Revision Date: | 2020-12-01 | Version: | 1 |
Title: | Security update for the Linux Kernel (Important) |
Description: |
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). - CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577). - CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454). - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395). - CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935). - CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).
The following non-security bugs were fixed:
- Abort file_remove_privs() for non-reg. files (bsc#1140888). - acpica: Clear status of GPEs on first direct enable (bsc#1111666). - acpi: PM: Allow transitions to D0 to occur in special cases (bsc#1051510). - acpi: PM: Avoid evaluating _PS3 on transitions from D3hot to D3cold (bsc#1051510). - alsa: firewire-lib/fireworks: fix miss detection of received MIDI messages (bsc#1051510). - alsa: hda - Force polling mode on CNL for fixing codec communication (bsc#1051510). - alsa: hda/realtek: Add quirks for several Clevo notebook barebones (bsc#1051510). - alsa: hda/realtek - Change front mic location for Lenovo M710q (bsc#1051510). - alsa: line6: Fix write on zero-sized buffer (bsc#1051510). - alsa: seq: fix incorrect order of dest_client/dest_ports arguments (bsc#1051510). - alsa: usb-audio: Fix parse of UAC2 Extension Units (bsc#1111666). - alsa: usb-audio: fix sign unintended sign extension on left shifts (bsc#1051510). - apparmor: enforce nullbyte at end of tag string (bsc#1051510). - asoc: cx2072x: fix integer overflow on unsigned int multiply (bsc#1111666). - ax25: fix inconsistent lock state in ax25_destroy_timer (bsc#1051510). - Backporting hwpoison fixes - mm: hugetlb: prevent reuse of hwpoisoned free hugepages (bsc#1139712). - mm: hwpoison: change PageHWPoison behavior on hugetlb pages (bsc#1139712). - mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (bsc#1139712). - mm: soft-offline: dissolve free hugepage if soft-offlined (bsc#1139712). - mm: hwpoison: introduce memory_failure_hugetlb() (bsc#1139712). - mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (bsc#1139712). - mm: hugetlb: delete dequeue_hwpoisoned_huge_page() (bsc#1139712). - mm: hwpoison: introduce idenfity_page_state (bsc#1139712). - mm: hugetlb: soft_offline: save compound page order before page migration (bsc#1139712) - fs: hugetlbfs: fix hwpoison reserve accounting (bsc#1139712) - mm: fix race on soft-offlining free huge pages (bsc#1139712). - mm: soft-offline: close the race against page allocation (bsc#1139712). - mm: soft-offline: return -EBUSY if set_hwpoison_free_buddy_page() fails (bsc#1139712). - mm: hugetlb: soft-offline: dissolve_free_huge_page() return zero on !PageHuge (bsc#bsc#1139712). - blk-mq: free hw queue's resource in hctx's release handler (bsc#1140637). - block: Fix a NULL pointer dereference in generic_make_request() (bsc#1139771). - bluetooth: Fix faulty expression for minimum encryption key size check (bsc#1140328). - bpf, devmap: Add missing bulk queue free (bsc#1109837). - bpf, devmap: Add missing RCU read lock on flush (bsc#1109837). - bpf, devmap: Fix premature entry free on destroying map (bsc#1109837). - bpf: devmap: fix use-after-free Read in __dev_map_entry_free (bsc#1109837). - bpf: lpm_trie: check left child of last leftmost node for NULL (bsc#1109837). - bpf: sockmap fix msg->sg.size account on ingress skb (bsc#1109837). - bpf: sockmap, fix use after free from sleep in psock backlog workqueue (bsc#1109837). - bpf: sockmap remove duplicate queue free (bsc#1109837). - bpf, tcp: correctly handle DONT_WAIT flags and timeo == 0 (bsc#1109837). - can: af_can: Fix error path of can_init() (bsc#1051510). - can: flexcan: fix timeout when set small bitrate (bsc#1051510). - can: purge socket error queue on sock destruct (bsc#1051510). - ceph: flush dirty inodes before proceeding with remount (bsc#1140405). - clk: rockchip: Turn on 'aclk_dmac1' for suspend on rk3288 (bsc#1051510). - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider (bsc#1051510). - coresight: etb10: Fix handling of perf mode (bsc#1051510). - coresight: etm4x: Add support to enable ETMv4.2 (bsc#1051510). - crypto: algapi - guard against uninitialized spawn list in crypto_remove_spawns (bsc#1133401). - crypto: cryptd - Fix skcipher instance memory leak (bsc#1051510). - crypto: user - prevent operating on larval algorithms (bsc#1133401). - dax: Fix xarray entry association for mixed mappings (bsc#1140893). - Delete patches.fixes/s390-setup-fix-early-warning-messages (bsc#1140948). - device core: Consolidate locking and unlocking of parent and device (bsc#1106383). - dmaengine: imx-sdma: remove BD_INTR for channel0 (bsc#1051510). - doc: Cope with the deprecation of AutoReporter (bsc#1051510). - documentation/ABI: Document umwait control sysfs interfaces (jsc#SLE-5187). - documentation: DMA-API: fix a function name of max_mapping_size (bsc#1140954). - driver core: Establish order of operations for device_add and device_del via bitflag (bsc#1106383). - driver core: Probe devices asynchronously instead of the driver (bsc#1106383). - drivers/base/devres: introduce devm_release_action() (bsc#1103992). - drivers/base: Introduce kill_device() (bsc#1139865). - drivers/base: kABI fixes for struct device_private (bsc#1106383). - drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var (bsc#1051510). - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE (bsc#1051510). - drm/amd/powerplay: use hardware fan control if no powerplay fan table (bsc#1111666). - drm/arm/hdlcd: Actually validate CRTC modes (bsc#1111666). - drm/arm/hdlcd: Allow a bit of clock tolerance (bsc#1051510). - drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times (bsc#1111666). - drm/etnaviv: add missing failure path to destroy suballoc (bsc#1111666). - drm/fb-helper: generic: Do not take module ref for fbcon (bsc#1111666). - drm: Fix drm_release() and device unplug (bsc#1111666). - drm/i915/dmc: protect against reading random memory (bsc#1051510). - drm/i915/gvt: ignore unexpected pvinfo write (bsc#1051510). - drm/imx: notify drm core before sending event during crtc disable (bsc#1111666). - drm/imx: only send event on crtc disable if kept disabled (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD MicroPC (bsc#1111666). - drm: panel-orientation-quirks: Add quirk for GPD pocket2 (bsc#1111666). - drm/vmwgfx: fix a warning due to missing dma_parms (bsc#1111666). - drm/vmwgfx: Use the backdoor port if the HB port is not available (bsc#1111666). - ext4: do not delete unlinked inode from orphan list on failed truncate (bsc#1140891). - failover: allow name change on IFF_UP slave interfaces (bsc#1109837). - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() (bsc#1140889). - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (bsc#1140887). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bsc#1140887). - ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() (bsc#1071995). - genirq: Prevent use-after-free and work list corruption (bsc#1051510). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bsc#1051510). - genwqe: Prevent an integer overflow in the ioctl (bsc#1051510). - gpio: omap: fix lack of irqstatus_raw0 for OMAP4 (bsc#1051510). - hugetlbfs: dirty pages as they are added to pagecache (git fixes (mm/hugetlbfs)). - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (git fixes (mm/hugetlbfs)). - i2c: acorn: fix i2c warning (bsc#1135642). - i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld (bsc#1112374). - i2c: mlxcpld: Add support for smbus block read transaction (bsc#1112374). - i2c: mlxcpld: Allow configurable adapter id for mlxcpld (bsc#1112374). - i2c: mlxcpld: Fix adapter functionality support callback (bsc#1112374). - i2c: mlxcpld: Fix wrong initialization order in probe (bsc#1112374). - i2c: mux: mlxcpld: simplify code to reach the adapter (bsc#1112374). - ib/hfi1: Clear the IOWAIT pending bits when QP is put into error state (bsc#1114685). - ib/hfi1: Create inline to get extended headers (bsc#1114685 ). - ib/hfi1: Validate fault injection opcode user input (bsc#1114685 ). - ib/mlx5: Verify DEVX general object type correctly (bsc#1103991 ). - input: synaptics - enable SMBus on ThinkPad E480 and E580 (bsc#1051510). - input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD (bsc#1051510). - iommu/amd: Make iommu_disable safer (bsc#1140955). - iommu/arm-smmu: Add support for qcom,smmu-v2 variant (bsc#1051510). - iommu/arm-smmu: Avoid constant zero in TLBI writes (bsc#1140956). - iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes (bsc#1111666). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bsc#1051510). - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer (bsc#1051510). - iommu: Fix a leak in iommu_insert_resv_region (bsc#1140957). - iommu: Use right function to get group for device (bsc#1140958). - iommu/vt-d: Duplicate iommu_resv_region objects per device list (bsc#1140959). - iommu/vt-d: Handle PCI bridge RMRR device scopes in intel_iommu_get_resv_regions (bsc#1140960). - iommu/vt-d: Handle RMRR with PCI bridge device scopes (bsc#1140961). - iommu/vt-d: Introduce is_downstream_to_pci_bridge helper (bsc#1140962). - iommu/vt-d: Remove unnecessary rcu_read_locks (bsc#1140964). - iov_iter: Fix build error without CONFIG_CRYPTO (bsc#1111666). - irqchip/gic-v3-its: fix some definitions of inner cacheability attributes (bsc#1051510). - irqchip/mbigen: Do not clear eventid when freeing an MSI (bsc#1051510). - ixgbe: Avoid NULL pointer dereference with VF on non-IPsec hw (bsc#1140228). - kabi fixup blk_mq_register_dev() (bsc#1140637). - kernel-binary: fix missing \ - kernel-binary: rpm does not support multiline condition - kernel-binary: Use -c grep option in klp project detection. - kvm: svm/avic: fix off-by-one in checking host APIC ID (bsc#1140971). - kvm: x86: fix return value for reserved EFER (bsc#1140992). - kvm: x86: Skip EFER vs. guest CPUID checks for host-initiated writes (bsc#1140972). - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk (bsc#1051510). - libceph: assign cookies in linger_submit() (bsc#1135897). - libceph: check reply num_data_items in setup_request_data() (bsc#1135897). - libceph: do not consume a ref on pagelist in ceph_msg_data_add_pagelist() (bsc#1135897). - libceph: enable fallback to ceph_msg_new() in ceph_msgpool_get() (bsc#1135897). - libceph: introduce alloc_watch_request() (bsc#1135897). - libceph: introduce ceph_pagelist_alloc() (bsc#1135897). - libceph: preallocate message data items (bsc#1135897). - libceph, rbd: add error handling for osd_req_op_cls_init() (bsc#1135897). This feature was requested for SLE15 but aws reverted in packaging and master. - libceph, rbd, ceph: move ceph_osdc_alloc_messages() calls (bsc#1135897). - libnvdimm/bus: Prevent duplicate device_unregister() calls (bsc#1139865). - libnvdimm, pfn: Fix over-trim in trim_pfn_device() (bsc#1140719). - mac80211: Do not use stack memory with scatterlist for GMAC (bsc#1051510). - mac80211: drop robust management frames from unknown TA (bsc#1051510). - mac80211: handle deauthentication/disassociation from TDLS peer (bsc#1051510). - media: v4l2-ioctl: clear fields in s_parm (bsc#1051510). - mfd: hi655x: Fix regmap area declared size for hi655x (bsc#1051510). - mISDN: make sure device name is NUL terminated (bsc#1051510). - mlxsw: core: Add API for QSFP module temperature thresholds reading (bsc#1112374). - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue (bsc#1112374). - mlxsw: core: mlxsw: core: avoid -Wint-in-bool-context warning (bsc#1112374). - mlxsw: core: Move ethtool module callbacks to a common location (bsc#1112374). - mlxsw: core: Prevent reading unsupported slave address from SFP EEPROM (bsc#1112374). - mlxsw: pci: Reincrease PCI reset timeout (bsc#1112374). - mlxsw: reg: Add Management Temperature Bulk Register (bsc#1112374). - mlxsw: spectrum_flower: Fix TOS matching (bsc#1112374). - mlxsw: spectrum: Move QSFP EEPROM definitions to common location (bsc#1112374). - mlxsw: spectrum: Put MC TCs into DWRR mode (bsc#1112374). - mmc: core: complete HS400 before checking status (bsc#1111666). - mmc: core: Prevent processing SDIO IRQs when the card is suspended (bsc#1051510). - mm/devm_memremap_pages: introduce devm_memunmap_pages (bsc#1103992). - mm/page_alloc.c: avoid potential NULL pointer dereference (git fixes (mm/pagealloc)). - mm/page_alloc.c: fix never set ALLOC_NOFRAGMENT flag (git fixes (mm/pagealloc)). - mm/vmscan.c: prevent useless kswapd loops (git fixes (mm/vmscan)). - net: core: support XDP generic on stacked devices (bsc#1109837). - net: do not clear sock->sk early to avoid trouble in strparser (bsc#1103990). - net: ena: add ethtool function for changing io queue sizes (bsc#1138879). - net: ena: add good checksum counter (bsc#1138879). - net: ena: add handling of llq max tx burst size (bsc#1138879). - net: ena: add MAX_QUEUES_EXT get feature admin command (bsc#1138879). - net: ena: add newline at the end of pr_err prints (bsc#1138879). - net: ena: add support for changing max_header_size in LLQ mode (bsc#1138879). - net: ena: allow automatic fallback to polling mode (bsc#1138879). - net: ena: allow queue allocation backoff when low on memory (bsc#1138879). - net: ena: arrange ena_probe() function variables in reverse christmas tree (bsc#1138879). - net: ena: enable negotiating larger Rx ring size (bsc#1138879). - net: ena: ethtool: add extra properties retrieval via get_priv_flags (bsc#1138879). - net: ena: Fix bug where ring allocation backoff stopped too late (bsc#1138879). - net: ena: fix ena_com_fill_hash_function() implementation (bsc#1138879). - net: ena: fix: Free napi resources when ena_up() fails (bsc#1138879). - net: ena: fix incorrect test of supported hash function (bsc#1138879). - net: ena: fix: set freed objects to NULL to avoid failing future allocations (bsc#1138879). - net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry (bsc#1138879). - net: ena: gcc 8: fix compilation warning (bsc#1138879). - net: ena: improve latency by disabling adaptive interrupt moderation by default (bsc#1138879). - net: ena: make ethtool show correct current and max queue sizes (bsc#1138879). - net: ena: optimise calculations for CQ doorbell (bsc#1138879). - net: ena: remove inline keyword from functions in *.c (bsc#1138879). - net: ena: replace free_tx/rx_ids union with single free_ids field in ena_ring (bsc#1138879). - net: ena: update driver version from 2.0.3 to 2.1.0 (bsc#1138879). - net: ena: use dev_info_once instead of static variable (bsc#1138879). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bsc#1130836). - net: Fix missing meta data in skb with vlan packet (bsc#1109837). - net/mlx5: Avoid reloading already removed devices (bsc#1103990 ). - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled (bsc#1103990). - net/mlx5e: Fix the max MTU check in case of XDP (bsc#1103990 ). - net/mlx5e: Fix use-after-free after xdp_return_frame (bsc#1103990). - net/mlx5e: Rx, Check ip headers sanity (bsc#1103990 ). - net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (bsc#1109837). - net/mlx5e: XDP, Fix shifted flag index in RQ bitmap (bsc#1103990 ). - net/mlx5: FPGA, tls, hold rcu read lock a bit longer (bsc#1103990). - net/mlx5: FPGA, tls, idr remove on flow delete (bsc#1103990 ). - net/mlx5: Set completion EQs as shared resources (bsc#1103991 ). - net/mlx5: Update pci error handler entries and command translation (bsc#1103991). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Fix parser range for VID filtering (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: prs: Use the correct helpers when removing all VID filters (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: mvpp2: Use strscpy to handle stat strings (bsc#1098633). - net: phy: marvell10g: report if the PHY fails to boot firmware (bsc#1119113). - net/sched: cbs: Fix error path of cbs_module_init (bsc#1109837). - net/sched: cbs: fix port_rate miscalculation (bsc#1109837). - net/tls: avoid NULL pointer deref on nskb->sk in fallback (bsc#1109837). - net/tls: avoid potential deadlock in tls_set_device_offload_rx() (bsc#1109837). - net: tls, correctly account for copied bytes with multiple sk_msgs (bsc#1109837). - net/tls: do not copy negative amounts of data in reencrypt (bsc#1109837). - net/tls: do not ignore netdev notifications if no TLS features (bsc#1109837). - net/tls: do not leak IV and record seq when offload fails (bsc#1109837). - net/tls: do not leak partially sent record in device mode (bsc#1109837). - net/tls: fix build without CONFIG_TLS_DEVICE (bsc#1109837). - net/tls: fix copy to fragments in reencrypt (bsc#1109837). - net/tls: fix page double free on TX cleanup (bsc#1109837). - net/tls: fix refcount adjustment in fallback (bsc#1109837). - net/tls: fix state removal with feature flags off (bsc#1109837). - net/tls: fix the IV leaks (bsc#1109837). - net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() (bsc#1109837). - net/tls: replace the sleeping lock around RX resync with a bit lock (bsc#1109837). - net/udp_gso: Allow TX timestamp with UDP GSO (bsc#1109837). - nfit/ars: Allow root to busy-poll the ARS state machine (bsc#1140814). - nfit/ars: Avoid stale ARS results (jsc#SLE-5433). - nfit/ars: Introduce scrub_flags (jsc#SLE-5433). - nfp: bpf: fix static check error through tightening shift amount adjustment (bsc#1109837). - nfp: flower: add rcu locks when accessing netdev for tunnels (bsc#1109837). - ntp: Allow TAI-UTC offset to be set to zero (bsc#1135642). - nvme: copy MTFA field from identify controller (bsc#1140715). - nvme-rdma: fix double freeing of async event data (bsc#1120423). - nvme-rdma: fix possible double free of controller async event buffer (bsc#1120423). - ocfs2: try to reuse extent block in dealloc without meta_alloc (bsc#1128902). - pci: Do not poll for PME if the device is in D3cold (bsc#1051510). - pci/p2pdma: fix the gen_pool_add_virt() failure path (bsc#1103992). - pci: PM: Skip devices in D0 for suspend-to-idle (bsc#1051510). - pci: rpadlpar: Fix leaked device_node references in add/remove paths (bsc#1051510). - pinctrl/amd: add get_direction handler (bsc#1140463). - pinctrl/amd: fix gpio irq level in debugfs (bsc#1140463). - pinctrl/amd: fix masking of GPIO interrupts (bsc#1140463). - pinctrl/amd: make functions amd_gpio_suspend and amd_gpio_resume static (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type (bsc#1140463). - pinctrl/amd: poll InterruptEnable bits in enable_irq (bsc#1140463). - pm: ACPI/PCI: Resume all devices during hibernation (bsc#1111666). - powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list (bsc#1137728, LTC#178106). - powerpc/perf: Add POWER9 alternate PM_RUN_CYC and PM_RUN_INST_CMPL events (bsc#1137728, LTC#178106). - powerpc/rtas: retry when cpu offline races with suspend/migration (bsc#1140428, LTC#178808). - ppc64le: enable CONFIG_PPC_DT_CPU_FTRS (jsc#SLE-7159). - ppp: mppe: Add softdep to arc4 (bsc#1088047). - ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (git-fixes). - ptrace: restore smp_rmb() in __ptrace_may_access() (git-fixes). - pwm: stm32: Use 3 cells ->of_xlate() (bsc#1111666). - qmi_wwan: Fix out-of-bounds read (bsc#1111666). - rdma/ipoib: Allow user space differentiate between valid dev_port (bsc#1103992). - rdma/mlx5: Do not allow the user to write to the clock page (bsc#1103991). - rdma/mlx5: Initialize roce port info before multiport master init (bsc#1103991). - rdma/mlx5: Use rdma_user_map_io for mapping BAR pages (bsc#1103992). - regulator: s2mps11: Fix buck7 and buck8 wrong voltages (bsc#1051510). - Replace the bluetooth fix with the upstream commit (bsc#1135556) - Revert 'net: ena: ethtool: add extra properties retrieval via get_priv_flags' (bsc#1138879). - Revert 'net/mlx5e: Enable reporting checksum unnecessary also for L3 packets' (bsc#1103990). - Revert 'Revert 'Drop multiversion(kernel) from the KMP template ()'' - Revert 'Sign non-x86 kernels when possible (boo#1134303)' This reverts commit bac621c6704610562ebd9e74ae5ad85ca8025681. We do not have reports of this working with all ARM architectures in all cases (boot, kexec, ..) so revert for now. - Revert 'svm: Fix AVIC incomplete IPI emulation' (bsc#1140133). - rpm/package-descriptions: fix typo in kernel-azure - rpm/post.sh: correct typo in err msg (bsc#1137625) - sbitmap: fix improper use of smp_mb__before_atomic() (bsc#1140658). - scripts/git_sort/git_sort.py: add djbw/nvdimm nvdimm-pending. - scripts/git_sort/git_sort.py: add nvdimm/libnvdimm-fixes - scripts/git_sort/git_sort.py: drop old scsi branches - scsi: aacraid: change event_wait to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: change wait_sem to a completion (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: clean up some indentation and formatting issues (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-through (jsc#SLE-4710 bsc#1136161). - scsi: aacraid: Mark expected switch fall-throughs (jsc#SLE-4710 bsc#1136161). - scsi: be2iscsi: be_iscsi: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: be_main: Mark expected switch fall-through (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: fix spelling mistake 'Retreiving' -> 'Retrieving' (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: lpfc: fix typo (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: remove unused variable dmsg (jsc#SLE-4721 bsc#1136264). - scsi: be2iscsi: switch to generic DMA API (jsc#SLE-4721 bsc#1136264). - scsi: core: add new RDAC LENOVO/DE_Series device (bsc#1132390). - scsi: csiostor: csio_wr: mark expected switch fall-through (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: drop serial_number usage (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix calls to dma_set_mask_and_coherent() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix incorrect dma device in case of vport (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: no need to check return value of debugfs_create functions (jsc#SLE-4679 bsc#1136343). - scsi: csiostor: Remove set but not used variable 'pln' (jsc#SLE-4679 