20170530-21.22.1 (s390x|x86_64) 0:2.0.0-27.42.1 (x86_64) 0:2.0.0-27.42.1 (x86_64) 0:20180425-13.20.1 (s390x|x86_64) 0:1.8.0.171-27.19.1 (s390x|x86_64) 0:1.7.0.181-43.15.2 (s390x|x86_64) 0:2.0.24-9.3.1 (noarch) 0:2.0.24-9.3.1 (x86_64) 0:4.7.5_04-43.33.1 (s390x|x86_64) 0:1.8.0_sr5.15-30.33.1 (x86_64) 0:1.8.0_sr5.15-30.33.1 (s390x|x86_64) 0:1.7.1_sr4.25-38.23.1 (x86_64) 0:1.7.1_sr4.25-38.23.1 (s390x|x86_64) 0:4.2.8p11-64.5.1 (s390x|x86_64) 0:52.8.1esr-109.34.1 (s390x|x86_64) 0:4.4.121-92.85.1 (s390x) 0:4.4.121-92.85.1 (noarch) 0:4.4.121-92.85.1 (x86_64) 0:1-3.5.1 (x86_64) 0:25.3.23-8.3 (x86_64) 0:3.0.3-1.3.3 (x86_64) 0:10.2.15-7.1 (noarch) 0:10.2.15-7.1 (x86_64) 0:0.4.10-7.2 (x86_64) 0:2.4.10-5.3 (s390x|x86_64) 0:1.0.2j-60.30.1 (noarch) 0:1.0.2j-60.30.1 (aarch64|s390x|x86_64) 0:6.14.3-11.15.1 (x86_64) 0:20180703-13.25.1 (s390x|x86_64) 0:5.18.2-12.14.1 (noarch) 0:5.18.2-12.14.1 (s390x|x86_64) 0:4.2.1-27.9.1 (x86_64) 0:4.7.6_02-43.36.1 (aarch64|s390x|x86_64) 0:2.12.5-1.3.1 (s390x|x86_64) 0:4.4.2-38.20.1 (noarch) 0:4.4.2-38.20.1 (s390x|x86_64) 0:52.9.0esr-109.38.2 (s390x|x86_64) 0:0.100.1-33.15.2 (x86_64) 0:20180807-13.29.1 (s390x|x86_64) 0:4.2.4-28.29.1 (s390x|x86_64) 0:4.4.121-92.92.1 (s390x) 0:4.4.121-92.92.1 (noarch) 0:4.4.121-92.92.1 (x86_64) 0:1-3.7.1 (x86_64) 0:2.7.1-9.4.1 (x86_64) 0:2.7.1_k4.4.121_92.92-9.4.1 (x86_64) 0:4.7.6_04-43.39.1 (s390x|x86_64) 0:7.2p2-74.25.1 (x86_64) 0:4.5.1-1.8.1 (x86_64) 0:0.10.2.2-5.1 (x86_64) 0:2.4.1-5.1 (noarch) 0:20180608_12.47-9.1 (aarch64|s390x|x86_64) 0:1.7.2-2.8.2 (noarch) 0:10.0.6~dev4-4.15.1 (noarch) 0:7.0.7~dev10-5.12.1 (noarch) 0:3.0.2~dev1-3.6.1 (noarch) 0:10.0.3~dev9-7.12.1 (noarch) 0:14.0.11~dev13-4.25.1 (noarch) 0:1.2.1-3.3.1 (noarch) 0:4.0+git.1528801103.f5708341-7.20.1 (aarch64|s390x|x86_64) 0:4.0+git.1534246408.3ab19c567-9.33.1 (noarch) 0:4.0+git.1533750802.5768e73-4.34.1 (noarch) 0:4.0+git.1534254269.ce598a9fe-9.39.1 (noarch) 0:1.1.0+git.1533844061.4ac8e723-4.3.1 (s390x|x86_64) 0:2.0.0-27.45.1 (x86_64) 0:2.0.0-27.45.1 (s390x|x86_64) 0:2.2.31-19.11.1 (s390x|x86_64) 0:1.7.1_sr4.30-38.26.1 (x86_64) 0:1.7.1_sr4.30-38.26.1 (s390x|x86_64) 0:16.17.20-27.52.1 (s390x|x86_64) 0:1.13.45-18.33.1 (noarch) 0:1.13.45-18.33.1 (s390x|x86_64) 0:2.0.0-18.15.1 (aarch64|s390x|x86_64) 0:6.14.4-11.18.1 (s390x|x86_64) 0:2.4.23-29.24.1 (noarch) 0:2.4.23-29.24.1 (s390x|x86_64) 0:3.2.15-18.6.1 (s390x|x86_64) 0:1.8.0_sr5.20-30.36.1 (x86_64) 0:1.8.0_sr5.20-30.36.1 (aarch64|s390x|x86_64) 0:6.12.2-11.8.1 (s390x|x86_64) 0:2.4.9-48.29.1 (s390x|x86_64) 0:3.0.37-52.23.6 (noarch) 0:3.0.14-17.3.2 (s390x|x86_64) 0:1.0.2j-60.39.1 (noarch) 0:1.0.2j-60.39.1 (s390x|x86_64) 0:2.6.2-41.43.3 (x86_64) 0:2.6.2-41.43.3 (noarch) 0:1.0.0-41.43.3 (s390x) 0:2.6.2-41.43.3 (noarch) 0:1.9.1-41.43.3 (noarch) 0:8-41.43.3 (s390x|x86_64) 0:9.25-23.13.1 (s390x|x86_64) 0:2.0.0-18.17.1 (s390x|x86_64) 0:1.8.0.181-27.26.2 (s390x|x86_64) 0:1.0.58-15.2.1 (s390x|x86_64) 0:7.1.1-3.3.4 (s390x|x86_64) 0:10.5-1.3.1 (noarch) 0:10-17.20.1 (s390x|x86_64) 0:10.5-1.3.2 (noarch) 0:10.5-1.3.2 (s390x|x86_64) 0:4.4.121-92.95.1 (s390x) 0:4.4.121-92.95.1 (noarch) 0:4.4.121-92.95.1 (x86_64) 0:1-3.4.1 (x86_64) 0:2.7.1-9.6.1 (x86_64) 0:2.7.1_k4.4.121_92.95-9.6.1 (s390x|x86_64) 0:2.31-9.26.1 (x86_64) 0:4.7.6_05-43.42.1 (s390x|x86_64) 0:4.2.8p12-64.8.2 (s390x|x86_64) 0:9.6.10-3.22.7 (noarch) 0:9.6.10-3.22.7 (s390x|x86_64) 0:0.100.2-33.18.1 (s390x|x86_64) 0:5.7.3-6.3.1 (s390x|x86_64) 0:3.0.38-52.26.1 (s390x|x86_64) 0:2.4.23-29.27.2 (noarch) 0:2.4.23-29.27.2 (s390x|x86_64) 0:2.4.10-48.32.1 (s390x|x86_64) 0:60.2.2esr-109.46.1 (s390x|x86_64) 0:60-32.3.1 (s390x|x86_64) 0:1.0.14-19.6.3 (s390x|x86_64) 0:3.36.4-58.15.3 (s390x|x86_64) 0:4.19-19.3.1 (s390x|x86_64) 0:60.3.0-109.50.2 (s390x|x86_64) 0:228-150.53.3 (noarch) 0:228-150.53.3 (s390x|x86_64) 0:1.0.2j-60.46.1 (noarch) 0:1.0.2j-60.46.1 (s390x|x86_64) 0:4.11.2-16.21.1 (s390x|x86_64) 0:9.4.19-21.22.7 (noarch) 0:9.4.19-21.22.7 (s390x|x86_64) 0:7.2p2-74.30.1 (noarch) 0:1.14.1-3.3.3 (noarch) 0:3.14.1-3.3.3 (noarch) 0:4.13.6-3.3.3 (noarch) 0:3.16.1-3.3.3 (noarch) 0:5.10.2-3.6.3 (noarch) 0:3.19.1-4.3.4 (noarch) 0:2.13.2-3.3.3 (noarch) 0:1.16.1-3.3.1 (noarch) 0:1.17.1-3.3.1 (noarch) 0:2.14.1-3.3.1 (noarch) 0:2.10.1-3.3.1 (s390x|x86_64) 0:1.7.1_sr4.35-38.29.1 (x86_64) 0:1.7.1_sr4.35-38.29.1 (aarch64|s390x|x86_64) 0:1.3.1-7.13.4 (noarch) 0:16.0.0-4.11.3 (noarch) 0:18.0.1-4.8.1 (s390x|x86_64) 0:1.3.1-7.13.4 (s390x|x86_64) 0:1.8.0_sr5.25-30.39.1 (x86_64) 0:1.8.0_sr5.25-30.39.1 (s390x|x86_64) 0:9.26-23.16.1 (s390x|x86_64) 0:0.2.7-12.4.1 (s390x|x86_64) 0:2.12.3-27.17.2 (noarch) 0:2.12.3-27.17.2 (s390x|x86_64) 0:5.6.1-17.6.2 (s390x|x86_64) 0:60.4.0esr-109.55.1 (s390x|x86_64) 0:3.40.1-58.18.1 (s390x|x86_64) 0:4.20-19.6.1 (s390x|x86_64) 0:2.6.2-41.46.2 (x86_64) 0:2.6.2-41.46.2 (noarch) 0:1.0.0-41.46.2 (s390x) 0:2.6.2-41.46.2 (noarch) 0:1.9.1-41.46.2 (noarch) 0:8-41.46.2 (s390x|x86_64) 0:2.1.17-3.3.3 (noarch) 0:2.2.3.0-9.1 (aarch64|s390x|x86_64) 0:1.4.39-3.3.2 (noarch) 0:2.0.8-3.3.1 (aarch64|s390x|x86_64) 0:17.5.6-3.3.1 (noarch) 0:1.8.19-3.4.1 (x86_64) 0:2.4.23-29.18.2 (noarch) 0:2.4.23-29.18.2 (s390x|x86_64) 0:4.4.121-92.73.1 (s390x) 0:4.4.121-92.73.1 (noarch) 0:4.4.121-92.73.1 (x86_64) 0:1-3.3.1 (aarch64|s390x|x86_64) 0:2.8.1-4.3.2 (aarch64|s390x|x86_64) 0:6.14.1-11.12.1 (noarch) 0:4.0.2-3.3.2 (x86_64) 0:4.7.5_02-43.30.1 (s390x|x86_64) 0:7.37.0-37.23.1 (s390x|x86_64) 0:52.8.0esr-109.31.2 (s390x|x86_64) 0:2.6.2-41.40.1 (x86_64) 0:2.6.2-41.40.1 (noarch) 0:1.0.0-41.40.1 (s390x) 0:2.6.2-41.40.1 (noarch) 0:1.9.1-41.40.1 (noarch) 0:8-41.40.1 (s390x|x86_64) 0:4.4.121-92.80.1 (s390x) 0:4.4.121-92.80.1 (noarch) 0:4.4.121-92.80.1 (x86_64) 0:1-3.5.2 (s390x|x86_64) 0:4.3-83.10.1 (noarch) 0:4.3-83.10.1 (s390x|x86_64) 0:6.3-83.10.1 (noarch) 0:6.3-83.10.1 (s390x|x86_64) 0:52.1-8.7.1 (noarch) 0:14.0.11~dev13-4.22.1 (s390x|x86_64) 0:6.8.8.1-71.108.1 (s390x|x86_64) 0:3.0.3-17.12.1 (s390x|x86_64) 0:1.4.3-20.6.1 (s390x|x86_64) 0:2.6-15.10.1 (s390x|x86_64) 0:0.7.0-160.8.1 (s390x|x86_64) 0:1.12.5-40.31.1 (noarch) 0:1.0.1-19.5.1 (noarch) 0:3.0-95.21.1 (s390x|x86_64) 0:1.0.2j-60.52.1 (noarch) 0:1.0.2j-60.52.1 (s390x|x86_64) 0:2.24.1-2.41.5 (noarch) 0:2.24.1-2.41.5 (s390x|x86_64) 0:4.2.4-28.32.1 (s390x|x86_64) 0:4.4.2-38.25.1 (noarch) 0:4.4.2-38.25.1 (noarch) 0:1.1.1-122.3.1 (s390x|x86_64) 0:1.8.0.212-27.32.1 (x86_64) 0:20190507-13.41.1 (s390x|x86_64) 0:228-150.66.4 (noarch) 0:228-150.66.4 (s390x|x86_64) 0:2.6.2-41.52.1 (x86_64) 0:2.6.2-41.52.1 (noarch) 0:1.0.0-41.52.1 (s390x) 0:2.6.2-41.52.1 (noarch) 0:1.9.1-41.52.1 (noarch) 0:8-41.52.1 (s390x|x86_64) 0:4.4.121-92.109.2 (s390x) 0:4.4.121-92.109.2 (noarch) 0:4.4.121-92.109.2 (x86_64) 0:20190514-13.44.1 (s390x|x86_64) 0:7.2p2-74.35.1 (s390x|x86_64) 0:1.7.1_sr4.45-38.37.1 (x86_64) 0:1.7.1_sr4.45-38.37.1 (s390x|x86_64) 0:228-150.58.1 (noarch) 0:228-150.58.1 (s390x|x86_64) 0:7.37.0-37.40.1 (x86_64) 0:4.7.6_06-43.51.1 (s390x|x86_64) 0:60.7.0-109.72.1 (s390x|x86_64) 0:1.7.0.221-43.22.1 (s390x|x86_64) 0:9.9.9P1-63.12.1 (noarch) 0:9.9.9P1-63.12.1 (s390x|x86_64) 0:2.0.0-27.54.1 (x86_64) 0:2.0.0-27.54.1 (s390x|x86_64) 0:2.7.13-28.26.1 (noarch) 0:2.7.13-28.26.1 (s390x|x86_64) 0:9.26a-23.19.1 (s390x|x86_64) 0:0.2.7-12.6.1 (aarch64|s390x|x86_64) 0:1.6.11-3.3.1 (s390x|x86_64) 0:3.0.7-1.6.1 (aarch64|s390x|x86_64) 0:10.2.22-10.1 (noarch) 0:10.2.22-10.1 (x86_64) 0:10.2.22-10.1 (noarch) 0:1.0+git.1553079189.3bf8922-1.6.2 (noarch) 0:4.0+git.1551088848.823bcaa3-7.29.2 (aarch64|s390x|x86_64) 0:4.0+git.1556285635.ab602dd4d-9.46.3 (noarch) 0:4.0+git.1556181005.47c643d-4.46.3 (noarch) 0:4.0+git.1554887450.ff7c30c1c-9.51.3 (noarch) 0:0.0+git.1506329536.8f5878c-1.6.2 (noarch) 0:7.1.1~dev4-4.15.3 (noarch) 0:5.1.1~dev1-2.6.3 (noarch) 0:0.5.0-3.3.3 (noarch) 0:4.0.2-3.6.3 (aarch64|s390x|x86_64) 0:3.9.0-7.14.2 (s390x|x86_64) 0:7.4.326-17.3.1 (noarch) 0:7.4.326-17.3.1 (s390x|x86_64) 0:2.22.5-2.32.2 (noarch) 0:2.22.5-2.32.2 (aarch64|s390x|x86_64) 0:4.2.9-3.6.1 (s390x|x86_64) 0:7.2p2-74.42.8 (s390x|x86_64) 0:7.2p2-74.42.10 (s390x|x86_64) 0:4.4.121-92.114.1 (s390x) 0:4.4.121-92.114.1 (noarch) 0:4.4.121-92.114.1 (noarch) 0:2.8-22.8.1 (s390x|x86_64) 0:1.8.22-24.19.1 (s390x|x86_64) 0:1.8.3-13.3.2 (noarch) 0:1.8.3-13.3.2 (s390x|x86_64) 0:3.8.10.2-9.9.1 (s390x|x86_64) 0:0.10.36-18.3.2 (s390x|x86_64) 0:1.4.3-20.9.1 (s390x|x86_64) 0:1.8.0_sr5.35-30.50.1 (x86_64) 0:1.8.0_sr5.35-30.50.1 (s390x|x86_64) 0:60.7.2-109.80.1 (aarch64|s390x|x86_64) 0:2.78-18.6.1 (noarch) 0:2.48.2-12.12.2 (s390x|x86_64) 0:2.48.2-12.12.2 (aarch64|s390x|x86_64) 0:2.8.1-4.6.1 (s390x|x86_64) 0:10.9-1.12.1 (s390x|x86_64) 0:10.9-1.12.2 (noarch) 0:10.9-1.12.2 (s390x|x86_64) 0:4.4.121-92.117.1 (s390x) 0:4.4.121-92.117.1 (noarch) 0:4.4.121-92.117.1 (noarch) 0:2.48.2-12.15.1 (s390x|x86_64) 0:2.48.2-12.15.1 (s390x|x86_64) 0:0.9.0~git.1456906198.f422461-16.9.3 (s390x|x86_64) 0:60.8.0-109.83.3 (s390x|x86_64) 0:3.44.1-58.28.1 (s390x|x86_64) 0:0.113-5.15.1 (x86_64) 0:20190618-13.47.1 (s390x|x86_64) 0:1.0.6-30.5.1 (noarch) 0:1.0.6-30.5.1 (s390x|x86_64) 0:2.22-62.22.5 (noarch) 0:2.22-62.22.5 (x86_64) 0:4.7.6_05-43.45.1 (s390x|x86_64) 0:1.0.6-30.8.1 (noarch) 0:1.0.6-30.8.1 (noarch) 0:2.11.1-6.31.1 (s390x|x86_64) 0:0.113-5.18.1 (s390x|x86_64) 0:1.8.0.222-27.35.2 (noarch) 0:1.8.19-3.12.5 (s390x|x86_64) 0:10.0.38-29.27.3 (s390x|x86_64) 0:3.4.6-25.29.1 (aarch64|s390x|x86_64) 0:15.2.1-9.5.2 (s390x|x86_64) 0:3.20.2-6.27.1 (noarch) 0:3.20.2-6.27.1 (s390x|x86_64) 0:3.5.21-26.17.1 (s390x|x86_64) 0:2.7.13-28.31.1 (noarch) 0:2.7.13-28.31.2 (s390x|x86_64) 0:2.0.0-27.61.1 (x86_64) 0:2.0.0-27.61.1 (s390x|x86_64) 0:2.6.2-41.55.1 (x86_64) 0:2.6.2-41.55.1 (noarch) 0:1.0.0-41.55.1 (s390x) 0:2.6.2-41.55.1 (noarch) 0:1.9.1-41.55.1 (noarch) 0:8-41.55.1 (s390x|x86_64) 0:9.4.24-21.25.1 (noarch) 0:9.4.24-21.25.1 (x86_64) 0:9.4.24-21.25.1 (s390x|x86_64) 0:9.6.15-3.29.1 (noarch) 0:9.6.15-3.29.1 (noarch) 0:1.8.19-3.15.1 (aarch64|s390x|x86_64) 0:6.17.0-11.27.1 (aarch64|s390x|x86_64) 0:1.0.3-8.8.1 (aarch64|s390x|x86_64) 0:2.0.2-3.8.1 (s390x|x86_64) 0:5.18.2-12.20.1 (noarch) 0:5.18.2-12.20.1 (s390x|x86_64) 0:0.6.36-2.27.19.8 (s390x|x86_64) 0:16.20.2-27.60.4 (s390x|x86_64) 0:1.13.54-18.40.2 (noarch) 0:1.13.54-18.40.2 (s390x|x86_64) 0:4.4.121-92.120.1 (s390x) 0:4.4.121-92.120.1 (noarch) 0:4.4.121-92.120.1 (x86_64) 0:0.12.7-10.6.1 (aarch64|s390x|x86_64) 0:2.8.1-4.9.1 (s390x|x86_64) 0:1.7.1_sr4.50-38.41.1 (x86_64) 0:1.7.1_sr4.50-38.41.1 (s390x|x86_64) 0:7.37.0-37.43.1 (s390x|x86_64) 0:2.24.4-2.47.1 (noarch) 0:2.24.4-2.47.1 (aarch64|s390x|x86_64) 0:1.0.14-4.3.1 (s390x|x86_64) 0:1.8.0_sr5.40-30.54.1 (x86_64) 0:1.8.0_sr5.40-30.54.1 (noarch) 0:1.8.19-3.18.1 (s390x|x86_64) 0:1.5.13-15.11.2 (noarch) 0:1.5.13-15.11.2 (noarch) 0:1.16-3.6.1 (s390x|x86_64) 0:1.0.2j-60.55.1 (noarch) 0:1.0.2j-60.55.1 (s390x|x86_64) 0:3.4.6-25.21.1 (s390x|x86_64) 0:60.9.0-109.86.1 (aarch64|s390x|x86_64) 0:15.2.1-9.8.1 (s390x|x86_64) 0:2.2.31-19.17.1 (s390x|x86_64) 0:9.27-23.28.1 (s390x|x86_64) 0:7.37.0-37.34.1 (s390x|x86_64) 0:2.62.2-5.7.1 (noarch) 0:2.62.2-5.7.1 (s390x|x86_64) 0:1.6.1-16.68.1 (s390x|x86_64) 0:68.1.0-109.89.1 (s390x|x86_64) 0:68-32.8.1 (s390x|x86_64) 0:2.32-9.33.1 (s390x|x86_64) 0:1.8.10p3-10.23.1 (s390x|x86_64) 0:1.8.1-10.3.1 (s390x|x86_64) 0:4.9.2-14.14.1 (aarch64|s390x|x86_64) 0:4.0+git.1570463621.40b11cd48-9.54.1 (noarch) 0:4.0+git.1569429513.e7016b2b6-9.59.1 (x86_64) 0:4.6.5-1.11.2 (aarch64|s390x|x86_64) 0:1.0.0-12.1 (noarch) 0:10.0.3~dev9-7.18.2 (noarch) 0:9.4.2~dev21-7.32.1 (noarch) 0:9.2.2~dev11-4.18.3 (noarch) 0:14.0.11~dev13-4.34.3 (noarch) 0:14.0.11~dev13-4.34.2 (noarch) 0:12.2.1~a0~dev177-4.6.3 (noarch) 0:4.0.2-3.11.3 (noarch) 0:1.16-3.9.2 (aarch64|s390x|x86_64) 0:10.32.2-5.12.1 (aarch64|s390x|x86_64) 0:1.0.0-3.3.1 (noarch) 0:0.7.0-0.18.12.3 (s390x|x86_64) 0:1.3.0-34.22.1 (x86_64) 0:4.7.6_06-43.54.2 (s390x|x86_64) 0:68.2.0-109.95.2 (s390x|x86_64) 0:4.2.4-28.36.1 (s390x|x86_64) 0:4.4.2-38.28.1 (noarch) 0:4.4.2-38.28.1 (s390x|x86_64) 0:8.3.1-1.12.1 (aarch64|s390x|x86_64) 0:4.0.6-3.3.1 (s390x|x86_64) 0:1.4.3-20.14.1 (s390x|x86_64) 0:2.4.1-11.3.2 (x86_64) 0:20191112-13.53.1 (s390x|x86_64) 0:1.5.3-31.19.1 (s390x|x86_64) 0:62.2.0-31.19.1 (s390x|x86_64) 0:8.1.2-31.19.1 (s390x|x86_64) 0:9.27-23.31.1 (s390x|x86_64) 0:4.4.121-92.125.1 (s390x) 0:4.4.121-92.125.1 (noarch) 0:4.4.121-92.125.1 (x86_64) 0:20191112a-13.56.1 (noarch) 0:0.13.3-5.10.1 (s390x|x86_64) 0:3.8.10.2-9.15.1 (s390x|x86_64) 0:1.7.5-20.26.1 (s390x|x86_64) 0:0.100.3-33.26.1 (s390x|x86_64) 0:2.1.17-3.11.1 (s390x|x86_64) 0:1.7.0.241-43.30.1 (s390x|x86_64) 0:0.9.9-17.11.1 (s390x|x86_64) 0:0.100.3-33.29.1 (s390x|x86_64) 0:2015.09.28.1626-17.20.1 (s390x|x86_64) 0:5.1.3-26.13.1 (noarch) 0:5.1.3-26.13.1 (noarch) 0:1.0+git.1560518045.ad7dc6d-1.9.1 (aarch64|s390x|x86_64) 0:4.0+git.1573109906.0f62e9503-9.57.2 (noarch) 0:4.0+git.1573038068.1e32b3205-9.62.2 (noarch) 0:1.1.0+git.1547500033.d0fb2bf2-4.12.1 (aarch64|s390x|x86_64) 0:25.3.25-11.1 (s390x|x86_64) 0:3.1.2-1.9.1 (aarch64|s390x|x86_64) 0:10.2.25-13.1 (noarch) 0:10.2.25-13.1 (x86_64) 0:10.2.25-13.1 (noarch) 0:2016.2-5.9.2 (noarch) 0:0.0.0+git.1515995585.81ed236-12.1 (noarch) 0:9.4.2~dev21-7.35.3 (noarch) 0:9.4.2~dev21-7.35.1 (noarch) 0:14.0.11~dev13-4.37.3 (noarch) 0:14.0.11~dev13-4.37.2 (aarch64|s390x|x86_64) 0:20170124-4.6.1 (noarch) 0:5.10.2-3.12.1 (noarch) 0:3.16.1-3.6.1 (noarch) 0:4.0.2-3.14.1 (aarch64|s390x|x86_64) 0:1.6.11-11.3.1 (s390x|x86_64) 0:2.12.3-27.22.1 (noarch) 0:2.12.3-27.22.1 (s390x|x86_64) 0:68.3.0-109.98.1 (s390x|x86_64) 0:60.5.0esr-109.58.3 (s390x|x86_64) 0:60-32.5.1 (s390x|x86_64) 0:3.41.1-58.25.1 (s390x|x86_64) 0:2.28-44.18.18 (s390x|x86_64) 0:2.28-44.18.38 (noarch) 0:2.28-44.18.18 (s390x|x86_64) 0:2.28-44.18.25 (aarch64|s390x|x86_64) 0:2.0.2-3.5.1 (aarch64|s390x|x86_64) 0:6.16.0-11.21.1 (s390x|x86_64) 0:228-150.63.1 (noarch) 0:228-150.63.1 (s390x|x86_64) 0:4.4.121-92.101.1 (s390x) 0:4.4.121-92.101.1 (noarch) 0:4.4.121-92.101.1 (s390x|x86_64) 0:3.3.9-11.18.1 (s390x|x86_64) 0:6.2.0dev-22.3.1 (noarch) 0:20170530-21.28.1 (noarch) 0:1.4.9-3.3.1 (noarch) 0:5.10.2-3.9.1 (aarch64|s390x|x86_64) 0:2.5.0-3.3.1 (noarch) 0:2.0.9-3.6.1 (noarch) 0:0.5.0+git.1539592188.13e5d0f-1.9.1 (s390x|x86_64) 0:2.7.13-28.21.1 (noarch) 0:2.7.13-28.21.1 (noarch) 0:1.8.19-3.9.1 (s390x|x86_64) 0:2.6.2-41.49.1 (x86_64) 0:2.6.2-41.49.1 (noarch) 0:1.0.0-41.49.1 (s390x) 0:2.6.2-41.49.1 (noarch) 0:1.9.1-41.49.1 (noarch) 0:8-41.49.1 (s390x|x86_64) 0:1.7.0.201-43.18.1 (s390x|x86_64) 0:2.22.6-2.35.1 (noarch) 0:2.22.6-2.35.1 (s390x|x86_64) 0:2.0.0-27.48.1 (x86_64) 0:2.0.0-27.48.1 (s390x|x86_64) 0:1.8.0.191-27.29.1 (s390x|x86_64) 0:2.22.4-2.29.3 (s390x|x86_64) 0:0.9.9-17.8.1 (s390x|x86_64) 0:1.7.1_sr4.40-38.34.1 (x86_64) 0:1.7.1_sr4.40-38.34.1 (s390x|x86_64) 0:1.8.0_sr5.30-30.46.1 (x86_64) 0:1.8.0_sr5.30-30.46.1 (s390x|x86_64) 0:1.4.3-20.3.1 (noarch) 0:9.1.5~dev6-4.21.3 (noarch) 0:3.0.2~dev1-3.9.3 (noarch) 0:9.4.2~dev21-7.27.3 (noarch) 0:9.2.2~dev11-4.15.3 (s390x|x86_64) 0:9.26a-23.22.1 (x86_64) 0:20190312-13.38.1 (s390x|x86_64) 0:4.2.8p13-85.1 (s390x|x86_64) 0:1.0.2j-60.49.1 (noarch) 0:1.0.2j-60.49.1 (s390x|x86_64) 0:1.13.4-34.23.1 (aarch64|s390x|x86_64) 0:6.17.0-11.24.1 (s390x|x86_64) 0:4.4.121-92.104.1 (s390x) 0:4.4.121-92.104.1 (noarch) 0:4.4.121-92.104.1 (s390x|x86_64) 0:4.3-83.23.1 (noarch) 0:4.3-83.23.1 (s390x|x86_64) 0:6.3-83.23.1 (noarch) 0:6.3-83.23.1 (s390x|x86_64) 0:60.6.1esr-109.63.2 (s390x|x86_64) 0:2.4.23-29.40.1 (noarch) 0:2.4.23-29.40.1 (s390x|x86_64) 0:0.100.3-33.21.1 (s390x|x86_64) 0:2.2.31-19.14.2 (s390x|x86_64) 0:3.8.10.2-9.3.1 (aarch64|s390x|x86_64) 0:4.2.9-7.6.1 (x86_64) 0:4.7.6_06-43.48.1 (s390x|x86_64) 0:1.14-21.10.1 (s390x|x86_64) 0:3.4.6-25.24.1 (s390x|x86_64) 0:7.37.0-37.37.1 (s390x|x86_64) 0:1.7.5-20.29.1 (s390x|x86_64) 0:1.3.16-239.4.1 (s390x|x86_64) 0:2.28.1-2.50.3 (noarch) 0:2.28.1-2.50.3 (s390x|x86_64) 0:2.5.5-6.6.1 (s390x|x86_64) 0:0.9.9-17.19.1 (s390x|x86_64) 0:52.1-8.10.1 (s390x|x86_64) 0:2.4.41-18.68.1 (noarch) 0:2.4.41-18.68.1 (s390x|x86_64) 0:1.2-18.68.1 (s390x|x86_64) 0:2.28.2-2.53.2 (noarch) 0:2.28.2-2.53.2 (s390x|x86_64) 0:9.52-23.34.1 (s390x|x86_64) 0:0.2.7-12.10.1 (s390x|x86_64) 0:68.8.0-109.119.1 (s390x|x86_64) 0:3.5.21-26.23.1 (s390x|x86_64) 0:4.4.121-92.129.1 (s390x) 0:4.4.121-92.129.1 (noarch) 0:4.4.121-92.129.1 (s390x|x86_64) 0:2.4.23-29.54.1 (noarch) 0:2.4.23-29.54.1 (aarch64|s390x|x86_64) 0:5.1.2-26.12.1 (s390x|x86_64) 0:2.26.2-27.36.1 (noarch) 0:2.26.2-27.36.1 (s390x|x86_64) 0:2.1.17-3.20.1 (noarch) 0:8.0.53-29.27.1 (s390x|x86_64) 0:2.7.17-28.42.1 (noarch) 0:2.7.17-28.42.1 (noarch) 0:20200207.5feb6c1-3.19.1 (noarch) 0:0.1-1.3.1 (s390x|x86_64) 0:2.6.2-41.59.1 (x86_64) 0:2.6.2-41.59.1 (noarch) 0:1.0.0-41.59.1 (s390x) 0:2.6.2-41.59.1 (noarch) 0:1.9.1-41.59.1 (noarch) 0:8-41.59.1 (s390x|x86_64) 0:1.0.3-3.3.1 (s390x|x86_64) 0:0.6.22-8.9.1 (s390x|x86_64) 0:7.4.326-17.6.1 (noarch) 0:7.4.326-17.6.1 (s390x|x86_64) 0:68.9.0-109.123.1 (s390x|x86_64) 0:2.1.9-19.3.2 (s390x|x86_64) 0:3.1.53-9.8.1 (s390x|x86_64) 0:1.7.0.261-43.38.8 (s390x|x86_64) 0:1.6.0-18.28.1 (x86_64) 0:20200602-13.68.1 (s390x|x86_64) 0:4.4.121-92.135.1 (s390x) 0:4.4.121-92.135.1 (noarch) 0:4.4.121-92.135.1 (s390x|x86_64) 0:0.5.0-12.3.1 (s390x|x86_64) 0:1.4-103.3.1 (aarch64|s390x|x86_64) 0:6.17.1-11.37.1 (s390x|x86_64) 0:5.18.2-12.23.1 (noarch) 0:5.18.2-12.23.1 (s390x|x86_64) 0:1.7.1_sr4.65-38.53.1 (x86_64) 0:1.7.1_sr4.65-38.53.1 (s390x|x86_64) 0:1.8.0_sr6.10-30.69.1 (x86_64) 0:1.8.0_sr6.10-30.69.1 (s390x|x86_64) 0:1.8.0.252-27.45.6 (s390x|x86_64) 0:7.37.0-37.47.1 (noarch) 0:8.0.53-29.32.1 (noarch) 0:2018.4.16-3.6.1 (noarch) 0:3.0.4-5.6.1 (noarch) 0:2.20.1-5.2 (noarch) 0:1.22-3.20.1 (s390x|x86_64) 0:1.10.1-55.11.1 (i586|s390|s390x|x86_64) 0:3.5.21-26.26.1 (s390x|x86_64) 0:4.2.8p15-88.1 (s390x|x86_64) 0:3.53.1-58.48.1 (s390x|x86_64) 0:4.25-19.15.1 (s390x|x86_64) 0:2.4.41-18.71.2 (noarch) 0:2.4.41-18.71.2 (s390x|x86_64) 0:1.2-18.71.2 (s390x|x86_64) 0:78.0.1-112.3.1 (s390x|x86_64) 0:78-35.3.1 (s390x|x86_64) 0:9.9.9P1-63.17.1 (noarch) 0:9.9.9P1-63.17.1 (s390x|x86_64) 0:0.9.0~git.1456906198.f422461-16.20.1 (s390x|x86_64) 0:3.5.21-26.29.1 (s390x|x86_64) 0:2.1.17-3.23.1 (s390x|x86_64) 0:2.28.3-2.56.1 (noarch) 0:2.28.3-2.56.1 (s390x|x86_64) 0:2.02~beta2-115.49.1 (x86_64) 0:2.02~beta2-115.49.1 (s390x) 0:2.02~beta2-115.49.1 (noarch) 0:2.02~beta2-115.49.1 (s390x|x86_64) 0:9.52-23.39.1 (s390x|x86_64) 0:78.1.0-112.8.1 (s390x|x86_64) 0:1.6.2-12.8.1 (noarch) 0:1.6.2-12.8.1 (s390x|x86_64) 0:1.10-4.5.1 (s390x|x86_64) 0:4.4.121-92.138.1 (s390x) 0:4.4.121-92.138.1 (noarch) 0:4.4.121-92.138.1 (aarch64|s390x|x86_64) 0:4.2.9-9.9.1 (noarch) 0:1.0.18-3.13.1 (s390x|x86_64) 0:0.9.9-17.31.1 (s390x|x86_64) 0:1.6.2-12.12.1 (noarch) 0:1.6.2-12.12.1 (s390x|x86_64) 0:3.1.1-13.3.6 (s390x|x86_64) 0:2.28.4-2.59.1 (noarch) 0:2.28.4-2.59.1 (x86_64) 0:4.7.6_08-43.64.1 (s390x|x86_64) 0:2.2.31-19.22.1 (s390x|x86_64) 0:2.02~beta2-115.56.1 (x86_64) 0:2.02~beta2-115.56.1 (s390x) 0:2.02~beta2-115.56.1 (noarch) 0:2.02~beta2-115.56.1 (s390x|x86_64) 0:4.4.2-38.33.1 (noarch) 0:4.4.2-38.33.1 (s390x|x86_64) 0:7.6_1.18.3-76.26.1 (s390x|x86_64) 0:3.0.3-17.15.2 (s390x|x86_64) 0:1.8.0_sr6.0-30.60.1 (x86_64) 0:1.8.0_sr6.0-30.60.1 (s390x|x86_64) 0:7.6_1.18.3-76.29.1 (s390x|x86_64) 0:2.4.23-29.63.1 (noarch) 0:2.4.23-29.63.1 (s390x|x86_64) 0:1.8.0_sr6.15-30.72.1 (x86_64) 0:1.8.0_sr6.15-30.72.1 (aarch64|s390x|x86_64) 0:6.17.1-11.30.1 (s390x|x86_64) 0:3.5.21-26.32.1 (s390x|x86_64) 0:1.6.2-12.15.1 (noarch) 0:1.6.2-12.15.1 (s390x|x86_64) 0:1.7.1_sr4.70-38.56.1 (x86_64) 0:1.7.1_sr4.70-38.56.1 (s390x|x86_64) 0:78.2.0-112.19.2 (s390x|x86_64) 0:4.4.121-92.141.1 (s390x) 0:4.4.121-92.141.1 (noarch) 0:4.4.121-92.141.1 (s390x|x86_64) 0:1.8.0.242-27.41.1 (noarch) 0:8.0.53-29.37.1 (x86_64) 0:15+git47-22.8.1 (s390x|x86_64) 0:1.628-5.3.1 (aarch64|s390x|x86_64) 0:1.6.13-3.8.1 (aarch64|s390x|x86_64) 0:4.2.9-9.12.1 (noarch) 0:10.0.1-11.9.1 (s390x|x86_64) 0:3.4.10-25.52.1 (s390x|x86_64) 0:4.4.2-38.36.1 (noarch) 0:4.4.2-38.36.1 (s390x|x86_64) 0:78.3.0-112.22.1 (s390x|x86_64) 0:5.6.1-17.16.1 (x86_64) 0:4.7.6_10-43.67.1 (s390x|x86_64) 0:1.628-5.6.1 (s390x|x86_64) 0:1.7.0.271-43.41.1 (s390x|x86_64) 0:1.6.0-27.1 (s390x|x86_64) 0:0.4.13-18.3.1 (noarch) 0:2.2.3.0-17.2 (aarch64|s390x|x86_64) 0:4.0+git.1600767499.0615a418f-9.69.3 (noarch) 0:4.0+git.1599037255.25b759234-9.74.4 (x86_64) 0:6.7.4-1.17.1 (noarch) 0:0.0.9-1.6.5 (noarch) 0:3.0.5~dev2-2.11.2 (noarch) 0:3.0.5~dev2-2.11.1 (noarch) 0:3.0.1~dev9-2.12.4 (noarch) 0:3.0.1~dev9-2.12.2 (noarch) 0:9.1.5~dev6-4.28.1 (noarch) 0:3.0.7~dev1-2.8.2 (noarch) 0:7.0.7~dev10-5.17.3 (noarch) 0:7.0.7~dev10-5.17.2 (noarch) 0:6.2.5~dev3-2.8.2 (noarch) 0:3.3.2~dev7-14.14.4 (noarch) 0:3.3.2~dev7-14.14.2 (noarch) 0:3.0.1~dev30-4.17.2 (noarch) 0:3.0.1~dev30-4.17.1 (noarch) 0:1.10.1~dev4-13.3 (noarch) 0:3.0.1~dev21-7.5.3 (noarch) 0:3.0.1~dev21-7.5.1 (noarch) 0:9.4.2~dev21-7.43.2 (noarch) 0:9.4.2~dev21-7.43.1 (noarch) 0:9.0.1~dev8-5.8.2 (noarch) 0:14.0.11~dev13-4.45.3 (noarch) 0:14.0.11~dev13-4.45.2 (noarch) 0:5.0.2~dev3-14.3 (noarch) 0:5.0.2~dev3-14.1 (aarch64|s390x|x86_64) 0:2.8.1-4.17.2 (aarch64|s390x|x86_64) 0:3.9.3-7.23.1 (aarch64|s390x|x86_64) 0:4.2.9-7.9.1 (s390x|x86_64) 0:2.6.3-7.18.1 (s390x|x86_64) 0:2.22-113.4 (noarch) 0:2.22-113.4 (s390x|x86_64) 0:78.4.0-112.28.1 (s390x|x86_64) 0:4.4.2-38.39.1 (noarch) 0:4.4.2-38.39.1 (aarch64|s390x|x86_64) 0:4.0+git.1578392992.fabfd186c-9.63.1 (noarch) 0:4.0+git.1579171175.d53ab6363-9.68.1 (noarch) 0:9.0.2~dev5-4.6.1 (aarch64|s390x|x86_64) 0:3.9.1-7.17.1 (s390x|x86_64) 0:1.0.31-4.3.1 (x86_64) 0:2015+git1462940744.321151f-19.15.1 (noarch) 0:2015+git1462940744.321151f-19.15.1 (s390x|x86_64) 0:2.0.0-27.64.1 (x86_64) 0:2.0.0-27.64.1 (noarch) 0:3.1-6.3.1 (s390x|x86_64) 0:5.6.1-17.13.1 (s390x|x86_64) 0:1.8.0.272-27.48.1 (s390x|x86_64) 0:10.2.1+git583-1.3.5 (x86_64) 0:10.2.1+git583-1.3.5 (x86_64) 0:20201027-13.76.1 (s390x|x86_64) 0:228-150.82.1 (noarch) 0:228-150.82.1 (s390x|x86_64) 0:1.7.0.281-43.44.2 (s390x|x86_64) 0:2.4.41-18.77.1 (noarch) 0:2.4.41-18.77.1 (s390x|x86_64) 0:1.2-18.77.1 (s390x|x86_64) 0:78.4.1-112.32.1 (x86_64) 0:4.7.6_06-43.59.1 (s390x|x86_64) 0:12.4-3.5.1 (noarch) 0:12.0.1-4.4.1 (s390x|x86_64) 0:10.14-4.4.1 (noarch) 0:10.14-4.4.1 (s390x|x86_64) 0:9.4.26-24.3.1 (noarch) 0:9.4.26-24.3.1 (s390x|x86_64) 0:9.6.19-6.4.1 (noarch) 0:9.6.19-6.4.1 (s390x|x86_64) 0:2.0.15-5.3.1 (noarch) 0:20170530-21.31.1 (s390x|x86_64) 0:16.21.2-27.70.1 (s390x|x86_64) 0:1.13.57-18.46.3 (noarch) 0:1.13.57-18.46.3 (s390x|x86_64) 0:1.12.5-40.40.2 (s390x|x86_64) 0:10.15-4.9.1 (noarch) 0:10.15-4.9.1 (s390x|x86_64) 0:9.6.20-6.8.1 (noarch) 0:9.6.20-6.8.1 (s390x|x86_64) 0:4.4.121-92.146.1 (s390x) 0:4.4.121-92.146.1 (noarch) 0:4.4.121-92.146.1 (x86_64) 0:20201118-13.81.1 (s390x|x86_64) 0:5.13-5.23.1 (s390x|x86_64) 0:78.5.0-112.36.1 (s390x|x86_64) 0:0.9.9-17.34.1 (s390x|x86_64) 0:7.6_1.18.3-76.37.1 (noarch) 0:40.6.2-4.18.1 (s390x|x86_64) 0:3.4.10-25.58.1 (noarch) 0:10.0.1-13.3.1 (s390x|x86_64) 0:3.10.0.1-54.17.2 (noarch) 0:3.10.0.1-54.17.2 (noarch) 0:4.0+git.1604938545.30c10db18-9.77.1 (x86_64) 0:6.7.4-1.20.1 (x86_64) 0:1.2.4-5.1 (noarch) 0:1.16-3.12.1 (aarch64|s390x|x86_64) 0:10.2.36-19.1 (noarch) 0:10.2.36-19.1 (x86_64) 0:10.2.36-19.1 (aarch64|s390x|x86_64) 0:2.1.4-7.31.1 (s390x|x86_64) 0:2.1.4-7.31.1 (s390x|x86_64) 0:12.5-3.9.3 (s390x|x86_64) 0:1.10.1-55.18.1 (x86_64) 0:4.7.6_12-43.70.1 (s390x|x86_64) 0:1.0.2j-60.63.1 (noarch) 0:1.0.2j-60.63.1 (s390x|x86_64) 0:2.7.17-28.59.1 (noarch) 0:2.7.17-28.59.1 (s390x|x86_64) 0:68.5.0-109.106.1 (s390x|x86_64) 0:0.31-9.10.1 (x86_64) 0:0.12.7-10.9.1 (s390x|x86_64) 0:78.6.0-112.39.1 (x86_64) 0:4.7.6_14-43.73.1 (s390x|x86_64) 0:0.103.0-33.32.1 (s390x|x86_64) 0:2.1.26-8.13.1 (s390x|x86_64) 0:9.2.1+r275327-1.3.9 (x86_64) 