Sicherheit: Mehrere Probleme in Linux

Lesezeichen hinzufügen

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:0555-1
Rating: important
References: #1012382 #1045538 #1048585 #1050431 #1054305
#1059174 #1060279 #1060682 #1063544 #1064861
#1068032 #1068984 #1069508 #1070623 #1070781
#1073311 #1074488 #1074621 #1074880 #1075088
#1075091 #1075410 #1075617 #1075621 #1075908
#1075994 #1076017 #1076154 #1076278 #1076437
#1076849 #1077191 #1077355 #1077406 #1077487
#1077560 #1077922 #1078875 #1079917 #1080133
#1080359 #1080363 #1080372 #1080579 #1080685
#1080774 #1081500 #936530 #962257
Cross-References: CVE-2015-1142857 CVE-2017-13215 CVE-2017-17741
CVE-2017-18017 CVE-2017-18079 CVE-2017-5715
CVE-2018-1000004 CVE-2018-5332 CVE-2018-5333

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Real Time Extension 11-SP4
SUSE Linux Enterprise High Availability Extension 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that solves 9 vulnerabilities and has 40 fixes is
now available.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

- CVE-2017-5715: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure
of information to an attacker with local user access via a side-channel
analysis (bnc#1068032).

The previous fix using CPU Microcode has been complemented by building
the Linux Kernel with return trampolines aka "retpolines".

- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function
did not validate a value that is used during DMA page allocation,
leading to a heap-based out-of-bounds write (related to the
rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
- CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in
net/rds/rdma.c mishandled cases where page pinning fails or an invalid
address is supplied, leading to an rds_atomic_free_op NULL pointer
dereference (bnc#1075617).
- CVE-2017-18017: The tcpmss_mangle_packet function in
net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers
to cause a denial of service (use-after-free and memory corruption)
or possibly have unspecified other impact by leveraging the presence of
xt_TCPMSS in an iptables action (bnc#1074488).
- CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed
attackers to cause a denial of service (NULL pointer dereference and
system crash) or possibly have unspecified other impact because the
port->exists value can change after it is validated (bnc#1077922).
- CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's
assigned to guests to send ethernet flow control pause frames via the
PF. (bnc#1077355).
- CVE-2017-17741: The KVM implementation in the Linux kernel allowed
attackers to obtain potentially sensitive information from kernel
memory, aka a write_mmio stack-based out-of-bounds read, related to
arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
- CVE-2017-13215: A elevation of privilege vulnerability in the Upstream
kernel skcipher. (bnc#1075908).
- CVE-2018-1000004: In the Linux kernel a race condition vulnerability
existed in the sound system, this can lead to a deadlock and denial of
service condition (bnc#1076017).

The following non-security bugs were fixed:

- alsa: aloop: Fix inconsistent format due to incomplete rule
(bsc#1045538).
- alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).
- alsa: aloop: Release cable upon open error path (bsc#1045538).
- alsa: pcm: Abort properly at pending signal in OSS read/write loops
(bsc#1045538).
- alsa: pcm: Add missing error checks in OSS emulation plugin builder
(bsc#1045538).
- alsa: pcm: Allow aborting mutex lock at OSS read/write loops
(bsc#1045538).
- alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).
- alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).
- btrfs: cleanup unnecessary assignment when cleaning up all the residual
transaction (FATE#325056).
- btrfs: copy fsid to super_block s_uuid (bsc#1080774).
- btrfs: do not wait for all the writers circularly during the transaction
commit (FATE#325056).
- btrfs: do not WARN() in btrfs_transaction_abort() for IO errors
(bsc#1080363).
- btrfs: fix two use-after-free bugs with transaction cleanup
(FATE#325056).
- btrfs: make the state of the transaction more readable (FATE#325056).
- btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).
- btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value
(bsc#1080685).
- btrfs: reset intwrite on transaction abort (FATE#325056).
- btrfs: set qgroup_ulist to be null after calling ulist_free()
(bsc#1080359).
- btrfs: stop waiting on current trans if we aborted (FATE#325056).
- cdc-acm: apply quirk for card reader (bsc#1060279).
- cdrom: factor out common open_for_* code (bsc#1048585).
- cdrom: wait for tray to close (bsc#1048585).
- delay: add poll_event_interruptible (bsc#1048585).
- dm flakey: add corrupt_bio_byte feature (bsc#1080372).
- dm flakey: add drop_writes (bsc#1080372).
- dm flakey: error READ bios during the down_interval (bsc#1080372).
- dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).
- dm flakey: fix reads to be issued if drop_writes configured
(bsc#1080372).
- dm flakey: introduce "error_writes" feature (bsc#1080372).
- dm flakey: support feature args (bsc#1080372).
- dm flakey: use dm_target_offset and support discards (bsc#1080372).
- ext2: free memory allocated and forget buffer head when io error happens
(bnc#1069508).
- ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).
- ext3: add necessary check in case IO error happens (bnc#1069508).
- ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).
- fork: clear thread stack upon allocation (bsc#1077560).
- kaiser: Add proper NX handling for !NX-capable systems also to
kaiser_add_user_map(). (bsc#1076278).
- kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz
- kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call
cannot make assumption of accessible stack after CR3 switch, and
therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the
pagetable hierarchy.
- kaiser: Fix trampoline stack loading issue on XEN PV
- kaiser: handle non-accessible stack in sysretl_from_sys_call properly
(bsc#bsc#1080579)
- kaiser: make sure not to touch stack after CR3 switch in compat syscall
return
- kaiser: really do switch away from trampoline stack to kernel stack in
ia32_syscall entry (bsc#1080579)
- kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621
bsc#1068032).
- keys: trusted: fix writing past end of buffer in trusted_read()
(bsc#1074880).
- media: omap_vout: Fix a possible null pointer dereference in
omap_vout_open() (bsc#1050431).
- mISDN: fix a loop count (bsc#1077191).
- nfsd: do not share group_info among threads (bsc@1070623).
- ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert
thread (bsc#1076437).
- ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can
not be granted at once (bsc#1076437).
- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
ocfs2_unblock_lock (bsc#962257).
- powerpc/64: Add macros for annotating the destination of rfid/hrfid
(bsc#1068032, bsc#1075088).
- powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
(bsc#1068032, bsc#1075088).
- powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
(bsc#1068032, bsc#1075088).
- powerpc/64s: Add EX_SIZE definition for paca exception save areas
(bsc#1068032, bsc#1075088).
- powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,
bsc#1075088).
- powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,
bsc#1075088).
- powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
(bsc#1068032, bsc#1075088).
- powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).
- powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
(bsc#1068032, bsc#1075088).
- powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).
- powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,
bsc#1075088).
- powerpc: Fix register clobbering when accumulating stolen time
(bsc#1059174).
- powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).
- powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).
- powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619,
git-fixes).
- powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).
- powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
(bsc#1068032, bsc#1075088).
- powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,
bsc#1075088).
- powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,
bsc#1075088).
- powerpc/pseries: Kill all prefetch streams on context switch
(bsc#1068032, bsc#1075088).
- powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,
bsc#1075088).
- powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration
(bsc#1068032, bsc#1075088).
- powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration
(bsc#1075088).
- powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).
- powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,
bsc#1075088).
- powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).
- powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).
- powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)
(bsc#1068032, bsc#1075088).
- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code
(bsc#1068032, bsc#1075088).
- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code
(bsc#1075088).
- powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
- rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).
- rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).
- rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)
(bsc#1075088).
- rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088).
- s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
- s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,
LTC#163741).
- scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).
- scsi: sr: wait for the medium to become ready (bsc#1048585).
- scsi: virtio_scsi: let host do exception handling
(bsc#936530,bsc#1060682).
- storvsc: do not assume SG list is continuous when doing bounce buffers
(bsc#1075410).
- sysfs/cpu: Add vulnerability folder (bnc#1012382).
- sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
- sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
- x86/acpi: Handle SCI interrupts above legacy space gracefully
(bsc#1068984).
- x86/acpi: Reduce code duplication in mp_override_legacy_irq()
(bsc#1068984).
- x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032
CVE-2017-5754).
- x86/boot: Fix early command-line parsing when matching at end
(bsc#1068032).
- x86/cpu: Factor out application of forced CPU caps (bsc#1075994
bsc#1075091).
- x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
- x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
- x86/kaiser: Populate shadow PGD with NX bit only if supported by
platform (bsc#1076154 bsc#1076278).
- x86/kaiser: use trampoline stack for kernel entry.
- x86/microcode/intel: Extend BDW late-loading further with LLC size check
(bsc#1054305).
- x86/microcode/intel: Extend BDW late-loading with a revision check
(bsc#1054305).
- x86/microcode: Rescan feature flags upon late loading (bsc#1075994
bsc#1075091).
- x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
(bsc#1068032).
- x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly
(bsc#1075994 bsc#1075091).
- x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
bsc#1075091).
- x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).
- x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
(bsc#1068032 CVE-2017-5715).
- mm: pin address_space before dereferencing it while isolating an LRU
page (bnc#1081500).

