-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1223
        SUSE Security Update: Security update for the Linux Kernel
                                16 May 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          kernel
Publisher:        SUSE
Operating System: SUSE
Impact/Access:    Root Compromise          -- Existing Account      
                  Denial of Service        -- Remote/Unauthenticated
                  Access Confidential Data -- Existing Account      
Resolution:       Patch/Upgrade
CVE Names:        CVE-2017-7616 CVE-2017-7308 CVE-2017-7294
                  CVE-2017-7261 CVE-2017-7187 CVE-2017-7184
                  CVE-2017-6353 CVE-2017-6348 CVE-2017-6214
                  CVE-2017-6074 CVE-2017-5986 CVE-2017-5970
                  CVE-2017-5669 CVE-2017-2671 CVE-2016-10200
                  CVE-2016-5243 CVE-2015-8970 CVE-2015-3288

Reference:        ASB-2017.0067
                  ASB-2017.0021
                  ESB-2017.1198
                  ESB-2017.1179
                  ESB-2017.1169
                  ESB-2017.1136

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1301-1
Rating:             important
References:         #1005651 #1008374 #1008893 #1013018 #1013070 
                    #1013800 #1013862 #1016489 #1017143 #1018263 
                    #1018446 #1019168 #1020229 #1021256 #1021913 
                    #1022971 #1023014 #1023163 #1023888 #1024508 
                    #1024788 #1024938 #1025235 #1025702 #1026024 
                    #1026260 #1026722 #1026914 #1027066 #1027101 
                    #1027178 #1028415 #1028880 #1029212 #1029770 
                    #1030213 #1030573 #1031003 #1031052 #1031440 
                    #1031579 #1032141 #1033336 #1033771 #1033794 
                    #1033804 #1033816 #1034026 #909486 #911105 
                    #931620 #979021 #982783 #983212 #985561 #988065 
                    #989056 #995542 #999245 
Cross-References:   CVE-2015-3288 CVE-2015-8970 CVE-2016-10200
                    CVE-2016-5243 CVE-2017-2671 CVE-2017-5669
                    CVE-2017-5970 CVE-2017-5986 CVE-2017-6074
                    CVE-2017-6214 CVE-2017-6348 CVE-2017-6353
                    CVE-2017-7184 CVE-2017-7187 CVE-2017-7261
                    CVE-2017-7294 CVE-2017-7308 CVE-2017-7616
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-EXTRA
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 18 vulnerabilities and has 41 fixes
   is now available.

Description:


   The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
   security and bugfixes.

   Notable new features:

   - Toleration of newer crypto hardware for z Systems
   - USB 2.0 Link power management for Haswell-ULT

   The following security bugs were fixed:

   - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in
     the Linux kernel did not properly validate certain block-size data,
     which allowed local users to cause a denial of service (overflow) or
     possibly have unspecified other impact via crafted system calls
     (bnc#1031579)
   - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux
     kernel was  too late in obtaining a certain lock and consequently could
     not ensure that disconnect function calls are safe, which allowed local
     users to cause a denial of service (panic) by leveraging access to the
     protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003)
   - CVE-2017-7184: The xfrm_replay_verify_len function in
     net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size
     data after an XFRM_MSG_NEWAE update, which allowed local users to obtain
     root privileges or cause a denial of service (heap-based out-of-bounds
     access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573).
   - CVE-2017-5970: The ipv4_pktinfo_prepare function in
     net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a
     denial of service (system crash) via (1) an application that made
     crafted system calls or possibly (2) IPv4 traffic with invalid IP
     options (bsc#1024938).
   - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind
     compat syscalls in mm/mempolicy.c in the Linux kernel allowed local
     users to obtain sensitive information from uninitialized stack data by
     triggering failure of a certain bitmap operation (bsc#1033336).
   - CVE-2017-7294: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     validate addition of certain levels data, which allowed local users to
     trigger an integer overflow and out-of-bounds write, and cause a denial
     of service (system hang or crash) or possibly gain privileges, via a
     crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440)
   - CVE-2017-7261: The vmw_surface_define_ioctl function in
     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not
     check for a zero value of certain levels data, which allowed local users
     to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and
     possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device
     (bnc#1031052)
   - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux
     kernel allowed local users to cause a denial of service (stack-based
     buffer overflow) or possibly have unspecified other impact via a large
     command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds
     write access in the sg_write function (bnc#1030213)
   - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the
     Linux kernel improperly managed lock dropping, which allowed local users
     to cause a denial of service (deadlock) via crafted operations on IrDA
     devices (bnc#1027178)
   - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel
     did not restrict the address calculated by a certain rounding operation,
     which allowed local users to map page zero, and consequently bypass a
     protection mechanism that exists for the mmap system call, by making
     crafted shmget and shmat system calls in a privileged context
     (bnc#1026914)
   - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous
     pages, which allowed local users to gain privileges or cause a denial of
     service (page tainting) via a crafted application that triggers writing
     to page zero (bsc#979021).
   - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in
     the Linux kernel allowed local users to gain privileges or cause a
     denial of service (use-after-free) by making multiple bind system calls
     without properly ascertaining whether a socket has the SOCK_ZAPPED
     status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c
     (bnc#1028415)
   - CVE-2016-5243: The tipc_nl_compat_link_dump function in
     net/tipc/netlink_compat.c in the Linux kernel did not properly copy a
     certain string, which allowed local users to obtain sensitive
     information from kernel stack memory by reading a Netlink message
     (bnc#983212)
   - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly
     restrict association peel-off operations during certain wait states,
     which allowed local users to cause a denial of service (invalid unlock
     and double free) via a multithreaded application (bnc#1027066)
   - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the
     Linux kernel allowed remote attackers to cause a denial of service
     (infinite loop and soft lockup) via vectors involving a TCP packet with
     the URG flag (bnc#1026722)
   - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c
     in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures
     in the LISTEN state, which allowed local users to obtain root privileges
     or cause a denial of service (double free) via an application that made
     an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024)
   - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in
     net/sctp/socket.c in the Linux kernel allowed local users to cause a
     denial of service (assertion failure and panic) via a multithreaded
     application that peels off an association in a certain buffer-full state
     (bsc#1025235)
   - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not
     verify that a setkey operation has been performed on an AF_ALG socket an
     accept system call is processed, which allowed local users to cause a
     denial of service (NULL pointer dereference and system crash) via a
     crafted application that does not supply a key, related to the lrw_crypt
     function in crypto/lrw.c (bsc#1008374).

   The following non-security bugs were fixed:

   - NFSD: do not risk using duplicate owner/file/delegation ids
     (bsc#1029212).
   - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#982783,
     bsc#1026260).
   - SUNRPC: Clean up the slot table allocation (bsc#1013862).
   - SUNRPC: Initalise the struct xprt upon allocation (bsc#1013862).
   - USB: cdc-acm: fix broken runtime suspend (bsc#1033771).
   - USB: cdc-acm: fix open and suspend race (bsc#1033771).
   - USB: cdc-acm: fix potential urb leak and PM imbalance in write
     (bsc#1033771).
   - USB: cdc-acm: fix runtime PM for control messages (bsc#1033771).
   - USB: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771).
   - USB: cdc-acm: fix shutdown and suspend race (bsc#1033771).
   - USB: cdc-acm: fix write and resume race (bsc#1033771).
   - USB: cdc-acm: fix write and suspend race (bsc#1033771).
   - USB: hub: Fix crash after failure to read BOS descriptor
   - USB: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794).
   - USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256).
   - USB: serial: mos7720: fix NULL-deref at open (bsc#1033816).
   - USB: serial: mos7720: fix parallel probe (bsc#1033816).
   - USB: serial: mos7720: fix parport use-after-free on probe errors
     (bsc#1033816).
   - USB: serial: mos7720: fix use-after-free on probe errors (bsc#1033816).
   - USB: serial: mos7840: fix NULL-deref at open (bsc#1034026).
   - USB: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
     (bsc#1023014).
   - Update metadata for serial fixes (bsc#1013070)
   - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101).
   - clocksource: Remove "weak" from clocksource_default_clock() declaration
     (bnc#1013018).
   - dlm: backport "fix lvb invalidation conditions" (bsc#1005651).
   - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81)
   - enic: set skb->hash type properly (bsc#911105).
   - ext4: fix mballoc breakage with 64k block size (bsc#1013018).
   - ext4: fix stack memory corruption with 64k block size (bsc#1013018).
   - ext4: reject inodes with negative size (bsc#1013018).
   - fuse: initialize fc->release before calling it (bsc#1013018).
   - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx
     (bsc#985561).
   - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561).
   - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per
     packet (bsc#985561).
   - i40e/i40evf: Rewrite logic for 8 descriptor per packet check
     (bsc#985561).
   - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561).
   - i40e: Impose a lower limit on gso size (bsc#985561).
   - i40e: Limit TX descriptor count in cases where frag size is greater than
     16K (bsc#985561).
   - i40e: avoid null pointer dereference (bsc#909486).
   - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143).
   - jbd: do not wait (forever) for stale tid caused by wraparound
     (bsc#1020229).
   - kABI: mask struct xfs_icdinode change (bsc#1024788).
   - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508).
   - kabi: fix (bsc#1008893).
   - lockd: use init_utsname for id encoding (bsc#1033804).
   - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804).
   - md linear: fix a race between linear_add() and linear_congested()
     (bsc#1018446).
   - md/linear: shutup lockdep warnning (bsc#1018446).
   - mm/mempolicy.c: do not put mempolicy before using its nodemask
     (bnc#931620).
   - ocfs2: do not write error flag to user structure we cannot copy from/to
     (bsc#1013018).
   - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800).
   - ocfs2: fix error return code in ocfs2_info_handle_freefrag()
     (bsc#1013018).
   - ocfs2: null deref on allocation error (bsc#1013018).
   - pciback: only check PF if actually dealing with a VF (bsc#999245).
   - pciback: use pci_physfn() (bsc#999245).
   - posix-timers: Fix stack info leak in timer_create() (bnc#1013018).
   - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting
     smt_snooze_delay (bsc#1023163).
   - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).
   - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM
     (bsc#1032141).
   - powerpc/fadump: Update fadump documentation (bsc#1032141).
   - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489).
   - powerpc/vdso64: Use double word compare on pointers (bsc#1016489).
   - rcu: Call out dangers of expedited RCU primitives (bsc#1008893).
   - rcu: Direct algorithmic SRCU implementation (bsc#1008893).
   - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893).
   - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893).
   - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893).
   - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893).
   - s390/kmsg: add missing kmsg descriptions (bnc#1025702).
   - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702).
   - s390/zcrypt: Introduce CEX6 toleration
   - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018).
   - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded
     systems (bnc#1013018).
   - scsi: zfcp: do not trace pure benign residual HBA responses at default
     level (bnc#1025702).
   - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702).
   - scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
     (bnc#1025702).
   - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on
     failed send (bnc#1025702).
   - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).
   - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).
   - vfs: split generic splice code from i_mutex locking (bsc#1024788).
   - virtio_scsi: fix memory leak on full queue condition (bsc#1028880).
   - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770).
   - xen-blkfront: correct maximum segment accounting (bsc#1018263).
   - xen-blkfront: do not call talk_to_blkback when already connected to
     blkback.
   - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.
   - xfs: Fix lock ordering in splice write (bsc#1024788).
   - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788).
   - xfs: do not assert fail on non-async buffers on ioacct decrement
     (bsc#1024508).
   - xfs: exclude never-released buffers from buftarg I/O accounting
     (bsc#1024508).
   - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).
   - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).
   - xfs: kill xfs_itruncate_start (bsc#1024788).
   - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788).
   - xfs: remove the i_size field in struct xfs_inode (bsc#1024788).
   - xfs: remove xfs_itruncate_data (bsc#1024788).
   - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).
   - xfs: split xfs_itruncate_finish (bsc#1024788).
   - xfs: split xfs_setattr (bsc#1024788).
   - xfs: track and serialize in-flight async buffers against unmount
     (bsc#1024508).
   - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-linux-kernel-13105=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-linux-kernel-13105=1

