-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.3170
                         Kernel patched in SUSE 11
                             12 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise                -- Existing Account            
                   Access Privileged Data         -- Remote/Unauthenticated      
                   Denial of Service              -- Existing Account            
                   Provide Misleading Information -- Remote with User Interaction
                   Reduced Security               -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-1000112 CVE-2017-16649 CVE-2017-16537
                   CVE-2017-16536 CVE-2017-16535 CVE-2017-16531
                   CVE-2017-16529 CVE-2017-16527 CVE-2017-16525
                   CVE-2017-15274 CVE-2017-15265 CVE-2017-15102
                   CVE-2017-14489 CVE-2017-14340 CVE-2017-14140
                   CVE-2017-14051 CVE-2017-13080 CVE-2017-12762
                   CVE-2017-12192 CVE-2017-10661 CVE-2017-8831

Reference:         ESB-2017.3163

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2017/suse-su-20173265-1

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:3265-1
Rating:             important
References:         #1012917 #1013018 #1022967 #1024450 #1031358 
                    #1036286 #1036629 #1037441 #1037667 #1037669 
                    #1037994 #1039803 #1040609 #1042863 #1045154 
                    #1045205 #1045327 #1045538 #1047523 #1050381 
                    #1050431 #1051133 #1051932 #1052311 #1052365 
                    #1052370 #1052593 #1053148 #1053152 #1053317 
                    #1053802 #1053933 #1054070 #1054076 #1054093 
                    #1054247 #1054305 #1054706 #1056230 #1056504 
                    #1056588 #1057179 #1057796 #1058524 #1059051 
                    #1060245 #1060665 #1061017 #1061180 #1062520 
                    #1062842 #1063301 #1063544 #1063667 #1064803 
                    #1064861 #1065180 #1066471 #1066472 #1066573 
                    #1066606 #1066618 #1066625 #1066650 #1066671 
                    #1066700 #1066705 #1067085 #1067816 #1067888 
                    #909484 #984530 #996376 
Cross-References:   CVE-2017-1000112 CVE-2017-10661 CVE-2017-12762
                    CVE-2017-13080 CVE-2017-14051 CVE-2017-14140
                    CVE-2017-14340 CVE-2017-14489 CVE-2017-15102
                    CVE-2017-15265 CVE-2017-15274 CVE-2017-16525
                    CVE-2017-16527 CVE-2017-16529 CVE-2017-16531
                    CVE-2017-16535 CVE-2017-16536 CVE-2017-16537
                    CVE-2017-16649 CVE-2017-8831
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 20 vulnerabilities and has 53 fixes
   is now available.

Description:



   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   The following security bugs were fixed:

   - CVE-2017-16649: The usbnet_generic_cdc_bind function in
     drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to
     cause a denial of service (divide-by-zero error and system crash) or
     possibly have unspecified other impact via a crafted USB device
     (bnc#1067085).
   - CVE-2017-16535: The usb_get_bos_descriptor function in
     drivers/usb/core/config.c in the Linux kernel allowed local users to
     cause a denial of service (out-of-bounds read and system crash) or
     possibly have unspecified other impact via a crafted USB device
     (bnc#1066700).
   - CVE-2017-15102: The tower_probe function in
     drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users
     (who are physically proximate for inserting a crafted USB device) to
     gain privileges by leveraging a write-what-where condition that occurs
     after a race condition and a NULL pointer dereference (bnc#1066705).
   - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed
     local users to cause a denial of service (out-of-bounds read and system
     crash) or possibly have unspecified other impact via a crafted USB
     device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor
     (bnc#1066671).
   - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c
     in the Linux kernel allowed local users to cause a denial of service
     (out-of-bounds read and system crash) or possibly have unspecified other
     impact via a crafted USB device (bnc#1066650).
   - CVE-2017-16525: The usb_serial_console_disconnect function in
     drivers/usb/serial/console.c in the Linux kernel allowed local users to
     cause a denial of service (use-after-free and system crash) or possibly
     have unspecified other impact via a crafted USB device, related to
     disconnection and failed setup (bnc#1066618).
   - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in
     the Linux kernel allowed local users to cause a denial of service (NULL
     pointer dereference and system crash) or possibly have unspecified other
     impact via a crafted USB device (bnc#1066573).
   - CVE-2017-16536: The cx231xx_usb_probe function in
     drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed
     local users to cause a denial of service (NULL pointer dereference and
     system crash) or possibly have unspecified other impact via a crafted
     USB device (bnc#1066606).
   - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local
     users to cause a denial of service (snd_usb_mixer_interrupt
     use-after-free and system crash) or possibly have unspecified other
     impact via a crafted USB device (bnc#1066625).
   - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed
     reinstallation of the Group Temporal Key (GTK) during the group key
     handshake, allowing an attacker within radio range to replay frames from
     access points to clients (bnc#1063667).
   - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not
     consider the case of a NULL payload in conjunction with a nonzero length
     value, which allowed local users to cause a denial of service (NULL
     pointer dereference and OOPS) via a crafted add_key or keyctl system
     call, a different vulnerability than CVE-2017-12192 (bnc#1045327).
   - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel
     allowed local users to cause a denial of service (use-after-free) or
     possibly have unspecified other impact via crafted /dev/snd/seq ioctl
     calls, related to sound/core/seq/seq_clientmgr.c and
     sound/core/seq/seq_ports.c (bnc#1062520).
   - CVE-2017-14489: The iscsi_if_rx function in
     drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local
     users to cause a denial of service (panic) by leveraging incorrect
     length validation (bnc#1059051).
   - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in
     the Linux kernel did not verify that a filesystem has a realtime device,
     which allowed local users to cause a denial of service (NULL pointer
     dereference and OOPS) via vectors related to setting an RHINHERIT flag
     on a directory (bnc#1058524).
   - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux
     kernel doesn't check the effective uid of the target process, enabling a
     local attacker to learn the memory layout of a setuid executable despite
     ASLR (bnc#1057179).
   - CVE-2017-14051: An integer overflow in the
     qla2x00_sysfs_write_optrom_ctl function in
     drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users
     to cause a denial of service (memory corruption and system crash) by
     leveraging root access (bnc#1056588).
   - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel
     allowed local users to gain privileges or cause a denial of service
     (list corruption or use-after-free) via simultaneous file-descriptor
     operations that leverage improper might_cancel queueing (bnc#1053152).
   - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled
     buffer is copied into a local buffer of constant size using strcpy
     without a length check which can cause a buffer overflow. (bnc#1053148).
   - CVE-2017-8831: The saa7164_bus_get function in
     drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed
     local users to cause a denial of service (out-of-bounds array access) or
     possibly have unspecified other impact by changing a certain
     sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
   - CVE-2017-1000112: An exploitable memory corruption due to UFO to non-UFO
     path switch was fixed. (bnc#1052311 bnc#1052365).

   The following non-security bugs were fixed:

   - alsa: core: Fix unexpected error at replacing user TLV (bsc#1045538).
   - alsa: hda - fix Lewisburg audio issue (fate#319286).
   - alsa: hda/ca0132 - Fix memory leak at error path (bsc#1045538).
   - alsa: timer: Add missing mutex lock for compat ioctls (bsc#1045538).
   - audit: Fix use after free in audit_remove_watch_rule() (bsc#1045205).
   - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch
     (bnc#1022967).
   - kvm: SVM: Add a missing 'break' statement (bsc#1061017).
   - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"
     exceptions simultaneously (bsc#1061017).
   - nfs: Cache aggressively when file is open for writing (bsc#1053933).
   - nfs: Do drop directory dentry when error clearly requires it
     (bsc#1051932).
   - nfs: Do not flush caches for a getattr that races with writeback
     (bsc#1053933). # Conflicts: #	series.conf
   - nfs: Optimize fallocate by refreshing mapping when needed (bsc#1053933).
   - nfs: Remove asserts from the NFS XDR code (bsc#1063544).
   - nfs: invalidate file size when taking a lock (bsc#1053933).
   - pci: fix hotplug related issues (bnc#1054247, LTC#157731).
   - Update config files. (bsc#1057796) The CONFIG_MODULE_SIG_UEFI should be
     enabled on x86_64/xen architecture because xen can work with shim on
     x86_64. Enabling the following kernel config to load certificate from
     db/mok: +CONFIG_MODULE_SIG_BLACKLIST=y +CONFIG_MODULE_SIG_UEFI=y
   - af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).
   - autofs: do not fail mount for transient error (bsc#1065180).
   - xen: avoid deadlock in xenbus (bnc#1047523).
   - blacklist.conf: Add PCI ASPM fix to blacklist (bsc#1045538)
   - blkback/blktap: do not leak stack data via response ring (bsc#1042863
     XSA-216).
   - bnx2x: prevent crash when accessing PTP with interface down
     (bsc#1060665).
   - cx231xx-audio: fix NULL-deref at probe (bsc#1050431).
   - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
   - dm bufio: fix integer overflow when limiting maximum cache size
     (git-fixes).
   - drm/mgag200: Fixes for G200eH3. (bnc#1062842)
   - fnic: Use the local variable instead of I/O flag to acquire io_req_lock
     in fnic_queuecommand() to avoid deadloack (bsc#1067816).
   - fuse: do not use iocb after it may have been freed (bsc#1054706).
   - fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).
   - fuse: fsync() did not return IO errors (bsc#1054076).
   - fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).
   - getcwd: Close race with d_move called by lustre (bsc#1052593).
   - gspca: konica: add missing endpoint sanity check (bsc#1050431).
   - i40e: Initialize 64-bit statistics TX ring seqcount (bsc#909484).
   - kabi fix for new hash_cred function (bsc#1012917).
   - kabi/severities: Ignore zpci symbol changes (bsc#1054247)
   - lib/mpi: mpi_read_raw_data(): fix nbits calculation (fate#314508).
   - lpfc: check for valid scsi cmnd in lpfc_scsi_cmd_iocb_cmpl()
     (bsc#1051133).
   - mac80211: do not compare TKIP TX MIC key in reinstall prevention
     (bsc#1066472).
   - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061180).
   - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS
     ioctl (bsc#1050431).
   - net: Fix RCU splat in af_key (bsc#1054093).
   - netback: coalesce (guest) RX SKBs as needed (bsc#1056504).
   - nfs: Fix ugly referral attributes (git-fixes).
   - nfs: improve shinking of access cache (bsc#1012917).
   - powerpc/fadump: add reschedule point while releasing memory (bsc#1040609
     bsc#1024450).
   - powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669
     bsc#1037667).
   - powerpc/fadump: provide a helpful error message (bsc#1037669
     bsc#1037667).
   - powerpc/mm: Fix check of multiple 16G pages from device tree
     (bsc#1064861, git-fixes).
   - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530,
     bsc#1052370).
   - powerpc/pseries/vio: Dispose of virq mapping on vdevice unregister
     (bsc#1067888, git-fixes f2ab6219969f).
   - powerpc/slb: Force a full SLB flush when we insert for a bad EA
     (bsc#1054070).
   - powerpc/xics: Harden xics hypervisor backend (bnc#1056230).
   - powerpc: Correct instruction code for xxlor instruction (bsc#1064861,
     git-fixes).
   - powerpc: Fix emulation of mfocrf in emulate_step() (bsc#1064861,
     git-fixes).
   - powerpc: Fix the corrupt r3 error during MCE handling (bnc#1056230).
   - powerpc: Make sure IPI handlers see data written by IPI senders
     (bnc#1056230).
   - reiserfs: fix race in readdir (bsc#1039803).
   - s390/cpcmd,vmcp: avoid GFP_DMA allocations (bnc#1060245, LTC#159112).
   - s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247,
     LTC#157731).
   - s390/pci: fix handling of PEC 306 (bnc#1054247, LTC#157731).
   - s390/pci: improve error handling during fmb (de)registration
     (bnc#1054247, LTC#157731).
   - s390/pci: improve error handling during interrupt deregistration
     (bnc#1054247, LTC#157731).
   - s390/pci: improve pci hotplug (bnc#1054247, LTC#157731).
   - s390/pci: improve unreg_ioat error handling (bnc#1054247, LTC#157731).
   - s390/pci: introduce clp_get_state (bnc#1054247, LTC#157731).
   - s390/pci: provide more debug information (bnc#1054247, LTC#157731).
   - s390/qdio: avoid reschedule of outbound tasklet once killed
     (bnc#1063301, LTC#159885).
   - s390/topology: alternative topology for topology-less machines
     (bnc#1060245, LTC#159177).
   - s390/topology: enable / disable topology dynamically (bnc#1060245,
     LTC#159177).
   - scsi: avoid system stall due to host_busy race (bsc#1031358).
   - scsi: close race when updating blocked counters (bsc#1031358).
   - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317).
   - scsi: reset wait for IO completion (bsc#996376).
   - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace
     records (bnc#1060245, LTC#158494).
   - scsi: zfcp: fix missing trace records for early returns in TMF eh
     handlers (bnc#1060245, LTC#158494).
   - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with
     HBA (bnc#1060245, LTC#158494).
   - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
     (bnc#1060245, LTC#158494).
   - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
     (bnc#1060245, LTC#158493).
   - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout
     late response (bnc#1060245, LTC#158494).
   - ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).
   - sunrpc: add RPCSEC_GSS hash_cred() function (bsc#1012917).
   - sunrpc: add auth_unix hash_cred() function (bsc#1012917).
   - sunrpc: add generic_auth hash_cred() function (bsc#1012917).
   - sunrpc: add hash_cred() function to rpc_authops struct (bsc#1012917).
   - sunrpc: replace generic auth_cred hash with auth-specific function
     (bsc#1012917).
   - sunrpc: use supplimental groups in auth hash (bsc#1012917).
   - supported.conf: clear mistaken external support flag for cifs.ko
     (bsc#1053802).
   - tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).
   - usb-serial: check for NULL private data in pl2303_suse_disconnect
     (bsc#1064803).
   - uwb: fix device quirk on big-endian hosts (bsc#1036629).
   - virtio_scsi: do not call virtqueue_add_sgs(... GFP_NOIO) holding
     spinlock (bsc#1036286).
   - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).
   - xfs: fix inobt inode allocation search optimization (bsc#1013018).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-kernel-20171124-13375=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kernel-20171124-13375=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-kernel-20171124-13375=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-kernel-20171124-13375=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-108.18.3