bsc#1136343). - scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add flag high_iops_queues (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add missing breaks in switch statements (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for ATLAS PCIe switch (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Add support for NVMe Switch Adapter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Affinity high iops queues IRQs to local node (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: change _base_get_msix_index prototype (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Enable interrupt coalescing on high iops (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: fix indentation issue (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix kernel panic during expander reset (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Fix typo in request_desript_type (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: function pointers of request descriptor (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Improve the threshold value and introduce module param (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Introduce perf_mode module parameter (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Irq poll to avoid CPU hard lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Rename mpi endpoint device ID macro (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: save and use MSI-X index for posting RD (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: simplify interrupt handler (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 27.102.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update driver version to 29.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (bsc#1125703,jsc#SLE-4717). - scsi: mpt3sas: Use high iops queues under some circumstances (bsc#1125703,jsc#SLE-4717). - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() (bsc#1140727). - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines (bsc#1140728). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - scsi: target/iblock: Fix overrun in WRITE SAME emulation (bsc#1140424). - signal/ptrace: Do not leak unitialized kernel memory with PTRACE_PEEK_SIGINFO (git-fixes). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bsc#1051510). - staging:iio:ad7150: fix threshold mode config bit (bsc#1051510). - svm: Add warning message for AVIC IPI invalid target (bsc#1140133). - svm: Fix AVIC incomplete IPI emulation (bsc#1140133). - sysctl: handle overflow in proc_get_long (bsc#1051510). - tools: bpftool: fix infinite loop in map create (bsc#1109837). - tracing/snapshot: Resize spare buffer if size changed (bsc#1140726). - typec: tcpm: fix compiler warning about stupid things (git-fixes). - usb: chipidea: udc: workaround for endpoint conflict issue (bsc#1135642). - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) (bsc#1135642). - usb: Fix chipmunk-like voice when using Logitech C270 for recording audio (bsc#1051510). - usbnet: ipheth: fix racing condition (bsc#1051510). - usb: serial: fix initial-termios handling (bsc#1135642). - usb: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode (bsc#1051510). - usb: serial: option: add Telit 0x1260 and 0x1261 compositions (bsc#1051510). - usb: serial: pl2303: add Allied Telesis VT-Kit3 (bsc#1051510). - usb: usb-storage: Add new ID to ums-realtek (bsc#1051510). - x86/cpufeatures: Enumerate user wait instructions (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait C0.2 state (jsc#SLE-5187). - x86/umwait: Add sysfs interface to control umwait maximum time (jsc#SLE-5187). - x86/umwait: Initialize umwait control values (jsc#SLE-5187). - xdp: check device pointer before clearing (bsc#1109837).
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1051510 1071995 1088047 1098633 1103203 1103990 1103991 1103992 1106383 1109837 1111666 1112374 1114685 1119113 1119532 1120423 1125703 1128902 1130836 1131645 1132390 1133401 1133738 1134303 1134395 1135556 1135642 1135897 1136161 1136264 1136343 1136935 1137625 1137728 1138879 1139712 1139751 1139771 1139865 1140133 1140228 1140328 1140405 1140424 1140428 1140454 1140463 1140575 1140577 1140637 1140658 1140715 1140719 1140726 1140727 1140728 1140814 1140887 1140888 1140889 1140891 1140893 1140948 1140954 1140955 1140956 1140957 1140958 1140959 1140960 1140961 1140962 1140964 1140971 1140972 1140992 1160467 1160468 901448 909472 913376 916203 