   - SUSE Linux Enterprise Server 11-EXTRA:

      zypper in -t patch slexsp3-linux-kernel-13105=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-linux-kernel-13105=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

      kernel-docs-3.0.101-100.2

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-3.0.101-100.1
      kernel-default-base-3.0.101-100.1
      kernel-default-devel-3.0.101-100.1
      kernel-source-3.0.101-100.1
      kernel-syms-3.0.101-100.1
      kernel-trace-3.0.101-100.1
      kernel-trace-base-3.0.101-100.1
      kernel-trace-devel-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

      kernel-ec2-3.0.101-100.1
      kernel-ec2-base-3.0.101-100.1
      kernel-ec2-devel-3.0.101-100.1
      kernel-xen-3.0.101-100.1
      kernel-xen-base-3.0.101-100.1
      kernel-xen-devel-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64):

      kernel-bigmem-3.0.101-100.1
      kernel-bigmem-base-3.0.101-100.1
      kernel-bigmem-devel-3.0.101-100.1
      kernel-ppc64-3.0.101-100.1
      kernel-ppc64-base-3.0.101-100.1
      kernel-ppc64-devel-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-SP4 (s390x):

      kernel-default-man-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-SP4 (i586):

      kernel-pae-3.0.101-100.1
      kernel-pae-base-3.0.101-100.1
      kernel-pae-devel-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

      kernel-default-extra-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

      kernel-xen-extra-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-EXTRA (x86_64):

      kernel-trace-extra-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-EXTRA (ppc64):

      kernel-ppc64-extra-3.0.101-100.1

   - SUSE Linux Enterprise Server 11-EXTRA (i586):

      kernel-pae-extra-3.0.101-100.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      kernel-default-debuginfo-3.0.101-100.1
      kernel-default-debugsource-3.0.101-100.1
      kernel-trace-debuginfo-3.0.101-100.1
      kernel-trace-debugsource-3.0.101-100.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

      kernel-default-devel-debuginfo-3.0.101-100.1
      kernel-trace-devel-debuginfo-3.0.101-100.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

      kernel-ec2-debuginfo-3.0.101-100.1
      kernel-ec2-debugsource-3.0.101-100.1
      kernel-xen-debuginfo-3.0.101-100.1
      kernel-xen-debugsource-3.0.101-100.1
      kernel-xen-devel-debuginfo-3.0.101-100.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

      kernel-bigmem-debuginfo-3.0.101-100.1
      kernel-bigmem-debugsource-3.0.101-100.1
      kernel-ppc64-debuginfo-3.0.101-100.1
      kernel-ppc64-debugsource-3.0.101-100.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

      kernel-pae-debuginfo-3.0.101-100.1
      kernel-pae-debugsource-3.0.101-100.1
      kernel-pae-devel-debuginfo-3.0.101-100.1


References:

   https://www.suse.com/security/cve/CVE-2015-3288.html
   https://www.suse.com/security/cve/CVE-2015-8970.html
   https://www.suse.com/security/cve/CVE-2016-10200.html
   https://www.suse.com/security/cve/CVE-2016-5243.html
   https://www.suse.com/security/cve/CVE-2017-2671.html
   https://www.suse.com/security/cve/CVE-2017-5669.html
   https://www.suse.com/security/cve/CVE-2017-5970.html
   https://www.suse.com/security/cve/CVE-2017-5986.html
   https://www.suse.com/security/cve/CVE-2017-6074.html
   https://www.suse.com/security/cve/CVE-2017-6214.html
   https://www.suse.com/security/cve/CVE-2017-6348.html
   https://www.suse.com/security/cve/CVE-2017-6353.html
   https://www.suse.com/security/cve/CVE-2017-7184.html
   https://www.suse.com/security/cve/CVE-2017-7187.html
   https://www.suse.com/security/cve/CVE-2017-7261.html
   https://www.suse.com/security/cve/CVE-2017-7294.html
   https://www.suse.com/security/cve/CVE-2017-7308.html
   https://www.suse.com/security/cve/CVE-2017-7616.html
   https://bugzilla.suse.com/1005651
   https://bugzilla.suse.com/1008374
   https://bugzilla.suse.com/1008893
   https://bugzilla.suse.com/1013018
   https://bugzilla.suse.com/1013070
   https://bugzilla.suse.com/1013800
   https://bugzilla.suse.com/1013862
   https://bugzilla.suse.com/1016489
   https://bugzilla.suse.com/1017143
   https://bugzilla.suse.com/1018263
   https://bugzilla.suse.com/1018446
   https://bugzilla.suse.com/1019168
   https://bugzilla.suse.com/1020229
   https://bugzilla.suse.com/1021256
   https://bugzilla.suse.com/1021913
   https://bugzilla.suse.com/1022971
   https://bugzilla.suse.com/1023014
   https://bugzilla.suse.com/1023163
   https://bugzilla.suse.com/1023888
   https://bugzilla.suse.com/1024508
   https://bugzilla.suse.com/1024788
   https://bugzilla.suse.com/1024938
   https://bugzilla.suse.com/1025235
   https://bugzilla.suse.com/1025702
   https://bugzilla.suse.com/1026024
   https://bugzilla.suse.com/1026260
   https://bugzilla.suse.com/1026722
   https://bugzilla.suse.com/1026914
   https://bugzilla.suse.com/1027066
   https://bugzilla.suse.com/1027101
   https://bugzilla.suse.com/1027178
   https://bugzilla.suse.com/1028415
   https://bugzilla.suse.com/1028880
   https://bugzilla.suse.com/1029212
   https://bugzilla.suse.com/1029770
   https://bugzilla.suse.com/1030213
   https://bugzilla.suse.com/1030573
   https://bugzilla.suse.com/1031003
   https://bugzilla.suse.com/1031052
   https://bugzilla.suse.com/1031440
   https://bugzilla.suse.com/1031579
   https://bugzilla.suse.com/1032141
   https://bugzilla.suse.com/1033336
   https://bugzilla.suse.com/1033771
   https://bugzilla.suse.com/1033794
   https://bugzilla.suse.com/1033804
   https://bugzilla.suse.com/1033816
   https://bugzilla.suse.com/1034026
   https://bugzilla.suse.com/909486
   https://bugzilla.suse.com/911105
   https://bugzilla.suse.com/931620
   https://bugzilla.suse.com/979021
   https://bugzilla.suse.com/982783
   https://bugzilla.suse.com/983212
   https://bugzilla.suse.com/985561
   https://bugzilla.suse.com/988065
   https://bugzilla.suse.com/989056
   https://bugzilla.suse.com/995542
   https://bugzilla.suse.com/999245

SAUS

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWRpoQox+lLeg9Ub1AQgIYA/9FG+SvI8R1PJZM4K0MAQ4UxHQZoSXogg6
4Hpy0zjR4BgNfK4lrBEguYcMakGq3pkr6h9wQYOdy1iEBCao+ZaHnmO1E/4thCHx
5FKznwzUMl8LyAEMZl7cVw6d8dwts88IrVPcIowvEeUzBr/o3n2OQp7j3iez1/Z1
9FZ6rdA1Ip5WjFvNumuUpFcdMUQI8/KNLHK+d1XKjb0fkJaKOKusit4gghb/WDE0
F4XF9ApFz+/Fc9C8VnMjI4RRYaVab0e0Z8T2GRUJoD8eixdGPL2md8AB9StsMzKq
9I2ZSTOjFeCAn6SzKbH3UnO7d6Mg+HQ9qYuB9r/IyJbK1Nh0aY03gTJ8RmurdLPu
W6LRMm+aIyPkO4GcNBplT42tom3snN+5XyifTovmMY2MgJy8OGDn6xf2VpDQ1t9S
4pfthSl/E8f4e1UuNd6NCB7xNgSGOGQPMdsPIAAzd7JfOFk/H4H+a8Zc0Oq0pPkI
7aGPqc7bbCOGAs2w/v8f6CgSD1jmuOd0D+QZj/g5ja2pCO4ryvT4BcBpPwBiS/OF
IUlSkG/CsvCNCFymCW9w/htIe1Pb/tL0aV9Q42F3j9pZ1XR0go2mjpBi+QxnpSpC
lFGPXrHCO1Fv7mgJ9bSdfQOcOHttInBj8QrV4li+wbkDS4ZHb5cL8V7mTECnNojS
6qJmWDtL0rM=
=KDZ9
-----END PGP SIGNATURE-----