SUSE: 2020:0836-1 important: the Linux Kernel

    Date 31 Mar 2020
    209
    Posted By LinuxSecurity Advisories
    An update that solves 5 vulnerabilities and has 58 fixes is now available.
    
       SUSE Security Update: Security update for the Linux Kernel
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:0836-1
    Rating:             important
    References:         #1044231 #1051510 #1051858 #1056686 #1060463 
                        #1065729 #1103990 #1103992 #1104353 #1104745 
                        #1109837 #1111666 #1111974 #1112178 #1112374 
                        #1113956 #1114279 #1114685 #1119680 #1127611 
                        #1133021 #1134090 #1136157 #1141895 #1144333 
                        #1146539 #1156510 #1157424 #1158187 #1159285 
                        #1160659 #1161561 #1161951 #1162928 #1162929 
                        #1162931 #1164078 #1164507 #1165111 #1165404 
                        #1165488 #1165527 #1165741 #1165813 #1165873 
                        #1165929 #1165950 #1165980 #1165984 #1165985 
                        #1166003 #1166101 #1166102 #1166103 #1166104 
                        #1166632 #1166658 #1166730 #1166731 #1166732 
                        #1166733 #1166734 #1166735 
    Cross-References:   CVE-2019-19768 CVE-2020-8647 CVE-2020-8648
                        CVE-2020-8649 CVE-2020-9383
    Affected Products:
                        SUSE Linux Enterprise Workstation Extension 15-SP1
                        SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
                        SUSE Linux Enterprise Module for Legacy Software 15-SP1
                        SUSE Linux Enterprise Module for Development Tools 15-SP1
                        SUSE Linux Enterprise Module for Basesystem 15-SP1
                        SUSE Linux Enterprise High Availability 15-SP1
    ______________________________________________________________________________
    
       An update that solves 5 vulnerabilities and has 58 fixes is
       now available.
    
    Description:
    
       The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various
       security and bugfixes.
    
       The following security bugs were fixed:
    
       - CVE-2020-8647: Fixed a use-after-free in the vc_do_resize function in
         drivers/tty/vt/vt.c (bsc#1162929).
       - CVE-2020-8649: Fixed a use-after-free in the vgacon_invert_region
         function in drivers/video/console/vgacon.c (bsc#1162931).
       - CVE-2020-8648: Fixed a use-after-free in the n_tty_receive_buf_common
         function in drivers/tty/n_tty.c (bsc#1162928).
       - CVE-2020-9383: Fixed an out-of-bounds read due to improper error
         condition check of FDC index (bsc#1165111).
       - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function
         in kernel/trace/blktrace.c (bnc#1159285).
    
       The following non-security bugs were fixed:
    
       - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1
         (bsc#1111666).
       - ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666).
       - ALSA: hda/realtek - Add more codec supported Headset Button
         (bsc#1111666).
       - ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666).
       - ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666).
       - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294
         (bsc#1111666).
       - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1
         (bsc#1111666).
       - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master
         (bsc#1111666).
       - ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666).
       - ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000
         (bsc#1111666).
       - ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666).
       - ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82
         (bsc#1111666).
       - ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65
         headset (bsc#1111666).
       - ALSA: usb-audio: fix Corsair Virtuoso mixer label collision
         (bsc#1111666).
       - ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bsc#1111666).
       - ALSA: usb-audio: unlock on error in probe (bsc#1111666).
       - ALSA: usb-audio: Use lower hex numbers for IDs (bsc#1111666).
       - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
         (bsc#1051510).
       - amdgpu/gmc_v9: save/restore sdpif regs during S3 (bsc#1113956)
       - ASoC: dapm: Correct DAPM handling of active widgets during shutdown
         (bsc#1051510).
       - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
         (bsc#1051510).
       - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
         (bsc#1051510).
       - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510).
       - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510).
       - atm: zatm: Fix empty body Clang warnings (bsc#1051510).
       - b43legacy: Fix -Wcast-function-type (bsc#1051510).
       - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
       - blktrace: fix dereference after null check (bsc#1159285).
       - blktrace: fix trace mutex deadlock (bsc#1159285).
       - bnxt_en: Fix NTUPLE firmware command failures (bsc#1104745 ).
       - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05).
       - bnxt_en: Improve device shutdown method (bsc#1104745 ).
       - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs
         (bsc#1134090 jsc#SLE-5954).
       - bonding/alb: properly access headers in bond_alb_xmit()
         (networking-stable-20_02_09).
       - bpf, offload: Replace bitwise AND by logical AND in
         bpf_prog_offload_info_fill (bsc#1109837).
       - CIFS: add a debug macro that prints \\server\share for errors
         (bsc#1144333).
       - CIFS: add missing mount option to /proc/mounts (bsc#1144333).
       - CIFS: add new debugging macro cifs_server_dbg (bsc#1144333).
       - CIFS: add passthrough for smb2 setinfo (bsc#1144333).
       - CIFS: add SMB2_open() arg to return POSIX data (bsc#1144333).
       - CIFS: add smb2 POSIX info level (bsc#1144333).
       - CIFS: add SMB3 change notification support (bsc#1144333).
       - CIFS: add support for fallocate mode 0 for non-sparse files
         (bsc#1144333).
       - CIFS: Add support for setting owner info, dos attributes, and create
         time (bsc#1144333).
       - CIFS: Add tracepoints for errors on flush or fsync (bsc#1144333).
       - CIFS: Adjust indentation in smb2_open_file (bsc#1144333).
       - CIFS: allow chmod to set mode bits using special sid (bsc#1144333).
       - CIFS: Avoid doing network I/O while holding cache lock (bsc#1144333).
       - CIFS: call wake_up(server->response_q) inside of cifs_reconnect()
         (bsc#1144333).
       - CIFS: Clean up DFS referral cache (bsc#1144333).
       - CIFS: create a helper function to parse the query-directory response
         buffer (bsc#1144333).
       - CIFS: do d_move in rename (bsc#1144333).
       - CIFS: Do not display RDMA transport on reconnect (bsc#1144333).
       - CIFS: do not ignore the SYNC flags in getattr (bsc#1144333).
       - CIFS: do not leak -EAGAIN for stat() during reconnect (bsc#1144333).
       - CIFS: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333).
       - CIFS: enable change notification for SMB2.1 dialect (bsc#1144333).
       - CIFS: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333).
       - CIFS: fix a comment for the timeouts when sending echos (bsc#1144333).
       - CIFS: fix a white space issue in cifs_get_inode_info() (bsc#1144333).
       - CIFS: fix dereference on ses before it is null checked (bsc#1144333).
       - CIFS: Fix memory allocation in __smb2_handle_cancelled_cmd()
         (bsc#1144333).
       - CIFS: fix mode bits from dir listing when mounted with modefromsid
         (bsc#1144333).
       - CIFS: Fix mode output in debugging statements (bsc#1144333).
       - CIFS: Fix mount options set in automount (bsc#1144333).
       - CIFS: fix NULL dereference in match_prepath (bsc#1144333).
       - CIFS: Fix potential deadlock when updating vol in cifs_reconnect()
         (bsc#1144333).
       - CIFS: fix potential mismatch of UNC paths (bsc#1144333).
       - CIFS: fix rename() by ensuring source handle opened with DELETE bit
         (bsc#1144333).
       - CIFS: Fix return value in __update_cache_entry (bsc#1144333).
       - CIFS: fix soft mounts hanging in the reconnect code (bsc#1144333).
       - CIFS: fix soft mounts hanging in the reconnect code (bsc#1144333).
       - CIFS: Fix task struct use-after-free on reconnect (bsc#1144333).
       - CIFS: fix unitialized variable poential problem with network I/O cache
         lock patch (bsc#1144333).
       - CIFS: get mode bits from special sid on stat (bsc#1144333).
       - CIFS: Get rid of kstrdup_const()'d paths (bsc#1144333).
       - CIFS: handle prefix paths in reconnect (bsc#1144333).
       - CIFS: Introduce helpers for finding TCP connection (bsc#1144333).
       - CIFS: log warning message (once) if out of disk space (bsc#1144333).
       - CIFS: make sure we do not overflow the max EA buffer size (bsc#1144333).
       - CIFS: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333).
       - CIFS: Merge is_path_valid() into get_normalized_path() (bsc#1144333).
       - CIFS: modefromsid: make room for 4 ACE (bsc#1144333).
       - CIFS: modefromsid: write mode ACE first (bsc#1144333).
       - CIFS: Optimize readdir on reparse points (bsc#1144333).
       - CIFS: plumb smb2 POSIX dir enumeration (bsc#1144333).
       - CIFS: potential unintitliazed error code in cifs_getattr() (bsc#1144333).
       - CIFS: prepare SMB2_query_directory to be used with compounding
         (bsc#1144333).
       - CIFS: print warning once if mounting with vers=1.0 (bsc#1144333).
       - CIFS: refactor cifs_get_inode_info() (bsc#1144333).
       - CIFS: remove redundant assignment to pointer pneg_ctxt (bsc#1144333).
       - CIFS: remove redundant assignment to variable rc (bsc#1144333).
       - CIFS: remove set but not used variables (bsc#1144333).
       - CIFS: remove set but not used variable 'server' (bsc#1144333).
       - CIFS: remove unused variable (bsc#1144333).
       - CIFS: remove unused variable 'sid_user' (bsc#1144333).
       - CIFS: rename a variable in SendReceive() (bsc#1144333).
       - CIFS: rename posix create rsp (bsc#1144333).
       - CIFS: replace various strncpy with strscpy and similar (bsc#1144333).
       - CIFS: Return directly after a failed build_path_from_dentry() in
         cifs_do_create() (bsc#1144333).
       - CIFS: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333).
       - CIFS: smbd: Add messages on RDMA session destroy and reconnection
         (bsc#1144333).
       - CIFS: smbd: Invalidate and deregister memory registration on re-send for
         direct I/O (bsc#1144333).
       - CIFS: smbd: Only queue work for error recovery on memory registration
         (bsc#1144333).
       - CIFS: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333).
       - CIFS: smbd: Return -ECONNABORTED when trasnport is not in connected
         state (bsc#1144333).