0:9.2.1+r275327-1.3.9 (s390x|x86_64) 0:1.8.10p3-10.26.1 (aarch64|s390x|x86_64) 0:2.78-18.12.1 (s390x|x86_64) 0:1.7.1_sr4.60-38.47.1 (x86_64) 0:1.7.1_sr4.60-38.47.1 (s390x|x86_64) 0:0.6.21-8.6.1 (s390x|x86_64) 0:1.0.2j-60.60.1 (noarch) 0:1.0.2j-60.60.1 (aarch64|s390x|x86_64) 0:6.17.1-11.33.1 (s390x|x86_64) 0:2.4.7-4.3.1 (x86_64) 0:2015+git1462940744.321151f-19.10.3 (noarch) 0:2015+git1462940744.321151f-19.10.3 (s390x|x86_64) 0:3.4.10-25.39.2 (s390x|x86_64) 0:3.4.10-25.39.3 (s390x|x86_64) 0:10.0.40.2-29.35.1 (s390x|x86_64) 0:1.7.1_sr4.55-38.44.1 (x86_64) 0:1.7.1_sr4.55-38.44.1 (s390x|x86_64) 0:8.4.0-18.13.1 (s390x|x86_64) 0:1.8.0_sr6.5-30.63.1 (x86_64) 0:1.8.0_sr6.5-30.63.1 (noarch) 0:1.2.15-126.3.1 (s390x|x86_64) 0:2015.09.28.1626-17.27.1 (aarch64|s390x|x86_64) 0:5.1.2-26.9.4 (noarch) 0:0.24.0-2.5.1 (noarch) 0:1.1-10.4.1 (noarch) 0:1.0-10.3.1 (noarch) 0:17.1-2.5.1 (noarch) 0:2.2.0-7.6.1 (s390x|x86_64) 0:1.6.8-15.5.2 (s390x|x86_64) 0:9.6.17-3.33.1 (noarch) 0:9.6.17-3.33.1 (s390x|x86_64) 0:1.7.0.251-43.35.1 (s390x|x86_64) 0:3.5.21-26.20.1 (s390x|x86_64) 0:68.4.1-109.101.1 (s390x|x86_64) 0:10.12-1.18.1 (noarch) 0:10.12-1.18.1 (s390x|x86_64) 0:68.6.0-109.110.1 (noarch) 0:8.0.53-29.22.1 (s390x|x86_64) 0:1.11.2-5.11.1 (aarch64|s390x|x86_64) 0:2.1.4-7.28.2 (s390x|x86_64) 0:0.7.5-6.3.2 (s390x|x86_64) 0:2.1.4-7.28.2 (aarch64|s390x|x86_64) 0:4.0+git.1574788924.e4a6aeb0c-9.60.2 (noarch) 0:4.0+git.1574869671.9c7bade2d-9.65.1 (noarch) 0:1.5.5~dev3-8.1 (noarch) 0:1.7.1~dev18-12.1 (noarch) 0:1.4.3~dev3-5.1 (noarch) 0:9.4.2~dev21-7.38.1 (aarch64|s390x|x86_64) 0:2.16.0-4.3.1 (s390x|x86_64) 0:3.4.2-44.8.1 (aarch64|s390x|x86_64) 0:10.2.31-16.1 (noarch) 0:10.2.31-16.1 (x86_64) 0:10.2.31-16.1 (s390x|x86_64) 0:3.4.10-25.45.1 (s390x|x86_64) 0:3.47.1-58.34.1 (s390x|x86_64) 0:4.23-19.12.1 (s390x|x86_64) 0:1.1.28-17.9.1 (s390x|x86_64) 0:68.6.1-109.113.1 (aarch64|s390x|x86_64) 0:4.2.9-9.6.1 (s390x|x86_64) 0:68.7.0-109.116.1 (s390x|x86_64) 0:2.26.0-27.27.1 (noarch) 0:2.26.0-27.27.1 (s390x|x86_64) 0:10.34-1.3.1 (noarch) 0:4.38-1.3.1 (x86_64) 0:0.5-7.5.1 (x86_64) 0:4.7.6_14-43.76.1 (aarch64|s390x|x86_64) 0:4.2.9-7.12.1 (s390x|x86_64) 0:2.78-18.15.1 (aarch64|s390x|x86_64) 0:2.78-18.15.1 (s390x|x86_64) 0:1.3.0-12.3.1 (s390x|x86_64) 0:2.2.31-19.25.1 (noarch) 0:0.19.0-7.7.1 (aarch64|s390x|x86_64) 0:0.4.3-4.7.1 (s390x|x86_64) 0:1.7.1_sr4.75-38.59.1 (x86_64) 0:1.7.1_sr4.75-38.59.1 (aarch64|s390x|x86_64) 0:2.8.1-4.22.1 (noarch) 0:4.0+git.1616146720.44daffca0-9.81.2 (x86_64) 0:6.7.4-1.24.2 (x86_64) 0:4.6.6-9.2 (noarch) 0:20180608_12.47-16.2 (noarch) 0:1.8.19-3.29.1 (noarch) 0:1.8.1-11.16.2 (aarch64|s390x|x86_64) 0:0.1.2-3.4.2 (s390x|x86_64) 0:6.8.8.1-71.154.1 (noarch) 0:1.5.3-3.13.1 (aarch64|s390x|x86_64) 0:1.6.1-5.3.1 (s390x|x86_64) 0:13.1-3.3.1 (noarch) 0:13-4.7.1 (s390x|x86_64) 0:7.2p2-74.57.1 (noarch) 0:1.8.1-11.12.4 (noarch) 0:3.1.4-12.16.1 (s390x|x86_64) 0:1.8.10p3-10.29.1 (s390x|x86_64) 0:78.7.0-112.45.1 (aarch64|s390x|x86_64) 0:2.8.1-4.25.1 (aarch64|s390x|x86_64) 0:5.3.1-28.6.1 (s390x|x86_64) 0:2.5.11-25.26.1 (x86_64) 0:2.5.11-25.26.1 (s390x|x86_64) 0:1.8.0_sr6.20-30.78.1 (x86_64) 0:1.8.0_sr6.20-30.78.1 (s390x|x86_64) 0:3.4.10-25.63.2 (s390x|x86_64) 0:3.4.10-25.63.1 (s390x|x86_64) 0:2.7.17-28.64.1 (noarch) 0:2.7.17-28.64.3 (s390x|x86_64) 0:4.4.121-92.149.1 (s390x) 0:4.4.121-92.149.1 (noarch) 0:4.4.121-92.149.1 (s390x|x86_64) 0:2.5.11-25.29.1 (x86_64) 0:2.5.11-25.29.1 (s390x|x86_64) 0:2.6-15.13.1 (noarch) 0:1.16-3.15.1 (s390x|x86_64) 0:1.900.14-195.25.1 (s390x|x86_64) 0:4.0.4-23.6.1 (s390x|x86_64) 0:9.9.9P1-63.20.1 (noarch) 0:9.9.9P1-63.20.1 (s390x|x86_64) 0:1.7.1_sr4.80-38.62.1 (x86_64) 0:1.7.1_sr4.80-38.62.1 (s390x|x86_64) 0:1.0.3-3.6.1 (s390x|x86_64) 0:1.8.0.282-27.56.2 (noarch) 0:2.8-22.11.1 (s390x|x86_64) 0:1.8.0_sr6.25-30.81.1 (x86_64) 0:1.8.0_sr6.25-30.81.1 (noarch) 0:3.44-5.3.1 (s390x|x86_64) 0:78.8.0-112.51.1 (aarch64|s390x|x86_64) 0:2.1.4-7.34.1 (s390x|x86_64) 0:2.1.4-7.34.1 (s390x|x86_64) 0:2.02-115.59.1 (x86_64) 0:2.02-115.59.1 (s390x) 0:2.02-115.59.1 (noarch) 0:2.02-115.59.1 (s390x|x86_64) 0:2.4.41-18.83.1 (noarch) 0:2.4.41-18.83.1 (s390x|x86_64) 0:1.2-18.83.1 (s390x|x86_64) 0:4.4.121-92.152.2 (s390x) 0:4.4.121-92.152.2 (noarch) 0:4.4.121-92.152.2 (x86_64) 0:1-3.3.2 (s390x|x86_64) 0:2.6-15.16.1 (s390x|x86_64) 0:2.26.2-27.43.1 (noarch) 0:2.26.2-27.43.1 (s390x|x86_64) 0:2.7.18-28.67.1 (noarch) 0:2.7.18-28.67.1 (s390x|x86_64) 0:78.6.1-112.42.1 (noarch) 0:2.48.2-12.22.1 (s390x|x86_64) 0:2.48.2-12.22.1 (x86_64) 0:7-2.2 (s390x|x86_64) 0:1.8.10p3-10.32.1 (s390x|x86_64) 0:4.60.99-5.9.1 (s390x|x86_64) 0:1.39.2-3.5.1 (s390x|x86_64) 0:1.0.2j-60.66.1 (noarch) 0:1.0.2j-60.66.1 (s390x|x86_64) 0:78.9.0-112.54.1 (aarch64|ppc64le|s390x|x86_64) 0:9.9.9P1-49.1 (noarch) 0:9.9.9P1-49.1 (s390x|x86_64) 0:9.9.9P1-49.1 (aarch64|ppc64le|s390x|x86_64) 0:1.900.14-181.1 (s390x|x86_64) 0:1.900.14-181.1 (aarch64|ppc64le|s390x|x86_64) 0:9.15-17.2 (aarch64|ppc64le|s390x|x86_64) 0:1.6.2-8.1 (s390x|x86_64) 0:1.6.2-8.1 (noarch) 0:1.6.2-8.1 (aarch64|ppc64le|s390x|x86_64) 0:5.0.1-7.1 (s390x|x86_64) 0:5.0.1-7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.4-14.1 (s390x|x86_64) 0:1.7.4-14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.8-7.1 (s390x|x86_64) 0:0.9.8-7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.2-7.1 (s390x|x86_64) 0:1.2.2-7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.10-7.1 (s390x|x86_64) 0:1.0.10-7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.8-7.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.5-19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.34-12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-31.2 (aarch64) 0:2.6.2-31.2 (aarch64|x86_64) 0:2.6.2-31.2 (noarch) 0:1.0.0-31.2 (s390x|x86_64) 0:2.6.2-31.2 (ppc64le) 0:2.6.2-31.2 (s390x) 0:2.6.2-31.2 (noarch) 0:1.9.1-31.2 (noarch) 0:8-31.2 (x86_64) 0:2.6.2-31.2 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.111-17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.10p3-8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.27.1-11.1 (noarch) 0:1.27.1-11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.2-25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.13-4.1 (aarch64|ppc64le|s390x|x86_64) 0:10.0.28-17.2 (s390x|x86_64) 0:10.0.28-17.2 (aarch64|ppc64le|s390x|x86_64) 0:7.4.326-7.1 (noarch) 0:7.4.326-7.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-47.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.0.121-36.2 (aarch64|ppc64le|s390x|x86_64) 0:2.28-42.1 (s390x|x86_64) 0:2.28-42.1 (aarch64|ppc64le|s390x|x86_64) 0:2.28-42.4 (noarch) 0:2.28-42.1 (aarch64|ppc64le|s390x|x86_64) 0:2.28-42.3 (aarch64|ppc64le|s390x|x86_64) 0:8.39-5.1 (s390x|x86_64) 0:8.39-5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.2-11.1 (s390x|x86_64) 0:1.6.2-11.1 (noarch) 0:1.6.2-11.1 (aarch64|ppc64le|s390x|x86_64) 0:45.5.0esr-88.1 (aarch64|ppc64le|s390x|x86_64) 0:3.21.3-50.1 (s390x|x86_64) 0:3.21.3-50.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.4-17.1 (s390x|x86_64) 0:1.7.4-17.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr3.60-31.2 (x86_64) 0:1.7.1_sr3.60-31.2 (aarch64|ppc64le|s390x|x86_64) 0:45.5.1esr-93.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.21-84.1 (s390x) 0:4.4.21-84.1 (noarch) 0:4.4.21-84.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.3.git20161120-160.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2d-5.1 (x86_64) 0:4.7.1_02-25.1 (noarch) 0:8.0.36-17.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr3.21-20.1 (x86_64) 0:1.8.0_sr3.21-20.1 (aarch64|ppc64le|s390x|x86_64) 0:0.10.2-3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.21-90.1 (s390x) 0:4.4.21-90.1 (noarch) 0:4.4.21-90.1 (aarch64|ppc64le|s390x|x86_64) 0:8.39-7.1 (s390x|x86_64) 0:8.39-7.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.8p9-55.1 (x86_64) 0:4.7.1_04-28.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-20.1 (aarch64|ppc64le|s390x|x86_64) 0:45.6.0esr-96.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.0-5.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-54.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14-17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.71-13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.2-31.1 (s390x|x86_64) 0:4.4.2-31.1 (noarch) 0:4.4.2-31.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.4-28.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.1-5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.4-3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.3-14.1 (noarch) 0:1.8.3-14.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.7-35.1 (s390x|x86_64) 0:4.0.7-35.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.3-9.1 (noarch) 0:1.8.3-9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.10p3-10.10.2 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-16.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.3-9.6 (noarch) 0:1.8.3-9.6 (s390x|x86_64) 0:1.8.3-9.6 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-47.1 (aarch64|ppc64le|s390x|x86_64) 0:1.15.2-24.1 (s390x|x86_64) 0:1.15.2-24.1 (aarch64|ppc64le|s390x|x86_64) 0:52.2.0esr-108.3 (aarch64|ppc64le|s390x|x86_64) 0:52-31.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-42.1 (s390x|x86_64) 0:2.9.4-42.1 (noarch) 0:2.9.4-42.1 (aarch64|ppc64le|s390x|x86_64) 0:7.6_1.18.3-71.1 (aarch64|ppc64le|s390x|x86_64) 0:0.24.4-14.3.1 (aarch64|ppc64le|s390x|x86_64) 0:9.4.12-20.1 (noarch) 0:9.4.12-20.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.3-17.4.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.59-92.24.2 (s390x) 0:4.4.59-92.24.2 (noarch) 0:4.4.59-92.24.2 (aarch64|ppc64le|s390x|x86_64) 0:2.4.23-28.1 (noarch) 0:2.4.23-28.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.326-16.1 (noarch) 0:7.4.326-16.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.2-32.1 (aarch64|ppc64le|s390x|x86_64) 0:9.9.9P1-62.1 (noarch) 0:9.9.9P1-62.1 (s390x|x86_64) 0:9.9.9P1-62.1 (aarch64|ppc64le|s390x|x86_64) 0:5.0.14-3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-45.1 (s390x|x86_64) 0:2.9.4-45.1 (noarch) 0:2.9.4-45.1 (x86_64) 0:4.7.2_06-42.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-41.16.1 (aarch64) 0:2.6.2-41.16.1 (aarch64|x86_64) 0:2.6.2-41.16.1 (noarch) 0:1.0.0-41.16.1 (s390x|x86_64) 0:2.6.2-41.16.1 (ppc64le) 0:2.6.2-41.16.1 (s390x) 0:2.6.2-41.16.1 (noarch) 0:1.9.1-41.16.1 (noarch) 0:8-41.16.1 (x86_64) 0:2.6.2-41.16.1 (aarch64|ppc64le|s390x|x86_64) 0:228-149.3 (s390x|x86_64) 0:228-149.3 (noarch) 0:228-149.3 (aarch64|ppc64le|s390x|x86_64) 0:1.8.10p3-10.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.4-13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.1-16.42.1 (s390x|x86_64) 0:1.6.1-16.42.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.1-8.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9-44.1 (s390x|x86_64) 0:5.9-44.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.15-18.3.1 (s390x|x86_64) 0:3.2.15-18.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.8-10.1 (s390x|x86_64) 0:1.0.8-10.1 (x86_64) 0:0.12.7-10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.74-92.29.1 (s390x) 0:4.4.74-92.29.1 (noarch) 0:4.4.74-92.29.1 (aarch64|ppc64le|s390x|x86_64) 0:7.6_1.18.3-74.2 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1-10.1 (s390x|x86_64) 0:1.1.1-10.1 (aarch64|ppc64le|s390x) 0:3.20.1-6.14.1 (noarch) 0:3.20.1-6.14.1 (aarch64|ppc64le|s390x|x86_64) 0:044.1-109.8.3 (aarch64|ppc64le|s390x|x86_64) 0:228-150.7.1 (s390x|x86_64) 0:228-150.7.1 (noarch) 0:228-150.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.900.14-195.3.1 (s390x|x86_64) 0:1.900.14-195.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.23-29.3.2 (noarch) 0:2.4.23-29.3.2 (aarch64|ppc64le|s390x|x86_64) 0:1.2.4-14.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.1-16.3.1 (s390x|x86_64) 0:1.0.1-16.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.24.4-14.