Oval Definition:oval:org.opensuse.security:def:5584
Revision Date:2020-12-02Version:1
Title:Security update for the Linux Kernel (Important)
Description:





The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829).

The following non-security bugs were fixed:

- alsa: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bsc#1051510). - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bsc#1051510). - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510). - alsa: fireworks: fix memory leak of response buffer at error path (bsc#1051510). - alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510). - alsa: msnd: Fix the default sample sizes (bsc#1051510). - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bsc#1051510). - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bsc#1051510). - ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510). - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bsc#1051510). - ASoC: rt5514: Add the I2S ASRC support (bsc#1051510). - ASoC: rt5514: Add the missing register in the readable table (bsc#1051510). - ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510). - ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510). - block, dax: remove dead code in blkdev_writepages() (bsc#1104888). - block: fix warning when I/O elevator is changed as request_queue is being removed (bsc#1109979). - block: Invalidate cache on discard v2 (bsc#1109992). - block: pass inclusive 'lend' parameter to truncate_inode_pages_range (bsc#1109992). - block: properly protect the 'queue' kobj in blk_unregister_queue (bsc#1109979). - bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510). - bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587). - bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510). - btrfs: add a comp_refs() helper (dependency for bsc#1031392). - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392). - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount (bsc#1107947). - btrfs: cleanup extent locking sequence (dependency for bsc#1031392). - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392). - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392). - btrfs: fix data corruption when deduplicating between different files (bsc#1110647). - btrfs: fix duplicate extents after fsync of file with prealloc extents (bsc#1110644). - btrfs: fix fsync after hole punching when using no-holes feature (bsc#1110642). - btrfs: fix loss of prealloc extents past i_size after fsync log replay (bsc#1110643). - btrfs: fix return value on rename exchange failure (bsc#1110645). - btrfs: fix send failure when root has deleted files still open (bsc#1110650). - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392). - btrfs: log csums for all modified extents (bsc#1110639). - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392). - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392). - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392). - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392). - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392). - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges (dependency for bsc#1031392). - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled (dependency for bsc#1031392). - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392). - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions (dependency for bsc#1031392). - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392). - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392). - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392). - btrfs: qgroup: Return actually freed bytes for qgroup release or free data (dependency for bsc#1031392). - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392). - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392). - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392). - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392). - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392). - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392). - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392). - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392). - btrfs: Remove unused parameters from various functions (bsc#1110649). - btrfs: rework outstanding_extents (dependency for bsc#1031392). - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (follow up for bsc#1108096). - btrfs: scrub: Do not use inode pages for device replace (follow up for bsc#1108096). - btrfs: switch args for comp_*_refs (dependency for bsc#1031392). - btrfs: sync log after logging new name (bsc#1110646). - btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928). - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510). - coresight: Handle errors in finding input/output ports (bsc#1051510). - crypto: clarify licensing of OpenSSL asm code (). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bsc#1051510). - crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510). - dax: Introduce a ->copy_to_iter dax operation (bsc#1098782). - dax: Make extension of dax_operations transparent (bsc#1098782). - dax: remove default copy_from_iter fallback (bsc#1098782). patches.drivers/dax-remove-the-pmem_dax_ops-flush-abstraction.patch: Refresh - dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782). - dax: require 'struct page' by default for filesystem dax (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh - dax: store pfns in the radix (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh - device-dax: Add missing address_space_operations (bsc#1107783). - device-dax: Enable page_mapping() (bsc#1107783). - device-dax: Set page->index (bsc#1107783). - doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636). - ext2: auto disable dax instead of failing mount (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext2, dax: introduce ext2_dax_aops (bsc#1104888). - ext4: auto disable dax instead of failing mount (bsc#1104888 ). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888). - ext4, dax: introduce ext4_dax_aops (bsc#1104888). - ext4, dax: set ext4_dax_aops for dax files (bsc#1104888). - fbdev: Distinguish between interlaced and progressive modes (bsc#1051510). - fbdev/via: fix defined but not used warning (bsc#1051510). - filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783). patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - filesystem-dax: Set page->index (bsc#1107783). - Fix buggy backport in patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch (bsc#1109859) - Fix kexec forbidding kernels signed with keys in the secondary keyring to boot (bsc#1110006). - Fix sorted section Merge commits 862a718e83 and 8aa4d41564 had conflicts with (apparently) bad resolution which introduced disorder in the sorted section. - fs, dax: prepare for dax-specific address_space_operations (bsc#1104888). patches.fixes/fs-allow-per-device-dax-status-checking-for-filesystems.patch: Refresh patches.kabi/kabi-fixup-bdev_dax_supported.patch: Refresh - fs, dax: use page->mapping to warn if truncate collides with a busy page (bsc#1104888). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510). - gpio: pxa: Fix potential NULL dereference (bsc#1051510). - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes (bsc#1051510). - HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510). - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bsc#1051510). - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bsc#1051510). - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - intel_th: Fix device removal logic (bsc#1051510). - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105). - ioremap: Update pgtable free interfaces with addr (bsc#1110006). - ipc/shm: fix shmat() nil address after round-down when remapping (bsc#1090078). - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244). - kprobes/x86: Release insn_slot in failure path (bsc#1110006). - KVM: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix() (bsc#1061840, git-fixes). - KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1106240). - KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault (bsc#1106240). - KVM: x86: Do not re-{try,execute} after failed emulation in L2 (bsc#1106240). - KVM: x86: Invert emulation re-execute behavior to make it opt-in (bsc#1106240). - KVM: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE (bsc#1106240). - lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510). - lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782). - libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (bsc#1098782). - libnvdimm, pmem: Restore page attributes when clearing errors (bsc#1107783). - Limit kernel-source build to architectures for which we build binaries (bsc#1108281). - mac80211: fix pending queue hang due to TX_DROP (bsc#1051510). - mac80211: restrict delayed tailroom needed decrement (bsc#1051510). - mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510). - mei: ignore not found client in the enumeration (bsc#1051510). - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510). - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510). - mmc: sdhci: do not try to use 3.3V signaling if not supported (bsc#1051510). - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510). - mm, dax: introduce pfn_t_special() (bsc#1104888). - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE pages (bsc#1107783). - mm, madvise_inject_error: Let memory_failure() optionally take a page reference (bsc#1107783). - mm, memory_failure: Collect mapping size in collect_procs() (bsc#1107783). - mm, memory_failure: Teach memory_failure() about dev_pagemap pages (bsc#1107783). - mm, numa: Migrate pages to local nodes quicker early in the lifetime of a task (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration (bnc#1101669 optimise numa balancing for fast migrate). - mm, numa: Remove rate-limiting of automatic numa balancing migration kabi (bnc#1101669 optimise numa balancing for fast migrate). - mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bsc#1051510). - nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190). - NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() (bsc#1105190). - NFS: Use an appropriate work queue for direct-write completion (bsc#1082519). - parport: sunbpp: fix error return code (bsc#1051510). - PCI: aardvark: Size bridges before resources allocation (bsc#1109806). - PCI: designware: Fix I/O space page leak (bsc#1109806). - PCI: faraday: Add missing of_node_put() (bsc#1109806). - PCI: faraday: Fix I/O space page leak (bsc#1109806). - PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation (bsc#1109806). - PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806). - PCI: versatile: Fix I/O space page leak (bsc#1109806). - PCI: xgene: Fix I/O space page leak (bsc#1109806). - PCI: xilinx: Add missing of_node_put() (bsc#1109806). - PCI: xilinx-nwl: Add missing of_node_put() (bsc#1109806). - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant (bsc#1051510). - platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bsc#1051510). - pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782). - powernv/pseries: consolidate code for mce early handling (bsc#1094244). - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269). - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823). - powerpc: Fix size calculation using resource_size() (bnc#1012382). - powerpc: KABI add aux_ptr to hole in paca_struct to extend it with additional members (bsc#1094244). - powerpc: KABI: move mce_data_buf into paca_aux (bsc#1094244). - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363). - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property (bsc#1109244). - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range (bsc#1055120). - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244). - powerpc/pseries: Define MCE error event section (bsc#1094244). - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729). - powerpc/pseries: Display machine check error details (bsc#1094244). - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244). - Refresh patches.kabi/KABI-move-mce_data_buf-into-paca_aux.patch - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244). - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337). - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - powerpc/xive: Fix trying to 'push' an already active pool VP (bsc#1085030, git-fixes). - r8152: Check for supported Wake-on-LAN Modes (bsc#1051510). - README.BRANCH: SLE15-SP1 branch maintainer changes Add ptesarik as co-maintainer, keep tiwai as the primary maintainer - regulator: fix crash caused by null driver data (bsc#1051510). - rename/renumber hv patches