       - CIFS: smbd: Return -EINVAL when the number of iovs exceeds
         SMBDIRECT_MAX_SGE (bsc#1144333).
       - CIFS: Use common error handling code in smb2_ioctl_query_info()
         (bsc#1144333).
       - CIFS: use compounding for open and first query-dir for readdir()
         (bsc#1144333).
       - CIFS: Use #define in cifs_dbg (bsc#1144333).
       - CIFS: Use memdup_user() rather than duplicating its implementation
         (bsc#1144333).
       - CIFS: use mod_delayed_work() for server->reconnect if already queued
         (bsc#1144333).
       - CIFS: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333).
       - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05).
       - core: Do not skip generic XDP program execution for cloned SKBs
         (bsc#1109837).
       - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729).
       - cpufreq: powernv: Fix use-after-free (bsc#1065729).
       - crypto: pcrypt - Fix user-after-free on module unload (git-fixes).
       - devlink: report 0 after hitting end in region read (bsc#1109837).
       - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
         (bsc#1051510).
       - driver core: platform: fix u32 greater or equal to zero comparison
         (bsc#1051510).
       - driver core: platform: Prevent resouce overflow from causing infinite
         loops (bsc#1051510).
       - driver core: Print device when resources present in really_probe()
         (bsc#1051510).
       - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET
         (bsc#1166003).
       - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET
         (bsc#1166003).
       - drm/amd/dm/mst: Ignore payload update failures (bsc#1112178)
       - drm/amdkfd: fix a use after free race with mmu_notifer unregister
         (bsc#1114279)
       - drm: atmel-hlcdc: enable clock before configuring timing engine
         (bsc#1114279)
       - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279)
       - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510).
       - drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime (git-fixes).
       - drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits
         (git-fixes).
       - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279)
       - drm/i915: Program MBUS with rmw during initialization (git-fixes).
       - drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279)
       - drm/i915/userptr: fix size calculation (bsc#1114279)
       - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279)
       - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279)
       - drm/mediatek: Add gamma property according to hardware capability
         (bsc#1114279)
       - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279)
       - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510).
       - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279)
       - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable
         (bsc#1114279)
       - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
         (bsc#1051510).
       - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from
         fw (bsc#1051510).
       - drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets
         (git-fixes).
       - drm: rcar-du: Recognize "renesas,vsps" in addition to "vsps"
         (bsc#1114279)
       - drm: remove the newline for CRC source name (bsc#1051510).
       - EDAC/mc: Fix use-after-free and memleaks during device removal
         (bsc#1114279).
       - Enabled the following two patches in series.conf, and refresh the KABI
         patch due to previous md commit (bsc#1119680)
       - ethtool: Factored out similar ethtool link settings for virtual devices
         to core (bsc#1136157 ltc#177197).
       - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003).
       - firmware: imx: misc: Align imx sc msg structs to 4 (git-fixes).
       - firmware: imx: scu: Ensure sequential TX (git-fixes).
       - firmware: imx: scu-pd: Align imx sc msg structs to 4 (git-fixes).
       - Fixed memory leak in large read decrypt offload (bsc#1144333).
       - Fixed some regressions (bsc#1165527 ltc#184149).
       - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333).
       - fs: cifs: cifsssmb: remove redundant assignment to variable ret
         (bsc#1144333).
       - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333).
       - fs: cifs: mute -Wunused-const-variable message (bsc#1144333).
       - fs/cifs/sess.c: Remove set but not used variable 'capabilities'
         (bsc#1144333).
       - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333).
       - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333).
       - fs/xfs: fix f_ffree value for statfs when project quota is set
         (bsc#1165985).
       - gtp: make sure only SOCK_DGRAM UDP sockets are accepted
         (networking-stable-20_01_27).
       - gtp: use __GFP_NOWARN to avoid memalloc warning
         (networking-stable-20_02_05).
       - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510).
       - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes).
       - hv_netvsc: Fix memory leak when removing rndis device
         (networking-stable-20_01_20).
       - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510).
       - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ).
       - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551).
       - ibmvnic: Do not process device remove during device reset (bsc#1065729).
       - ibmvnic: Warn unknown speed message only when carrier is present
         (bsc#1065729).
       - Input: edt-ft5x06 - work around first register access error
         (bsc#1051510).
       - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510).
       - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list
         (bsc#1051510).
       - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510).
       - iommu/amd: Check feature support bit before accessing MSI capability
         registers (bsc#1166101).
       - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102).
       - iommu/amd: Remap the IOMMU device table with the memory encryption mask
         for kdump (bsc#1141895).
       - iommu/dma: Fix MSI reservation allocation (bsc#1166730).
       - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
         (bsc#1166731).
       - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
         (bsc#1166732).
       - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103).
       - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733).
       - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734).
       - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn
         + add_taint (bsc#1166735).
       - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes).
       - ipv6: restrict IPV6_ADDRFORM operation (bsc#1109837).
       - iwlegacy: Fix -Wcast-function-type (bsc#1051510).
       - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices
         (bsc#1166632).
       - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510).
       - kdump, proc/vmcore: Enable kdumping encrypted memory with SME enabled
         (bsc#1141895).
       - kernel/module.c: Only return -EEXIST for modules that have finished
         loading (bsc#1165488).
       - kernel/module.c: wakeup processes in module_wq on module unload
         (bsc#1165488).
       - kexec: Allocate decrypted control pages for kdump if SME is enabled
         (bsc#1141895).
       - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021).
       - KVM: s390: do not clobber registers during guest reset/store status
         (bsc#1133021).
       - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021).
       - KVM: VMX: check descriptor table exits on instruction emulation
         (bsc#1166104).
       - l2tp: Allow duplicate session creation with UDP
         (networking-stable-20_02_05).
       - libnvdimm/pfn_dev: Do not clear device memmap area during generic
         namespace probe (bsc#1165929 bsc#1165950).
       - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
         (bsc#1165929).
       - libnvdimm: remove redundant __func__ in dev_dbg (bsc#1165929).
       - lib/raid6: add missing include for raid6test (bsc#1166003).