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.43.0-16.5.1 (s390x|x86_64) 0:0.10.36-14.1 (aarch64|ppc64le|s390x|x86_64) 0:10.0.31-29.3.1 (s390x|x86_64) 0:10.0.31-29.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.8-48.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.74-92.32.1 (s390x) 0:4.4.74-92.32.1 (noarch) 0:4.4.74-92.32.1 (aarch64|ppc64le|s390x|x86_64) 0:16.15.2-27.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.13.30-18.13.3 (noarch) 0:1.13.30-18.13.3 (aarch64|ppc64le|s390x|x86_64) 0:5.9-50.1 (s390x|x86_64) 0:5.9-50.1 (aarch64|ppc64le|s390x|x86_64) 0:2.40.18-5.3.1 (s390x|x86_64) 0:2.40.18-5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.54.1-5.3.1 (s390x|x86_64) 0:2.54.1-5.3.1 (noarch) 0:2.54.1-5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.74-92.35.1 (s390x) 0:4.4.74-92.35.1 (noarch) 0:4.4.74-92.35.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.3-26.5.1 (noarch) 0:5.1.3-26.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-4.3.2 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-46.3.2 (s390x|x86_64) 0:2.9.4-46.3.2 (noarch) 0:2.9.4-46.3.2 (aarch64|ppc64le|s390x|x86_64) 0:7.37.0-37.3.1 (s390x|x86_64) 0:7.37.0-37.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.144-27.5.3 (aarch64|ppc64le|s390x|x86_64) 0:1.12-20.3.2 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.5.3 (aarch64|ppc64le|s390x|x86_64) 0:3.20.4-77.7.5 (noarch) 0:3.20.4-77.7.5 (aarch64|ppc64le|s390x|x86_64) 0:3.0.3-17.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2p2-66.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2p2-66.3 (ppc64le|s390x|x86_64) 0:1.8.0_sr4.10-30.5.1 (x86_64) 0:1.8.0_sr4.10-30.5.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.10-38.5.1 (x86_64) 0:1.7.1_sr4.10-38.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1-17.3.3 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-21.3.1 (s390x|x86_64) 0:2.1.0-21.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.12.3-27.5.1 (noarch) 0:2.12.3-27.5.1 (aarch64|ppc64le|s390x|x86_64) 0:52.1-8.3.1 (s390x|x86_64) 0:52.1-8.3.1 (x86_64) 0:4.7.3_03-43.9.1 (aarch64|ppc64le|s390x|x86_64) 0:9.4.13-21.5.1 (noarch) 0:9.4.13-21.5.1 (aarch64|ppc64le|s390x|x86_64) 0:9.6.4-3.6.1 (s390x|x86_64) 0:9.6.4-3.6.1 (noarch) 0:9.6.4-3.6.1 (noarch) 0:2.34.0-19.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.34.0-19.5.1 (s390x|x86_64) 0:2.34.0-19.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.20.1-6.16.1 (noarch) 0:3.20.1-6.16.1 (aarch64|ppc64le|s390x|x86_64) 0:228-132.1 (s390x|x86_64) 0:228-132.1 (noarch) 0:228-132.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.12-182.3.1 (noarch) 0:1.12.12-182.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.10-6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.22-24.2.1 (s390x|x86_64) 0:1.8.22-24.2.1 (x86_64) 0:4.7.3_04-43.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.74-92.38.1 (s390x) 0:4.4.74-92.38.1 (noarch) 0:4.4.74-92.38.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.5-31.3.1 (ppc64le|s390x|x86_64) 0:4.8.5-31.3.1 (s390x|x86_64) 0:4.8.5-31.3.1 (noarch) 0:4.8.5-31.3.1 (x86_64) 0:4.8.5-31.3.1 (aarch64|ppc64le|s390x|x86_64) 0:24.3-25.3.1 (noarch) 0:24.3-25.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.11.1-13.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.23-29.6.1 (noarch) 0:2.4.23-29.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.9-48.9.2 (aarch64|ppc64le|s390x|x86_64) 0:4.0.8-44.3.1 (s390x|x86_64) 0:4.0.8-44.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.4-6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:52.3.0esr-109.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.4-3.3.10 (aarch64|ppc64le|s390x|x86_64) 0:2.78-18.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.2-38.11.2 (s390x|x86_64) 0:4.4.2-38.11.2 (noarch) 0:4.4.2-38.11.2 (aarch64|ppc64le|s390x|x86_64) 0:1.12.5-40.13.1 (s390x|x86_64) 0:1.12.5-40.13.1 (aarch64|ppc64le|s390x|x86_64) 0:52.4.0esr-109.6.2 (aarch64|ppc64le|s390x|x86_64) 0:3.29.5-58.3.1 (s390x|x86_64) 0:3.29.5-58.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.0-27.20.1 (x86_64) 0:2.0.0-27.20.1 (noarch) 0:2.8.1-268.6.2 (aarch64|ppc64le|s390x|x86_64) 0:2.12.3-27.9.1 (noarch) 0:2.12.3-27.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2-15.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5-6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.37.0-37.8.1 (s390x|x86_64) 0:7.37.0-37.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.121-20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-16.20.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.15-16.1 (s390x|x86_64) 0:3.2.15-16.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.2-14.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.10-48.12.1 (x86_64) 0:4.7.3_06-43.15.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.90-92.45.1 (s390x) 0:4.4.90-92.45.1 (noarch) 0:4.4.90-92.45.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14-21.3.1 (noarch) 0:3.6.312-2.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.18.0-2.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-41.22.2 (aarch64) 0:2.6.2-41.22.2 (aarch64|x86_64) 0:2.6.2-41.22.2 (noarch) 0:1.0.0-41.22.2 (s390x|x86_64) 0:2.6.2-41.22.2 (ppc64le) 0:2.6.2-41.22.2 (s390x) 0:2.6.2-41.22.2 (noarch) 0:1.9.1-41.22.2 (noarch) 0:8-41.22.2 (x86_64) 0:2.6.2-41.22.2 (aarch64|ppc64le|s390x|x86_64) 0:1.13.4-34.7.1 (s390x|x86_64) 0:1.13.4-34.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.5-40.16.1 (s390x|x86_64) 0:1.12.5-40.16.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-27.3.3 (aarch64|ppc64le|s390x|x86_64) 0:0.24.4-14.13.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.4-28.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.151-27.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11-32.1 (noarch) 0:2.11-32.1 (aarch64|x86_64) 0:10.2.4+git.1481215985.12b091b-16.2 (noarch) 0:8.0.43-29.5.1 (aarch64|ppc64le|s390x|x86_64) 0:5.22-10.3.1 (s390x|x86_64) 0:5.22-10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.6_1.18.3-76.15.2 (x86_64) 0:20160518_1.9.4-7.5.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.4-28.24.1 (aarch64|ppc64le|s390x|x86_64) 0:5.18.2-12.3.1 (s390x|x86_64) 0:5.18.2-12.3.1 (noarch) 0:5.18.2-12.3.1 (noarch) 0:20170530-21.13.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.2-38.14.1 (s390x|x86_64) 0:4.4.2-38.14.1 (noarch) 0:4.4.2-38.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-33.1 (s390x|x86_64) 0:2.9.4-33.1 (noarch) 0:2.9.4-33.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.9-8.3 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2j-60.16.1 (s390x|x86_64) 0:1.0.2j-60.16.1 (noarch) 0:1.0.2j-60.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.29.1-9.20.2 (x86_64) 0:4.7.4_02-43.21.1 (aarch64|ppc64le|s390x|x86_64) 0:52.5.0esr-109.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.8-11.1 (s390x|x86_64) 0:1.2.8-11.1 (x86_64) 0:0.12.7-8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.14-4.3.1 (s390x|x86_64) 0:1.1.14-4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.5-6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.90-92.50.1 (s390x) 0:4.4.90-92.50.1 (noarch) 0:4.4.90-92.50.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2p2-74.11.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2p2-74.11.3 (aarch64|ppc64le|s390x|x86_64) 0:2.5.5-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.3-2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:10.0.29-22.1 (s390x|x86_64) 0:10.0.29-22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2j-60.20.2 (s390x|x86_64) 0:1.0.2j-60.20.2 (noarch) 0:1.0.2j-60.20.2 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-20.2 (s390x|x86_64) 0:2.1.0-20.2 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.17.1 (aarch64|ppc64le|s390x|x86_64) 0:9.6.6-3.10.1 (s390x|x86_64) 0:9.6.6-3.10.1 (noarch) 0:9.6.6-3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.103-92.53.1 (s390x) 0:4.4.103-92.53.1 (noarch) 0:4.4.103-92.53.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr5.5-30.13.1 (x86_64) 0:1.8.0_sr5.5-30.13.1 (aarch64|ppc64le|s390x|x86_64) 0:3.20.2-6.19.15 (noarch) 0:3.20.2-6.19.15 (aarch64|ppc64le|s390x|x86_64) 0:2.2.11-48.15.3 (noarch) 0:2.34.0-19.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.34.0-19.8.1 (s390x|x86_64) 0:2.34.0-19.8.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.15-38.8.1 (x86_64) 0:1.7.1_sr4.15-38.8.1 (aarch64|ppc64le|s390x|x86_64) 0:45.7.0esr-99.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1-3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2j-59.1 (s390x|x86_64) 0:1.0.2j-59.1 (noarch) 0:1.0.2j-59.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.7-40.1 (s390x|x86_64) 0:4.0.7-40.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr4.0-23.1 (x86_64) 0:1.8.0_sr4.0-23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.11-5.1 (s390x|x86_64) 0:3.5.11-5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.7-3.4 (aarch64|ppc64le|s390x|x86_64) 0:1.7.0.131-39.1 (aarch64|ppc64le|s390x|x86_64) 0:1.900.14-184.1 (s390x|x86_64) 0:1.900.14-184.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-59.1 (aarch64|ppc64le|s390x|x86_64) 0:2.28-44.3.1 (s390x|x86_64) 0:2.28-44.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.28-44.3.3 (noarch) 0:2.28-44.3.1 (x86_64) 0:4.7.1_06-31.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.49-92.11.1 (s390x) 0:4.4.49-92.11.1 (noarch) 0:4.4.49-92.11.1 (aarch64|ppc64le|s390x|x86_64) 0:9.9.9P1-56.1 (noarch) 0:9.9.9P1-56.1 (s390x|x86_64) 0:9.9.9P1-56.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.4-10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.0-16.4 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-41.9.1 (aarch64) 0:2.6.2-41.9.1 (aarch64|x86_64) 0:2.6.2-41.9.1 (noarch) 0:1.0.0-41.9.1 (s390x|x86_64) 0:2.6.2-41.9.1 (ppc64le) 0:2.6.2-41.9.1 (s390x) 0:2.6.2-41.9.1 (noarch) 0:1.9.1-41.9.1 (noarch) 0:8-41.9.1 (x86_64) 0:2.6.2-41.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.22-24.8.1 (s390x|x86_64) 0:1.8.22-24.8.1 (x86_64) 0:10.1.0-8.1 (aarch64|ppc64le|s390x|x86_64) 0:45.8.0esr-102.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.1-34.1 (x86_64) 0:1.7.1_sr4.1-34.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.24-3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.3-14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.7-20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.23-21.1 (noarch) 0:2.4.23-21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14-20.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-11.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr4.1-26.2 (x86_64) 0:1.8.0_sr4.1-26.2 (aarch64|ppc64le|s390x|x86_64) 0:1.6.8-14.1 (s390x|x86_64) 0:1.6.8-14.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.2-36.2 (s390x|x86_64) 0:4.4.2-36.2 (noarch) 0:4.4.2-36.2 (aarch64|ppc64le|s390x|x86_64) 0:4.2.4-28.8.2 (aarch64|ppc64le|s390x|x86_64) 0:1.2.50-19.1 (s390x|x86_64) 0:1.2.50-19.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.49-92.14.1 (s390x) 0:4.4.49-92.14.1 (noarch) 0:4.4.49-92.14.1 (aarch64|ppc64le|s390x|x86_64) 0:9.9.9P1-53.1 (noarch) 0:9.9.9P1-53.1 (s390x|x86_64) 0:9.9.9P1-53.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.6-10.1 (s390x|x86_64) 0:0.3.6-10.1 (aarch64|ppc64le|s390x|x86_64) 0:044-108.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.22-9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.900.14-194.1 (s390x|x86_64) 0:1.900.14-194.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.3-17.2 (noarch) 0:1.8.3-17.2 (aarch64|ppc64le|s390x|x86_64) 0:1.8.3-9.5 (noarch) 0:1.8.3-9.5 (s390x|x86_64) 0:1.8.3-9.5 (x86_64) 0:4.7.2_02-36.1 (aarch64|ppc64le|s390x|x86_64) 0:9.9.9P1-59.1 (noarch) 0:9.9.9P1-59.1 (s390x|x86_64) 0:9.9.9P1-59.1 (s390x|x86_64) 0:0.10.36-17.13 (aarch64|ppc64le|s390x|x86_64) 0:1.8.3-12.12 (noarch) 0:1.8.3-12.12 (aarch64|ppc64le|s390x|x86_64) 0:1.8.3-12.11 (noarch) 0:1.8.3-12.11 (s390x|x86_64) 0:1.8.3-12.11 (aarch64|ppc64le|s390x|x86_64) 0:1.0.25-28.1 (s390x|x86_64) 0:1.0.25-28.1 (aarch64|ppc64le|s390x|x86_64) 0:7.37.0-36.1 (s390x|x86_64) 0:7.37.0-36.