You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2507-1
Rating: important
References: #1048942 #1051510 #1082635 #1090631 #1096254
#1111666 #1117665 #1119461 #1119465 #1123034
#1135966 #1135967 #1138190 #1139073 #1140090
#1143706 #1144903 #1149119 #1150466 #1152665
#1152696 #1152697 #1152782 #1153681 #1154124
#1154526 #1154858 #1154905 #1154956 #1155021
#1155061 #1155671 #1155692 #1155836 #1155982
#1156187 #1156429
Cross-References: CVE-2018-12207 CVE-2019-0154 CVE-2019-0155
CVE-2019-10220 CVE-2019-11135 CVE-2019-16231
CVE-2019-17055 CVE-2019-18805
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that solves 8 vulnerabilities and has 29 fixes is
now available.

Description:

The openSUSE Leap 15.1 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

– CVE-2019-0154: An unprotected read access to i915 registers has been
fixed that could have been abused to facilitate a local
denial-of-service attack. (bsc#1135966)
– CVE-2019-0155: A privilege escalation vulnerability has been fixed in
the i915 module that allowed batch buffers from user mode to gain super
user privileges. (bsc#1135967)
– CVE-2019-16231: drivers/net/fjes/fjes_main.c did not check the
alloc_workqueue return value, leading to a NULL pointer dereference
(bnc#1150466).
– CVE-2019-18805: There was a net/ipv4/tcp_input.c signed integer overflow
in tcp_ack_update_rtt() when userspace writes a very large integer to
/proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or
possibly unspecified other impact, aka CID-19fad20d15a6 (bnc#1156187).
– CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the
AF_ISDN network module did not enforce CAP_NET_RAW, which means that
unprivileged users can create a raw socket, aka CID-b91ee4aa2a21
(bnc#1152782).
– CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs
with Transactional Memory support could be used to facilitate
sidechannel information leaks out of microarchitectural buffers, similar
to the previously described “Microarchitectural Data Sampling” attack.

The Linux kernel was supplemented with the option to disable TSX
operation altogether (requiring CPU Microcode updates on older systems)
and better flushing of microarchitectural buffers (VERW).

The set of options available is described in our TID at
https://www.suse.com/support/kb/doc/?id=7024251
– CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a
race condition in the Instruction Fetch Unit of the Intel CPU to cause a
Machine Exception during Page Size Change, causing the CPU core to be
non-functional.

The Linux Kernel kvm hypervisor was adjusted to avoid page size changes
in executable pages by splitting / merging huge pages into small pages as
needed.

More information can be found on
https://www.suse.com/support/kb/doc/?id=7023735
– CVE-2019-10220: Added sanity checks on the pathnames passed to the user
space. (bsc#1144903).

The following non-security bugs were fixed:

– ALSA: bebob: Fix prototype of helper function to return negative value
(bsc#1051510).
– ALSA: bebob: fix to detect configured source of sampling clock for
Focusrite Saffire Pro i/o series (git-fixes).
– ALSA: firewire-motu: add support for MOTU 4pre (bsc#1111666).
– ALSA: hda/ca0132 – Fix possible workqueue stall (bsc#1155836).
– ALSA: hda/realtek – Add support for ALC623 (bsc#1051510).
– ALSA: hda/realtek – Fix 2 front mics of codec 0x623 (bsc#1051510).
– ALSA: timer: Fix incorrectly assigned timer instance (git-fixes).
– ALSA: timer: Fix mutex deadlock at releasing card (bsc#1051510).
– ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface
(bsc#1051510).
– ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers (bsc#1111666).
– ALSA: usb-audio: Fix copy&paste error in the validator (bsc#1111666).
– arm64: Add decoding macros for CP15_32 and CP15_64 traps (jsc#ECO-561).
– arm64: Add part number for Neoverse N1 (jsc#ECO-561).
– arm64: Add silicon-errata.txt entry for ARM erratum 1188873
(jsc#ECO-561).
– arm64: Add support for new control bits CTR_EL0.DIC and CTR_EL0.IDC
(jsc#ECO-561,jsc#SLE-10671).
– arm64: Apply ARM64_ERRATUM_1188873 to Neoverse-N1 (jsc#ECO-561).
– arm64: arch_timer: Add workaround for ARM erratum 1188873 (jsc#ECO-561).
– arm64: arch_timer: avoid unused function warning (jsc#ECO-561).
– arm64: compat: Add CNTFRQ trap handler (jsc#ECO-561).
– arm64: compat: Add CNTVCT trap handler (jsc#ECO-561).
– arm64: compat: Add condition code checks and IT advance (jsc#ECO-561).
– arm64: compat: Add cp15_32 and cp15_64 handler arrays (jsc#ECO-561).
– arm64: compat: Add separate CP15 trapping hook (jsc#ECO-561).
– arm64: compat: Workaround Neoverse-N1 #1542419 for compat user-space
(jsc#ECO-561,jsc#SLE-10671).
– arm64: cpu_errata: Remove ARM64_MISMATCHED_CACHE_LINE_SIZE
(jsc#ECO-561,jsc#SLE-10671).
– arm64/cpufeature: Convert hook_lock to raw_spin_lock_t in
cpu_enable_ssbs() (jsc#ECO-561).
– arm64: cpufeature: ctr: Fix cpu capability check for late CPUs
(jsc#ECO-561,jsc#SLE-10671).
– arm64: cpufeature: Detect SSBS and advertise to userspace (jsc#ECO-561).
– arm64: cpufeature: Fix handling of CTR_EL0.IDC field
(jsc#ECO-561,jsc#SLE-10671).
– arm64: cpufeature: Trap CTR_EL0 access only where it is necessary
(jsc#ECO-561,jsc#SLE-10671).
– arm64: cpu: Move errata and feature enable callbacks closer to callers
(jsc#ECO-561).
– arm64: entry: Allow handling of undefined instructions from EL1
(jsc#ECO-561).
– arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1
#1542419 (jsc#ECO-561,jsc#SLE-10671).
– arm64: Fake the IminLine size on systems affected by Neoverse-N1
#1542419 (jsc#ECO-561,jsc#SLE-10671).
– arm64: Fix mismatched cache line size detection
(jsc#ECO-561,jsc#SLE-10671).
– arm64: Fix silly typo in comment (jsc#ECO-561).
– arm64: fix SSBS sanitization (jsc#ECO-561).
– arm64: force_signal_inject: WARN if called from kernel context
(jsc#ECO-561).
– arm64: Force SSBS on context switch (jsc#ECO-561).
– arm64: Handle erratum 1418040 as a superset of erratum 1188873
(jsc#ECO-561).
– arm64: Introduce sysreg_clear_set() (jsc#ECO-561).
– arm64: kill change_cpacr() (jsc#ECO-561).
– arm64: kill config_sctlr_el1() (jsc#ECO-561).
– arm64: KVM: Add invalidate_icache_range helper
(jsc#ECO-561,jsc#SLE-10671).
– arm64: KVM: PTE/PMD S2 XN bit definition (jsc#ECO-561,jsc#SLE-10671).
– arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT (jsc#ECO-561).
– arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h> (jsc#ECO-561).
– arm64: Restrict ARM64_ERRATUM_1188873 mitigation to AArch32
(jsc#ECO-561).
– arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
(jsc#ECO-561).
– arm64: ssbd: Drop #ifdefs for PR_SPEC_STORE_BYPASS (jsc#ECO-561).
– arm: KVM: Add optimized PIPT icache flushing (jsc#ECO-561,jsc#SLE-10671).
– ath10k: assign ‘n_cipher_suites = 11’ for WCN3990 to enable WPA3
(bsc#1111666).
– brcmfmac: sdio: Disable auto-tuning around commands expected to fail
(bsc#1111666).
– brcmfmac: sdio: Do not tune while the card is off (bsc#1111666).
– can: dev: call netif_carrier_off() in register_candev() (bsc#1051510).
– config: arm64: enable erratum 1418040 and 1542419
– dmaengine: bcm2835: Print error in case setting DMA mask fails
(bsc#1051510).
– dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510).
– drm/amd/display: fix odm combine pipe reset (bsc#1111666).
– drm/amdgpu: fix memory leak (bsc#1111666).
– drm/amdgpu/powerplay/vega10: allow undervolting in p7 (bsc#1111666).
– drm/i915: Add gen9 BCS cmdparsing (bsc#1135967)
– drm/i915: Add gen9 BCS cmdparsing (bsc#1135967)
– drm/i915: Add support for mandatory cmdparsing (bsc#1135967)
– drm/i915: Add support for mandatory cmdparsing (bsc#1135967)
– drm/i915: Allow parsing of unsized batches (bsc#1135967)
– drm/i915: Allow parsing of unsized batches (bsc#1135967)
– drm/i915/cmdparser: Add support for backward jumps (bsc#1135967)
– drm/i915/cmdparser: Add support for backward jumps (bsc#1135967)
– drm/i915/cmdparser: Ignore Length operands during (bsc#1135967)
– drm/i915/cmdparser: Ignore Length operands during command matching
(bsc#1135967)
– drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967)
– drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967)
– drm/i915/cml: Add second PCH ID for CMP (bsc#1111666).
– drm/i915: Disable Secure Batches for gen6+
– drm/i915: Disable Secure Batches for gen6+ (bsc#1135967)
– drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967)
– drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967)
– drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967)
– drm/i915/gtt: Disable read-only support under GVT (bsc#1135967)
– drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967)
– drm/i915/ilk: Fix warning when reading emon_status with no output
(bsc#1111666).
– drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967)
– drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967)