       - lib/raid6: add option to skip algo benchmarking (bsc#1166003).
       - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003).
       - md: add __acquires/__releases annotations to handle_active_stripes
         (bsc#1166003).
       - md: add __acquires/__releases annotations to (un)lock_two_stripes
         (bsc#1166003).
       - md: add a missing endianness conversion in check_sb_changes
         (bsc#1166003).
       - md: add bitmap_abort label in md_run (bsc#1166003).
       - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003).
       - md: allow last device to be forcibly removed from RAID1/RAID10
         (bsc#1166003).
       - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003).
       - md/bitmap: avoid race window between md_bitmap_resize and
         bitmap_file_clear_bit (bsc#1166003).
       - md-bitmap: create and destroy wb_info_pool with the change of backlog
         (bsc#1166003).
       - md-bitmap: create and destroy wb_info_pool with the change of bitmap
         (bsc#1166003).
       - md-bitmap: small cleanups (bsc#1166003).
       - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003).
       - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during
         reshaping stage (bsc#1166003).
       - md-cluster: introduce resync_info_get interface for sanity check
         (bsc#1166003).
       - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003).
       - md-cluster/raid10: do not call remove_and_add_spares during reshaping
         stage (bsc#1166003).
       - md-cluster/raid10: resize all the bitmaps before start reshape
         (bsc#1166003).
       - md-cluster/raid10: support add disk under grow mode (bsc#1166003).
       - md-cluster: remove suspend_info (bsc#1166003).
       - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted
         (bsc#1166003).
       - md: convert to kvmalloc (bsc#1166003).
       - md: do not call spare_active in md_reap_sync_thread if all member
         devices can't work (bsc#1166003).
       - md: do not set In_sync if array is frozen (bsc#1166003).
       - md: fix a typo s/creat/create (bsc#1166003).
       - md: fix for divide error in status_resync (bsc#1166003).
       - md: fix spelling typo and add necessary space (bsc#1166003).
       - md: introduce mddev_create/destroy_wb_pool for the change of member
         device (bsc#1166003).
       - md-linear: use struct_size() in kzalloc() (bsc#1166003).
       - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003).
       - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003).
       - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show
         (bsc#1166003).
       - md: no longer compare spare disk superblock events in super_load
         (bsc#1166003).
       - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003).
       - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is
         gone (bsc#1166003).
       - md/raid10: end bio when the device faulty (bsc#1166003).
       - md/raid10: Fix raid10 replace hang when new added disk faulty
         (bsc#1166003).
       - md/raid10: prevent access of uninitialized resync_pages offset
         (bsc#1166003).
       - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003).
       - md: raid10: Use struct_size() in kmalloc() (bsc#1166003).
       - md/raid1: avoid soft lockup under high load (bsc#1166003).
       - md: raid1: check rdev before reference in raid1_sync_request func
         (bsc#1166003).
       - md/raid1: end bio when the device faulty (bsc#1166003).
       - md/raid1: fail run raid1 array when active disk less than one
         (bsc#1166003).
       - md/raid1: Fix a warning message in remove_wb() (bsc#1166003).
       - md/raid1: fix potential data inconsistency issue with write behind
         device (bsc#1166003).
       - md/raid1: get rid of extra blank line and space (bsc#1166003).
       - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003).
       - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003).
       - md: remove set but not used variable 'bi_rdev' (bsc#1166003).
       - md: rename wb stuffs (bsc#1166003).
       - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003).
       - md: use correct type in super_1_load (bsc#1166003).
       - md: use correct type in super_1_sync (bsc#1166003).
       - md: use correct types in md_bitmap_print_sb (bsc#1166003).
       - media: uvcvideo: Refactor teardown of uvc on USB disconnect
         (bsc#1164507).
       - mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters (bsc#1112374).
       - mlxsw: spectrum: Wipe xstats.backlog of down ports (bsc#1112374).
       - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
         (networking-stable-20_01_27).
       - net: dsa: mv88e6xxx: Preserve priority when setting CPU port
         (networking-stable-20_01_11).
       - net: dsa: tag_qca: fix doubled Tx statistics
         (networking-stable-20_01_20).
       - net/ethtool: Introduce link_ksettings API for virtual network devices
         (bsc#1136157 ltc#177197).
       - net: Fix Tx hash bound checking (bsc#1109837).
       - net: hns3: fix a copying IPv6 address error in
         hclge_fd_get_flow_tuples() (bsc#1104353).
       - net: hns: fix soft lockup when there is not enough memory
         (networking-stable-20_01_20).
       - net: hsr: fix possible NULL deref in hsr_handle_frame()
         (networking-stable-20_02_05).
       - net: ip6_gre: fix moving ip6gre between namespaces
         (networking-stable-20_01_27).
       - net, ip6_tunnel: fix namespaces move (networking-stable-20_01_27).
       - net, ip_tunnel: fix namespaces move (networking-stable-20_01_27).
       - net: macb: Limit maximum GEM TX length in TSO
         (networking-stable-20_02_09).
       - net: macb: Remove unnecessary alignment check for TSO
         (networking-stable-20_02_09).
       - net/mlx5: Fix lowest FDB pool size (bsc#1103990).
       - net/mlx5: IPsec, Fix esp modify function attribute (bsc#1103990 ).
       - net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx
         (bsc#1103990).
       - net/mlx5: Update the list of the PCI supported devices (bsc#1127611).
       - net/mlxfw: Verify FSM error code translation does not exceed array size
         (bsc#1051858).
       - net: mvneta: move rx_dropped and rx_errors in per-cpu stats
         (networking-stable-20_02_09).
       - net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
         (networking-stable-20_01_27).
       - net_sched: ematch: reject invalid TCF_EM_SIMPLE
         (networking-stable-20_01_30).
       - net_sched: fix an OOB access in cls_tcindex (networking-stable-20_02_05).
       - net_sched: fix a resource leak in tcindex_set_parms()
         (networking-stable-20_02_09).
       - net_sched: fix datalen for ematch (networking-stable-20_01_27).
       - net: sch_prio: When ungrafting, replace with FIFO
         (networking-stable-20_01_11).
       - net/smc: add fallback check to connect() (git-fixes).
       - net/smc: fix cleanup for linkgroup setup failures (git-fixes).
       - net/smc: no peer ID in CLC decline for SMCD (git-fixes).
       - net/smc: transfer fasync_list in case of fallback (git-fixes).
       - net: stmmac: dwmac-sunxi: Allow all RGMII modes
         (networking-stable-20_01_11).
       - net-sysfs: Fix reference count leak (networking-stable-20_01_27).
       - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
         (networking-stable-20_02_09).
       - net/tls: fix async operation (bsc#1109837).
       - net/tls: free the record on encryption error (bsc#1109837).
       - net/tls: take into account that bpf_exec_tx_verdict() may free the
         record (bsc#1109837).
       - net: usb: lan78xx: Add .ndo_features_check (networking-stable-20_01_27).
       - net: usb: lan78xx: fix possible skb leak (networking-stable-20_01_11).
       - net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info
         (networking-stable-20_01_20).
       - NFC: pn544: Fix a typo in a debug message (bsc#1051510).
       - NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use
         le16_add_cpu() (bsc#1051510).
       - nvme: Fix parsing of ANA log page (bsc#1166658).