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.7-43.1 (s390x|x86_64) 0:4.0.7-43.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.8p10-60.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.9-15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7-3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.0-18.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.1-9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.0-13.1 (aarch64|ppc64le|s390x|x86_64) 0:4.021-11.1 (aarch64|ppc64le|s390x|x86_64) 0:9.15-20.1 (x86_64) 0:4.7.2_04-39.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.1-9.1 (s390x|x86_64) 0:1.3.1-9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.2-54.1 (noarch) 0:2.8.2-54.1 (s390x|x86_64) 0:2.8.2-54.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.21-25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-39.1 (aarch64) 0:2.6.2-39.1 (aarch64|x86_64) 0:2.6.2-39.1 (noarch) 0:1.0.0-39.1 (s390x|x86_64) 0:2.6.2-39.1 (ppc64le) 0:2.6.2-39.1 (s390x) 0:2.6.2-39.1 (noarch) 0:1.9.1-39.1 (noarch) 0:8-39.1 (x86_64) 0:2.6.2-39.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.59-92.17.3 (s390x) 0:4.4.59-92.17.3 (noarch) 0:4.4.59-92.17.2 (aarch64|ppc64le|s390x|x86_64) 0:4.4.59-92.17.2 (noarch) 0:8.0.43-23.1 (noarch) 0:2.2-3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.29.1-11.1 (aarch64|ppc64le|s390x|x86_64) 0:45.9.0esr-105.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.121-23.4 (aarch64|ppc64le|s390x|x86_64) 0:3.29.5-57.1 (s390x|x86_64) 0:3.29.5-57.1 (aarch64|ppc64le|s390x|x86_64) 0:4.13.1-18.1 (s390x|x86_64) 0:4.13.1-18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.28-16.1 (s390x|x86_64) 0:1.1.28-16.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3-82.1 (noarch) 0:4.3-82.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3-82.1 (s390x|x86_64) 0:6.3-82.1 (noarch) 0:6.3-82.1 (aarch64|ppc64le|s390x|x86_64) 0:10.0.30-25.1 (s390x|x86_64) 0:10.0.30-25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.1-16.1 (s390x|x86_64) 0:1.0.1-16.1 (aarch64|ppc64le|s390x|x86_64) 0:0.2.3-23.1 (aarch64|ppc64le|s390x|x86_64) 0:4.12.0-10.1 (s390x|x86_64) 0:4.12.0-10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.12.3-26.1 (noarch) 0:2.12.3-26.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.25-35.1 (s390x|x86_64) 0:1.0.25-35.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr4.5-29.1 (x86_64) 0:1.8.0_sr4.5-29.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.5-37.1 (x86_64) 0:1.7.1_sr4.5-37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12-19.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.2-38.6.1 (s390x|x86_64) 0:4.4.2-38.6.1 (noarch) 0:4.4.2-38.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.4-28.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.0.141-42.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.8-23.1 (s390x|x86_64) 0:1.1.8-23.1 (noarch) 0:1.1.8-23.1 (aarch64|ppc64le|s390x|x86_64) 0:9.15-22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4-29.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.38-93.1 (s390x) 0:4.4.38-93.1 (noarch) 0:4.4.38-93.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.131-26.3 (aarch64|ppc64le|s390x|x86_64) 0:2.2.6-44.3 (aarch64|ppc64le|s390x|x86_64) 0:1.8.10p3-10.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-36.1 (s390x|x86_64) 0:2.9.4-36.1 (noarch) 0:2.9.4-36.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.3-25.1 (noarch) 0:5.1.3-25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.1-12.1 (s390x|x86_64) 0:2.7.1-12.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-70.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-39.2 (s390x|x86_64) 0:2.9.4-39.2 (noarch) 0:2.9.4-39.2 (aarch64|ppc64le|s390x|x86_64) 0:2.4.41-18.29.1 (s390x|x86_64) 0:2.4.41-18.29.1 (noarch) 0:1.1.1-255.2 (aarch64|ppc64le|s390x|x86_64) 0:0.9.30-5.1 (aarch64|ppc64le|s390x|x86_64) 0:5.6.1-17.3.15 (aarch64|ppc64le|s390x|x86_64) 0:5.6.1-13.3.1 (aarch64|ppc64le|s390x|x86_64) 0:10.66.3-7.1 (s390x|x86_64) 0:10.66.3-7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.1-16.39.1 (s390x|x86_64) 0:1.6.1-16.39.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.23-16.3 (noarch) 0:2.4.23-16.3 (aarch64|ppc64le|s390x|x86_64) 0:2.22-61.3 (s390x|x86_64) 0:2.22-61.3 (noarch) 0:2.22-61.3 (aarch64|ppc64le|s390x|x86_64) 0:4.4.59-92.20.2 (s390x) 0:4.4.59-92.20.2 (noarch) 0:4.4.59-92.20.2 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-16.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-24.3.4 (x86_64) 0:3-2.1 (x86_64) 0:7-2.1 (x86_64) 0:6-2.1 (x86_64) 0:10-2.1 (x86_64) 0:11-2.1 (x86_64) 0:9-2.1 (x86_64) 0:4-2.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.6-3.3.2 (x86_64) 0:12-2.1 (x86_64) 0:2-2.1 (ppc64le|s390x|x86_64) 0:2.22-62.13.2 (ppc64le|s390x|x86_64) 0:2.12.3-27.14.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.103-92.56.1 (s390x) 0:4.4.103-92.56.1 (noarch) 0:4.4.103-92.56.1 (ppc64le|s390x|x86_64) 0:2.0.0-27.42.1 (ppc64le|s390x|x86_64) 0:1.8.0.171-27.19.1 (ppc64le|s390x|x86_64) 0:1.7.0.181-43.15.2 (ppc64le|s390x|x86_64) 0:2.0.24-9.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.0-13.10.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr5.15-30.33.1 (aarch64|ppc64le|s390x|x86_64) 0:3.22-269.3.5 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.25-38.23.1 (ppc64le|s390x|x86_64) 0:4.2.8p11-64.5.1 (ppc64le|s390x|x86_64) 0:10.0.35-29.20.3 (s390x|x86_64) 0:10.0.35-29.20.3 (ppc64le|s390x|x86_64) 0:52.8.1esr-109.34.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.85.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-3.3.1 (ppc64le|s390x|x86_64) 0:1.0.2j-60.30.1 (x86_64) 0:5-2.1 (x86_64) 0:8-2.1 (ppc64le|s390x|x86_64) 0:5.18.2-12.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.12-48.18.1 (ppc64le|s390x|x86_64) 0:4.2.1-27.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.21-8.3.1 (s390x|x86_64) 0:0.6.21-8.3.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.21-6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.37.0-37.14.1 (s390x|x86_64) 0:7.37.0-37.14.1 (noarch) 0:1.3.3-10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.3-10.3.1 (s390x|x86_64) 0:1.3.3-10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.18.5-2.18.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.5e-2.3.2 (ppc64le|s390x|x86_64) 0:4.4.2-38.20.1 (ppc64le|s390x|x86_64) 0:52.9.0esr-109.38.2 (ppc64le|s390x|x86_64) 0:0.100.1-33.15.2 (ppc64le|s390x|x86_64) 0:4.2.4-28.29.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.92.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.3-33.5.1 (ppc64le|s390x|x86_64) 0:7.2p2-74.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-24.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.23-29.13.1 (noarch) 0:2.4.23-29.13.1 (ppc64le|s390x|x86_64) 0:2.0.0-27.45.1 (ppc64le|s390x|x86_64) 0:2.2.31-19.11.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.30-38.26.1 (ppc64le|s390x|x86_64) 0:16.17.20-27.52.1 (ppc64le|s390x|x86_64) 0:1.13.45-18.33.1 (ppc64le|s390x|x86_64) 0:2.0.0-18.15.1 (ppc64le|s390x|x86_64) 0:2.4.23-29.24.1 (ppc64le|s390x|x86_64) 0:3.2.15-18.6.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr5.20-30.36.1 (ppc64le|s390x|x86_64) 0:2.4.9-48.29.1 (ppc64le|s390x|x86_64) 0:3.0.37-52.23.6 (ppc64le|s390x|x86_64) 0:1.0.2j-60.39.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9-58.1 (s390x|x86_64) 0:5.9-58.1 (ppc64le|s390x|x86_64) 0:2.6.2-41.43.3 (ppc64le) 0:2.6.2-41.43.3 (ppc64le|s390x|x86_64) 0:9.25-23.13.1 (aarch64|ppc64le|s390x|x86_64) 0:228-150.29.1 (s390x|x86_64) 0:228-150.29.1 (noarch) 0:228-150.29.1 (ppc64le|s390x|x86_64) 0:2.0.0-18.17.1 (ppc64le|s390x|x86_64) 0:1.8.0.181-27.26.2 (ppc64le|s390x|x86_64) 0:1.0.58-15.2.1 (ppc64le|s390x|x86_64) 0:7.1.1-3.3.4 (ppc64le|s390x|x86_64) 0:10.5-1.3.1 (ppc64le|s390x|x86_64) 0:10.5-1.3.2 (ppc64le|s390x|x86_64) 0:4.4.121-92.95.1 (ppc64le|x86_64) 0:1-3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:9.9.9P1-63.7.1 (noarch) 0:9.9.9P1-63.7.1 (s390x|x86_64) 0:9.9.9P1-63.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.1-25.12.7 (x86_64) 0:2.5.1-25.12.8 (ppc64le|s390x|x86_64) 0:2.31-9.26.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.1-11.3.12 (aarch64|ppc64le|s390x|x86_64) 0:103-8.3.1 (s390x|x86_64) 0:103-8.3.1 (ppc64le|s390x|x86_64) 0:4.2.8p12-64.8.2 (ppc64le|s390x|x86_64) 0:9.6.10-3.22.7 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.33.1 (ppc64le|s390x|x86_64) 0:0.100.2-33.18.1 (ppc64le|s390x|x86_64) 0:5.7.3-6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.25-36.7.2 (s390x|x86_64) 0:1.0.25-36.7.2 (ppc64le|s390x|x86_64) 0:3.0.38-52.26.1 (ppc64le|x86_64) 0:2-2.1 (ppc64le|s390x|x86_64) 0:2.4.23-29.27.2 (ppc64le|s390x|x86_64) 0:2.4.10-48.32.1 (ppc64le|s390x|x86_64) 0:60.2.2esr-109.46.1 (ppc64le|s390x|x86_64) 0:60-32.3.1 (ppc64le|s390x|x86_64) 0:1.0.14-19.6.3 (ppc64le|s390x|x86_64) 0:3.36.4-58.15.3 (ppc64le|s390x|x86_64) 0:4.19-19.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.3-31.7.4 (aarch64|ppc64le|s390x|x86_64) 0:62.2.0-31.7.4 (s390x|x86_64) 0:62.2.0-31.7.4 (aarch64|ppc64le|s390x|x86_64) 0:8.1.2-31.7.4 (s390x|x86_64) 0:8.1.2-31.7.4 (aarch64|ppc64le|s390x|x86_64) 0:0.16.0-8.5.15 (aarch64|ppc64le|s390x|x86_64) 0:52.6.0esr-109.13.1 (ppc64le|s390x|x86_64) 0:60.3.0-109.50.2 (ppc64le|s390x|x86_64) 0:228-150.53.3 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-41.31.1 (aarch64) 0:2.6.2-41.31.1 (aarch64|x86_64) 0:2.6.2-41.31.1 (noarch) 0:1.0.0-41.31.1 (s390x|x86_64) 0:2.6.2-41.31.1 (ppc64le) 0:2.6.2-41.31.1 (s390x) 0:2.6.2-41.31.1 (noarch) 0:1.9.1-41.31.1 (noarch) 0:8-41.31.1 (x86_64) 0:2.6.2-41.31.1 (aarch64|ppc64le|s390x|x86_64) 0:10.0.33-29.13.1 (s390x|x86_64) 0:10.0.33-29.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.0-27.29.1 (x86_64) 0:2.0.0-27.29.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-46.12.1 (s390x|x86_64) 0:2.9.4-46.12.1 (noarch) 0:2.9.4-46.12.1 (ppc64le|s390x|x86_64) 0:1.0.2j-60.46.1 (ppc64le|s390x|x86_64) 0:4.11.2-16.21.1 (aarch64|ppc64le|s390x|x86_64) 0:9.15-23.7.1 (ppc64le|s390x|x86_64) 0:9.4.19-21.22.7 (ppc64le|s390x|x86_64) 0:7.2p2-74.30.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.35-38.29.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.114-92.64.1 (s390x) 0:4.4.114-92.64.1 (noarch) 0:4.4.114-92.64.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.3-7.15.1 (s390x|x86_64) 0:2.6.3-7.15.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.0-19.3.1 (ppc64le|s390x|x86_64) 0:1.3.1-7.13.4 (ppc64le|s390x|x86_64) 0:1.8.0_sr5.25-30.39.1 (ppc64le|s390x|x86_64) 0:9.26-23.16.1 (ppc64le|s390x|x86_64) 0:0.2.7-12.4.1 (ppc64le|s390x|x86_64) 0:2.12.3-27.17.2 (ppc64le|s390x|x86_64) 0:5.6.1-17.6.2 (ppc64le|s390x|x86_64) 0:60.4.0esr-109.55.1 (ppc64le|s390x|x86_64) 0:3.40.1-58.18.1 (ppc64le|s390x|x86_64) 0:4.20-19.6.1 (ppc64le|s390x|x86_64) 0:2.6.2-41.46.2 (ppc64le) 0:2.6.2-41.46.2 (ppc64le|s390x|x86_64) 0:2.1.17-3.3.3 (aarch64|ppc64le|s390x|x86_64) 0:2.22-62.6.2 (s390x|x86_64) 0:2.22-62.6.2 (noarch) 0:2.22-62.6.2 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1-17.7.1 (aarch64|ppc64le|s390x|x86_64) 0:9.20.1-7.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.31-19.5.1 (x86_64) 0:4.7.4_06-43.24.1 (aarch64|ppc64le|s390x|x86_64) 0:9.6.7-3.13.1 (s390x|x86_64) 0:9.6.7-3.13.1 (noarch) 0:9.6.7-3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.30-29.6 (s390x|x86_64) 0:4.8.30-29.6 (aarch64|ppc64le|s390x|x86_64) 0:4.3.3-10.11.1 (aarch64|ppc64le|s390x|x86_64) 0:228-150.32.1 (s390x|x86_64) 0:228-150.32.1 (noarch) 0:228-150.32.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.42.