– drm/i915: Prevent writing into a read-only object via a GGTT mmap
(bsc#1135967)
– drm/i915: Remove Master tables from cmdparser
– drm/i915: Remove Master tables from cmdparser (bsc#1135967)
– drm/i915: Rename gen7 cmdparser tables (bsc#1135967)
– drm/i915: Rename gen7 cmdparser tables (bsc#1135967)
– drm/i915: Support ro ppgtt mapped cmdparser shadow (bsc#1135967)
– drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967)
– drm/msm/dpu: handle failures while initializing displays (bsc#1111666).
– hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953,
jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190,
bsc#1154905).
– IB/core: Add mitigation for Spectre V1 (bsc#1155671)
– integrity: prevent deadlock during digsig verification (bsc#1090631).
– irqchip/gic-v3-its: Fix command queue pointer comparison bug
(jsc#ECO-561).
– irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices (jsc#ECO-561).
– irqchip/gic-v3-its: Fix misuse of GENMASK macro (jsc#ECO-561).
– iwlwifi: do not panic in error path on non-msix systems (bsc#1155692).
– iwlwifi: exclude GEO SAR support for 3168 (bsc#1111666).
– iwlwifi: exclude GEO SAR support for 3168 (git-fixes).
– iwlwifi: fw: do not send GEO_TX_POWER_LIMIT command to FW version 36
(bsc#1111666).
– kabi protect enum RDMA_DRIVER_EFA (jsc#SLE-4805)
– kABI workaround for drm_vma_offset_node readonly field addition
(bsc#1135967)
– kABI workaround for mmc_host retune_crc_disable flag addition
(bsc#1111666).
– KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe
(jsc#ECO-561).
– KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW
(jsc#ECO-561,jsc#SLE-10671).
– KVM: arm/arm64: Detangle kvm_mmu.h from kvm_hyp.h
(jsc#ECO-561,jsc#SLE-10671).
– KVM: arm/arm64: Drop vcpu parameter from guest cache maintenance
operartions (jsc#ECO-561,jsc#SLE-10671).
– KVM: arm/arm64: Limit icache invalidation to prefetch aborts
(jsc#ECO-561,jsc#SLE-10671).
– KVM: arm/arm64: Only clean the dcache on translation fault
(jsc#ECO-561,jsc#SLE-10671).
– KVM: arm/arm64: Preserve Exec permission across R/W permission faults
(jsc#ECO-561,jsc#SLE-10671).
– KVM: arm/arm64: Split dcache/icache flushing (jsc#ECO-561,jsc#SLE-10671).
– KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
(bsc#1117665).
– md/raid0: avoid RAID0 data corruption due to layout confusion
(bsc#1140090).
– md/raid0: fix warning message for parameter default_layout (bsc#1140090).
– mmc: core: Add sdio_retune_hold_now() and sdio_retune_release()
(bsc#1111666).
– mmc: core: API to temporarily disable retuning for SDIO CRC errors
(bsc#1111666).
– Move upstreamed CA0132 fix into sorted section
– net: openvswitch: free vport unless register_netdevice() succeeds
(git-fixes).
– phylink: fix kernel-doc warnings (bsc#1111666).
– power: supply: max14656: fix potential use-after-free (bsc#1051510).
– RDMA/efa: Add Amazon EFA driver (jsc#SLE-4805)
– RDMA/hns: Add reset process for function-clear (bsc#1155061).
– RDMA/hns: Remove the some magic number (bsc#1155061).
– RDMA/restrack: Track driver QP types in resource tracker (jsc#SLE-4805)
– Revert “ALSA: hda: Flush interrupts on disabling” (bsc#1051510).
– Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also
blacklisting it
– rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage
description (bsc#1149119).
– s390: add support for IBM z15 machines (bsc#1152696 LTC#181731).
– s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855).
– s390: fix setting of mio addressing control (bsc#1152665 LTC#181729).
– s390/pci: add mio_enabled attribute (bsc#1152665 LTC#181729).
– s390/pci: correctly handle MIO opt-out (bsc#1152665 LTC#181729).
– s390/pci: deal with devices that have no support for MIO instructions
(bsc#1152665 LTC#181729).
– s390/pci: fix MSI message data (bsc#1152697 LTC#181730).
– sc16is7xx: Fix for “Unexpected interrupt: 8” (bsc#1051510).
– sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).
– scsi: lpfc: Limit xri count for kdump environment (bsc#1154124).
– scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump
(bsc#1143706 bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635
bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix device connect issues in P2P configuration
(bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635
bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Initialized mailbox to prevent driver load failure
(bsc#1143706 bsc#1082635 bsc#1123034).
– scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635
bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635
bsc#1154526 bsc#1048942).
– scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: sd: Ignore a failure to sync cache due to lack of authorization
(git-fixes).
– scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021).
– scsi: zfcp: fix reaction on bit error threshold notification
(bsc#1154956 LTC#182054).
– serial: fix kernel-doc warning in comments (bsc#1051510).
– serial: mctrl_gpio: Check for NULL pointer (bsc#1051510).
– serial: uartlite: fix exit path null pointer (bsc#1051510).
– staging: rtl8188eu: fix null dereference when kzalloc fails
(bsc#1051510).
– supporte.conf: add efivarfs to kernel-default-base (bsc#1154858).
– tracing: Get trace_array reference for available_tracers files
(bsc#1156429).
– usb: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510).
– usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510).
– usb: handle warm-reset port requests on hub resume (bsc#1051510).
– usb: ldusb: fix control-message timeout (bsc#1051510).
– usb: ldusb: fix ring-buffer locking (bsc#1051510).
– usb: serial: whiteheat: fix line-speed endianness (bsc#1051510).
– usb: serial: whiteheat: fix potential slab corruption (bsc#1051510).
– usb-storage: Revert commit 747668dbc061 (“usb-storage: Set
virt_boundary_mask to avoid SG overflows”) (bsc#1051510).
– wil6210: fix freeing of rx buffers in EDMA mode (bsc#1111666).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-2507=1