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-108.18.1
      kernel-default-base-3.0.101-108.18.1
      kernel-default-devel-3.0.101-108.18.1
      kernel-source-3.0.101-108.18.1
      kernel-syms-3.0.101-108.18.1
      kernel-trace-3.0.101-108.18.1
      kernel-trace-base-3.0.101-108.18.1
      kernel-trace-devel-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-108.18.1
      kernel-ec2-base-3.0.101-108.18.1
      kernel-ec2-devel-3.0.101-108.18.1
      kernel-xen-3.0.101-108.18.1
      kernel-xen-base-3.0.101-108.18.1
      kernel-xen-devel-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-108.18.1
      kernel-bigmem-base-3.0.101-108.18.1
      kernel-bigmem-devel-3.0.101-108.18.1
      kernel-ppc64-3.0.101-108.18.1
      kernel-ppc64-base-3.0.101-108.18.1
      kernel-ppc64-devel-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-108.18.1
      kernel-pae-base-3.0.101-108.18.1
      kernel-pae-devel-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-108.18.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-108.18.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-108.18.1
      kernel-default-debugsource-3.0.101-108.18.1
      kernel-trace-debuginfo-3.0.101-108.18.1
      kernel-trace-debugsource-3.0.101-108.18.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-108.18.1
      kernel-trace-devel-debuginfo-3.0.101-108.18.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-108.18.1
      kernel-ec2-debugsource-3.0.101-108.18.1
      kernel-xen-debuginfo-3.0.101-108.18.1
      kernel-xen-debugsource-3.0.101-108.18.1
      kernel-xen-devel-debuginfo-3.0.101-108.18.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-108.18.1
      kernel-bigmem-debugsource-3.0.101-108.18.1
      kernel-ppc64-debuginfo-3.0.101-108.18.1
      kernel-ppc64-debugsource-3.0.101-108.18.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-108.18.1
      kernel-pae-debugsource-3.0.101-108.18.1
      kernel-pae-devel-debuginfo-3.0.101-108.18.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000112.html
   https://www.suse.com/security/cve/CVE-2017-10661.html
   https://www.suse.com/security/cve/CVE-2017-12762.html
   https://www.suse.com/security/cve/CVE-2017-13080.html
   https://www.suse.com/security/cve/CVE-2017-14051.html
   https://www.suse.com/security/cve/CVE-2017-14140.html
   https://www.suse.com/security/cve/CVE-2017-14340.html
   https://www.suse.com/security/cve/CVE-2017-14489.html
   https://www.suse.com/security/cve/CVE-2017-15102.html
   https://www.suse.com/security/cve/CVE-2017-15265.html
   https://www.suse.com/security/cve/CVE-2017-15274.html
   https://www.suse.com/security/cve/CVE-2017-16525.html
   https://www.suse.com/security/cve/CVE-2017-16527.html
   https://www.suse.com/security/cve/CVE-2017-16529.html
   https://www.suse.com/security/cve/CVE-2017-16531.html
   https://www.suse.com/security/cve/CVE-2017-16535.html
   https://www.suse.com/security/cve/CVE-2017-16536.html
   https://www.suse.com/security/cve/CVE-2017-16537.html
   https://www.suse.com/security/cve/CVE-2017-16649.html
   https://www.suse.com/security/cve/CVE-2017-8831.html
   https://bugzilla.suse.com/1012917
   https://bugzilla.suse.com/1013018
   https://bugzilla.suse.com/1022967
   https://bugzilla.suse.com/1024450
   https://bugzilla.suse.com/1031358
   https://bugzilla.suse.com/1036286
   https://bugzilla.suse.com/1036629
   https://bugzilla.suse.com/1037441
   https://bugzilla.suse.com/1037667
   https://bugzilla.suse.com/1037669
   https://bugzilla.suse.com/1037994
   https://bugzilla.suse.com/1039803
   https://bugzilla.suse.com/1040609
   https://bugzilla.suse.com/1042863
   https://bugzilla.suse.com/1045154
   https://bugzilla.suse.com/1045205
   https://bugzilla.suse.com/1045327
   https://bugzilla.suse.com/1045538
   https://bugzilla.suse.com/1047523
   https://bugzilla.suse.com/1050381
   https://bugzilla.suse.com/1050431
   https://bugzilla.suse.com/1051133
   https://bugzilla.suse.com/1051932
   https://bugzilla.suse.com/1052311
   https://bugzilla.suse.com/1052365
   https://bugzilla.suse.com/1052370
   https://bugzilla.suse.com/1052593
   https://bugzilla.suse.com/1053148
   https://bugzilla.suse.com/1053152
   https://bugzilla.suse.com/1053317
   https://bugzilla.suse.com/1053802
   https://bugzilla.suse.com/1053933
   https://bugzilla.suse.com/1054070
   https://bugzilla.suse.com/1054076
   https://bugzilla.suse.com/1054093
   https://bugzilla.suse.com/1054247
   https://bugzilla.suse.com/1054305
   https://bugzilla.suse.com/1054706
   https://bugzilla.suse.com/1056230
   https://bugzilla.suse.com/1056504
   https://bugzilla.suse.com/1056588
   https://bugzilla.suse.com/1057179
   https://bugzilla.suse.com/1057796
   https://bugzilla.suse.com/1058524
   https://bugzilla.suse.com/1059051
   https://bugzilla.suse.com/1060245
   https://bugzilla.suse.com/1060665
   https://bugzilla.suse.com/1061017
   https://bugzilla.suse.com/1061180
   https://bugzilla.suse.com/1062520
   https://bugzilla.suse.com/1062842
   https://bugzilla.suse.com/1063301
   https://bugzilla.suse.com/1063544
   https://bugzilla.suse.com/1063667
   https://bugzilla.suse.com/1064803
   https://bugzilla.suse.com/1064861
   https://bugzilla.suse.com/1065180
   https://bugzilla.suse.com/1066471
   https://bugzilla.suse.com/1066472
   https://bugzilla.suse.com/1066573
   https://bugzilla.suse.com/1066606
   https://bugzilla.suse.com/1066618
   https://bugzilla.suse.com/1066625
   https://bugzilla.suse.com/1066650
   https://bugzilla.suse.com/1066671
   https://bugzilla.suse.com/1066700
   https://bugzilla.suse.com/1066705
   https://bugzilla.suse.com/1067085
   https://bugzilla.suse.com/1067816
   https://bugzilla.suse.com/1067888
   https://bugzilla.suse.com/909484
   https://bugzilla.suse.com/984530
   https://bugzilla.suse.com/996376