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0-6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.5-20.3.1 (s390x|x86_64) 0:1.7.5-20.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.60.99-5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.21-26.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.0-12.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.22-62.10.1 (s390x|x86_64) 0:2.22-62.10.1 (noarch) 0:2.22-62.10.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.1-27.6.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr5.10-30.16.1 (x86_64) 0:1.8.0_sr5.10-30.16.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.0.171-43.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.161-27.13.1 (aarch64|ppc64le|s390x|x86_64) 0:9.4.16-21.16.1 (noarch) 0:9.4.16-21.16.1 (noarch) 0:20170530-21.19.1 (aarch64|ppc64le|s390x|x86_64) 0:0.90-6.3.1 (s390x|x86_64) 0:0.90-6.3.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.20-38.12.1 (x86_64) 0:1.7.1_sr4.20-38.12.1 (aarch64|ppc64le|s390x|x86_64) 0:10.0.34-29.16.1 (s390x|x86_64) 0:10.0.34-29.16.1 (x86_64) 0:20180312-13.17.1 (s390x) 0:4.4.103-92.59.1 (noarch) 0:4.4.103-92.59.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.6-3.6.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.20-38.16.1 (x86_64) 0:1.7.1_sr4.20-38.16.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.5-15.3.45 (aarch64|ppc64le|s390x|x86_64) 0:7.1.5_k4.4.114_92.67-15.3.45 (aarch64|ppc64le|s390x|x86_64) 0:9.6.8-3.16.1 (s390x|x86_64) 0:9.6.8-3.16.1 (noarch) 0:9.6.8-3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:7.37.0-37.17.1 (s390x|x86_64) 0:7.37.0-37.17.1 (noarch) 0:1.3.3-10.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.3-10.6.1 (s390x|x86_64) 0:1.3.3-10.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.120-92.70.1 (s390x) 0:4.4.120-92.70.1 (noarch) 0:4.4.120-92.70.1 (aarch64|ppc64le|s390x|x86_64) 0:0.99.4-33.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.3.3-10.14.1 (noarch) 0:8.0.50-29.8.2 (aarch64|ppc64le|s390x|x86_64) 0:2.2.13-48.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.22-62.3.4 (s390x|x86_64) 0:2.22-62.3.4 (noarch) 0:2.22-62.3.4 (aarch64|ppc64le|s390x|x86_64) 0:1.2.7-3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.9-17.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.2-41.37.1 (aarch64) 0:2.6.2-41.37.1 (aarch64|x86_64) 0:2.6.2-41.37.1 (noarch) 0:1.0.0-41.37.1 (s390x|x86_64) 0:2.6.2-41.37.1 (ppc64le) 0:2.6.2-41.37.1 (s390x) 0:2.6.2-41.37.1 (noarch) 0:1.9.1-41.37.1 (noarch) 0:8-41.37.1 (x86_64) 0:2.6.2-41.37.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.2-38.17.1 (s390x|x86_64) 0:4.4.2-38.17.1 (noarch) 0:4.4.2-38.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.39-4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.5-40.23.2 (s390x|x86_64) 0:1.12.5-40.23.2 (aarch64|ppc64le|s390x|x86_64) 0:52.7.3esr-109.25.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.47.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.1-10.3.1 (s390x|x86_64) 0:1.3.1-10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.0-27.34.1 (x86_64) 0:2.0.0-27.34.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.9-44.7.1 (s390x|x86_64) 0:4.0.9-44.7.1 (aarch64|ppc64le|s390x|x86_64) 0:9.4.17-21.19.1 (noarch) 0:9.4.17-21.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.0.161-43.7.6 (x86_64) 0:4.7.5_02-43.27.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5-10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2j-60.24.1 (s390x|x86_64) 0:1.0.2j-60.24.1 (noarch) 0:1.0.2j-60.24.1 (aarch64|ppc64le|s390x|x86_64) 0:9.4.15-21.13.1 (noarch) 0:9.4.15-21.13.1 (aarch64|ppc64le|s390x|x86_64) 0:10.0.32-29.10.1 (s390x|x86_64) 0:10.0.32-29.10.1 (x86_64) 0:9-2.2 (x86_64) 0:10-2.2 (x86_64) 0:2-2.2 (x86_64) 0:8-2.2 (x86_64) 0:4-2.2 (x86_64) 0:5-2.2 (aarch64|ppc64le|s390x|x86_64) 0:2.0.0-18.2.1 (s390x|x86_64) 0:2.0.0-18.2.1 (noarch) 0:20170530-21.16.1 (ppc64le|s390x|x86_64) 0:2.4.23-29.18.2 (ppc64le|s390x|x86_64) 0:4.4.121-92.73.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.0-13.7.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9-55.1 (s390x|x86_64) 0:5.9-55.1 (aarch64|ppc64le|s390x|x86_64) 0:7.37.0-37.11.3 (s390x|x86_64) 0:7.37.0-37.11.3 (aarch64|ppc64le|s390x|x86_64) 0:2.0019-6.3.5 (ppc64le|s390x|x86_64) 0:7.37.0-37.23.1 (ppc64le|s390x|x86_64) 0:52.8.0esr-109.31.2 (ppc64le|s390x|x86_64) 0:2.6.2-41.40.1 (ppc64le) 0:2.6.2-41.40.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.80.1 (aarch64|ppc64le|s390x|x86_64) 0:6.8.8.1-71.26.1 (ppc64le|s390x|x86_64) 0:4.3-83.10.1 (ppc64le|s390x|x86_64) 0:6.3-83.10.1 (ppc64le|s390x|x86_64) 0:52.1-8.7.1 (ppc64le|s390x|x86_64) 0:6.8.8.1-71.108.1 (ppc64le|s390x|x86_64) 0:3.0.3-17.12.1 (ppc64le|s390x|x86_64) 0:1.4.3-20.6.1 (ppc64le|s390x|x86_64) 0:2.6-15.10.1 (ppc64le|s390x|x86_64) 0:0.7.0-160.8.1 (ppc64le|s390x|x86_64) 0:1.12.5-40.31.1 (ppc64le|s390x|x86_64) 0:1.0.2j-60.52.1 (ppc64le|s390x|x86_64) 0:2.24.1-2.41.5 (ppc64le|s390x|x86_64) 0:4.2.4-28.32.1 (ppc64le|s390x|x86_64) 0:4.4.2-38.25.1 (ppc64le|s390x|x86_64) 0:1.8.0.212-27.32.1 (ppc64le|s390x|x86_64) 0:228-150.66.4 (ppc64le|s390x|x86_64) 0:2.6.2-41.52.1 (ppc64le) 0:2.6.2-41.52.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.109.2 (ppc64le|x86_64) 0:1-3.5.2 (ppc64le|s390x|x86_64) 0:7.2p2-74.35.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.45-38.37.1 (ppc64le|s390x|x86_64) 0:228-150.58.1 (ppc64le|s390x|x86_64) 0:7.37.0-37.40.1 (ppc64le|s390x|x86_64) 0:60.7.0-109.72.1 (ppc64le|s390x|x86_64) 0:1.7.0.221-43.22.1 (ppc64le|s390x|x86_64) 0:9.9.9P1-63.12.1 (ppc64le|s390x|x86_64) 0:2.0.0-27.54.1 (ppc64le|s390x|x86_64) 0:2.7.13-28.26.1 (ppc64le|s390x|x86_64) 0:9.26a-23.19.1 (ppc64le|s390x|x86_64) 0:0.2.7-12.6.1 (ppc64le|s390x|x86_64) 0:7.4.326-17.3.1 (ppc64le|s390x|x86_64) 0:2.22.5-2.32.2 (ppc64le|s390x|x86_64) 0:7.2p2-74.42.8 (ppc64le|s390x|x86_64) 0:7.2p2-74.42.10 (ppc64le|s390x|x86_64) 0:4.4.121-92.114.1 (ppc64le|x86_64) 0:1-3.5.1 (ppc64le|s390x|x86_64) 0:1.8.22-24.19.1 (ppc64le|s390x|x86_64) 0:1.8.3-13.3.2 (ppc64le|s390x|x86_64) 0:3.8.10.2-9.9.1 (ppc64le|s390x|x86_64) 0:1.4.3-20.9.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr5.35-30.50.1 (ppc64le|x86_64) 0:6-2.1 (ppc64le|x86_64) 0:5-2.1 (ppc64le|x86_64) 0:3-2.1 (ppc64le|s390x|x86_64) 0:60.7.2-109.80.1 (ppc64le|s390x|x86_64) 0:2.48.2-12.12.2 (ppc64le|s390x|x86_64) 0:10.9-1.12.1 (ppc64le|s390x|x86_64) 0:10.9-1.12.2 (ppc64le|s390x|x86_64) 0:4.4.121-92.117.1 (ppc64le|x86_64) 0:1-3.3.1 (ppc64le|s390x|x86_64) 0:2.48.2-12.15.1 (ppc64le|s390x|x86_64) 0:0.9.0~git.1456906198.f422461-16.9.3 (ppc64le|s390x|x86_64) 0:60.8.0-109.83.3 (ppc64le|s390x|x86_64) 0:3.44.1-58.28.1 (ppc64le|s390x|x86_64) 0:0.113-5.15.1 (ppc64le|x86_64) 0:7-2.1 (ppc64le|x86_64) 0:4-2.1 (ppc64le|s390x|x86_64) 0:1.0.6-30.5.1 (ppc64le|s390x|x86_64) 0:2.22-62.22.5 (ppc64le|s390x|x86_64) 0:1.0.6-30.8.1 (ppc64le|s390x|x86_64) 0:0.113-5.18.1 (ppc64le|s390x|x86_64) 0:1.8.0.222-27.35.2 (ppc64le|s390x|x86_64) 0:10.0.38-29.27.3 (ppc64le|s390x|x86_64) 0:3.4.6-25.29.1 (ppc64le|s390x|x86_64) 0:3.20.2-6.27.1 (ppc64le|s390x|x86_64) 0:3.5.21-26.17.1 (ppc64le|s390x|x86_64) 0:2.7.13-28.31.1 (ppc64le|s390x|x86_64) 0:2.0.0-27.61.1 (ppc64le|s390x|x86_64) 0:2.6.2-41.55.1 (ppc64le) 0:2.6.2-41.55.1 (ppc64le|s390x|x86_64) 0:9.4.24-21.25.1 (ppc64le|s390x|x86_64) 0:9.6.15-3.29.1 (ppc64le|s390x|x86_64) 0:5.18.2-12.20.1 (ppc64le|s390x|x86_64) 0:0.6.36-2.27.19.8 (ppc64le|s390x|x86_64) 0:16.20.2-27.60.4 (ppc64le|s390x|x86_64) 0:1.13.54-18.40.2 (ppc64le|s390x|x86_64) 0:4.4.121-92.120.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.50-38.41.1 (ppc64le|s390x|x86_64) 0:7.37.0-37.43.1 (ppc64le|s390x|x86_64) 0:2.24.4-2.47.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr5.40-30.54.1 (ppc64le|s390x|x86_64) 0:1.5.13-15.11.2 (ppc64le|s390x|x86_64) 0:1.0.2j-60.55.1 (ppc64le|s390x|x86_64) 0:3.4.6-25.21.1 (ppc64le|s390x|x86_64) 0:60.9.0-109.86.1 (ppc64le|s390x|x86_64) 0:2.2.31-19.17.1 (ppc64le|s390x|x86_64) 0:9.27-23.28.1 (ppc64le|s390x|x86_64) 0:7.37.0-37.34.1 (ppc64le|s390x|x86_64) 0:2.62.2-5.7.1 (ppc64le|s390x|x86_64) 0:1.6.1-16.68.1 (ppc64le|x86_64) 0:8-2.1 (ppc64le|s390x|x86_64) 0:68.1.0-109.89.1 (ppc64le|s390x|x86_64) 0:68-32.8.1 (ppc64le|s390x|x86_64) 0:2.32-9.33.1 (ppc64le|s390x|x86_64) 0:1.8.10p3-10.23.1 (ppc64le|s390x|x86_64) 0:1.8.1-10.3.1 (ppc64le|s390x|x86_64) 0:4.9.2-14.14.1 (ppc64le|s390x|x86_64) 0:1.3.0-34.22.1 (ppc64le|s390x|x86_64) 0:68.2.0-109.95.2 (ppc64le|s390x|x86_64) 0:4.2.4-28.36.1 (ppc64le|s390x|x86_64) 0:4.4.2-38.28.1 (ppc64le|s390x|x86_64) 0:8.3.1-1.12.1 (ppc64le|s390x|x86_64) 0:1.4.3-20.14.1 (ppc64le|s390x|x86_64) 0:2.4.1-11.3.2 (ppc64le|s390x|x86_64) 0:1.5.3-31.19.1 (ppc64le|s390x|x86_64) 0:62.2.0-31.19.1 (ppc64le|s390x|x86_64) 0:8.1.2-31.19.1 (ppc64le|s390x|x86_64) 0:9.27-23.31.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.125.1 (ppc64le|s390x|x86_64) 0:3.8.10.2-9.15.1 (ppc64le|s390x|x86_64) 0:1.7.5-20.26.1 (ppc64le|s390x|x86_64) 0:0.100.3-33.26.1 (ppc64le|s390x|x86_64) 0:2.1.17-3.11.1 (ppc64le|s390x|x86_64) 0:1.7.0.241-43.30.1 (ppc64le|s390x|x86_64) 0:0.9.9-17.11.1 (ppc64le|s390x|x86_64) 0:0.100.3-33.29.1 (ppc64le|s390x|x86_64) 0:2015.09.28.1626-17.20.1 (ppc64le|x86_64) 0:7-2.5 (ppc64le|s390x|x86_64) 0:5.1.3-26.13.1 (ppc64le|s390x|x86_64) 0:2.12.3-27.22.1 (ppc64le|s390x|x86_64) 0:68.3.0-109.98.1 (ppc64le|s390x|x86_64) 0:60.5.0esr-109.58.3 (ppc64le|s390x|x86_64) 0:60-32.5.1 (ppc64le|s390x|x86_64) 0:3.41.1-58.25.1 (ppc64le|s390x|x86_64) 0:2.28-44.18.18 (ppc64le|s390x|x86_64) 0:2.28-44.18.38 (ppc64le|s390x|x86_64) 0:2.28-44.18.25 (ppc64le|s390x|x86_64) 0:228-150.63.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.101.1 (ppc64le|s390x|x86_64) 0:3.3.9-11.18.1 (ppc64le|s390x|x86_64) 0:6.2.0dev-22.3.1 (ppc64le|s390x|x86_64) 0:2.7.13-28.21.1 (ppc64le|s390x|x86_64) 0:2.6.2-41.49.1 (ppc64le) 0:2.6.2-41.49.1 (ppc64le|s390x|x86_64) 0:1.7.0.201-43.18.1 (ppc64le|s390x|x86_64) 0:2.22.6-2.35.1 (ppc64le|s390x|x86_64) 0:2.0.0-27.48.1 (ppc64le|s390x|x86_64) 0:1.8.0.191-27.29.1 (ppc64le|s390x|x86_64) 0:2.22.4-2.29.3 (ppc64le|s390x|x86_64) 0:0.9.9-17.8.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.40-38.34.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr5.30-30.46.1 (ppc64le|s390x|x86_64) 0:1.4.3-20.3.1 (ppc64le|s390x|x86_64) 0:9.26a-23.22.1 (ppc64le|s390x|x86_64) 0:4.2.8p13-85.1 (ppc64le|s390x|x86_64) 0:1.0.2j-60.49.1 (ppc64le|s390x|x86_64) 0:1.13.4-34.23.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.104.1 (ppc64le|s390x|x86_64) 0:4.3-83.23.1 (ppc64le|s390x|x86_64) 0:6.3-83.23.1 (ppc64le|s390x|x86_64) 0:60.6.1esr-109.63.2 (ppc64le|s390x|x86_64) 0:2.4.23-29.40.1 (ppc64le|s390x|x86_64) 0:0.100.3-33.21.1 (ppc64le|s390x|x86_64) 0:2.2.31-19.14.2 (ppc64le|s390x|x86_64) 0:3.8.10.2-9.3.1 (ppc64le|s390x|x86_64) 0:1.14-21.10.1 (ppc64le|s390x|x86_64) 0:3.4.6-25.24.1 (ppc64le|s390x|x86_64) 0:7.37.0-37.37.1 (ppc64le|s390x|x86_64) 0:1.7.5-20.29.1 (ppc64le|s390x|x86_64) 0:1.3.16-239.4.1 (ppc64le|s390x|x86_64) 0:2.28.1-2.50.3 (ppc64le|s390x|x86_64) 0:2.5.5-6.6.1 (ppc64le|s390x|x86_64) 0:0.9.9-17.19.1 (ppc64le|s390x|x86_64) 0:52.1-8.10.1 (ppc64le|s390x|x86_64) 0:2.4.41-18.68.1 (ppc64le|s390x|x86_64) 0:1.2-18.68.1 (ppc64le|s390x|x86_64) 0:2.28.2-2.53.2 (ppc64le|s390x|x86_64) 0:9.52-23.34.1 (ppc64le|s390x|x86_64) 0:0.2.7-12.10.1 (ppc64le|s390x|x86_64) 0:68.8.0-109.119.1 (ppc64le|s390x|x86_64) 0:3.5.21-26.23.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.129.1 (ppc64le|s390x|x86_64) 0:2.4.23-29.54.1 (ppc64le|s390x|x86_64) 0:2.26.2-27.36.1 (ppc64le|s390x|x86_64) 0:2.1.17-3.20.1 (ppc64le|x86_64) 0:9-2.1 (ppc64le|x86_64) 0:10-2.1 (ppc64le|s390x|x86_64) 0:2.7.17-28.42.1 (ppc64le|s390x|x86_64) 0:2.6.2-41.59.1 (ppc64le) 0:2.6.2-41.59.1 (ppc64le|s390x|x86_64) 0:1.0.3-3.3.1 (ppc64le|s390x|x86_64) 0:0.6.22-8.9.1 (ppc64le|s390x|x86_64) 0:7.4.326-17.6.1 (ppc64le|s390x|x86_64) 0:68.9.0-109.123.1 (ppc64le|s390x|x86_64) 0:2.1.9-19.3.2 (ppc64le|s390x|x86_64) 0:3.1.53-9.8.1 (ppc64le|s390x|x86_64) 0:1.7.0.261-43.38.8 (ppc64le|s390x|x86_64) 0:1.6.0-18.28.