-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.0859
         SUSE-SU-2019:13979-1 Security update for the Linux Kernel
                               19 March 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise        -- Existing Account
                   Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
                   Reduced Security       -- Console/Physical
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-7222 CVE-2018-20169 CVE-2018-19985
                   CVE-2018-19824 CVE-2018-19407 CVE-2018-9568
                   CVE-2017-18360 CVE-2016-10741 

Reference:         ESB-2019.0809
                   ESB-2019.0675
                   ESB-2019.0429
                   ESB-2019.0335.5

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2019/suse-su-201913979-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2019:13979-1
Rating:            important
References:        #1012382 #1031572 #1068032 #1086695 #1087081 #1094244
                   #1098658 #1104098 #1104367 #1104684 #1104818 #1105536
                   #1106105 #1106886 #1107371 #1109330 #1109806 #1110006
                   #1112963 #1113667 #1114440 #1114672 #1114920 #1115007
                   #1115038 #1115827 #1115828 #1115829 #1115830 #1115831
                   #1115832 #1115833 #1115834 #1115835 #1115836 #1115837
                   #1115838 #1115839 #1115840 #1115841 #1115842 #1115843
                   #1115844 #1116841 #1117796 #1117802 #1117805 #1117806
                   #1117943 #1118152 #1118319 #1118760 #1119255 #1119714
                   #1120056 #1120077 #1120086 #1120093 #1120094 #1120105
                   #1120107 #1120109 #1120217 #1120223 #1120226 #1120336
                   #1120347 #1120743 #1120950 #1121872 #1121997 #1122874
                   #1123505 #1123702 #1123706 #1124010 #1124735 #1125931
                   #931850 #969471 #969473
Cross-References:  CVE-2016-10741 CVE-2017-18360 CVE-2018-19407 CVE-2018-19824
                   CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 CVE-2019-7222
Affected Products:
                   SUSE Linux Enterprise Software Development Kit 11-SP4
                   SUSE Linux Enterprise Server 11-SP4
                   SUSE Linux Enterprise Server 11-EXTRA
                   SUSE Linux Enterprise Real Time Extension 11-SP4
                   SUSE Linux Enterprise High Availability Extension 11-SP4
                   SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that solves 8 vulnerabilities and has 73 fixes is now available.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:

  o CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of
    service (system crash) because there is a race condition between direct and
    memory-mapped I/O (associated with a hole) that is handled with BUG_ON
    instead of an I/O failure (bnc#1114920 bnc#1124010).
  o CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c local
    users could cause a denial of service by division-by-zero in the serial
    device layer by trying to set very high baud rates (bnc#1123706).
  o CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
    corruption due to type confusion. This could lead to local escalation of
    privilege with no additional execution privileges needed. User interaction
    is not needed for exploitation. (bnc#1118319).
  o CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed
    local users to cause a denial of service (NULL pointer dereference and BUG)
    via crafted system calls that reach a situation where ioapic is
    uninitialized (bnc#1116841).
  o CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
    driver by supplying a malicious USB Sound device (with zero interfaces)
    that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
  o CVE-2018-19985: The function hso_probe read if_num from the USB device (as
    an u8) and used it without a length check to index an array, resulting in
    an OOB memory read in hso_probe or hso_get_config_data that could be used
    by local attackers (bnc#1120743).
  o CVE-2018-20169: The USB subsystem mishandled size checks during the reading
    of an extra descriptor, related to __usb_get_extra_descriptor in drivers/
    usb/core/usb.c (bnc#1119714).
  o CVE-2019-7222: A information leak in exception handling in KVM could be
    used to expose host memory to guests. (bnc#1124735).