to simplify upcoming upstream merges No code changes. - Revert 'btrfs: qgroups: Retry after commit on getting EDQUOT' (bsc#1031392). - Revert 'ipc/shm: Fix shmat mmap nil-page protection' (bsc#1090078). - rpm/mkspec: build dtbs for architectures marked -!needs_updating - rpm/mkspec: fix ppc64 kernel-source build. - s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323, LTC#171709). - s390/pci: fix out of bounds access during irq setup (bnc#1108323, LTC#171068). - s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948). - s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948). - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes). - sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Reset scan rate whenever task moves across nodes (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time (bnc#1101669 optimise numa balancing for fast migrate). - sched/numa: Stop multiple tasks from moving to the CPU at the same time kabi (bnc#1101669 optimise numa balancing for fast migrate). - scsi: hisi_sas: Add a flag to filter PHY events during reset (). - scsi: hisi_sas: add memory barrier in task delivery function (). - scsi: hisi_sas: Add missing PHY spinlock init (). - scsi: hisi_sas: Add SATA FIS check for v3 hw (). - scsi: hisi_sas: Adjust task reject period during host reset (). - scsi: hisi_sas: Drop hisi_sas_slot_abort() (). - scsi: hisi_sas: Fix the conflict between dev gone and host reset (). - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout (). - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw (). - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() (). - scsi: hisi_sas: Pre-allocate slot DMA buffers (). - scsi: hisi_sas: Release all remaining resources in clear nexus ha (). - scsi: hisi_sas: relocate some common code for v3 hw (). - scsi: hisi_sas: tidy channel interrupt handler for v3 hw (). - scsi: hisi_sas: Tidy hisi_sas_task_prep() (). - scsi: hisi_sas: tidy host controller reset function a bit (). - scsi: hisi_sas: Update a couple of register settings for v3 hw (). - scsi: hisi_sas: Use dmam_alloc_coherent() (). - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336). - smsc75xx: Check for Wake-on-LAN modes (bsc#1051510). - smsc95xx: Check for Wake-on-LAN modes (bsc#1051510). - sort series.conf I didn't want to, but he made me do it. - sr9800: Check for supported Wake-on-LAN modes (bsc#1051510). - sr: get/drop reference to device in revalidate and check_events (bsc#1109979). - supported.conf: add test_syctl to new kselftests-kmp package As per we will require new FATE requests per each new selftest driver. We do not want to support these module on production runs but we do want to support them for QA / testing uses. The compromise is to package them into its own package, this will be the kselftests-kmp package. Selftests can also be used as proof of concept vehicle for issues by customers or ourselves. Vanilla kernels do not get test_sysctl given that driver was using built-in defaults, this also means we cannot run sefltests on config/s390x/zfcpdump which does not enable modules. Likeweise, since we had to *change* the kernel for test_syctl, it it also means we can't test test_syctl with vanilla kernels. It should be possible with other selftests drivers if they are present in vanilla kernels though. - uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782). - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405). - video: goldfishfb: fix memory leak on driver remove (bsc#1051510). - watchdog: Mark watchdog touch functions as notrace (git-fixes). - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bsc#1051510). - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006). - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006). - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006). - x86/apic/vector: Fix off by one in error path (bsc#1110006). - x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782). - x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (bsc#1098782). - x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled (bsc#1098782). - x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782). - x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782). - x86/boot: Fix kexec booting failure in the SEV bit detection code (bsc#1110301). - x86/build/64: Force the linker to use 2MB page size (bsc#1109603). - x86/dumpstack: Save first regs set for the executive summary (bsc#1110006). - x86/dumpstack: Unify show_regs() (bsc#1110006). - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() (bsc#1110006). - x86/espfix/64: Fix espfix double-fault handling on 5-level systems (bsc#1110006). - x86/idt: Load idt early in start_secondary (bsc#1110006). - x86/kexec: Avoid double free_page() upon do_kexec_load() failure (bsc#1110006). - x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783). - x86/mce: Improve error message when kernel cannot recover (bsc#1110006). - x86/mce: Improve error message when kernel cannot recover (bsc#1110301). - x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783). - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup compilation breakage on s390 and arm due to missing clear_mce_nospec(). - x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006). - x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006). - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006). - x86/mm: Expand static page table for fixmap space (bsc#1110006). - x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006). - x86/mm: implement free pmd/pte page interfaces (bsc#1110006). - x86/mm/pat: Prepare {reserve, free}_memtype() for 'decoy' addresses (bsc#1107783). - x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006). - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006). - x86/pkeys: Do not special case protection key 0 (bsc#1110006). - x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006). - x86/process: Do not mix user/kernel regs in 64bit __show_regs() (bsc#1110006). - x86/process: Re-export start_thread() (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110006). - x86/vdso: Fix lsl operand order (bsc#1110301). - xen: issue warning message when out of grant maptrack entries (bsc#1105795). - xfs, dax: introduce xfs_dax_aops (bsc#1104888). - xhci: Fix use after free for URB cancellation on a reallocated endpoint (bsc#1051510).