       - nvme: resync include/linux/nvme.h with nvmecli (bsc#1156510).
       - nvme: Translate more status codes to blk_status_t (bsc#1156510).
       - orinoco: avoid assertion in case of NULL pointer (bsc#1051510).
       - padata: always acquire cpu_hotplug_lock before pinst->lock (git-fixes).
       - PCI/AER: Clear device status bits during ERR_COR handling (bsc#1161561).
       - PCI/AER: Clear device status bits during ERR_FATAL and ERR_NONFATAL
         (bsc#1161561).
       - PCI/AER: Clear only ERR_FATAL status bits during fatal recovery
         (bsc#1161561).
       - PCI/AER: Clear only ERR_NONFATAL bits during non-fatal recovery
         (bsc#1161561).
       - PCI/AER: Do not clear AER bits if error handling is Firmware-First
         (bsc#1161561).
       - PCI/AER: Do not read upstream ports below fatal errors (bsc#1161561).
       - PCI/AER: Factor out ERR_NONFATAL status bit clearing (bsc#1161561).
       - PCI/AER: Take reference on error devices (bsc#1161561).
       - PCI/ERR: Run error recovery callbacks for all affected devices
         (bsc#1161561).
       - PCI/ERR: Use slot reset if available (bsc#1161561).
       - pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
         (bsc#1051510).
       - pinctrl: imx: scu: Align imx sc msg structs to 4 (git-fixes).
       - pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs (bsc#1051510).
       - pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs (bsc#1051510).
       - pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
         (networking-stable-20_01_11).
       - platform/mellanox: fix potential deadlock in the tmfifo driver
         (bsc#1136333 jsc#SLE-4994).
       - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode
         systems (bsc#1056686).
       - powerpc/pseries: Avoid NULL pointer dereference when drmem is
         unavailable (bsc#1160659).
       - powerpc/pseries: fix of_read_drc_info_cell() to point at next record
         (bsc#1165980 ltc#183834).
       - powerpc/pseries: group lmb operation and memblock's (bsc#1165404
         ltc#183498).
       - powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR
         request (bsc#1165404 ltc#183498).
       - powerpc/pseries: update device tree before ejecting hotplug uevents
         (bsc#1165404 ltc#183498).
       - powerpc/smp: Use nid as fallback for package_id (bsc#1165813 ltc#184091).
       - ptr_ring: add include of linux/mm.h (bsc#1109837).
       - qmi_wwan: re-add DW5821e pre-production variant (bsc#1051510).
       - raid10: refactor common wait code from regular read/write request
         (bsc#1166003).
       - raid1: factor out a common routine to handle the completion of sync
         write (bsc#1166003).
       - raid1: simplify raid1_error function (bsc#1166003).
       - raid1: use an int as the return value of raise_barrier() (bsc#1166003).
       - raid5: block failing device if raid will be failed (bsc#1166003).
       - raid5: do not increment read_errors on EILSEQ return (bsc#1166003).
       - raid5: do not set STRIPE_HANDLE to stripe which is in batch list
         (bsc#1166003).
       - raid5 improve too many read errors msg by adding limits (bsc#1166003).
       - raid5: need to set STRIPE_HANDLE for batch head (bsc#1166003).
       - raid5: remove STRIPE_OPS_REQ_PENDING (bsc#1166003).
       - raid5: remove worker_cnt_per_group argument from alloc_thread_groups
         (bsc#1166003).
       - raid5: set write hint for PPL (bsc#1166003).
       - raid5: use bio_end_sector in r5_next_bio (bsc#1166003).
       - raid6/test: fix a compilation error (bsc#1166003).
       - raid6/test: fix a compilation warning (bsc#1166003).
       - RDMA/cma: Fix unbalanced cm_id reference count during address resolve
         (bsc#1103992).
       - RDMA/hfi1: Fix memory leak in _dev_comp_vect_mappings_create
         (bsc#1114685).
       - RDMA/uverbs: Verify MR access flags (bsc#1103992).
       - remoteproc: Initialize rproc_class before use (bsc#1051510).
       - Revert "HID: add NOGET quirk for Eaton Ellipse MAX UPS" (git-fixes).
       - rtlwifi: rtl_pci: Fix -Wcast-function-type (bsc#1051510).
       - rxrpc: Fix insufficient receive notification generation
         (networking-stable-20_02_05).
       - s390/pci: Fix unexpected write combine on resource (git-fixes).
       - s390/uv: Fix handling of length extensions (git-fixes).
       - scsi: fnic: do not queue commands during fwreset (bsc#1146539).
       - scsi: ibmvfc: Add failed PRLI to cmd_status lookup array (bsc#1161951
         ltc#183551).
       - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot
         (bsc#1161951 ltc#183551).
       - scsi: ibmvfc: Byte swap status and error codes when logging (bsc#1161951
         ltc#183551).
       - scsi: ibmvfc: Clean up transport events (bsc#1161951 ltc#183551).
       - scsi: ibmvfc: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
       - scsi: ibmvfc: Do not call fc_block_scsi_eh() on host reset (bsc#1161951
         ltc#183551).
       - scsi: ibmvfc: ibmvscsi: ibmvscsi_tgt: constify vio_device_id
         (bsc#1161951 ltc#183551).
       - scsi: ibmvfc: Mark expected switch fall-throughs (bsc#1161951
         ltc#183551).
       - scsi: ibmvfc: Remove "failed" from logged errors (bsc#1161951
         ltc#183551).
       - scsi: ibmvfc: Remove unneeded semicolons (bsc#1161951 ltc#183551).
       - scsi: ibmvscsi: change strncpy+truncation to strlcpy (bsc#1161951
         ltc#183551).
       - scsi: ibmvscsi: constify dev_pm_ops structures (bsc#1161951 ltc#183551).
       - scsi: ibmvscsi: Do not use rc uninitialized in ibmvscsi_do_work
         (bsc#1161951 ltc#183551).
       - scsi: ibmvscsi: fix tripping of blk_mq_run_hw_queue WARN_ON (bsc#1161951
         ltc#183551).
       - scsi: ibmvscsi: Improve strings handling (bsc#1161951 ltc#183551).
       - scsi: ibmvscsi: redo driver work thread to use enum action states
         (bsc#1161951 ltc#183551).
       - scsi: ibmvscsi: Wire up host_reset() in the driver's scsi_host_template
         (bsc#1161951 ltc#183551).
       - scsi: qla2xxx: Add 16.0GT for PCI String (bsc#1157424).
       - scsi: qla2xxx: Add beacon LED config sysfs interface (bsc#1157424).
       - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP
         (bsc#1157424).
       - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP
         (bsc#1157424).
       - scsi: qla2xxx: Add endianizer macro calls to fc host stats (bsc#1157424).
       - scsi: qla2xxx: Add fixes for mailbox command (bsc#1157424).
       - scsi: qla2xxx: add more FW debug information (bsc#1157424).
       - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (bsc#1157424).
       - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data
         (bsc#1157424).
       - scsi: qla2xxx: Add vendor extended FDMI commands (bsc#1157424).
       - scsi: qla2xxx: Add vendor extended RDP additions and amendments
         (bsc#1157424).
       - scsi: qla2xxx: Avoid setting firmware options twice in
         24xx_update_fw_options (bsc#1157424).
       - scsi: qla2xxx: Check locking assumptions at runtime in
         qla2x00_abort_srb() (bsc#1157424).
       - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (bsc#1157424).
       - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline
         function (bsc#1157424).
       - scsi: qla2xxx: Correction to selection of loopback/echo test
         (bsc#1157424).
       - scsi: qla2xxx: Display message for FCE enabled (bsc#1157424).
       - scsi: qla2xxx: Fix control flags for login/logout IOCB (bsc#1157424).
       - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (bsc#1157424).
       - scsi: qla2xxx: fix FW resource count values (bsc#1157424).
       - scsi: qla2xxx: Fix NPIV instantiation after FW dump (bsc#1157424).
       - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (bsc#1157424).
       - scsi: qla2xxx: Fix RDP respond data format (bsc#1157424).
       - scsi: qla2xxx: Fix RDP response size (bsc#1157424).
       - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (bsc#1157424).
       - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking
         code (bsc#1157424).
       - scsi: qla2xxx: Force semaphore on flash validation failure (bsc#1157424).