917977 920160 933336 961964 962052 967026 970547 CVE-2007-6720 CVE-2009-0179 CVE-2009-0688 CVE-2009-3995 CVE-2009-3996 CVE-2010-2546 CVE-2011-2054 CVE-2013-2062 CVE-2013-2063 CVE-2013-4326 CVE-2014-2497 CVE-2014-8169 CVE-2014-9645 CVE-2014-9687 CVE-2014-9709 CVE-2015-2059 CVE-2015-3451 CVE-2015-8948 CVE-2016-0787 CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-1572 CVE-2016-5116 CVE-2016-6128 CVE-2016-6132 CVE-2016-6161 CVE-2016-6207 CVE-2016-6214 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 CVE-2016-6905 CVE-2016-6906 CVE-2016-6911 CVE-2016-6912 CVE-2016-7568 CVE-2016-7951 CVE-2016-7952 CVE-2016-8670 CVE-2016-9317 CVE-2016-9933 CVE-2017-2885 CVE-2017-6362 CVE-2018-1000222 CVE-2018-12910 CVE-2018-20836 CVE-2018-5711 CVE-2019-10126 CVE-2019-10638 CVE-2019-10639 CVE-2019-11599 CVE-2019-13233 CVE-2019-14896 CVE-2019-14897 SUSE-SU-2015:1020-1 SUSE-SU-2016:0241-1 SUSE-SU-2016:0715-1 SUSE-SU-2016:0718-1 SUSE-SU-2019:1854-1
|
Platform(s): | openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8
| Product(s): | |
Definition Synopsis |
openSUSE Leap 15.0 is installed AND libXcursor1-1.1.15-lp150.1 is installed
|
Definition Synopsis |
openSUSE Leap 15.1 is installed
AND Package Information
libxslt-1.1.32-lp151.3.3 is installed
OR libxslt-devel-1.1.32-lp151.3.3 is installed
OR libxslt-devel-32bit-1.1.32-lp151.3.3 is installed
OR libxslt-python-1.1.32-lp151.3.3 is installed
OR libxslt-tools-1.1.32-lp151.3.3 is installed
OR libxslt1-1.1.32-lp151.3.3 is installed
OR libxslt1-32bit-1.1.32-lp151.3.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP2 is installed
AND Package Information
dhcp-4.2.4.P2-0.11.13 is installed
OR dhcp-client-4.2.4.P2-0.11.13 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP3 is installed
AND Package Information
curl-7.19.7-1.46 is installed
OR libcurl4-7.19.7-1.46 is installed
OR libcurl4-32bit-7.19.7-1.46 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 11 SP4 is installed
AND Package Information
krb5-1.6.3-133.49.97 is installed
OR krb5-32bit-1.6.3-133.49.97 is installed
OR krb5-client-1.6.3-133.49.97 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 is installed
AND autofs-5.0.9-8 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP1 is installed
AND busybox-1.21.1-3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP2 is installed
AND Package Information
cyrus-sasl-2.1.26-7 is installed
OR cyrus-sasl-32bit-2.1.26-7 is installed
OR cyrus-sasl-crammd5-2.1.26-7 is installed
OR cyrus-sasl-crammd5-32bit-2.1.26-7 is installed
OR cyrus-sasl-digestmd5-2.1.26-7 is installed
OR cyrus-sasl-digestmd5-32bit-2.1.26-7 is installed
OR cyrus-sasl-gssapi-2.1.26-7 is installed
OR cyrus-sasl-gssapi-32bit-2.1.26-7 is installed
OR cyrus-sasl-plain-2.1.26-7 is installed
OR cyrus-sasl-plain-32bit-2.1.26-7 is installed
OR cyrus-sasl-saslauthd-2.1.26-7 is installed
OR libsasl2-3-2.1.26-7 is installed
OR libsasl2-3-32bit-2.1.26-7 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP3 is installed
AND Package Information
libXtst6-1.2.2-7 is installed
OR libXtst6-32bit-1.2.2-7 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP4 is installed
AND Package Information
gd-2.1.0-24.9 is installed
OR gd-32bit-2.1.0-24.9 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
AND Package Information
kernel-default-4.12.14-197.10 is installed
OR kernel-default-livepatch-4.12.14-197.10 is installed
OR kernel-default-livepatch-devel-4.12.14-197.10 is installed
OR kernel-livepatch-4_12_14-197_10-default-1-3.3 is installed
OR kernel-livepatch-SLE15-SP1_Update_3-1-3.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP1 is installed
AND Package Information
glib2-lang-2.38.2-5 is installed
OR glib2-tools-2.38.2-5 is installed
OR libgio-2_0-0-2.38.2-5 is installed
OR libgio-2_0-0-32bit-2.38.2-5 is installed
OR libglib-2_0-0-2.38.2-5 is installed
OR libglib-2_0-0-32bit-2.38.2-5 is installed
OR libgmodule-2_0-0-2.38.2-5 is installed
OR libgmodule-2_0-0-32bit-2.38.2-5 is installed
OR libgobject-2_0-0-2.38.2-5 is installed
OR libgobject-2_0-0-32bit-2.38.2-5 is installed
OR libgthread-2_0-0-2.38.2-5 is installed
OR libgthread-2_0-0-32bit-2.38.2-5 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP1-LTSS is installed
AND Package Information
kgraft-patch-3_12_69-60_64_32-default-5-2 is installed
OR kgraft-patch-3_12_69-60_64_32-xen-5-2 is installed
OR kgraft-patch-SLE12-SP1_Update_13-5-2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2 is installed