Family:unixClass:patch
Status:Reference(s):1012382
1024718
1031392
1046299
1050242
1050244
1051510
1055120
1055121
1055186
1058115
1060463
1061840
1065600
1065729
1068273
1078248
1079935
1082387
1082519
1082555
1082653
1083647
1085030
1085535
1086196
1086282
1086283
1086423
1087978
1088386
1089350
1090078
1090888
1091405
1091800
1094244
1097593
1097755
1098782
1100132
1101669
1102495
1102875
1102877
1102879
1102882
1102896
1103257
1103269
1103356
1103405
1103587
1103636
1103925
1104124
1104353
1104427
1104824
1104888
1104967
1105168
1105190
1105428
1105795
1106105
1106110
1106237
1106240
1106615
1106913
1106948
1107256
1107385
1107783
1107829
1107866
1107928
1107947
1108096
1108170
1108270
1108281
1108323
1108399
1108468
1108823
1109244
1109272
1109333
1109336
1109337
1109603
1109772
1109806
1109859
1109979
1109992
1110006
1110301
1110363
1110558
1110639
1110642
1110643
1110644
1110645
1110646
1110647
1110649
1110650
1110998
1111040
1111062
1111174
1111183
1111188
1111469
1111696
1111795
1111809
1111921
1112878
1112963
1113295
1113408
1113412
1113501
1113667
1113677
1113722
1113751
1113769
1113780
1113972
1114015
1114178
1114279
1114385
1114576
1114577
1114578
1114579
1114580
1114581
1114582
1114583
1114584
1114585
1114839
1114871
1115074
1115269
1115431
1115433
1115440
1115567
1115709
1115976
1116040
1116183
1116336
1116692
1116693
1116698
1116699
1116700
1116701
1116803
1116841
1116862
1116863
1116876
1116877
1116878
1116891
1116895
1116899
1116950
1117115
1117162
1117165
1117168
1117172
1117174
1117181
1117184
1117186
1117188
1117189
1117349
1117561
1117656
1117788
1117789
1117790
1117791
1117792
1117794
1117795
1117796
1117798
1117799
1117801
1117802
1117803
1117804
1117805
1117806
1117807
1117808
1117815
1117816
1117817
1117818
1117819
1117820
1117821
1117822
1117953
1118102
1118136
1118137
1118138
1118140
1118152
1118215
1118316
1118319
1118428
1118484
1118505
1118752
1118760
1118761
1118762
1118766
1118767
1118768
1118769
1118771
1118772
1118773
1118774
1118775
1118798
1118809
1118962
1119017
1119086
1119212
1119322
1119410
1119714
1119749
1119804
1119946
1119962
1119968
1120036
1120046
1120053
1120054
1120055
1120058
1120088
1120092
1120094
1120096
1120097
1120173
1120214
1120223
1120228
1120230
1120232
1120234
1120235
1120238
1120594
1120598
1120600
1120601
1120602
1120603
1120604
1120606
1120612
1120613
1120614
1120615
1120616
1120617
1120618
1120620
1120621
1120632
1120633
1120743
1120954
1121017
1121058
1121263
1121273
1121477
1121483
1121599
1121621
1121714
1121715
1121973
CVE-2006-0855
CVE-2007-1669
CVE-2007-4129
CVE-2008-4316
CVE-2009-2473
CVE-2009-2474
CVE-2010-0405
CVE-2011-0460
CVE-2011-3848
CVE-2011-3872
CVE-2012-0786
CVE-2012-2150
CVE-2012-2396
CVE-2012-3524
CVE-2012-3864
CVE-2012-3865
CVE-2012-3866
CVE-2012-3867
CVE-2012-4510
CVE-2013-2126
CVE-2013-2127
CVE-2013-3567
CVE-2013-4761
CVE-2013-4956
CVE-2014-2524
CVE-2014-3248
CVE-2014-3253
CVE-2014-6271
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-8119
CVE-2018-12232
CVE-2018-14625
CVE-2018-14633
CVE-2018-16862
CVE-2018-16884
CVE-2018-17182
CVE-2018-18281
CVE-2018-18397
CVE-2018-18710
CVE-2018-19407
CVE-2018-19824
CVE-2018-19854
CVE-2018-19985
CVE-2018-20169
CVE-2018-9568
SUSE-SU-2018:3159-1
SUSE-SU-2019:0224-1
Platform(s):openSUSE 13.1
openSUSE 13.1 NonFree
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise for SAP 12
SUSE Linux Enterprise for SAP 12 SP1
SUSE Linux Enterprise High Availability 12 SP3
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Point of Sale 12 SP2