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWi8fR4x+lLeg9Ub1AQjuvBAAlB7k9UoXsxgL9Hn7OIWPfVZCRtd9nSdn
tcRUkXGYJ4Jm5iPKRR++X3ruCSKRzu8ynmUWVqLoo68oAzJ4DywyUrRtj1ry1ogO
3lGQnJYoa7MRGmJcNG5jrmVh58Ns3kjAVyQyyGTGyqyXSMMm22JVr1uXPImcFC2J
LQMtMd6hkWhdjaFdhj6oJHJXUZa60wRIPNVeEXIDYy1cV5AyBKn/+9LNrj84+U5B
s8YTUQNgsxoLGKCoCe8HvVtz9wl6p4wBN87DeOohOKbi+g2VHx9oe6l9FMJXVhUB
n5/U1FHTzF+n2tGxs40svxhXeNDEAd8tE4u+xr6Ao4JlzHuu0kSAvCb+dNZBNKw1
sfuNQBN0z6aBre+XThncW70HlUF4rSFEuC3jhP4FLOlVdngBrbrH8ERohWDNq3X4
22392Lk4fr3LEK2qtn06pmw7msTH98IsD0fRzHVFerGKQ/AAB9oWoD4SRwvtQXet
Ejd4cz7wGLpX76txsTmkAxqmtDoEtTrVnjynTdxxPG6UnWwJykAoP+ndsAzh1Xj7
AFQNPMats+G0wYQoSu4/caCiC8mXYGFbXlSvk2/IMhv4lWqn2NhLwstnP/cT5qZr
4uclHxNJdy6OQvn49PZpahNJDUX7FPCANpgtdXZN7BCAOB2TcUFdNE2HPAvNHSL0
z1cBXp53GJ8=
=Ea4G
-----END PGP SIGNATURE-----