Package List:

– openSUSE Leap 15.1 (noarch):

kernel-devel-4.12.14-lp151.28.32.1
kernel-docs-4.12.14-lp151.28.32.1
kernel-docs-html-4.12.14-lp151.28.32.1
kernel-macros-4.12.14-lp151.28.32.1
kernel-source-4.12.14-lp151.28.32.1
kernel-source-vanilla-4.12.14-lp151.28.32.1

– openSUSE Leap 15.1 (x86_64):

kernel-debug-4.12.14-lp151.28.32.1
kernel-debug-base-4.12.14-lp151.28.32.1
kernel-debug-base-debuginfo-4.12.14-lp151.28.32.1
kernel-debug-debuginfo-4.12.14-lp151.28.32.1
kernel-debug-debugsource-4.12.14-lp151.28.32.1
kernel-debug-devel-4.12.14-lp151.28.32.1
kernel-debug-devel-debuginfo-4.12.14-lp151.28.32.1
kernel-default-4.12.14-lp151.28.32.1
kernel-default-base-4.12.14-lp151.28.32.1
kernel-default-base-debuginfo-4.12.14-lp151.28.32.1
kernel-default-debuginfo-4.12.14-lp151.28.32.1
kernel-default-debugsource-4.12.14-lp151.28.32.1
kernel-default-devel-4.12.14-lp151.28.32.1
kernel-default-devel-debuginfo-4.12.14-lp151.28.32.1
kernel-kvmsmall-4.12.14-lp151.28.32.1
kernel-kvmsmall-base-4.12.14-lp151.28.32.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.32.1
kernel-kvmsmall-debuginfo-4.12.14-lp151.28.32.1
kernel-kvmsmall-debugsource-4.12.14-lp151.28.32.1
kernel-kvmsmall-devel-4.12.14-lp151.28.32.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.32.1
kernel-obs-build-4.12.14-lp151.28.32.1
kernel-obs-build-debugsource-4.12.14-lp151.28.32.1
kernel-obs-qa-4.12.14-lp151.28.32.1
kernel-syms-4.12.14-lp151.28.32.1
kernel-vanilla-4.12.14-lp151.28.32.1
kernel-vanilla-base-4.12.14-lp151.28.32.1
kernel-vanilla-base-debuginfo-4.12.14-lp151.28.32.1
kernel-vanilla-debuginfo-4.12.14-lp151.28.32.1
kernel-vanilla-debugsource-4.12.14-lp151.28.32.1
kernel-vanilla-devel-4.12.14-lp151.28.32.1
kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.32.1

References:

https://www.suse.com/security/cve/CVE-2018-12207.html
https://www.suse.com/security/cve/CVE-2019-0154.html
https://www.suse.com/security/cve/CVE-2019-0155.html
https://www.suse.com/security/cve/CVE-2019-10220.html
https://www.suse.com/security/cve/CVE-2019-11135.html
https://www.suse.com/security/cve/CVE-2019-16231.html
https://www.suse.com/security/cve/CVE-2019-17055.html
https://www.suse.com/security/cve/CVE-2019-18805.html
https://bugzilla.suse.com/1048942
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1082635
https://bugzilla.suse.com/1090631
https://bugzilla.suse.com/1096254
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1117665
https://bugzilla.suse.com/1119461
https://bugzilla.suse.com/1119465
https://bugzilla.suse.com/1123034
https://bugzilla.suse.com/1135966
https://bugzilla.suse.com/1135967
https://bugzilla.suse.com/1138190
https://bugzilla.suse.com/1139073
https://bugzilla.suse.com/1140090
https://bugzilla.suse.com/1143706
https://bugzilla.suse.com/1144903
https://bugzilla.suse.com/1149119
https://bugzilla.suse.com/1150466
https://bugzilla.suse.com/1152665
https://bugzilla.suse.com/1152696
https://bugzilla.suse.com/1152697
https://bugzilla.suse.com/1152782
https://bugzilla.suse.com/1153681
https://bugzilla.suse.com/1154124
https://bugzilla.suse.com/1154526
https://bugzilla.suse.com/1154858
https://bugzilla.suse.com/1154905
https://bugzilla.suse.com/1154956
https://bugzilla.suse.com/1155021
https://bugzilla.suse.com/1155061
https://bugzilla.suse.com/1155671
https://bugzilla.suse.com/1155692
https://bugzilla.suse.com/1155836
https://bugzilla.suse.com/1155982
https://bugzilla.suse.com/1156187
https://bugzilla.suse.com/1156429


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:2503-1
Rating: important
References: #1048942 #1051510 #1082635 #1083647 #1090631
#1096254 #1117665 #1119461 #1119465 #1123034
#1135966 #1135967 #1137040 #1138190 #1139073
#1140090 #1143706 #1144338 #1144903 #1146612
#1149119 #1150457 #1150466 #1152624 #1152685
#1152782 #1153476 #1153509 #1153681 #1153969
#1154124 #1154526 #1154737 #1154848 #1154858
#1154905 #1154956 #1155021 #1155178 #1155179
#1155184 #1155186 #1155671 #1155692 #1155836
#1155982 #1156187 #1156429
Cross-References: CVE-2018-12207 CVE-2019-0154 CVE-2019-0155
CVE-2019-10220 CVE-2019-11135 CVE-2019-16231
CVE-2019-16233 CVE-2019-16995 CVE-2019-17055
CVE-2019-18805
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that solves 10 vulnerabilities and has 38 fixes
is now available.