SUSE Linux Enterprise Real Time Extension 12 SP2
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for VMWare 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP3
SUSE Linux Enterprise Workstation Extension 15
SUSE OpenStack Cloud 5
Product(s):
Definition Synopsis
  • SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed
  • AND Package Information
  • python-glanceclient-0.15.0-3.1 is installed
  • OR python-keystoneclient-1.0.0-19.1 is installed
  • OR python-keystoneclient-doc-1.0.0-19.1 is installed
  • OR python-keystonemiddleware-1.2.0-4.1 is installed
  • OR python-novaclient-2.20.0-6.1 is installed
  • OR python-novaclient-doc-2.20.0-6.1 is installed
  • OR python-swiftclient-2.3.1-3.1 is installed
  • OR python-swiftclient-doc-2.3.1-3.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND LibVNCServer-0.9.1-156.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND zoo-2.10-1020 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • bash-4.3-78 is installed
  • OR bash-doc-4.3-78 is installed
  • OR bash-lang-4.3-78 is installed
  • OR libreadline6-6.3-78 is installed
  • OR libreadline6-32bit-6.3-78 is installed
  • OR readline-doc-6.3-78 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • augeas-1.2.0-15 is installed
  • OR augeas-lenses-1.2.0-15 is installed
  • OR libaugeas0-1.2.0-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • apparmor-docs-2.8.2-49 is installed
  • OR apparmor-parser-2.8.2-49 is installed
  • OR apparmor-profiles-2.8.2-49 is installed
  • OR apparmor-utils-2.8.2-49 is installed
  • OR libapparmor1-2.8.2-49 is installed
  • OR libapparmor1-32bit-2.8.2-49 is installed
  • OR pam_apparmor-2.8.2-49 is installed
  • OR pam_apparmor-32bit-2.8.2-49 is installed
  • OR perl-apparmor-2.8.2-49 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise for SAP 12 is installed
  • AND Package Information
  • kgraft-patch-3_12_51-52_39-default-4-2.2 is installed
  • OR kgraft-patch-3_12_51-52_39-xen-4-2.2 is installed
  • OR kgraft-patch-SLE12_Update_11-4-2.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise for SAP 12 SP1 is installed
  • AND Package Information
  • kernel-default-3.12.74-60.64.51.1 is installed
  • OR kernel-default-base-3.12.74-60.64.51.1 is installed
  • OR kernel-default-devel-3.12.74-60.64.51.1 is installed
  • OR kernel-devel-3.12.74-60.64.51.1 is installed
  • OR kernel-macros-3.12.74-60.64.51.1 is installed
  • OR kernel-source-3.12.74-60.64.51.1 is installed
  • OR kernel-syms-3.12.74-60.64.51.1 is installed
  • OR kernel-xen-3.12.74-60.64.51.1 is installed
  • OR kernel-xen-base-3.12.74-60.64.51.1 is installed
  • OR kernel-xen-devel-3.12.74-60.64.51.1 is installed
  • OR kgraft-patch-3_12_74-60_64_51-default-1-2.1 is installed
  • OR kgraft-patch-3_12_74-60_64_51-xen-1-2.1 is installed
  • OR kgraft-patch-SLE12-SP1_Update_18-1-2.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • AND python-requests-2.8.1-6.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • AND Package Information
  • PackageKit-1.1.3-24.9 is installed
  • OR PackageKit-backend-zypp-1.1.3-24.9 is installed
  • OR PackageKit-lang-1.1.3-24.9 is installed
  • OR libpackagekit-glib2-18-1.1.3-24.9 is installed
  • OR typelib-1_0-PackageKitGlib-1_0-1.1.3-24.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed
  • AND facter-2.0.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 12 is installed
  • AND Package Information
  • kernel-ec2-3.12.60-52.54 is installed