The following non-security bugs were fixed:

  o aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827).
  o arcmsr: upper 32 of dma address lost (bsc#1115828).
  o block/swim3: Fix -EBUSY error when re-opening device after unmount (bsc#
    1121997).
  o block/swim: Fix array bounds check (Git-fix).
  o btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency
    for bsc#1113667).
  o btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).
  o cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#
    1119255).
  o dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111).
  o drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
    (bsc#1104098).
  o drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
  o drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1106886)
  o ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
  o ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#
    1117802).
  o ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#
    1118760).
  o ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#
    1117806).
  o ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#
    1117805).
  o fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#
    1106886)
  o fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#
    1106886)
  o Fix kabi break cased by NFS: Cache state owners after files are closed (bsc
    #1031572).
  o fork: record start_time late (bsc#1121872).
  o fscache: Fix dead object requeue (bsc#1107371).
  o fscache: Fix race in fscache_op_complete() due to split atomic_sub & read
    (git-fixes).
  o fs-cache: Move fscache_report_unexpected_submission() to make it more
    available (bsc#1107371).
  o fs-cache: When submitting an op, cancel it if the target object is dying
    (bsc#1107371).
  o fuse: Add missed unlock_page() to fuse_readpages_fill() (git-fixes).
  o fuse: fix blocked_waitq wakeup (git-fixes).
  o fuse: fix leaked notify reply (git-fixes).
  o fuse: Fix oops at process_init_reply() (git-fixes).
  o fuse: fix possibly missed wake-up after abort (git-fixes).
  o fuse: umount should wait for all requests (git-fixes).
  o igb: do not unmap NULL hw_addr (bsc#969471 bsc#969473 ) (bsc#1123702).
  o igb: re-assign hw address pointer on reset after PCI error (bnc#1012382)
    (bsc#1123702).
  o iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#
    1106105).
  o kvm: x86: Fix the duplicated failure path handling in vmx_init (bsc#
    1104367).
  o lib: add "on"/"off" support to strtobool (bsc#1125931).
  o megaraid_sas: Fix probing cards without io port (bsc#1115829).
  o net/af_iucv: drop inbound packets with invalid flags (bnc#1114440, LTC#
    172679).
  o net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1114440,
    LTC#172679).
  o nfs: Cache state owners after files are closed (bsc#1031572).
  o nfs: Do not drop CB requests with invalid principals (git-fixes).
  o nfsv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args
    (git-fixes).
  o nfsv4: Do not exit the state manager without clearing
    NFS4CLNT_MANAGER_RUNNING (git-fixes).
  o nfsv4: Keep dropped state owners on the LRU list for a while (bsc#1031572).
  o nlm: Ensure callback code also checks that the files match (git-fixes).
  o ocfs2: fix three small problems in the patch (bsc#1086695)
  o omap2fb: Fix stack memory disclosure (bsc#1106886)
  o pci/ASPM: Fix link_state teardown on device removal (bsc#1109806).
  o powerpc/fadump: handle crash memory ranges array index overflow
    (git-fixes).
  o powerpc/fadump: Return error when fadump registration fails (git-fixes).
  o powerpc/fadump: Unregister fadump on kexec down path (git-fixes).
  o powerpc/traps: restore recoverability of machine_check interrupts (bsc#
    1094244).
  o Revert "NFS: Make close(2) asynchronous when closing NFS O_DIRECT files"
    (git-fixes).
  o ring-buffer: Always reset iterator to reader page (bsc#1120107).
  o ring-buffer: Fix first commit on sub-buffer having non-zero delta (bsc#
    1120077).
  o ring-buffer: Fix infinite spin in reading buffer (bsc#1120107).
  o ring-buffer: Have ring_buffer_iter_empty() return true when empty (bsc#
    1120107).
  o ring-buffer: Mask out the info bits when returning buffer page length (bsc#
    1120094).
  o ring-buffer: Up rb_iter_peek() loop count to 3 (bsc#1120105).
  o rpm/modprobe-xen.conf: Add --ignore-install.
  o s390: always save and restore all registers on context switch (git-fixes).
  o s390/dasd: fix using offset into zero size array error (git-fixes).
  o s390/decompressor: fix initrd corruption caused by bss clear (git-fixes).
  o s390/qdio: do not release memory in qdio_setup_irq() (git-fixes).
  o s390/qdio: reset old sbal_state flags (bnc#1114440, LTC#171525).
  o s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function
    (bnc#1114440, LTC#172682).
  o s390/qeth: fix length check in SNMP processing (bnc#1117943, LTC#173657).
  o s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1114440, LTC#
    172682).
  o s390/qeth: invoke softirqs after napi_schedule() (git-fixes).