Description:

The openSUSE Leap 15.0 kernel was updated to receive various security and
bugfixes.

The following security bugs were fixed:

– CVE-2019-0154: An unprotected read access to i915 registers has been
fixed that could have been abused to facilitate a local
denial-of-service attack. (bsc#1135966)
– CVE-2019-0155: A privilege escalation vulnerability has been fixed in
the i915 module that allowed batch buffers from user mode to gain super
user privileges. (bsc#1135967)
– CVE-2019-16231: drivers/net/fjes/fjes_main.c did not check the
alloc_workqueue return value, leading to a NULL pointer dereference
(bnc#1150466).
– CVE-2019-18805: There was a net/ipv4/tcp_input.c signed integer overflow
in tcp_ack_update_rtt() when userspace writes a very large integer to
/proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or
possibly unspecified other impact, aka CID-19fad20d15a6 (bnc#1156187).
– CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the
AF_ISDN network module did not enforce CAP_NET_RAW, which means that
unprivileged users can create a raw socket, aka CID-b91ee4aa2a21
(bnc#1152782).
– CVE-2019-16995: A memory leak exits in hsr_dev_finalize() in
net/hsr/hsr_device.c, if hsr_add_port fails to add a port, which may
cause denial of service, aka CID-6caabe7f197d (bnc#1152685).
– CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs
with Transactional Memory support could be used to facilitate
sidechannel information leaks out of microarchitectural buffers, similar
to the previously described “Microarchitectural Data Sampling” attack.

The Linux kernel was supplemented with the option to disable TSX
operation altogether (requiring CPU Microcode updates on older systems)
and better flushing of microarchitectural buffers (VERW).

The set of options available is described in our TID at
https://www.suse.com/support/kb/doc/?id=7024251

– CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the
alloc_workqueue return value, leading to a NULL pointer dereference
(bnc#1150457).
– CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a
race condition in the Instruction Fetch Unit of the Intel CPU to cause a
Machine Exception during Page Size Change, causing the CPU core to be
non-functional.

The Linux Kernel kvm hypervisor was adjusted to avoid page size changes
in executable pages by splitting / merging huge pages into small pages as
needed.

More information can be found on
https://www.suse.com/support/kb/doc/?id=7023735

– CVE-2019-10220: Added sanity checks on the pathnames passed to the user
space. (bsc#1144903).

The following non-security bugs were fixed:

– ALSA: bebob: Fix prototype of helper function to return negative value
(bsc#1051510).
– ALSA: bebob: fix to detect configured source of sampling clock for
Focusrite Saffire Pro i/o series (git-fixes).
– ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510).
– ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510).
– ALSA: hda/ca0132 – Fix possible workqueue stall (bsc#1155836).
– ALSA: hda/realtek – Add support for ALC623 (bsc#1051510).
– ALSA: hda/realtek – Add support for ALC711 (bsc#1051510).
– ALSA: hda/realtek – Fix 2 front mics of codec 0x623 (bsc#1051510).
– ALSA: timer: Fix incorrectly assigned timer instance (git-fixes).
– ALSA: timer: Fix mutex deadlock at releasing card (bsc#1051510).
– arcnet: provide a buffer big enough to actually receive packets
(networking-stable-19_09_30).
– ASoc: rockchip: i2s: Fix RPM imbalance (bsc#1051510).
– ASoC: rsnd: Reinitialize bit clock inversion flag for every format
setting (bsc#1051510).
– bpf: fix use after free in prog symbol exposure (bsc#1083647).
– btrfs: block-group: Fix a memory leak due to missing
btrfs_put_block_group() (bsc#1155178).
– btrfs: qgroup: Always free PREALLOC META reserve in
btrfs_delalloc_release_extents() (bsc#1155179).
– btrfs: tracepoints: Fix bad entry members of qgroup events (bsc#1155186).
– btrfs: tracepoints: Fix wrong parameter order for qgroup events
(bsc#1155184).
– can: dev: call netif_carrier_off() in register_candev() (bsc#1051510).
– crypto: af_alg – consolidation of duplicate code (bsc#1154737).
– crypto: af_alg – fix race accessing cipher request (bsc#1154737).
– crypto: af_alg – Fix race around ctx->rcvused by making it atomic_t
(bsc#1154737).
– crypto: af_alg – Initialize sg_num_bytes in error code path
(bsc#1051510).
– crypto: af_alg – remove locking in async callback (bsc#1154737).
– crypto: af_alg – update correct dst SGL entry (bsc#1051510).
– crypto: af_alg – wait for data at beginning of recvmsg (bsc#1154737).
– crypto: algif_aead – copy AAD from src to dst (bsc#1154737).
– crypto: algif_aead – fix reference counting of null skcipher
(bsc#1154737).
– crypto: algif_aead – overhaul memory management (bsc#1154737).
– crypto: algif_aead – skip SGL entries with NULL page (bsc#1154737).
– crypto: algif – return error code when no data was processed
(bsc#1154737).
– crypto: algif_skcipher – overhaul memory management (bsc#1154737).
– cxgb4:Fix out-of-bounds MSI-X info array access
(networking-stable-19_10_05).
– dmaengine: bcm2835: Print error in case setting DMA mask fails
(bsc#1051510).
– dmaengine: imx-sdma: fix size check for sdma script_number (bsc#1051510).
– drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50 (bsc#1051510).
– drm/i915: Add gen9 BCS cmdparsing (bsc#1135967)
– drm/i915: Add support for mandatory cmdparsing (bsc#1135967)
– drm/i915: Allow parsing of unsized batches (bsc#1135967)
– drm/i915/cmdparser: Add support for backward jumps (bsc#1135967)
– drm/i915/cmdparser: Ignore Length operands during command matching
(bsc#1135967)
– drm/i915/cmdparser: Use explicit goto for error paths (bsc#1135967)
– drm/i915: Disable Secure Batches for gen6+
– drm/i915/gen8+: Add RC6 CTX corruption WA (bsc#1135967)
– drm/i915/gtt: Add read only pages to gen8_pte_encode (bsc#1135967)
– drm/i915/gtt: Disable read-only support under GVT (bsc#1135967)
– drm/i915/gtt: Read-only pages for insert_entries on bdw (bsc#1135967)
– drm/i915: Lower RM timeout to avoid DSI hard hangs (bsc#1135967)
– drm/i915: Prevent writing into a read-only object via a GGTT mmap
(bsc#1135967)
– drm/i915: Remove Master tables from cmdparser
– drm/i915: Rename gen7 cmdparser tables (bsc#1135967)
– drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (bsc#1135967)
– efi: cper: print AER info of PCIe fatal error (bsc#1051510).
– efi/memattr: Do not bail on zero VA if it equals the region’s PA
(bsc#1051510).
– efivar/ssdt: Do not iterate over EFI vars if no SSDT override was
specified (bsc#1051510).
– HID: fix error message in hid_open_report() (bsc#1051510).
– HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy()
(bsc#1051510).
– hso: fix NULL-deref on tty open (bsc#1051510).
– hyperv: set nvme msi interrupts to unmanaged (jsc#SLE-8953,
jsc#SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190,
bsc#1154905).
– IB/core: Add mitigation for Spectre V1 (bsc#1155671)
– ieee802154: ca8210: prevent memory leak (bsc#1051510).
– input: synaptics-rmi4 – avoid processing unknown IRQs (bsc#1051510).
– integrity: prevent deadlock during digsig verification (bsc#1090631).
– ipv6: drop incoming packets having a v4mapped source address
(networking-stable-19_10_05).
– ipv6: Handle missing host route in __ipv6_ifa_notify
(networking-stable-19_10_05).
– iwlwifi: do not panic in error path on non-msix systems (bsc#1155692).
– iwlwifi: exclude GEO SAR support for 3168 (git-fixes).
– kABI workaround for crypto/af_alg changes (bsc#1154737).
– kABI workaround for drm_vma_offset_node readonly field addition
(bsc#1135967)
– ksm: cleanup stable_node chain collapse case (bnc#1144338).
– ksm: fix use after free with merge_across_nodes = 0 (bnc#1144338).
– ksm: introduce ksm_max_page_sharing per page deduplication limit
(bnc#1144338).
– ksm: optimize refile of stable_node_dup at the head of the chain
(bnc#1144338).
– ksm: swap the two output parameters of chain/chain_prune (bnc#1144338).
– KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
(bsc#1117665).
– mac80211: fix txq null pointer dereference (bsc#1051510).
– mac80211: Reject malformed SSID elements (bsc#1051510).
– md/raid0: avoid RAID0 data corruption due to layout confusion
(bsc#1140090).
– md/raid0: fix warning message for parameter default_layout (bsc#1140090).
– Move upstreamed CA0132 fix into sorted section
– netfilter: nf_nat: do not bug when mapping already exists (bsc#1146612).
– net: openvswitch: free vport unless register_netdevice() succeeds
(git-fixes).
– net/phy: fix DP83865 10 Mbps HDX loopback disable function
(networking-stable-19_09_30).
– net: qlogic: Fix memory leak in ql_alloc_large_buffers
(networking-stable-19_10_05).
– net: qrtr: Stop rx_worker before freeing node
(networking-stable-19_09_30).
– net/rds: Fix error handling in rds_ib_add_one()
(networking-stable-19_10_05).
– net/rds: fix warn in rds_message_alloc_sgs (bsc#1154848).
– net/rds: remove user triggered WARN_ON in rds_sendmsg (bsc#1154848).
– net: Replace NF_CT_ASSERT() with WARN_ON() (bsc#1146612).