  • OR kernel-ec2-devel-3.12.60-52.54 is installed
  • OR kernel-ec2-extra-3.12.60-52.54 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 12 is installed
  • AND Package Information
  • apache2-mod_php5-5.5.14-22.1 is installed
  • OR php5-5.5.14-22.1 is installed
  • OR php5-bcmath-5.5.14-22.1 is installed
  • OR php5-bz2-5.5.14-22.1 is installed
  • OR php5-calendar-5.5.14-22.1 is installed
  • OR php5-ctype-5.5.14-22.1 is installed
  • OR php5-curl-5.5.14-22.1 is installed
  • OR php5-dba-5.5.14-22.1 is installed
  • OR php5-dom-5.5.14-22.1 is installed
  • OR php5-enchant-5.5.14-22.1 is installed
  • OR php5-exif-5.5.14-22.1 is installed
  • OR php5-fastcgi-5.5.14-22.1 is installed
  • OR php5-fileinfo-5.5.14-22.1 is installed
  • OR php5-fpm-5.5.14-22.1 is installed
  • OR php5-ftp-5.5.14-22.1 is installed
  • OR php5-gd-5.5.14-22.1 is installed
  • OR php5-gettext-5.5.14-22.1 is installed
  • OR php5-gmp-5.5.14-22.1 is installed
  • OR php5-iconv-5.5.14-22.1 is installed
  • OR php5-intl-5.5.14-22.1 is installed
  • OR php5-json-5.5.14-22.1 is installed
  • OR php5-ldap-5.5.14-22.1 is installed
  • OR php5-mbstring-5.5.14-22.1 is installed
  • OR php5-mcrypt-5.5.14-22.1 is installed
  • OR php5-mysql-5.5.14-22.1 is installed
  • OR php5-odbc-5.5.14-22.1 is installed
  • OR php5-openssl-5.5.14-22.1 is installed
  • OR php5-pcntl-5.5.14-22.1 is installed
  • OR php5-pdo-5.5.14-22.1 is installed
  • OR php5-pear-5.5.14-22.1 is installed
  • OR php5-pgsql-5.5.14-22.1 is installed
  • OR php5-pspell-5.5.14-22.1 is installed
  • OR php5-shmop-5.5.14-22.1 is installed
  • OR php5-snmp-5.5.14-22.1 is installed
  • OR php5-soap-5.5.14-22.1 is installed
  • OR php5-sockets-5.5.14-22.1 is installed
  • OR php5-sqlite-5.5.14-22.1 is installed
  • OR php5-suhosin-5.5.14-22.1 is installed
  • OR php5-sysvmsg-5.5.14-22.1 is installed
  • OR php5-sysvsem-5.5.14-22.1 is installed
  • OR php5-sysvshm-5.5.14-22.1 is installed
  • OR php5-tokenizer-5.5.14-22.1 is installed
  • OR php5-wddx-5.5.14-22.1 is installed
  • OR php5-xmlreader-5.5.14-22.1 is installed
  • OR php5-xmlrpc-5.5.14-22.1 is installed
  • OR php5-xmlwriter-5.5.14-22.1 is installed
  • OR php5-xsl-5.5.14-22.1 is installed
  • OR php5-zip-5.5.14-22.1 is installed
  • OR php5-zlib-5.5.14-22.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Point of Sale 12 SP2 is installed
  • AND Package Information
  • salt-2016.11.4-45.2 is installed
  • OR salt-minion-2016.11.4-45.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Real Time Extension 12 SP2 is installed
  • AND Package Information
  • cluster-md-kmp-rt-4.4.95-21.1 is installed
  • OR cluster-network-kmp-rt-4.4.95-21.1 is installed
  • OR dlm-kmp-rt-4.4.95-21.1 is installed
  • OR gfs2-kmp-rt-4.4.95-21.1 is installed
  • OR kernel-devel-rt-4.4.95-21.1 is installed
  • OR kernel-rt-4.4.95-21.1 is installed
  • OR kernel-rt-base-4.4.95-21.1 is installed
  • OR kernel-rt-devel-4.4.95-21.1 is installed
  • OR kernel-rt_debug-4.4.95-21.1 is installed
  • OR kernel-rt_debug-devel-4.4.95-21.1 is installed
  • OR kernel-source-rt-4.4.95-21.1 is installed
  • OR kernel-syms-rt-4.4.95-21.1 is installed
  • OR ocfs2-kmp-rt-4.4.95-21.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 is installed
  • AND Package Information
  • dbus-1-glib-0.76-34.10.1 is installed
  • OR dbus-1-glib-32bit-0.76-34.10.1 is installed
  • OR dbus-1-glib-x86-0.76-34.10.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP2 is installed
  • AND Package Information
  • evince-2.28.2-0.7.2 is installed