       - scsi: qla2xxx: Handle cases for limiting RDP response payload length
         (bsc#1157424).
       - scsi: qla2xxx: Handle NVME status iocb correctly (bsc#1157424).
       - scsi: qla2xxx: Improved secure flash support messages (bsc#1157424).
       - scsi: qla2xxx: Move free of fcport out of interrupt context
         (bsc#1157424).
       - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry()
         (bsc#1157424).
       - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (bsc#1157424).
       - scsi: qla2xxx: Return appropriate failure through BSG Interface
         (bsc#1157424).
       - scsi: qla2xxx: Save rscn_gen for new fcport (bsc#1157424).
       - scsi: qla2xxx: Serialize fc_port alloc in N2N (bsc#1157424).
       - scsi: qla2xxx: Set Nport ID for N2N (bsc#1157424).
       - scsi: qla2xxx: Show correct port speed capabilities for RDP command
         (bsc#1157424).
       - scsi: qla2xxx: Simplify the code for aborting SCSI commands
         (bsc#1157424).
       - scsi: qla2xxx: Suppress endianness complaints in
         qla2x00_configure_local_loop() (bsc#1157424).
       - scsi: qla2xxx: Update BPM enablement semantics (bsc#1157424).
       - scsi: qla2xxx: Update driver version to 10.01.00.24-k (bsc#1157424).
       - scsi: qla2xxx: Update driver version to 10.01.00.25-k (bsc#1157424).
       - scsi: qla2xxx: Use a dedicated interrupt handler for
         'handshake-required' ISPs (bsc#1157424).
       - scsi: qla2xxx: Use correct ISP28xx active FW region (bsc#1157424).
       - scsi: qla2xxx: Use endian macros to assign static fields in fwdump
         header (bsc#1157424).
       - scsi: qla2xxx: Use FC generic update firmware options routine for
         ISP27xx (bsc#1157424).
       - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (bsc#1157424).
       - scsi: tcm_qla2xxx: Make qlt_alloc_qfull_cmd() set cmd->se_cmd.map_tag
         (bsc#1157424).
       - sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
         (networking-stable-20_01_11).
       - smb3: add debug messages for closing unmatched open (bsc#1144333).
       - smb3: Add defines for new information level, FileIdInformation
         (bsc#1144333).
       - smb3: add dynamic tracepoints for flush and close (bsc#1144333).
       - smb3: add missing flag definitions (bsc#1144333).
       - smb3: Add missing reparse tags (bsc#1144333).
       - smb3: add missing worker function for SMB3 change notify (bsc#1144333).
       - smb3: add mount option to allow forced caching of read only share
         (bsc#1144333).
       - smb3: add mount option to allow RW caching of share accessed by only 1
         client (bsc#1144333).
       - smb3: add one more dynamic tracepoint missing from strict fsync path
         (bsc#1144333).
       - smb3: add some more descriptive messages about share when mounting
         cache=ro (bsc#1144333).
       - smb3: allow decryption keys to be dumped by admin for debugging
         (bsc#1144333).
       - smb3: allow disabling requesting leases (bsc#1144333).
       - smb3: allow parallelizing decryption of reads (bsc#1144333).
       - smb3: allow skipping signature verification for perf sensitive
         configurations (bsc#1144333).
       - smb3: Backup intent flag missing from some more ops (bsc#1144333).
       - smb3: cleanup some recent endian errors spotted by updated sparse
         (bsc#1144333).
       - smb3: display max smb3 requests in flight at any one time (bsc#1144333).
       - smb3: dump in_send and num_waiters stats counters by default
         (bsc#1144333).
       - smb3: enable offload of decryption of large reads via mount option
         (bsc#1144333).
       - smb3: fix default permissions on new files when mounting with
         modefromsid (bsc#1144333).
       - smb3: fix mode passed in on create for modetosid mount option
         (bsc#1144333).
       - smb3: fix performance regression with setting mtime (bsc#1144333).
       - smb3: fix potential null dereference in decrypt offload (bsc#1144333).
       - smb3: fix problem with null cifs super block with previous patch
         (bsc#1144333).
       - smb3: Fix regression in time handling (bsc#1144333).
       - smb3: improve check for when we send the security descriptor context on
         create (bsc#1144333).
       - smb3: log warning if CSC policy conflicts with cache mount option
         (bsc#1144333).
       - smb3: missing ACL related flags (bsc#1144333).
       - smb3: only offload decryption of read responses if multiple requests
         (bsc#1144333).
       - smb3: pass mode bits into create calls (bsc#1144333).
       - smb3: print warning once if posix context returned on open
         (bsc#1144333).
       - smb3: query attributes on file close (bsc#1144333).
       - smb3: remove noisy debug message and minor cleanup (bsc#1144333).
       - smb3: remove unused flag passed into close functions (bsc#1144333).
       - staging: rtl8188eu: Fix potential overuse of kernel memory (bsc#1051510).
       - staging: rtl8188eu: Fix potential security hole (bsc#1051510).
       - staging: rtl8723bs: Fix potential overuse of kernel memory (bsc#1051510).
       - staging: rtl8723bs: Fix potential security hole (bsc#1051510).
       - SUNRPC: Fix svcauth_gss_proxy_init() (bsc#1103992).
       - tcp_bbr: improve arithmetic division in bbr_update_bw()
         (networking-stable-20_01_27).
       - tcp: clear tp->data_segs{in|out} in tcp_disconnect()
         (networking-stable-20_02_05).
       - tcp: clear tp->delivered in tcp_disconnect()
         (networking-stable-20_02_05).
       - tcp: clear tp->segs_{in|out} in tcp_disconnect()
         (networking-stable-20_02_05).
       - tcp: clear tp->total_retrans in tcp_disconnect()
         (networking-stable-20_02_05).
       - tcp: fix marked lost packets not being retransmitted
         (networking-stable-20_01_20).
       - tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
         (networking-stable-20_01_11).
       - thunderbolt: Prevent crash if non-active NVMem file is read (git-fixes).
       - tick: broadcast-hrtimer: Fix a race in bc_set_next (bsc#1044231).
       - tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on
         failure (git-fixes).
       - tools: Update include/uapi/linux/fcntl.h copy from the kernel
         (bsc#1166003).
       - ttyprintk: fix a potential deadlock in interrupt context issue
         (git-fixes).
       - tun: add mutex_unlock() call and napi.skb clearing in tun_get_user()
         (bsc#1109837).
       - Updated block layer, timers and md code for SLE15-SP1 kernel
         (bsc#1111974).
       - Updated "drm/i915: Wean off drm_pci_alloc/drm_pci_free" (bsc#1114279)
       - USB: core: add endpoint-blacklist quirk (git-fixes).
       - USBip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit()
         (git-fixes).
       - USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 (git-fixes).
       - uvcvideo: Refactor teardown of uvc on USB disconnect
         (https://patchwork.kernel.org/patch/9683663/) (bsc#1164507)
       - vgacon: Fix a UAF in vgacon_invert_region (bsc#1114279)
       - virtio-blk: fix hw_queue stopped on arbitrary error (git-fixes).
       - vlan: fix memory leak in vlan_dev_set_egress_priority
         (networking-stable-20_01_11).
       - vlan: vlan_changelink() should propagate errors
         (networking-stable-20_01_11).
       - vxlan: fix tos value before xmit (networking-stable-20_01_11).
       - x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF
         (bsc#1114279).
       - x86/ioremap: Add an ioremap_encrypted() helper (bsc#1141895).
       - x86/kdump: Export the SME mask to vmcoreinfo (bsc#1141895).
       - x86/mce/amd: Fix kobject lifetime (bsc#1114279).
       - x86/mce/amd: Publish the bank pointer only after setup has succeeded
         (bsc#1114279).
       - x86/mm: Split vmalloc_sync_all() (bsc#1165741).
       - xfs: also remove cached ACLs when removing the underlying attr
         (bsc#1165873).
       - xfs: bulkstat should copy lastip whenever userspace supplies one
         (bsc#1165984).
       - xhci: fix runtime pm enabling for quirky Intel hosts (bsc#1051510).
       - xhci: Force Maximum Packet size for Full-speed bulk devices to valid
         range (bsc#1051510).
    