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-kernel-20180207-13491=1

- SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-kernel-20180207-13491=1

- SUSE Linux Enterprise Server 11-EXTRA:

zypper in -t patch slexsp3-kernel-20180207-13491=1

- SUSE Linux Enterprise Real Time Extension 11-SP4:

zypper in -t patch slertesp4-kernel-20180207-13491=1

- SUSE Linux Enterprise High Availability Extension 11-SP4:

zypper in -t patch slehasp4-kernel-20180207-13491=1

- SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-kernel-20180207-13491=1

To bring your system up-to-date, use "zypper patch".

Package List:

- SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

kernel-docs-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

kernel-default-3.0.101-108.35.1
kernel-default-base-3.0.101-108.35.1
kernel-default-devel-3.0.101-108.35.1
kernel-source-3.0.101-108.35.1
kernel-syms-3.0.101-108.35.1
kernel-trace-3.0.101-108.35.1
kernel-trace-base-3.0.101-108.35.1
kernel-trace-devel-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

kernel-ec2-3.0.101-108.35.1
kernel-ec2-base-3.0.101-108.35.1
kernel-ec2-devel-3.0.101-108.35.1
kernel-xen-3.0.101-108.35.1
kernel-xen-base-3.0.101-108.35.1
kernel-xen-devel-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-SP4 (s390x):

kernel-default-man-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-SP4 (ppc64):

kernel-bigmem-3.0.101-108.35.1
kernel-bigmem-base-3.0.101-108.35.1
kernel-bigmem-devel-3.0.101-108.35.1
kernel-ppc64-3.0.101-108.35.1
kernel-ppc64-base-3.0.101-108.35.1
kernel-ppc64-devel-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-SP4 (i586):

kernel-pae-3.0.101-108.35.1
kernel-pae-base-3.0.101-108.35.1
kernel-pae-devel-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

kernel-xen-extra-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-EXTRA (x86_64):

kernel-trace-extra-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-EXTRA (ppc64):

kernel-ppc64-extra-3.0.101-108.35.1

- SUSE Linux Enterprise Server 11-EXTRA (i586):

kernel-pae-extra-3.0.101-108.35.1

- SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):

cluster-network-kmp-rt-1.4_3.0.101_rt130_69.14-2.32.4.6
cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_69.14-2.32.4.6
drbd-kmp-rt-8.4.4_3.0.101_rt130_69.14-0.27.4.6
drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_69.14-0.27.4.6
gfs2-kmp-rt-2_3.0.101_rt130_69.14-0.24.4.6
gfs2-kmp-rt_trace-2_3.0.101_rt130_69.14-0.24.4.6
ocfs2-kmp-rt-1.6_3.0.101_rt130_69.14-0.28.5.6
ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_69.14-0.28.5.6

- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64
s390x x86_64):

cluster-network-kmp-default-1.4_3.0.101_108.35-2.32.4.6
cluster-network-kmp-trace-1.4_3.0.101_108.35-2.32.4.6
drbd-8.4.4-0.27.4.2
drbd-bash-completion-8.4.4-0.27.4.2
drbd-heartbeat-8.4.4-0.27.4.2
drbd-kmp-default-8.4.4_3.0.101_108.35-0.27.4.6
drbd-kmp-trace-8.4.4_3.0.101_108.35-0.27.4.6
drbd-pacemaker-8.4.4-0.27.4.2
drbd-udev-8.4.4-0.27.4.2
drbd-utils-8.4.4-0.27.4.2
gfs2-kmp-default-2_3.0.101_108.35-0.24.4.6
gfs2-kmp-trace-2_3.0.101_108.35-0.24.4.6
ocfs2-kmp-default-1.6_3.0.101_108.35-0.28.5.6
ocfs2-kmp-trace-1.6_3.0.101_108.35-0.28.5.6

- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):

cluster-network-kmp-xen-1.4_3.0.101_108.35-2.32.4.6
drbd-kmp-xen-8.4.4_3.0.101_108.35-0.27.4.6
gfs2-kmp-xen-2_3.0.101_108.35-0.24.4.6
ocfs2-kmp-xen-1.6_3.0.101_108.35-0.28.5.6

- SUSE Linux Enterprise High Availability Extension 11-SP4 (x86_64):

drbd-xen-8.4.4-0.27.4.2

- SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):

cluster-network-kmp-bigmem-1.4_3.0.101_108.35-2.32.4.6
cluster-network-kmp-ppc64-1.4_3.0.101_108.35-2.32.4.6
drbd-kmp-bigmem-8.4.4_3.0.101_108.35-0.27.4.6
drbd-kmp-ppc64-8.4.4_3.0.101_108.35-0.27.4.6
gfs2-kmp-bigmem-2_3.0.101_108.35-0.24.4.6
gfs2-kmp-ppc64-2_3.0.101_108.35-0.24.4.6
ocfs2-kmp-bigmem-1.6_3.0.101_108.35-0.28.5.6
ocfs2-kmp-ppc64-1.6_3.0.101_108.35-0.28.5.6

- SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):

cluster-network-kmp-pae-1.4_3.0.101_108.35-2.32.4.6
drbd-kmp-pae-8.4.4_3.0.101_108.35-0.27.4.6
gfs2-kmp-pae-2_3.0.101_108.35-0.24.4.6
ocfs2-kmp-pae-1.6_3.0.101_108.35-0.28.5.6

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

drbd-debuginfo-8.4.4-0.27.4.2
drbd-debugsource-8.4.4-0.27.4.2
kernel-default-debuginfo-3.0.101-108.35.1
kernel-default-debugsource-3.0.101-108.35.1
kernel-trace-debuginfo-3.0.101-108.35.1
kernel-trace-debugsource-3.0.101-108.35.1

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

kernel-default-devel-debuginfo-3.0.101-108.35.1
kernel-trace-devel-debuginfo-3.0.101-108.35.1

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

kernel-ec2-debuginfo-3.0.101-108.35.1
kernel-ec2-debugsource-3.0.101-108.35.1
kernel-xen-debuginfo-3.0.101-108.35.1
kernel-xen-debugsource-3.0.101-108.35.1
kernel-xen-devel-debuginfo-3.0.101-108.35.1

- SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

kernel-bigmem-debuginfo-3.0.101-108.35.1
kernel-bigmem-debugsource-3.0.101-108.35.1
kernel-ppc64-debuginfo-3.0.101-108.35.1
kernel-ppc64-debugsource-3.0.101-108.35.1

- SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

kernel-pae-debuginfo-3.0.101-108.35.1
kernel-pae-debugsource-3.0.101-108.35.1
kernel-pae-devel-debuginfo-3.0.101-108.35.1

References:

https://www.suse.com/security/cve/CVE-2015-1142857.html
https://www.suse.com/security/cve/CVE-2017-13215.html
https://www.suse.com/security/cve/CVE-2017-17741.html
https://www.suse.com/security/cve/CVE-2017-18017.html
https://www.suse.com/security/cve/CVE-2017-18079.html
https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-1000004.html
https://www.suse.com/security/cve/CVE-2018-5332.html
https://www.suse.com/security/cve/CVE-2018-5333.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1045538
https://bugzilla.suse.com/1048585
https://bugzilla.suse.com/1050431
https://bugzilla.suse.com/1054305
https://bugzilla.suse.com/1059174
https://bugzilla.suse.com/1060279
https://bugzilla.suse.com/1060682
https://bugzilla.suse.com/1063544
https://bugzilla.suse.com/1064861
https://bugzilla.suse.com/1068032
https://bugzilla.suse.com/1068984
https://bugzilla.suse.com/1069508
https://bugzilla.suse.com/1070623
https://bugzilla.suse.com/1070781
https://bugzilla.suse.com/1073311
https://bugzilla.suse.com/1074488
https://bugzilla.suse.com/1074621
https://bugzilla.suse.com/1074880
https://bugzilla.suse.com/1075088
https://bugzilla.suse.com/1075091
https://bugzilla.suse.com/1075410
https://bugzilla.suse.com/1075617
https://bugzilla.suse.com/1075621
https://bugzilla.suse.com/1075908
https://bugzilla.suse.com/1075994
https://bugzilla.suse.com/1076017
https://bugzilla.suse.com/1076154
https://bugzilla.suse.com/1076278
https://bugzilla.suse.com/1076437
https://bugzilla.suse.com/1076849
https://bugzilla.suse.com/1077191
https://bugzilla.suse.com/1077355
https://bugzilla.suse.com/1077406
https://bugzilla.suse.com/1077487
https://bugzilla.suse.com/1077560
https://bugzilla.suse.com/1077922
https://bugzilla.suse.com/1078875
https://bugzilla.suse.com/1079917
https://bugzilla.suse.com/1080133
https://bugzilla.suse.com/1080359
https://bugzilla.suse.com/1080363
https://bugzilla.suse.com/1080372
https://bugzilla.suse.com/1080579
https://bugzilla.suse.com/1080685
https://bugzilla.suse.com/1080774
https://bugzilla.suse.com/1081500
https://bugzilla.suse.com/936530
https://bugzilla.suse.com/962257

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org