  • OR evince-doc-2.28.2-0.7.2 is installed
  • OR evince-lang-2.28.2-0.7.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP2-LTSS is installed
  • AND Package Information
  • bind-9.9.6P1-0.25.1 is installed
  • OR bind-chrootenv-9.9.6P1-0.25.1 is installed
  • OR bind-devel-9.9.6P1-0.25.1 is installed
  • OR bind-doc-9.9.6P1-0.25.1 is installed
  • OR bind-libs-9.9.6P1-0.25.1 is installed
  • OR bind-libs-32bit-9.9.6P1-0.25.1 is installed
  • OR bind-utils-9.9.6P1-0.25.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND acpid-1.0.6-91.25.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND aaa_base-11-6.105.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR alsa-docs-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR alsa-docs-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND clamav-0.99.2-32.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND ant-1.9.4-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • accountsservice-0.6.42-16.3 is installed
  • OR accountsservice-lang-0.6.42-16.3 is installed
  • OR libaccountsservice0-0.6.42-16.3 is installed
  • OR typelib-1_0-AccountsService-1_0-0.6.42-16.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_60-52_54-default-2-2.2 is installed
  • OR kgraft-patch-3_12_60-52_54-xen-2-2.2 is installed
  • OR kgraft-patch-SLE12_Update_15-2-2.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND apache-commons-httpclient-3.1-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_54-default-5-2 is installed
  • OR kgraft-patch-3_12_74-60_64_54-xen-5-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_19-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP2 is installed
  • AND Package Information
  • apache2-2.2.12-1.40.1 is installed
  • OR apache2-devel-2.2.12-1.40.1 is installed
  • OR apache2-doc-2.2.12-1.40.1 is installed
  • OR apache2-example-pages-2.2.12-1.40.1 is installed
  • OR apache2-prefork-2.2.12-1.40.1 is installed
  • OR apache2-utils-2.2.12-1.40.1 is installed
  • OR apache2-worker-2.2.12-1.40.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP3 is installed
  • AND augeas-devel-0.9.0-3.15.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Package Information
  • libtool-2.2.6-2.131.1 is installed
  • OR libtool-32bit-2.2.6-2.131.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 is installed
  • AND accountsservice-devel-0.6.35-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP1 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-8 is installed
  • OR ImageMagick-devel-6.8.8.1-8 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-8 is installed
  • OR libMagick++-devel-6.8.8.1-8 is installed
  • OR perl-PerlMagick-6.8.8.1-8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
  • AND Package Information
  • NetworkManager-1.0.12-13.6 is installed
  • OR NetworkManager-devel-1.0.12-13.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 is installed
  • AND cyrus-sasl-digestmd5-32bit-2.1.26-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP1 is installed
  • AND Package Information
  • colord-1.1.7-5 is installed
  • OR colord-lang-1.1.7-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP2 is installed
  • AND Package Information
  • colord-1.3.3-10 is installed
  • OR colord-lang-1.3.3-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP3 is installed
  • AND bash-lang-4.3-82 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.22 is installed
  • OR kernel-default-extra-4.12.14-25.22 is installed
    • BACK