– net/sched: act_sample: do not push mac header on ip6gre ingress
(networking-stable-19_09_30).
– net_sched: add policy validation for action attributes
(networking-stable-19_09_30).
– net_sched: fix backward compatibility for TCA_ACT_KIND (git-fixes).
– net: Unpublish sk from sk_reuseport_cb before call_rcu
(networking-stable-19_10_05).
– NFSv4.1 – backchannel request should hold ref on xprt (bsc#1152624).
– nl80211: fix null pointer dereference (bsc#1051510).
– openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
(networking-stable-19_09_30).
– power: supply: max14656: fix potential use-after-free (bsc#1051510).
– qmi_wwan: add support for Cinterion CLS8 devices
(networking-stable-19_10_05).
– r8152: Set macpassthru in reset_resume callback (bsc#1051510).
– rds: Fix warning (bsc#1154848).
– Revert “ALSA: hda: Flush interrupts on disabling” (bsc#1051510).
– Revert “drm/radeon: Fix EEH during kexec” (bsc#1051510).
– Revert synaptics-rmi4 patch due to regression (bsc#1155982) Also
blacklisting it
– rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage
description (bsc#1149119).
– s390/cmf: set_schib_wait add timeout (bsc#1153509, bsc#1153476).
– s390/cpumsf: Check for CPU Measurement sampling (bsc#1153681 LTC#181855).
– sc16is7xx: Fix for “Unexpected interrupt: 8” (bsc#1051510).
– sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
(networking-stable-19_10_05).
– sch_dsmark: fix potential NULL deref in dsmark_init()
(networking-stable-19_10_05).
– sched/fair: Avoid divide by zero when rebalancing domains (bsc#1096254).
– sch_netem: fix a divide by zero in tabledist()
(networking-stable-19_09_30).
– scsi: lpfc: Fix devices that do not return after devloss followed by
rediscovery (bsc#1137040).
– scsi: lpfc: Limit xri count for kdump environment (bsc#1154124).
– scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump
(bsc#1143706 bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Do command completion on abort timeout (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: do not use zero for FC4_PRIORITY_NVME (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Fix a dma_pool_free() call (bsc#1143706 bsc#1082635
bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix device connect issues in P2P configuration
(bsc#1143706 bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix double scsi_done for abort path (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix driver unload hang (bsc#1143706 bsc#1082635
bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix memory leak when sending I/O fails (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix N2N link reset (bsc#1143706 bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Fix N2N link up fail (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Fix partial flash write of MBI (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Fix SRB leak on switch command timeout (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: fixup incorrect usage of host_byte (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Fix wait condition in loop (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Improve logging for scan thread (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Initialized mailbox to prevent driver load failure
(bsc#1143706 bsc#1082635 bsc#1123034).
– scsi: qla2xxx: initialize fc4_type_priority (bsc#1143706 bsc#1082635
bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Optimize NPIV tear down process (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Remove an include directive (bsc#1143706 bsc#1082635
bsc#1154526 bsc#1048942).
– scsi: qla2xxx: remove redundant assignment to pointer host (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: qla2xxx: Set remove flag for all VP (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Silence fwdump template message (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: stop timer in shutdown path (bsc#1143706 bsc#1082635
bsc#1123034).
– scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1143706
bsc#1082635 bsc#1123034).
– scsi: qla2xxx: Update driver version to 10.01.00.21-k (bsc#1143706
bsc#1082635 bsc#1154526 bsc#1048942).
– scsi: sd: Ignore a failure to sync cache due to lack of authorization
(git-fixes).
– scsi: storvsc: Add ability to change scsi queue depth (bsc#1155021).
– scsi: zfcp: fix reaction on bit error threshold notification
(bsc#1154956 LTC#182054).
– serial: fix kernel-doc warning in comments (bsc#1051510).
– serial: mctrl_gpio: Check for NULL pointer (bsc#1051510).
– serial: uartlite: fix exit path null pointer (bsc#1051510).
– skge: fix checksum byte order (networking-stable-19_09_30).
– staging: rtl8188eu: fix null dereference when kzalloc fails
(bsc#1051510).
– staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
(bsc#1051510).
– supporte.conf: add efivarfs to kernel-default-base (bsc#1154858).
– tipc: fix unlimited bundling of small messages
(networking-stable-19_10_05).
– tracing: Get trace_array reference for available_tracers files
(bsc#1156429).
– usb: gadget: Reject endpoints with 0 maxpacket value (bsc#1051510).
– usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode (bsc#1051510).
– usb: handle warm-reset port requests on hub resume (bsc#1051510).
– usb: ldusb: fix control-message timeout (bsc#1051510).
– usb: ldusb: fix memleak on disconnect (bsc#1051510).
– usb: ldusb: fix NULL-derefs on driver unbind (bsc#1051510).
– usb: ldusb: fix read info leaks (bsc#1051510).
– usb: ldusb: fix ring-buffer locking (bsc#1051510).
– usb: legousbtower: fix a signedness bug in tower_probe() (bsc#1051510).
– usb: legousbtower: fix memleak on disconnect (bsc#1051510).
– usb: serial: ti_usb_3410_5052: fix port-close races (bsc#1051510).
– usb: serial: whiteheat: fix line-speed endianness (bsc#1051510).
– usb: serial: whiteheat: fix potential slab corruption (bsc#1051510).
– usb-storage: Revert commit 747668dbc061 (“usb-storage: Set
virt_boundary_mask to avoid SG overflows”) (bsc#1051510).
– usb: udc: lpc32xx: fix bad bit shift operation (bsc#1051510).
– usb: usblp: fix use-after-free on disconnect (bsc#1051510).
– vsock: Fix a lockdep warning in __vsock_release()
(networking-stable-19_10_05).
– x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
(bnc#1153969).
– x86/boot/64: Round memory hole size up to next PMD page (bnc#1153969).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-2503=1