    
    Special Instructions and Notes:
    
       Please reboot the system after installing this update.
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Workstation Extension 15-SP1:
    
          zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-836=1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
    
          zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-836=1
    
       - SUSE Linux Enterprise Module for Legacy Software 15-SP1:
    
          zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-836=1
    
       - SUSE Linux Enterprise Module for Development Tools 15-SP1:
    
          zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-836=1
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1:
    
          zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-836=1
    
       - SUSE Linux Enterprise High Availability 15-SP1:
    
          zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-836=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):
    
          kernel-default-debuginfo-4.12.14-197.37.1
          kernel-default-debugsource-4.12.14-197.37.1
          kernel-default-extra-4.12.14-197.37.1
          kernel-default-extra-debuginfo-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
    
          kernel-default-debuginfo-4.12.14-197.37.1
          kernel-default-debugsource-4.12.14-197.37.1
          kernel-obs-qa-4.12.14-197.37.1
          kernel-vanilla-4.12.14-197.37.1
          kernel-vanilla-base-4.12.14-197.37.1
          kernel-vanilla-base-debuginfo-4.12.14-197.37.1
          kernel-vanilla-debuginfo-4.12.14-197.37.1
          kernel-vanilla-debugsource-4.12.14-197.37.1
          kernel-vanilla-devel-4.12.14-197.37.1
          kernel-vanilla-devel-debuginfo-4.12.14-197.37.1
          kernel-vanilla-livepatch-devel-4.12.14-197.37.1
          kselftests-kmp-default-4.12.14-197.37.1
          kselftests-kmp-default-debuginfo-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le x86_64):
    
          kernel-debug-4.12.14-197.37.1
          kernel-debug-base-4.12.14-197.37.1
          kernel-debug-base-debuginfo-4.12.14-197.37.1
          kernel-debug-debuginfo-4.12.14-197.37.1
          kernel-debug-debugsource-4.12.14-197.37.1
          kernel-debug-devel-4.12.14-197.37.1
          kernel-debug-devel-debuginfo-4.12.14-197.37.1
          kernel-debug-livepatch-devel-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x):
    
          kernel-default-livepatch-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
    
          kernel-kvmsmall-4.12.14-197.37.1
          kernel-kvmsmall-base-4.12.14-197.37.1
          kernel-kvmsmall-base-debuginfo-4.12.14-197.37.1
          kernel-kvmsmall-debuginfo-4.12.14-197.37.1
          kernel-kvmsmall-debugsource-4.12.14-197.37.1
          kernel-kvmsmall-devel-4.12.14-197.37.1
          kernel-kvmsmall-devel-debuginfo-4.12.14-197.37.1
          kernel-kvmsmall-livepatch-devel-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch):
    