  o s390/qeth: remove outdated portname debug msg (bnc#1117943, LTC#172960).
  o s390/qeth: sanitize strings in debug messages (bnc#1117943, LTC#172960).
  o sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#
    1119255).
  o scsi: aacraid: Fix typo in blink status (bsc#1115830).
  o scsi: aacraid: Reorder Adapter status check (bsc#1115830).
  o scsi: aic94xx: fix an error code in aic94xx_init() (bsc#1115831).
  o scsi: bfa: integer overflow in debugfs (bsc#1115832).
  o scsi: esp_scsi: Track residual for PIO transfers (bsc#1115833).
  o scsi: fas216: fix sense buffer initialization (bsc#1115834).
  o scsi: libfc: Revert " libfc: use offload EM instance again instead jumping
    to next EM" (bsc#1115835).
  o scsi: libsas: fix ata xfer length (bsc#1115836).
  o scsi: libsas: fix error when getting phy events (bsc#1115837).
  o scsi: lpfc: Do not return internal MBXERR_ERROR code from probe function
    (bsc#1115838).
  o scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
    devices (bsc#1115839).
  o scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (bsc#
    1115839).
  o scsi: qla2xxx: Fix ISP recovery on unload (bsc#1115840).
  o scsi: qla2xxx: shutdown chip if reset fail (bsc#1115841).
  o scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#
    1115842).
  o scsi: scsi_dh_emc: return success in clariion_std_inquiry() (bsc#1115843).
  o scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
    (git-fixes).
  o scsi: zfcp: fix posting too many status read buffers leading to adapter
    shutdown (bsc#1123505, LTC#174581).
  o sg: fix dxferp in from_to case (bsc#1115844).
  o sunrpc: Fix a potential race in xprt_connect() (git-fixes).
  o svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
    (git-fixes).
  o svcrpc: do not leak contexts on PROC_DESTROY (git-fixes).
  o tracepoints: Do not trace when cpu is offline (bsc#1120109).
  o tracing: Add #undef to fix compile error (bsc#1120226).
  o tracing: Allow events to have NULL strings (bsc#1120056).
  o tracing: Do not add event files for modules that fail tracepoints (bsc#
    1120086).
  o tracing: Fix check for cpu online when event is disabled (bsc#1120109).
  o tracing: Fix regex_match_front() to not over compare the test string (bsc#
    1120223).
  o tracing/kprobes: Allow to create probe with a module name starting with a
    digit (bsc#1120336).
  o tracing: Move mutex to protect against resetting of seq data (bsc#1120217).
  o tracing: probeevent: Fix to support minus offset from symbol (bsc#1120347).
  o usb: keyspan: fix overrun-error reporting (bsc#1114672).
  o usb: keyspan: fix tty line-status reporting (bsc#1114672).
  o usb: option: fix Cinterion AHxx enumeration (bsc#1114672).
  o usb: serial: ark3116: fix open error handling (bsc#1114672).
  o usb: serial: ch341: fix control-message error handling (bsc#1114672).
  o usb: serial: ch341: fix initial modem-control state (bsc#1114672).
  o usb: serial: ch341: fix modem-status handling (bsc#1114672).
  o usb: serial: ch341: fix open and resume after B0 (bsc#1114672).
  o usb: serial: ch341: fix resume after reset (bsc#1114672).
  o usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#
    1114672).
  o usb: serial: cyberjack: fix NULL-deref at open (bsc#1114672).
  o usb: serial: fix tty-device error handling at probe (bsc#1114672).
  o usb: serial: ftdi_sio: fix modem-status error handling (bsc#1114672).
  o usb: serial: io_ti: fix another NULL-deref at open (bsc#1114672).
  o usb: serial: io_ti: fix NULL-deref at open (bsc#1114672).
  o usb: serial: keyspan_pda: verify endpoints at probe (bsc#1114672).
  o usb: serial: kl5kusb105: abort on open exception path (bsc#1114672).
  o usb: serial: kl5kusb105: fix open error path (bsc#1114672).
  o usb: serial: kobil_sct: fix NULL-deref in write (bsc#1114672).