Package List:

– openSUSE Leap 15.0 (noarch):

kernel-devel-4.12.14-lp150.12.82.1
kernel-docs-4.12.14-lp150.12.82.1
kernel-docs-html-4.12.14-lp150.12.82.1
kernel-macros-4.12.14-lp150.12.82.1
kernel-source-4.12.14-lp150.12.82.1
kernel-source-vanilla-4.12.14-lp150.12.82.1

– openSUSE Leap 15.0 (x86_64):

kernel-debug-4.12.14-lp150.12.82.1
kernel-debug-base-4.12.14-lp150.12.82.1
kernel-debug-base-debuginfo-4.12.14-lp150.12.82.1
kernel-debug-debuginfo-4.12.14-lp150.12.82.1
kernel-debug-debugsource-4.12.14-lp150.12.82.1
kernel-debug-devel-4.12.14-lp150.12.82.1
kernel-debug-devel-debuginfo-4.12.14-lp150.12.82.1
kernel-default-4.12.14-lp150.12.82.1
kernel-default-base-4.12.14-lp150.12.82.1
kernel-default-base-debuginfo-4.12.14-lp150.12.82.1
kernel-default-debuginfo-4.12.14-lp150.12.82.1
kernel-default-debugsource-4.12.14-lp150.12.82.1
kernel-default-devel-4.12.14-lp150.12.82.1
kernel-default-devel-debuginfo-4.12.14-lp150.12.82.1
kernel-kvmsmall-4.12.14-lp150.12.82.1
kernel-kvmsmall-base-4.12.14-lp150.12.82.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.82.1
kernel-kvmsmall-debuginfo-4.12.14-lp150.12.82.1
kernel-kvmsmall-debugsource-4.12.14-lp150.12.82.1
kernel-kvmsmall-devel-4.12.14-lp150.12.82.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.82.1
kernel-obs-build-4.12.14-lp150.12.82.1
kernel-obs-build-debugsource-4.12.14-lp150.12.82.1
kernel-obs-qa-4.12.14-lp150.12.82.1
kernel-syms-4.12.14-lp150.12.82.1
kernel-vanilla-4.12.14-lp150.12.82.1
kernel-vanilla-base-4.12.14-lp150.12.82.1
kernel-vanilla-base-debuginfo-4.12.14-lp150.12.82.1
kernel-vanilla-debuginfo-4.12.14-lp150.12.82.1
kernel-vanilla-debugsource-4.12.14-lp150.12.82.1
kernel-vanilla-devel-4.12.14-lp150.12.82.1
kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.82.1

References:

https://www.suse.com/security/cve/CVE-2018-12207.html
https://www.suse.com/security/cve/CVE-2019-0154.html
https://www.suse.com/security/cve/CVE-2019-0155.html
https://www.suse.com/security/cve/CVE-2019-10220.html
https://www.suse.com/security/cve/CVE-2019-11135.html
https://www.suse.com/security/cve/CVE-2019-16231.html
https://www.suse.com/security/cve/CVE-2019-16233.html
https://www.suse.com/security/cve/CVE-2019-16995.html
https://www.suse.com/security/cve/CVE-2019-17055.html
https://www.suse.com/security/cve/CVE-2019-18805.html
https://bugzilla.suse.com/1048942
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1082635
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1090631
https://bugzilla.suse.com/1096254
https://bugzilla.suse.com/1117665
https://bugzilla.suse.com/1119461
https://bugzilla.suse.com/1119465
https://bugzilla.suse.com/1123034
https://bugzilla.suse.com/1135966
https://bugzilla.suse.com/1135967
https://bugzilla.suse.com/1137040
https://bugzilla.suse.com/1138190
https://bugzilla.suse.com/1139073
https://bugzilla.suse.com/1140090
https://bugzilla.suse.com/1143706
https://bugzilla.suse.com/1144338
https://bugzilla.suse.com/1144903
https://bugzilla.suse.com/1146612
https://bugzilla.suse.com/1149119
https://bugzilla.suse.com/1150457
https://bugzilla.suse.com/1150466
https://bugzilla.suse.com/1152624
https://bugzilla.suse.com/1152685
https://bugzilla.suse.com/1152782
https://bugzilla.suse.com/1153476
https://bugzilla.suse.com/1153509
https://bugzilla.suse.com/1153681
https://bugzilla.suse.com/1153969
https://bugzilla.suse.com/1154124
https://bugzilla.suse.com/1154526
https://bugzilla.suse.com/1154737
https://bugzilla.suse.com/1154848
https://bugzilla.suse.com/1154858
https://bugzilla.suse.com/1154905
https://bugzilla.suse.com/1154956
https://bugzilla.suse.com/1155021
https://bugzilla.suse.com/1155178
https://bugzilla.suse.com/1155179
https://bugzilla.suse.com/1155184
https://bugzilla.suse.com/1155186
https://bugzilla.suse.com/1155671
https://bugzilla.suse.com/1155692
https://bugzilla.suse.com/1155836
https://bugzilla.suse.com/1155982
https://bugzilla.suse.com/1156187
https://bugzilla.suse.com/1156429


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa qemu

Otkriveni su sigurnosni nedostaci u programskom paketu qemu za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS...

Close