          kernel-docs-html-4.12.14-197.37.1
          kernel-source-vanilla-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x):
    
          kernel-zfcpdump-debuginfo-4.12.14-197.37.1
          kernel-zfcpdump-debugsource-4.12.14-197.37.1
          kernel-zfcpdump-man-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64):
    
          kernel-default-debuginfo-4.12.14-197.37.1
          kernel-default-debugsource-4.12.14-197.37.1
          reiserfs-kmp-default-4.12.14-197.37.1
          reiserfs-kmp-default-debuginfo-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
    
          kernel-obs-build-4.12.14-197.37.1
          kernel-obs-build-debugsource-4.12.14-197.37.1
          kernel-syms-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):
    
          kernel-docs-4.12.14-197.37.1
          kernel-source-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
    
          kernel-default-4.12.14-197.37.1
          kernel-default-base-4.12.14-197.37.1
          kernel-default-base-debuginfo-4.12.14-197.37.1
          kernel-default-debuginfo-4.12.14-197.37.1
          kernel-default-debugsource-4.12.14-197.37.1
          kernel-default-devel-4.12.14-197.37.1
          kernel-default-devel-debuginfo-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
    
          kernel-devel-4.12.14-197.37.1
          kernel-macros-4.12.14-197.37.1
    
       - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x):
    
          kernel-default-man-4.12.14-197.37.1
          kernel-zfcpdump-debuginfo-4.12.14-197.37.1
          kernel-zfcpdump-debugsource-4.12.14-197.37.1
    
       - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
    
          cluster-md-kmp-default-4.12.14-197.37.1
          cluster-md-kmp-default-debuginfo-4.12.14-197.37.1
          dlm-kmp-default-4.12.14-197.37.1
          dlm-kmp-default-debuginfo-4.12.14-197.37.1
          gfs2-kmp-default-4.12.14-197.37.1
          gfs2-kmp-default-debuginfo-4.12.14-197.37.1
          kernel-default-debuginfo-4.12.14-197.37.1
          kernel-default-debugsource-4.12.14-197.37.1
          ocfs2-kmp-default-4.12.14-197.37.1
          ocfs2-kmp-default-debuginfo-4.12.14-197.37.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-19768.html
       https://www.suse.com/security/cve/CVE-2020-8647.html
       https://www.suse.com/security/cve/CVE-2020-8648.html
       https://www.suse.com/security/cve/CVE-2020-8649.html
       https://www.suse.com/security/cve/CVE-2020-9383.html
       https://bugzilla.suse.com/1044231
       https://bugzilla.suse.com/1051510
       https://bugzilla.suse.com/1051858
       https://bugzilla.suse.com/1056686
       https://bugzilla.suse.com/1060463
       https://bugzilla.suse.com/1065729
       https://bugzilla.suse.com/1103990
       https://bugzilla.suse.com/1103992
       https://bugzilla.suse.com/1104353
       https://bugzilla.suse.com/1104745
       https://bugzilla.suse.com/1109837
       https://bugzilla.suse.com/1111666
       https://bugzilla.suse.com/1111974
       https://bugzilla.suse.com/1112178
       https://bugzilla.suse.com/1112374
       https://bugzilla.suse.com/1113956
       https://bugzilla.suse.com/1114279
       https://bugzilla.suse.com/1114685
       https://bugzilla.suse.com/1119680
       https://bugzilla.suse.com/1127611
       https://bugzilla.suse.com/1133021
       https://bugzilla.suse.com/1134090
       https://bugzilla.suse.com/1136157
       https://bugzilla.suse.com/1141895
       https://bugzilla.suse.com/1144333
       https://bugzilla.suse.com/1146539
       https://bugzilla.suse.com/1156510
       https://bugzilla.suse.com/1157424
       https://bugzilla.suse.com/1158187
       https://bugzilla.suse.com/1159285
       https://bugzilla.suse.com/1160659
       https://bugzilla.suse.com/1161561
       https://bugzilla.suse.com/1161951
       https://bugzilla.suse.com/1162928
       https://bugzilla.suse.com/1162929
       https://bugzilla.suse.com/1162931
       https://bugzilla.suse.com/1164078
       https://bugzilla.suse.com/1164507
       https://bugzilla.suse.com/1165111
       https://bugzilla.suse.com/1165404
       https://bugzilla.suse.com/1165488
       https://bugzilla.suse.com/1165527
       https://bugzilla.suse.com/1165741
       https://bugzilla.suse.com/1165813
       https://bugzilla.suse.com/1165873
       https://bugzilla.suse.com/1165929
       https://bugzilla.suse.com/1165950
       https://bugzilla.suse.com/1165980
       https://bugzilla.suse.com/1165984
       https://bugzilla.suse.com/1165985
       https://bugzilla.suse.com/1166003
       https://bugzilla.suse.com/1166101
       https://bugzilla.suse.com/1166102
       https://bugzilla.suse.com/1166103
       https://bugzilla.suse.com/1166104
       https://bugzilla.suse.com/1166632
       https://bugzilla.suse.com/1166658
       https://bugzilla.suse.com/1166730
       https://bugzilla.suse.com/1166731
       https://bugzilla.suse.com/1166732
       https://bugzilla.suse.com/1166733
       https://bugzilla.suse.com/1166734
       https://bugzilla.suse.com/1166735
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    LinuxSecurity Poll

    Do you agree with Linus Torvalds' decision to reject the controversial patch mitigating the Snoop attack on Intel CPUs?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/28-do-you-agree-with-linus-torvalds-decision-to-reject-the-controversial-patch-mitigating-the-snoop-attack-on-intel-cpus?task=poll.vote&format=json
    28
    radio
    [{"id":"100","title":"Yes - this was undoubtedly the right decision.","votes":"1","type":"x","order":"1","pct":50,"resources":[]},{"id":"101","title":"Not sure...","votes":"1","type":"x","order":"2","pct":50,"resources":[]},{"id":"102","title":"No - he made a big mistake here.","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.