  o usb: serial: mct_u232: fix modem-status error handling (bsc#1114672).
  o usb: serial: omninet: fix NULL-derefs at open and disconnect.
  o usb: serial: pl2303: fix NULL-deref at open (bsc#1114672).
  o usb: serial: ti_usb_3410_5052: fix NULL-deref at open (bsc#1114672).
  o vmcore: Remove "weak" from function declarations (git-fixes).
  o x86, kvm: Remove incorrect redundant assembly constraint (bnc#931850).
  o x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081, bnc#1104684).
  o xen: kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
    (bnc#1105536).
  o xen: x86, l1tf: Protect PROT_NONE PTEs against speculation fixup (bnc#
    1104684, bnc#1104818).
  o xen/x86/mm: Prevent kernel Oops in PTDUMP code with HIGHPTE=y (bsc#
    1106105).
  o xen/x86/mm: Set IBPB upon context switch (bsc#1068032).
  o xen/x86/process: Re-export start_thread() (bsc#1110006).
  o xen/x86/speculation/l1tf: Fix off-by-one error when warning that system has
    too much RAM (bnc#1105536).
  o xen/x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (bnc#
    1087081).
  o xen/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#
    1105536).
  o xen/x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#
    1098658).
  o xfrm: use complete IPv6 addresses for hash (bsc#1109330).
  o xfs: do not BUG() on mixed direct and mapped I/O (bsc#1114920).
  o xfs: fix the logspace waiting algorithm (bsc#1122874).
  o xfs: stop searching for free slots in an inode chunk when there are none
    (bsc#1115007).
  o xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1115038).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Software Development Kit 11-SP4:
    zypper in -t patch sdksp4-kernel-20190225-13979=1
  o SUSE Linux Enterprise Server 11-SP4:
    zypper in -t patch slessp4-kernel-20190225-13979=1
  o SUSE Linux Enterprise Server 11-EXTRA:
    zypper in -t patch slexsp3-kernel-20190225-13979=1
  o SUSE Linux Enterprise Real Time Extension 11-SP4:
    zypper in -t patch slertesp4-kernel-20190225-13979=1
  o SUSE Linux Enterprise High Availability Extension 11-SP4:
    zypper in -t patch slehasp4-kernel-20190225-13979=1
  o SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-kernel-20190225-13979=1

Package List:

  o SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):
       kernel-docs-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
       kernel-default-3.0.101-108.87.1
       kernel-default-base-3.0.101-108.87.1
       kernel-default-devel-3.0.101-108.87.1
       kernel-source-3.0.101-108.87.1
       kernel-syms-3.0.101-108.87.1
       kernel-trace-3.0.101-108.87.1
       kernel-trace-base-3.0.101-108.87.1
       kernel-trace-devel-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):
       kernel-ec2-3.0.101-108.87.1
       kernel-ec2-base-3.0.101-108.87.1
       kernel-ec2-devel-3.0.101-108.87.1
       kernel-xen-3.0.101-108.87.1
       kernel-xen-base-3.0.101-108.87.1
       kernel-xen-devel-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-SP4 (ppc64):
       kernel-bigmem-3.0.101-108.87.1
       kernel-bigmem-base-3.0.101-108.87.1
       kernel-bigmem-devel-3.0.101-108.87.1
       kernel-ppc64-3.0.101-108.87.1
       kernel-ppc64-base-3.0.101-108.87.1
       kernel-ppc64-devel-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-SP4 (s390x):
       kernel-default-man-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-SP4 (i586):