AND Package Information
coreutils-8.25-12 is installed
OR coreutils-lang-8.25-12 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-BCL is installed
AND Package Information
libdcerpc-binding0-4.4.2-38.25 is installed
OR libdcerpc-binding0-32bit-4.4.2-38.25 is installed
OR libdcerpc0-4.4.2-38.25 is installed
OR libdcerpc0-32bit-4.4.2-38.25 is installed
OR libndr-krb5pac0-4.4.2-38.25 is installed
OR libndr-krb5pac0-32bit-4.4.2-38.25 is installed
OR libndr-nbt0-4.4.2-38.25 is installed
OR libndr-nbt0-32bit-4.4.2-38.25 is installed
OR libndr-standard0-4.4.2-38.25 is installed
OR libndr-standard0-32bit-4.4.2-38.25 is installed
OR libndr0-4.4.2-38.25 is installed
OR libndr0-32bit-4.4.2-38.25 is installed
OR libnetapi0-4.4.2-38.25 is installed
OR libnetapi0-32bit-4.4.2-38.25 is installed
OR libsamba-credentials0-4.4.2-38.25 is installed
OR libsamba-credentials0-32bit-4.4.2-38.25 is installed
OR libsamba-errors0-4.4.2-38.25 is installed
OR libsamba-errors0-32bit-4.4.2-38.25 is installed
OR libsamba-hostconfig0-4.4.2-38.25 is installed
OR libsamba-hostconfig0-32bit-4.4.2-38.25 is installed
OR libsamba-passdb0-4.4.2-38.25 is installed
OR libsamba-passdb0-32bit-4.4.2-38.25 is installed
OR libsamba-util0-4.4.2-38.25 is installed
OR libsamba-util0-32bit-4.4.2-38.25 is installed
OR libsamdb0-4.4.2-38.25 is installed
OR libsamdb0-32bit-4.4.2-38.25 is installed
OR libsmbclient0-4.4.2-38.25 is installed
OR libsmbclient0-32bit-4.4.2-38.25 is installed
OR libsmbconf0-4.4.2-38.25 is installed
OR libsmbconf0-32bit-4.4.2-38.25 is installed
OR libsmbldap0-4.4.2-38.25 is installed
OR libsmbldap0-32bit-4.4.2-38.25 is installed
OR libtevent-util0-4.4.2-38.25 is installed
OR libtevent-util0-32bit-4.4.2-38.25 is installed
OR libwbclient0-4.4.2-38.25 is installed
OR libwbclient0-32bit-4.4.2-38.25 is installed
OR samba-4.4.2-38.25 is installed
OR samba-client-4.4.2-38.25 is installed
OR samba-client-32bit-4.4.2-38.25 is installed
OR samba-doc-4.4.2-38.25 is installed
OR samba-libs-4.4.2-38.25 is installed
OR samba-libs-32bit-4.4.2-38.25 is installed
OR samba-winbind-4.4.2-38.25 is installed
OR samba-winbind-32bit-4.4.2-38.25 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
AND Package Information
java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-LTSS is installed
AND Package Information
kgraft-patch-4_4_74-92_38-default-7-2 is installed
OR kgraft-patch-SLE12-SP2_Update_13-7-2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3 is installed
AND ipsec-tools-0.8.0-18 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-BCL is installed
AND Package Information
libXvnc1-1.6.0-18.28 is installed
OR tigervnc-1.6.0-18.28 is installed
OR xorg-x11-Xvnc-1.6.0-18.28 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
AND Package Information
libpython2_7-1_0-2.7.13-28.31 is installed
OR libpython2_7-1_0-32bit-2.7.13-28.31 is installed
OR python-2.7.13-28.31 is installed
OR python-32bit-2.7.13-28.31 is installed
OR python-base-2.7.13-28.31 is installed
OR python-base-32bit-2.7.13-28.31 is installed
OR python-curses-2.7.13-28.31 is installed
OR python-demo-2.7.13-28.31 is installed
OR python-devel-2.7.13-28.31 is installed
OR python-doc-2.7.13-28.31 is installed
OR python-doc-pdf-2.7.13-28.31 is installed
OR python-gdbm-2.7.13-28.31 is installed
OR python-idle-2.7.13-28.31 is installed
OR python-tk-2.7.13-28.31 is installed
OR python-xml-2.7.13-28.31 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-LTSS is installed
AND Package Information
kgraft-patch-4_4_143-94_47-default-7-2 is installed
OR kgraft-patch-SLE12-SP3_Update_16-7-2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
AND Package Information
gnome-shell-search-provider-nautilus-3.20.3-23.6 is installed
OR libnautilus-extension1-3.20.3-23.6 is installed
OR nautilus-3.20.3-23.6 is installed
OR nautilus-lang-3.20.3-23.6 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP4 is installed
AND Package Information
bzip2-1.0.6-29 is installed
OR bzip2-doc-1.0.6-29 is installed
OR libbz2-1-1.0.6-29 is installed
OR libbz2-1-32bit-1.0.6-29 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud 8 is installed
AND python-Werkzeug-0.12.2-3.3 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud Crowbar 8 is installed
AND Package Information
libpolkit0-0.113-5.18 is installed
OR polkit-0.113-5.18 is installed
OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
|