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.135.1 (ppc64le|s390x|x86_64) 0:0.5.0-12.3.1 (ppc64le|s390x|x86_64) 0:1.4-103.3.1 (ppc64le|s390x|x86_64) 0:5.18.2-12.23.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.65-38.53.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr6.10-30.69.1 (ppc64le|s390x|x86_64) 0:1.8.0.252-27.45.6 (ppc64le|s390x|x86_64) 0:7.37.0-37.47.1 (ppc64le|s390x|x86_64) 0:1.10.1-55.11.1 (i586|ppc64le|s390|s390x|x86_64) 0:3.5.21-26.26.1 (ppc64le|s390x|x86_64) 0:4.2.8p15-88.1 (ppc64le|s390x|x86_64) 0:3.53.1-58.48.1 (ppc64le|s390x|x86_64) 0:4.25-19.15.1 (ppc64le|s390x|x86_64) 0:2.4.41-18.71.2 (ppc64le|s390x|x86_64) 0:1.2-18.71.2 (ppc64le|s390x|x86_64) 0:78.0.1-112.3.1 (ppc64le|s390x|x86_64) 0:78-35.3.1 (ppc64le|s390x|x86_64) 0:9.9.9P1-63.17.1 (ppc64le|s390x|x86_64) 0:0.9.0~git.1456906198.f422461-16.20.1 (ppc64le|s390x|x86_64) 0:3.5.21-26.29.1 (ppc64le|s390x|x86_64) 0:2.1.17-3.23.1 (ppc64le|s390x|x86_64) 0:2.28.3-2.56.1 (ppc64le|s390x|x86_64) 0:2.02~beta2-115.49.1 (ppc64le) 0:2.02~beta2-115.49.1 (ppc64le|s390x|x86_64) 0:9.52-23.39.1 (ppc64le|s390x|x86_64) 0:78.1.0-112.8.1 (ppc64le|s390x|x86_64) 0:1.6.2-12.8.1 (ppc64le|s390x|x86_64) 0:1.10-4.5.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.138.1 (ppc64le|s390x|x86_64) 0:0.9.9-17.31.1 (ppc64le|s390x|x86_64) 0:1.6.2-12.12.1 (ppc64le|s390x|x86_64) 0:3.1.1-13.3.6 (ppc64le|s390x|x86_64) 0:2.28.4-2.59.1 (ppc64le|s390x|x86_64) 0:2.2.31-19.22.1 (ppc64le|s390x|x86_64) 0:2.02~beta2-115.56.1 (ppc64le) 0:2.02~beta2-115.56.1 (ppc64le|s390x|x86_64) 0:4.4.2-38.33.1 (ppc64le|s390x|x86_64) 0:7.6_1.18.3-76.26.1 (ppc64le|s390x|x86_64) 0:3.0.3-17.15.2 (ppc64le|s390x|x86_64) 0:1.8.0_sr6.0-30.60.1 (ppc64le|s390x|x86_64) 0:7.6_1.18.3-76.29.1 (ppc64le|s390x|x86_64) 0:2.4.23-29.63.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr6.15-30.72.1 (ppc64le|s390x|x86_64) 0:3.5.21-26.32.1 (ppc64le|s390x|x86_64) 0:1.6.2-12.15.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.70-38.56.1 (ppc64le|x86_64) 0:9-2.2 (ppc64le|x86_64) 0:7-2.2 (ppc64le|x86_64) 0:4-2.2 (ppc64le|x86_64) 0:2-2.2 (ppc64le|s390x|x86_64) 0:78.2.0-112.19.2 (ppc64le|s390x|x86_64) 0:4.4.121-92.141.1 (ppc64le|s390x|x86_64) 0:1.8.0.242-27.41.1 (ppc64le|s390x|x86_64) 0:1.628-5.3.1 (ppc64le|s390x|x86_64) 0:3.4.10-25.52.1 (ppc64le|s390x|x86_64) 0:4.4.2-38.36.1 (ppc64le|s390x|x86_64) 0:78.3.0-112.22.1 (ppc64le|s390x|x86_64) 0:5.6.1-17.16.1 (ppc64le|s390x|x86_64) 0:1.628-5.6.1 (ppc64le|s390x|x86_64) 0:1.7.0.271-43.41.1 (ppc64le|s390x|x86_64) 0:1.6.0-27.1 (ppc64le|s390x|x86_64) 0:0.4.13-18.3.1 (ppc64le|s390x|x86_64) 0:2.6.3-7.18.1 (ppc64le|s390x|x86_64) 0:2.22-113.4 (ppc64le|s390x|x86_64) 0:78.4.0-112.28.1 (ppc64le|s390x|x86_64) 0:4.4.2-38.39.1 (ppc64le|s390x|x86_64) 0:1.0.31-4.3.1 (ppc64le|s390x|x86_64) 0:2.0.0-27.64.1 (ppc64le|s390x|x86_64) 0:5.6.1-17.13.1 (ppc64le|s390x|x86_64) 0:1.8.0.272-27.48.1 (ppc64le|x86_64) 0:5-2.2 (ppc64le|x86_64) 0:8-2.2 (ppc64le|x86_64) 0:3-2.2 (ppc64le|s390x|x86_64) 0:10.2.1+git583-1.3.5 (ppc64le|x86_64) 0:10.2.1+git583-1.3.5 (ppc64le|s390x|x86_64) 0:228-150.82.1 (ppc64le|s390x|x86_64) 0:1.7.0.281-43.44.2 (ppc64le|s390x|x86_64) 0:2.4.41-18.77.1 (ppc64le|s390x|x86_64) 0:1.2-18.77.1 (ppc64le|s390x|x86_64) 0:78.4.1-112.32.1 (ppc64le|s390x|x86_64) 0:12.4-3.5.1 (ppc64le|s390x|x86_64) 0:10.14-4.4.1 (ppc64le|s390x|x86_64) 0:9.4.26-24.3.1 (ppc64le|s390x|x86_64) 0:9.6.19-6.4.1 (ppc64le|s390x|x86_64) 0:2.0.15-5.3.1 (ppc64le|s390x|x86_64) 0:16.21.2-27.70.1 (ppc64le|s390x|x86_64) 0:1.13.57-18.46.3 (ppc64le|s390x|x86_64) 0:1.12.5-40.40.2 (ppc64le|x86_64) 0:6-2.2 (ppc64le|s390x|x86_64) 0:10.15-4.9.1 (ppc64le|s390x|x86_64) 0:9.6.20-6.8.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.146.1 (ppc64le|s390x|x86_64) 0:5.13-5.23.1 (ppc64le|s390x|x86_64) 0:78.5.0-112.36.1 (ppc64le|s390x|x86_64) 0:0.9.9-17.34.1 (ppc64le|s390x|x86_64) 0:7.6_1.18.3-76.37.1 (ppc64le|s390x|x86_64) 0:3.4.10-25.58.1 (ppc64le|s390x|x86_64) 0:3.10.0.1-54.17.2 (ppc64le|s390x|x86_64) 0:2.1.4-7.31.1 (ppc64le|s390x|x86_64) 0:12.5-3.9.3 (ppc64le|s390x|x86_64) 0:1.10.1-55.18.1 (ppc64le|s390x|x86_64) 0:1.0.2j-60.63.1 (ppc64le|s390x|x86_64) 0:2.7.17-28.59.1 (ppc64le|s390x|x86_64) 0:68.5.0-109.106.1 (ppc64le|s390x|x86_64) 0:0.31-9.10.1 (ppc64le|s390x|x86_64) 0:78.6.0-112.39.1 (ppc64le|s390x|x86_64) 0:0.103.0-33.32.1 (ppc64le|s390x|x86_64) 0:2.1.26-8.13.1 (ppc64le|s390x|x86_64) 0:9.2.1+r275327-1.3.9 (ppc64le|x86_64) 0:9.2.1+r275327-1.3.9 (ppc64le|s390x|x86_64) 0:1.8.10p3-10.26.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.60-38.47.1 (ppc64le|s390x|x86_64) 0:0.6.21-8.6.1 (ppc64le|s390x|x86_64) 0:1.0.2j-60.60.1 (ppc64le|s390x|x86_64) 0:2.4.7-4.3.1 (ppc64le|s390x|x86_64) 0:3.4.10-25.39.2 (ppc64le|s390x|x86_64) 0:3.4.10-25.39.3 (ppc64le|s390x|x86_64) 0:10.0.40.2-29.35.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.55-38.44.1 (ppc64le|s390x|x86_64) 0:8.4.0-18.13.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr6.5-30.63.1 (ppc64le|s390x|x86_64) 0:2015.09.28.1626-17.27.1 (ppc64le|s390x|x86_64) 0:1.6.8-15.5.2 (ppc64le|s390x|x86_64) 0:9.6.17-3.33.1 (ppc64le|s390x|x86_64) 0:1.7.0.251-43.35.1 (ppc64le|s390x|x86_64) 0:3.5.21-26.20.1 (ppc64le|s390x|x86_64) 0:68.4.1-109.101.1 (ppc64le|s390x|x86_64) 0:10.12-1.18.1 (ppc64le|s390x|x86_64) 0:68.6.0-109.110.1 (ppc64le|s390x|x86_64) 0:1.11.2-5.11.1 (ppc64le|s390x|x86_64) 0:2.1.4-7.28.2 (ppc64le|s390x|x86_64) 0:0.7.5-6.3.2 (ppc64le|s390x|x86_64) 0:3.4.2-44.8.1 (ppc64le|s390x|x86_64) 0:3.4.10-25.45.1 (ppc64le|s390x|x86_64) 0:3.47.1-58.34.1 (ppc64le|s390x|x86_64) 0:4.23-19.12.1 (ppc64le|s390x|x86_64) 0:1.1.28-17.9.1 (ppc64le|s390x|x86_64) 0:68.6.1-109.113.1 (ppc64le|s390x|x86_64) 0:68.7.0-109.116.1 (ppc64le|s390x|x86_64) 0:2.26.0-27.27.1 (ppc64le|s390x|x86_64) 0:10.34-1.3.1 (ppc64le|s390x|x86_64) 0:2.78-18.15.1 (ppc64le|s390x|x86_64) 0:1.3.0-12.3.1 (ppc64le|s390x|x86_64) 0:2.2.31-19.25.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.75-38.59.1 (ppc64le|s390x|x86_64) 0:6.8.8.1-71.154.1 (ppc64le|s390x|x86_64) 0:13.1-3.3.1 (ppc64le|s390x|x86_64) 0:7.2p2-74.57.1 (ppc64le|s390x|x86_64) 0:1.8.10p3-10.29.1 (ppc64le|s390x|x86_64) 0:78.7.0-112.45.1 (ppc64le|s390x|x86_64) 0:2.5.11-25.26.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr6.20-30.78.1 (ppc64le|s390x|x86_64) 0:3.4.10-25.63.2 (ppc64le|s390x|x86_64) 0:3.4.10-25.63.1 (ppc64le|s390x|x86_64) 0:2.7.17-28.64.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.149.1 (ppc64le|s390x|x86_64) 0:2.5.11-25.29.1 (ppc64le|s390x|x86_64) 0:2.6-15.13.1 (ppc64le|s390x|x86_64) 0:1.900.14-195.25.1 (ppc64le|s390x|x86_64) 0:4.0.4-23.6.1 (ppc64le|s390x|x86_64) 0:9.9.9P1-63.20.1 (ppc64le|s390x|x86_64) 0:1.7.1_sr4.80-38.62.1 (ppc64le|s390x|x86_64) 0:1.0.3-3.6.1 (ppc64le|s390x|x86_64) 0:1.8.0.282-27.56.2 (ppc64le|s390x|x86_64) 0:1.8.0_sr6.25-30.81.1 (ppc64le|s390x|x86_64) 0:78.8.0-112.51.1 (ppc64le|s390x|x86_64) 0:2.1.4-7.34.1 (ppc64le|s390x|x86_64) 0:2.02-115.59.1 (ppc64le) 0:2.02-115.59.1 (ppc64le|s390x|x86_64) 0:2.4.41-18.83.1 (ppc64le|s390x|x86_64) 0:1.2-18.83.1 (ppc64le|s390x|x86_64) 0:4.4.121-92.152.2 (ppc64le|x86_64) 0:1-3.3.2 (ppc64le|s390x|x86_64) 0:2.6-15.16.1 (ppc64le|s390x|x86_64) 0:2.26.2-27.43.1 (ppc64le|s390x|x86_64) 0:2.7.18-28.67.1 (ppc64le|s390x|x86_64) 0:78.6.1-112.42.1 (ppc64le|s390x|x86_64) 0:2.48.2-12.22.1 (ppc64le|s390x|x86_64) 0:1.8.10p3-10.32.1 (ppc64le|s390x|x86_64) 0:4.60.99-5.9.1 (ppc64le|s390x|x86_64) 0:1.39.2-3.5.1 (ppc64le|s390x|x86_64) 0:1.0.2j-60.66.1 (ppc64le|s390x|x86_64) 0:78.9.0-112.54.1 (x86_64) 0:2.22-62.13.2 (x86_64) 0:2.12.3-27.14.1 (x86_64) 0:1.8.0.171-27.19.1 (x86_64) 0:1.7.0.181-43.15.2 (x86_64) 0:2.0.24-9.3.1 (x86_64) 0:4.2.8p11-64.5.1 (x86_64) 0:10.0.35-29.20.3 (x86_64) 0:52.8.1esr-109.34.1 (x86_64) 0:4.4.121-92.85.1 (x86_64) 0:1.0.2j-60.30.1 (x86_64) 0:5.18.2-12.14.1 (x86_64) 0:4.2.1-27.9.1 (x86_64) 0:4.4.2-38.20.1 (x86_64) 0:52.9.0esr-109.38.2 (x86_64) 0:0.100.1-33.15.2 (x86_64) 0:4.2.4-28.29.1 (x86_64) 0:4.4.121-92.92.1 (x86_64) 0:7.2p2-74.25.1 (x86_64) 0:2.2.31-19.11.1 (x86_64) 0:16.17.20-27.52.1 (x86_64) 0:1.13.45-18.33.1 (x86_64) 0:2.0.0-18.15.1 (x86_64) 0:2.4.23-29.24.1 (x86_64) 0:3.2.15-18.6.1 (x86_64) 0:2.4.9-48.29.1 (x86_64) 0:3.0.37-52.23.6 (x86_64) 0:1.0.2j-60.39.1 (x86_64) 0:9.25-23.13.1 (x86_64) 0:2.0.0-18.17.1 (x86_64) 0:1.8.0.181-27.26.2 (x86_64) 0:1.0.58-15.2.1 (x86_64) 0:7.1.1-3.3.4 (x86_64) 0:10.5-1.3.1 (x86_64) 0:10.5-1.3.2 (x86_64) 0:4.4.121-92.95.1 (x86_64) 0:2.31-9.26.1 (x86_64) 0:4.2.8p12-64.8.2 (x86_64) 0:0.100.2-33.18.1 (x86_64) 0:5.7.3-6.3.1 (x86_64) 0:3.0.38-52.26.1 (x86_64) 0:2.4.23-29.27.2 (x86_64) 0:2.4.10-48.32.1 (x86_64) 0:60.3.0-109.50.2 (x86_64) 0:228-150.53.3 (x86_64) 0:1.0.2j-60.46.1 (x86_64) 0:4.11.2-16.21.1 (x86_64) 0:7.2p2-74.30.1 (x86_64) 0:1.3.1-7.13.4 (x86_64) 0:9.26-23.16.1 (x86_64) 0:0.2.7-12.4.1 (x86_64) 0:2.12.3-27.17.2 (x86_64) 0:5.6.1-17.6.2 (x86_64) 0:60.4.0esr-109.55.1 (x86_64) 0:3.40.1-58.18.1 (x86_64) 0:4.20-19.6.1 (x86_64) 0:2.1.17-3.3.3 (x86_64) 0:4.4.121-92.73.1 (x86_64) 0:7.37.0-37.23.1 (x86_64) 0:52.8.0esr-109.31.2 (x86_64) 0:4.4.121-92.80.1 (x86_64) 0:4.3-83.10.1 (x86_64) 0:6.3-83.10.1 (x86_64) 0:52.1-8.7.1 (x86_64) 0:6.8.8.1-71.108.1 (x86_64) 0:3.0.3-17.12.1 (x86_64) 0:1.4.3-20.6.1 (x86_64) 0:2.6-15.10.1 (x86_64) 0:0.7.0-160.8.1 (x86_64) 0:1.12.5-40.31.1 (x86_64) 0:1.0.2j-60.52.1 (x86_64) 0:2.24.1-2.41.5 (x86_64) 0:4.2.4-28.32.1 (x86_64) 0:4.4.2-38.25.1 (x86_64) 0:1.8.0.212-27.32.1 (x86_64) 0:228-150.66.4 (x86_64) 0:4.4.121-92.109.2 (x86_64) 0:7.2p2-74.35.1 (x86_64) 0:228-150.58.1 (x86_64) 0:7.37.0-37.40.1 (x86_64) 0:60.7.0-109.72.1 (x86_64) 0:1.7.0.221-43.22.1 (x86_64) 0:9.9.9P1-63.12.1 (x86_64) 0:2.7.13-28.26.1 (x86_64) 0:9.26a-23.19.1 (x86_64) 0:0.2.7-12.6.1 (x86_64) 0:7.4.326-17.3.1 (x86_64) 0:2.22.5-2.32.2 (x86_64) 0:7.2p2-74.42.8 (x86_64) 0:7.2p2-74.42.10 (x86_64) 0:4.4.121-92.114.1 (x86_64) 0:1.8.22-24.19.1 (x86_64) 0:1.8.3-13.3.2 (x86_64) 0:3.8.10.2-9.9.1 (x86_64) 0:0.10.36-18.3.2 (x86_64) 0:1.4.3-20.9.1 (x86_64) 0:60.7.2-109.80.1 (x86_64) 0:2.48.2-12.12.2 (x86_64) 0:10.9-1.12.1 (x86_64) 0:10.9-1.12.2 (x86_64) 0:4.4.121-92.117.1 (x86_64) 0:2.48.2-12.15.1 (x86_64) 0:60.8.0-109.83.3 (x86_64) 0:3.44.1-58.28.1 (x86_64) 0:0.113-5.15.1 (x86_64) 0:1.0.6-30.5.1 (x86_64) 0:2.22-62.22.5 (x86_64) 0:1.0.6-30.8.1 (x86_64) 0:0.113-5.18.1 (x86_64) 0:1.8.0.222-27.35.2 (x86_64) 0:10.0.38-29.27.3 (x86_64) 0:3.4.6-25.29.1 (x86_64) 0:3.20.2-6.27.1 (x86_64) 0:3.5.21-26.17.1 (x86_64) 0:2.7.13-28.31.1 (x86_64) 0:9.6.15-3.29.1 (x86_64) 0:5.18.2-12.20.1 (x86_64) 0:0.6.36-2.27.19.8 (x86_64) 0:16.20.2-27.60.4 (x86_64) 0:1.13.54-18.40.2 (x86_64) 0:4.4.121-92.120.1 (x86_64) 0:7.37.0-37.43.1 (x86_64) 0:2.24.4-2.47.1 (x86_64) 0:1.5.13-15.11.2 (x86_64) 0:1.0.2j-60.55.1 (x86_64) 0:3.4.6-25.21.1 (x86_64) 0:60.9.0-109.86.1 (x86_64) 0:2.2.31-19.17.1 (x86_64) 0:9.27-23.28.1 (x86_64) 0:7.37.0-37.34.1 (x86_64) 0:1.6.1-16.68.1 (x86_64) 0:68.1.0-109.89.1 (x86_64) 0:68-32.8.1 (x86_64) 0:2.32-9.33.1 (x86_64) 0:1.8.10p3-10.23.1 (x86_64) 0:1.8.1-10.3.1 (x86_64) 0:4.9.2-14.14.1 (x86_64) 0:1.3.0-34.22.1 (x86_64) 0:68.2.0-109.95.2 (x86_64) 0:4.2.4-28.36.1 (x86_64) 0:4.4.2-38.28.1 (x86_64) 0:8.3.1-1.12.1 (x86_64) 0:1.4.3-20.14.1 (x86_64) 0:2.4.1-11.3.2 (x86_64) 0:1.5.3-31.19.1 (x86_64) 0:62.2.0-31.19.1 (x86_64) 0:8.1.2-31.19.1 (x86_64) 0:9.27-23.31.1 (x86_64) 0:4.4.121-92.125.1 (x86_64) 0:3.8.10.2-9.15.1 (x86_64) 0:1.7.5-20.26.1 (x86_64) 0:0.100.3-33.26.1 (x86_64) 0:2.1.17-3.11.1 (x86_64) 0:1.7.0.241-43.30.1 (x86_64) 0:0.9.9-17.11.1 (x86_64) 0:0.100.3-33.29.1 (x86_64) 0:2015.09.28.1626-17.20.1 (x86_64) 0:5.1.3-26.13.1 (x86_64) 0:2.12.3-27.22.1 (x86_64) 0:68.3.0-109.98.1 (x86_64) 0:60.5.0esr-109.58.3 (x86_64) 0:60-32.5.1 (x86_64) 0:3.41.1-58.25.1 (x86_64) 0:2.28-44.18.18 (x86_64) 0:2.28-44.18.38 (x86_64) 0:2.28-44.18.25 (x86_64) 0:228-150.63.1 (x86_64) 0:4.4.121-92.101.1 (x86_64) 0:3.3.9-11.18.1 (x86_64) 0:6.2.0dev-22.3.1 (x86_64) 0:2.7.13-28.21.1 (x86_64) 0:1.7.0.201-43.18.1 (x86_64) 0:2.22.6-2.35.1 (x86_64) 0:1.8.0.191-27.29.1 (x86_64) 0:2.22.4-2.29.3 (x86_64) 0:0.9.9-17.8.1 (x86_64) 0:1.4.3-20.3.1 (x86_64) 0:9.26a-23.22.1 (x86_64) 0:4.2.8p13-85.1 (x86_64) 0:1.0.2j-60.49.1 (x86_64) 0:4.4.121-92.104.1 (x86_64) 0:4.3-83.23.1 (x86_64) 0:6.3-83.23.1 (x86_64) 0:60.6.1esr-109.63.2 (x86_64) 0:2.4.23-29.40.1 (x86_64) 0:0.100.3-33.21.1 (x86_64) 0:2.2.31-19.14.2 (x86_64) 0:3.8.10.2-9.3.1 (x86_64) 0:1.14-21.10.1 (x86_64) 0:3.4.6-25.24.1 (x86_64) 0:7.37.0-37.37.1 (x86_64) 0:1.7.5-20.29.1 (x86_64) 0:1.3.16-239.4.1 (x86_64) 0:2.28.1-2.50.3 (x86_64) 0:2.5.5-6.6.1 (x86_64) 0:0.9.9-17.19.1 (x86_64) 0:52.1-8.10.1 (x86_64) 0:2.4.41-18.68.1 (x86_64) 0:2.28.2-2.53.2 (x86_64) 0:9.52-23.34.1 (x86_64) 0:0.2.7-12.10.1 (x86_64) 0:68.8.0-109.119.1 (x86_64) 0:3.5.21-26.23.1 (x86_64) 0:4.4.121-92.129.1 (x86_64) 0:2.4.23-29.54.1 (x86_64) 0:2.26.2-27.36.1 (x86_64) 0:2.1.17-3.20.1 (x86_64) 0:2.7.17-28.42.1 (x86_64) 0:1.0.3-3.3.1 (x86_64) 0:0.6.22-8.9.1 (x86_64) 0:7.4.326-17.6.1 (x86_64) 0:68.9.0-109.123.1 (x86_64) 0:2.1.9-19.3.2 (x86_64) 0:3.1.53-9.8.1 (x86_64) 0:1.7.0.261-43.38.8 (x86_64) 0:1.6.0-18.28.1 (x86_64) 0:4.4.121-92.135.1 (x86_64) 0:0.5.0-12.3.1 (x86_64) 0:1.4-103.3.1 (x86_64) 0:5.18.2-12.23.1 (x86_64) 0:1.8.0.252-27.45.6 (x86_64) 0:7.37.0-37.47.1 (x86_64) 0:1.10.1-55.11.1 (i586|x86_64) 0:3.5.21-26.26.1 (x86_64) 0:4.2.8p15-88.1 (x86_64) 0:3.53.1-58.48.1 (x86_64) 0:4.25-19.15.1 (x86_64) 0:2.4.41-18.71.2 (x86_64) 0:78.0.1-112.3.1 (x86_64) 0:78-35.3.1 (x86_64) 0:9.9.9P1-63.17.1 (x86_64) 0:0.9.0~git.1456906198.f422461-16.20.1 (x86_64) 0:3.5.21-26.29.1 (x86_64) 0:2.1.17-3.23.1 (x86_64) 0:2.28.3-2.56.1 (x86_64) 0:9.52-23.39.1 (x86_64) 0:78.1.0-112.8.1 (x86_64) 0:1.6.2-12.8.1 (x86_64) 0:1.10-4.5.1 (x86_64) 0:4.4.121-92.138.1 (x86_64) 0:0.9.9-17.31.1 (x86_64) 0:1.6.2-12.12.1 (x86_64) 0:3.1.1-13.3.6 (x86_64) 0:2.28.4-2.59.1 (x86_64) 0:2.2.31-19.22.1 (x86_64) 0:4.4.2-38.33.1 (x86_64) 0:7.6_1.18.3-76.26.1 (x86_64) 0:3.0.3-17.15.2 (x86_64) 0:7.6_1.18.3-76.29.1 (x86_64) 0:2.4.23-29.63.1 (x86_64) 0:3.5.21-26.32.1 (x86_64) 0:1.6.2-12.15.1 (x86_64) 0:78.2.0-112.19.2 (x86_64) 0:4.4.121-92.141.1 (x86_64) 0:1.8.0.242-27.41.1 (x86_64) 0:1.628-5.3.1 (x86_64) 0:3.4.10-25.52.1 (x86_64) 0:4.4.2-38.36.1 (x86_64) 0:78.3.0-112.22.1 (x86_64) 0:5.6.1-17.16.1 (x86_64) 0:1.628-5.6.1 (x86_64) 0:1.7.0.271-43.41.1 (x86_64) 0:1.6.0-27.1 (x86_64) 0:0.4.13-18.3.1 (x86_64) 0:2.6.3-7.18.1 (x86_64) 0:2.22-113.4 (x86_64) 0:78.4.0-112.28.1 (x86_64) 0:4.4.2-38.39.1 (x86_64) 0:1.0.31-4.3.1 (x86_64) 0:5.6.1-17.13.1 (x86_64) 0:1.8.0.272-27.48.1 (x86_64) 0:228-150.82.1 (x86_64) 0:1.7.0.281-43.44.2 (x86_64) 0:2.4.41-18.77.1 (x86_64) 0:78.4.1-112.32.1 (x86_64) 0:12.4-3.5.1 (x86_64) 0:10.14-4.4.1 (x86_64) 0:9.4.26-24.3.1 (x86_64) 0:9.6.19-6.4.1 (x86_64) 0:2.0.15-5.3.1 (x86_64) 0:16.21.2-27.70.1 (x86_64) 0:1.13.57-18.46.3 (x86_64) 0:1.12.5-40.40.2 (x86_64) 0:10.15-4.9.1 (x86_64) 0:9.6.20-6.8.1 (x86_64) 0:4.4.121-92.146.1 (x86_64) 0:5.13-5.23.1 (x86_64) 0:78.5.0-112.36.1 (x86_64) 0:0.9.9-17.34.1 (x86_64) 0:7.6_1.18.3-76.37.1 (x86_64) 0:3.4.10-25.58.1 (x86_64) 0:3.10.0.1-54.17.2 (x86_64) 0:2.1.4-7.31.1 (x86_64) 0:12.5-3.9.3 (x86_64) 0:1.10.1-55.18.1 (x86_64) 0:1.0.2j-60.63.1 (x86_64) 0:2.7.17-28.59.1 (x86_64) 0:68.5.0-109.106.1 (x86_64) 0:0.31-9.10.1 (x86_64) 0:78.6.0-112.39.1 (x86_64) 0:0.103.0-33.32.1 (x86_64) 0:2.1.26-8.13.1 (x86_64) 0:1.8.10p3-10.26.1 (x86_64) 0:0.6.21-8.6.1 (x86_64) 0:1.0.2j-60.60.1 (x86_64) 0:2.4.7-4.3.1 (x86_64) 0:3.4.10-25.39.2 (x86_64) 0:3.4.10-25.39.3 (x86_64) 0:10.0.40.2-29.35.1 (x86_64) 0:8.4.0-18.13.1 (x86_64) 0:2015.09.28.1626-17.27.1 (x86_64) 0:1.6.8-15.5.2 (x86_64) 0:9.6.17-3.33.1 (x86_64) 0:1.7.0.251-43.35.1 (x86_64) 0:3.5.21-26.20.1 (x86_64) 0:68.4.1-109.101.1 (x86_64) 0:10.12-1.18.1 (x86_64) 0:68.6.0-109.110.1 (x86_64) 0:1.11.2-5.11.1 (x86_64) 0:2.1.4-7.28.2 (x86_64) 0:0.7.5-6.3.2 (x86_64) 0:3.4.2-44.8.1 (x86_64) 0:3.4.10-25.45.1 (x86_64) 0:3.47.1-58.34.1 (x86_64) 0:4.23-19.12.1 (x86_64) 0:1.1.28-17.9.1 (x86_64) 0:68.6.1-109.113.1 (x86_64) 0:68.7.0-109.116.1 (x86_64) 0:2.26.0-27.27.1 (x86_64) 0:10.34-1.3.1 (x86_64) 0:3.4.5-44.13.1 (x86_64) 0:7.6_1.18.3-76.40.1 (x86_64) 0:0.103.2-33.35.1 (x86_64) 0:1.8.10p3-10.35.1 (x86_64) 0:2.6.2-41.62.1 (noarch) 0:1.0.0-41.62.1 (noarch) 0:1.9.1_0_gb3ef39f-41.62.1 (noarch) 0:8-41.62.1 (x86_64) 0:78.10.0-112.57.2 (x86_64) 0:2.7.1-13.3.1 (x86_64) 0:3.10.0.1-54.20.1 (noarch) 0:3.10.0.1-54.20.1 (noarch) 0:8.0.53-29.46.1 (x86_64) 0:1.7.0.291-43.47.3 (x86_64) 0:4.4.2-38.42.1 (noarch) 0:4.4.2-38.42.1 (x86_64) 0:4.2.4-28.39.1 (x86_64) 0:1.7.5-20.36.1 (x86_64) 0:9.9.9P1-63.25.1 (noarch) 0:9.9.9P1-63.25.1 (x86_64) 0:0.6.32-32.15.1 (noarch) 0:0.6.32-32.15.1 (x86_64) 0:4.4.121-92.155.1 (noarch) 0:4.4.121-92.155.1 (x86_64) 0:3.4.10-25.71.1 (x86_64) 0:3.5.25.3-5.9.1 (x86_64) 0:2.28.0-29.6.1 (x86_64) 0:2.9.4-46.43.1 (noarch) 0:2.9.4-46.43.1 (x86_64) 0:2.78-18.15.1 (x86_64) 0:1.3.0-12.3.1 (x86_64) 0:2.2.31-19.25.1 (x86_64) 0:3.5.25.3-5.12.1 (x86_64) 0:4.3.3-10.22.1 (x86_64) 0:2.6.2-41.65.1 (noarch) 0:1.0.0-41.65.1 (noarch) 0:1.9.1_0_gb3ef39f-41.65.1 (noarch) 0:8-41.65.1 (x86_64) 0:0.4.3-4.7.1 (x86_64) 0:0.113-5.21.1 (x86_64) 0:1.2.4-3.7.1 (x86_64) 0:1.8.3-18.3.5 (noarch) 0:1.8.3-18.3.5 (x86_64) 0:78.11.0-112.62.1 (x86_64) 0:1.6.2-12.21.1 (noarch) 0:1.6.2-12.21.1 (x86_64) 0:0.12.7-10.12.1 (x86_64) 0:0.31-9.13.1 (x86_64) 0:20210525-13.90.1 (x86_64) 0:0.4.21-8.3.1 (x86_64) 0:1.8.0.292-27.60.1 (x86_64) 0:6.8.8.1-71.154.1 (x86_64) 0:2.32.1-2.63.3 (noarch) 0:2.32.1-2.63.3 (x86_64) 0:2.4.23-29.74.1 (noarch) 0:2.4.23-29.74.1 (x86_64) 0:308-5.3.1 (x86_64) 0:2015+git1462940744.321151f-19.23.1 (noarch) 0:2015+git1462940744.321151f-19.23.1 (x86_64) 0:2.7.1-13.6.1 (x86_64) 0:0.6.37-2.27.24.1 (x86_64) 0:16.21.4-27.75.1 (x86_64) 0:1.6.1-16.77.1 (x86_64) 0:2.1.0-6.34.1 (x86_64) 0:13.1-3.3.1 (x86_64) 0:2.1a15-159.9.1 (x86_64) 0:7.2p2-74.57.1 (x86_64) 0:1.8.10p3-10.29.1 (x86_64) 0:78.12.0-112.65.1 (x86_64) 0:4.4.121-92.158.1 (noarch) 0:4.4.121-92.158.1 (x86_64) 0:78.7.0-112.45.1 (x86_64) 0:228-150.98.1 (noarch) 0:228-150.98.1 (x86_64) 0:2.6.2-41.68.1 (noarch) 0:1.0.0-41.68.1 (noarch) 0:1.9.1_0_gb3ef39f-41.68.1 (noarch) 0:8-41.68.1 (x86_64) 0:1.4-15.3.1 (x86_64) 0:2.32.3-2.66.1 (noarch) 0:2.32.3-2.66.1 (x86_64) 0:1.0.25-36.23.1 (x86_64) 0:3.5.25.3-5.19.2 (x86_64) 0:2.11-36.9.1 (noarch) 0:2.11-36.9.1 (x86_64) 0:1.9.1-9.7.1 (x86_64) 0:78.13.0-112.68.1 (x86_64) 0:6.3.26-13.12.1 (x86_64) 0:1.8.0.302-27.63.2 (x86_64) 0:2.11-36.15.1 (noarch) 0:2.11-36.15.1 (x86_64) 0:1.0.2j-60.69.3 (noarch) 0:1.0.2j-60.69.3 (x86_64) 0:5.6.1-4.5.1 (x86_64) 0:0.60.6.1-18.11.1 (x86_64) 0:9.9.9P1-63.28.1 (noarch) 0:9.9.9P1-63.28.1 (x86_64) 0:2.1.0-6.37.1 (x86_64) 0:1.0.6-17.3.1 (x86_64) 0:5.22-10.21.1 (x86_64) 0:11.2.1-104.9.49 (x86_64) 0:1.0.0-104.9.49 (x86_64) 0:3.2.8a-2.17.1 (x86_64) 0:0.6.0-11.3.1 (x86_64) 0:1.0.2j-60.72.2 (noarch) 0:1.0.2j-60.72.2 (x86_64) 0:9.52-23.42.1 (x86_64) 0:0.2.7-12.12.1 (x86_64) 0:91.1.0-112.71.1 (x86_64) 0:91-35.6.6 (x86_64) 0:3.36.0-9.18.1 (noarch) 0:1.25.10-3.31.2 (x86_64) 0:5.6.1-17.21.3 (x86_64) 0:2.22-116.1 (noarch) 0:2.22-116.1 (x86_64) 0:2.32.4-2.71.2 (noarch) 0:2.32.4-2.71.2 (x86_64) 0:2.4.23-29.80.1 (noarch) 0:2.4.23-29.80.1 (x86_64) 0:4.7.6_16-43.79.5 (x86_64) 0:3.4.10-25.63.2 (x86_64) 0:3.4.10-25.63.1 (x86_64) 0:91.2.0-112.74.1 (x86_64) 0:5.1.3-26.16.1 (noarch) 0:5.1.3-26.16.1 (x86_64) 0:10.18-4.19.6 (noarch) 0:10.18-4.19.6 (x86_64) 0:2.6.2-41.73.1 (noarch) 0:1.0.0-41.73.1 (noarch) 0:1.9.1_0_gb3ef39f-41.73.1 (noarch) 0:8-41.73.1 (x86_64) 0:0.13.0-3.19.1 (x86_64) 0:3.2.8b-2.20.1 (x86_64) 0:2.37-9.39.1 (x86_64) 0:2.37-9.44.1 (x86_64) 0:8.45-8.7.1 (noarch) 0:20140730-36.5.2 (x86_64) 0:4.4.2-38.45.2 (noarch) 0:4.4.2-38.45.2 (x86_64) 0:91.3.0-112.80.2 (x86_64) 0:14.1-3.3.1 (noarch) 0:14-4.10.1 (x86_64) 0:9.6.24-6.18.2 (noarch) 0:9.6.24-6.18.2 (x86_64) 0:10.19-4.22.1 (noarch) 0:10.19-4.22.1 (x86_64) 0:2.32.4-2.74.5 (noarch) 0:2.32.4-2.74.5 (x86_64) 0:1.8.0.312-27.66.1 (x86_64) 0:1.7.0.321-43.53.2 (x86_64) 0:4.7.6_18-43.82.1 (x86_64) 0:2.1.9-19.6.1 (x86_64) 0:0.103.4-33.41.1 (x86_64) 0:2.34.1-2.77.1 (noarch) 0:2.34.1-2.77.1 (x86_64) 0:4.4.121-92.161.1 (noarch) 0:4.4.121-92.161.1 (x86_64) 0:3.68.1-58.57.1 (x86_64) 0:7.2p2-74.60.1 (x86_64) 0:91.4.0-112.83.1 (x86_64) 0:2.48.2-6.3.1 (noarch) 0:2.48.2-6.3.1 (x86_64) 0:7.6_1.18.3-76.43.1 (noarch) 0:1.2.15-126.6.1 (x86_64) 0:7.6_1.18.3-76.46.1 (x86_64) 0:4.1-5.9.1 (x86_64) 0:2.7.17-28.64.1 (x86_64) 0:4.4.121-92.149.1 (x86_64) 0:2.6-15.13.1 (x86_64) 0:1.900.14-195.25.1 (x86_64) 0:4.0.4-23.6.1 (x86_64) 0:9.9.9P1-63.20.1 (x86_64) 0:1.0.3-3.6.1 (x86_64) 0:1.8.0.282-27.56.2 (x86_64) 0:78.8.0-112.51.1 (x86_64) 0:2.1.4-7.34.1 (x86_64) 0:2.4.41-18.83.1 (x86_64) 0:4.4.121-92.152.2 (x86_64) 0:2.6-15.16.1 (x86_64) 0:2.26.2-27.43.1 (x86_64) 0:2.7.18-28.67.1 (x86_64) 0:78.6.1-112.42.1 (x86_64) 0:2.48.2-12.22.1 (x86_64) 0:1.8.10p3-10.32.1 (x86_64) 0:4.60.99-5.9.1 (x86_64) 0:1.39.2-3.5.1 (x86_64) 0:1.0.2j-60.66.1 (x86_64) 0:78.9.0-112.54.1 (x86_64) 0:2.3.8-16.29.1 (x86_64) 0:1.7.1_sr5.5-38.68.1 (x86_64) 0:1.8.0_sr7.5-30.87.1 (x86_64) 0:1.2.8-12.6.1 (x86_64) 0:1.8.0_sr7.0-30.84.1 (x86_64) 0:2.28-44.35.1 (noarch) 0:2.28-44.35.1 (x86_64) 0:3.68.3-58.69.1 (x86_64) 0:91.8.0-112.98.1 (x86_64) 0:2.22-123.1 (noarch) 0:2.22-123.1 (x86_64) 0:0.6.39-2.27.32.2 (x86_64) 0:16.22.4-27.85.2 (x86_64) 0:2.1.0-4.15.1 (x86_64) 0:91.5.0-112.86.1 (x86_64) 0:5.0.5-6.7.1 (noarch) 0:5.0.5-6.7.1 (x86_64) 0:0.6.22-8.13.1 (x86_64) 0:1.6-9.6.2 (x86_64) 0:4.4.121-92.172.1 (noarch) 0:4.4.121-92.172.1 (x86_64) 0:2.78-18.18.1 (x86_64) 0:5.3.1-14.7.3 (noarch) 0:8.0.53-29.54.1 (x86_64) 0:2.26.2-27.52.1 (noarch) 0:2.26.2-27.52.1 (x86_64) 0:2.9.4-46.49.1 (noarch) 0:2.9.4-46.49.1 (x86_64) 0:1.2.15-15.17.1 (x86_64) 0:4.7.6_22-43.88.1 (x86_64) 0:2.34.3-2.82.1 (noarch) 0:2.34.3-2.82.1 (x86_64) 0:6.9-9.18.1 (x86_64) 0:0.16-20.15.1 (x86_64) 0:91.9.0-112.104.1 (x86_64) 0:5.0.5-6.12.2 (x86_64) 0:1.42.11-16.9.1 (x86_64) 0:1.7.1_sr5.0-38.65.1 (x86_64) 0:2.4.41-18.89.1 (noarch) 0:2.4.41-18.89.1 (x86_64) 0:1.6-9.9.1 (x86_64) 0:2.36.0-2.96.1 (noarch) 0:2.36.0-2.96.1 (x86_64) 0:7.37.0-37.76.1 (x86_64) 0:20220510-13.97.1 (x86_64) 0:91.9.0-112.108.4 (x86_64) 0:2.1.0-21.12.1 (x86_64) 0:0.113-5.24.1 (x86_64) 0:5.1.3-26.20.1 (noarch) 0:5.1.3-26.20.1 (noarch) 0:1.2.15-126.9.1 (x86_64) 0:6.8.8.1-71.170.2 (x86_64) 0:4.4.2-38.48.1 (noarch) 0:4.4.2-38.48.1 (x86_64) 0:5.7.3-6.9.1 (x86_64) 0:1.0.25-36.26.1 (x86_64) 0:4.7.6_20-43.85.1 (x86_64) 0:0.103.5-33.44.1 (x86_64) 0:4.4.121-92.164.1 (noarch) 0:4.4.121-92.164.1 (x86_64) 0:0.5.0-12.9.1 (x86_64) 0:2.1.0-21.15.1 (x86_64) 0:4.0.9-44.45.1 (x86_64) 0:4.9.2-14.20.1 (noarch) 0:2.8.1-268.9.1 (x86_64) 0:91.6.0-112.89.1 (x86_64) 0:20220207-13.93.1 (x86_64) 0:2.4.23-29.83.1 (noarch) 0:2.4.23-29.83.1 (x86_64) 0:2.1.26-8.17.1 (x86_64) 0:2.34.5-2.85.3 (noarch) 0:2.34.5-2.85.3 (x86_64) 0:2.1.0-21.18.1 (x86_64) 0:5.0.5-6.19.1 (x86_64) 0:4.4.121-92.169.1 (noarch) 0:4.4.121-92.169.1 (x86_64) 0:91.6.1-112.92.1 (x86_64) 0:2.34.6-2.88.1 (noarch) 0:2.34.6-2.88.1 (x86_64) 0:0.99.beta18-14.6.1 (x86_64) 0:91.7.0-112.95.1 (x86_64) 0:2.1.0-21.22.1 (x86_64) 0:1.0.2j-60.75.1 (noarch) 0:1.0.2j-60.75.1 (x86_64) 0:1.8.0.322-27.72.2 (x86_64) 0:2.22-119.1 (noarch) 0:2.22-119.1 (x86_64) 0:2.4.23-29.88.1 (noarch) 0:2.4.23-29.88.1 2 (x86_64) 0:60.2.2esr-109.46.1 (x86_64) 0:60-32.3.1 (x86_64) 0:1.0.14-19.6.3 (x86_64) 0:3.36.4-58.15.3 (x86_64) 0:4.19-19.3.1 (x86_64) 0:7-2.5 (x86_64) 0:1.2-18.68.1 (x86_64) 0:1.2-18.71.2 (x86_64) 0:3-2.2 (x86_64) 0:1.2-18.77.1 (x86_64) 0:6-2.2 (x86_64) 0:1.2-18.83.1