       kernel-pae-3.0.101-108.87.1
       kernel-pae-base-3.0.101-108.87.1
       kernel-pae-devel-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
       kernel-default-extra-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
       kernel-xen-extra-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-EXTRA (x86_64):
       kernel-trace-extra-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-EXTRA (ppc64):
       kernel-ppc64-extra-3.0.101-108.87.1
  o SUSE Linux Enterprise Server 11-EXTRA (i586):
       kernel-pae-extra-3.0.101-108.87.1
  o SUSE Linux Enterprise Real Time Extension 11-SP4 (x86_64):
       ocfs2-kmp-rt-1.6_3.0.101_rt130_69.42-0.28.7.1
       ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_69.42-0.28.7.1
  o SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ia64 ppc64
    s390x x86_64):
       ocfs2-kmp-default-1.6_3.0.101_108.87-0.28.7.1
       ocfs2-kmp-trace-1.6_3.0.101_108.87-0.28.7.1
  o SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 x86_64):
       ocfs2-kmp-xen-1.6_3.0.101_108.87-0.28.7.1
  o SUSE Linux Enterprise High Availability Extension 11-SP4 (ppc64):
       ocfs2-kmp-bigmem-1.6_3.0.101_108.87-0.28.7.1
       ocfs2-kmp-ppc64-1.6_3.0.101_108.87-0.28.7.1
  o SUSE Linux Enterprise High Availability Extension 11-SP4 (i586):
       ocfs2-kmp-pae-1.6_3.0.101_108.87-0.28.7.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
       kernel-default-debuginfo-3.0.101-108.87.1
       kernel-default-debugsource-3.0.101-108.87.1
       kernel-trace-debuginfo-3.0.101-108.87.1
       kernel-trace-debugsource-3.0.101-108.87.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):
       kernel-default-devel-debuginfo-3.0.101-108.87.1
       kernel-trace-devel-debuginfo-3.0.101-108.87.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
       kernel-ec2-debuginfo-3.0.101-108.87.1
       kernel-ec2-debugsource-3.0.101-108.87.1
       kernel-xen-debuginfo-3.0.101-108.87.1
       kernel-xen-debugsource-3.0.101-108.87.1
       kernel-xen-devel-debuginfo-3.0.101-108.87.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):
       kernel-bigmem-debuginfo-3.0.101-108.87.1
       kernel-bigmem-debugsource-3.0.101-108.87.1
       kernel-ppc64-debuginfo-3.0.101-108.87.1
       kernel-ppc64-debugsource-3.0.101-108.87.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586):
       kernel-pae-debuginfo-3.0.101-108.87.1
       kernel-pae-debugsource-3.0.101-108.87.1
       kernel-pae-devel-debuginfo-3.0.101-108.87.1


References:

  o https://www.suse.com/security/cve/CVE-2016-10741.html
  o https://www.suse.com/security/cve/CVE-2017-18360.html
  o https://www.suse.com/security/cve/CVE-2018-19407.html
  o https://www.suse.com/security/cve/CVE-2018-19824.html
  o https://www.suse.com/security/cve/CVE-2018-19985.html
  o https://www.suse.com/security/cve/CVE-2018-20169.html
  o https://www.suse.com/security/cve/CVE-2018-9568.html
  o https://www.suse.com/security/cve/CVE-2019-7222.html
  o https://bugzilla.suse.com/1012382
  o https://bugzilla.suse.com/1031572
  o https://bugzilla.suse.com/1068032
  o https://bugzilla.suse.com/1086695
  o https://bugzilla.suse.com/1087081
  o https://bugzilla.suse.com/1094244
  o https://bugzilla.suse.com/1098658
  o https://bugzilla.suse.com/1104098
  o https://bugzilla.suse.com/1104367
  o https://bugzilla.suse.com/1104684
  o https://bugzilla.suse.com/1104818
  o https://bugzilla.suse.com/1105536
  o https://bugzilla.suse.com/1106105
  o https://bugzilla.suse.com/1106886
  o https://bugzilla.suse.com/1107371
  o https://bugzilla.suse.com/1109330
  o https://bugzilla.suse.com/1109806
  o https://bugzilla.suse.com/1110006
  o https://bugzilla.suse.com/1112963
  o https://bugzilla.suse.com/1113667
  o https://bugzilla.suse.com/1114440
  o https://bugzilla.suse.com/1114672
  o https://bugzilla.suse.com/1114920
  o https://bugzilla.suse.com/1115007
  o https://bugzilla.suse.com/1115038
  o https://bugzilla.suse.com/1115827
  o https://bugzilla.suse.com/1115828
  o https://bugzilla.suse.com/1115829
  o https://bugzilla.suse.com/1115830
  o https://bugzilla.suse.com/1115831
  o https://bugzilla.suse.com/1115832
  o https://bugzilla.suse.com/1115833
  o https://bugzilla.suse.com/1115834
  o https://bugzilla.suse.com/1115835
  o https://bugzilla.suse.com/1115836
  o https://bugzilla.suse.com/1115837
  o https://bugzilla.suse.com/1115838
  o https://bugzilla.suse.com/1115839
  o https://bugzilla.suse.com/1115840
  o https://bugzilla.suse.com/1115841
  o https://bugzilla.suse.com/1115842
  o https://bugzilla.suse.com/1115843
  o https://bugzilla.suse.com/1115844
  o https://bugzilla.suse.com/1116841
  o https://bugzilla.suse.com/1117796
  o https://bugzilla.suse.com/1117802
  o https://bugzilla.suse.com/1117805
  o https://bugzilla.suse.com/1117806
  o https://bugzilla.suse.com/1117943
  o https://bugzilla.suse.com/1118152
  o https://bugzilla.suse.com/1118319
  o https://bugzilla.suse.com/1118760
  o https://bugzilla.suse.com/1119255
  o https://bugzilla.suse.com/1119714
  o https://bugzilla.suse.com/1120056
  o https://bugzilla.suse.com/1120077
  o https://bugzilla.suse.com/1120086
  o https://bugzilla.suse.com/1120093
  o https://bugzilla.suse.com/1120094
  o https://bugzilla.suse.com/1120105
  o https://bugzilla.suse.com/1120107
  o https://bugzilla.suse.com/1120109
  o https://bugzilla.suse.com/1120217
  o https://bugzilla.suse.com/1120223
  o https://bugzilla.suse.com/1120226
  o https://bugzilla.suse.com/1120336
  o https://bugzilla.suse.com/1120347
  o https://bugzilla.suse.com/1120743
  o https://bugzilla.suse.com/1120950
  o https://bugzilla.suse.com/1121872
  o https://bugzilla.suse.com/1121997
  o https://bugzilla.suse.com/1122874
  o https://bugzilla.suse.com/1123505
  o https://bugzilla.suse.com/1123702
  o https://bugzilla.suse.com/1123706
  o https://bugzilla.suse.com/1124010
  o https://bugzilla.suse.com/1124735
  o https://bugzilla.suse.com/1125931
  o https://bugzilla.suse.com/931850
  o https://bugzilla.suse.com/969471
  o https://bugzilla.suse.com/969473

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXJAvtmaOgq3Tt24GAQjhwg//ZevvJaq0EriDOxW40GXMxPu3lnpMLMY9
gKUHh3+jqzhPJVEPk5r/5tTIb7ghw/0ctZHDODJYFAw9y4nWd08sQSziwAxbWT20
JP6jJLp/pyJQ3PKmeh4LH0YhTV1FERl9xCiinp5nxd1GJKTZ7QybdJMhvPWUIwai
dcjZLuoZzb9UQDgX58FPCmusizXncu8WRq9OXBZhuoaMPq6Oa8+ecj5wlErqR0Sx
FtvoQ7u0bgQWN9hRuy2wEV/XQy2dyTCpcLduTSnvChD7nFUG+0U68V6kqjYrGIXs
g2mLnR6CDh4c/K4G2TfV5kS+QhRyk2rG4EKpIH7Si+ExZOnzqNTnRjZAY3x6n7iz
FMJHXtPD8wJidA6pcZcen/oJnTQvP8p47dbF5qJnC44v8WxAdUc+uhvZy6EEKdBH
3OFVzsMLRCEd9l5XyhEPTM4Zxct5kE1KIRpR8vZRSVMXAwhczGCendPQnqOEc1a4
D/HHVZTaPFA2Xi/7QSJjxsB4fCNosuuIZSOvJ7MUQk7pSDIUa1Xv2fPM0aKF1FHW
rGZOscAvnZUNJlaQ/dEyXhutVR6vQfQIpGvAKULoh84FkskEnzu4KqgBKDoeShAX
yAp+9J8EoOcYERvt6ZkAnxqppIMP7+0F0Tn0btc8xGNbJKoO+rYnPovtjfVpcbcY
Gj1WCuuskss=
=AYJm
-----END PGP SIGNATURE-----