-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2469
         SUSE-SU-2019:1744-1 Security update for the Linux Kernel
                                5 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Access Privileged Data -- Existing Account      
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-12817 CVE-2019-12614 CVE-2018-16871

Reference:         ESB-2019.2271

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2019/suse-su-20191744-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2019:1744-1
Rating:            important
References:        #1051510 #1071995 #1094555 #1111666 #1112374 #1114279
                   #1128432 #1134730 #1134738 #1135153 #1135296 #1135642
                   #1136156 #1136157 #1136271 #1136333 #1137103 #1137194
                   #1137366 #1137884 #1137985 #1138263 #1138336 #1138374
                   #1138375 #1138589 #1138681 #1138719 #1138732
Cross-References:  CVE-2018-16871 CVE-2019-12614 CVE-2019-12817
Affected Products:
                   SUSE Linux Enterprise Workstation Extension 15-SP1
                   SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
                   SUSE Linux Enterprise Module for Live Patching 15-SP1
                   SUSE Linux Enterprise Module for Legacy Software 15-SP1
                   SUSE Linux Enterprise Module for Development Tools 15-SP1
                   SUSE Linux Enterprise Module for Basesystem 15-SP1
                   SUSE Linux Enterprise High Availability 15-SP1
______________________________________________________________________________

An update that solves three vulnerabilities and has 26 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security
and bugfixes.
This update adds support for the Hygon Dhyana CPU (fate#327735).
The following security bugs were fixed:

  o CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/
    powerpc/platforms/pseries/dlpar.c. There was an unchecked kstrdup of prop->
    name, which might allow an attacker to cause a denial of service (NULL
    pointer dereference and system crash) (bnc#1137194).
  o CVE-2018-16871: A NULL pointer dereference due to an anomalized NFS message
    sequence was fixed. (bnc#1137103).
  o CVE-2019-12817: On the PowerPC architecture, local attackers could access
    other users processes memory (bnc#1138263).


The following non-security bugs were fixed:

  o 6lowpan: Off by one handling ->nexthdr (bsc#1051510).
  o acpi: Add Hygon Dhyana support (fate#327735).
  o af_key: unconditionally clone on broadcast (bsc#1051510).
  o alsa: firewire-motu: fix destruction of data for isochronous resources (bsc
    #1051510).
  o alsa: hda/realtek - Update headset mode for ALC256 (bsc#1051510).
  o alsa: oxfw: allow PCM capture for Stanton SCS.1m (bsc#1051510).
  o ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
  o ASoC: fsl_asrc: Fix the issue about unsupported rate (bsc#1051510).
  o audit: fix a memory leak bug (bsc#1051510).
  o blk-mq: fix hang caused by freeze/unfreeze sequence (bsc#1128432).
  o ceph: factor out ceph_lookup_inode() (bsc#1138681).
  o ceph: fix NULL pointer deref when debugging is enabled (bsc#1138681).
  o ceph: fix potential use-after-free in ceph_mdsc_build_path (bsc#1138681).
  o ceph: flush dirty inodes before proceeding with remount (bsc#1138681).
  o ceph: print inode number in __caps_issued_mask debugging messages (bsc#
    1138681).
  o ceph: quota: fix quota subdir mounts (bsc#1138681).
  o ceph: remove duplicated filelock ref increase (bsc#1138681).
  o cfg80211: fix memory leak of wiphy device name (bsc#1051510).
  o cpufreq: Add Hygon Dhyana support (fate#327735).
  o cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ (fate#327735).
  o cpu/topology: Export die_id (jsc#SLE-5454).
  o Do not restrict NFSv4.2 on openSUSE (bsc#1138719).
  o drbd: Avoid Clang warning about pointless switch statment (bsc#1051510).
  o drbd: disconnect, if the wrong UUIDs are attached on a connected peer (bsc#
    1051510).
  o drbd: narrow rcu_read_lock in drbd_sync_handshake (bsc#1051510).
  o drbd: skip spurious timeout (ping-timeo) when failing promote (bsc#
    1051510).
  o drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource() (bsc#
    1136333 jsc#SLE-4994).
  o drivers: fix a typo in the kernel doc for devm_platform_ioremap_resource()
    (bsc#1136333 jsc#SLE-4994).
  o drivers: provide devm_platform_ioremap_resource() (bsc#1136333 jsc#
    SLE-4994).
  o drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error
    handling path in 'rio_dma_transfer()' (bsc#1051510).
  o drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() (bsc#
    1051510).
  o drivers: thermal: tsens: Do not print error message on -EPROBE_DEFER (bsc#
    1051510).
  o drm: add fallback override/firmware EDID modes workaround (bsc#1111666).
  o drm/amd/display: Use plane->color_space for dpp if specified (bsc#1111666).
  o drm/edid: abstract override/firmware EDID retrieval (bsc#1111666).
  o drm/i915: Add new AML_ULX support list (jsc#SLE-4986).
  o drm/i915: Add new ICL PCI ID (jsc#SLE-4986).
  o drm/i915/aml: Add new Amber Lake PCI ID (jsc#SLE-4986).
  o drm/i915: Apply correct ddi translation table for AML device (jsc#
    SLE-4986).
  o drm/i915: Attach the pci match data to the device upon creation (jsc#
    SLE-4986).
  o drm/i915/cfl: Adding another PCI Device ID (jsc#SLE-4986).
  o drm/i915/cml: Add CML PCI IDS (jsc#SLE-4986).
  o drm/i915: Fix uninitialized mask in intel_device_info_subplatform_init (jsc
    #SLE-4986).
  o drm/i915/icl: Adding few more device IDs for Ice Lake (jsc#SLE-4986).
  o drm/i915: Introduce concept of a sub-platform (jsc#SLE-4986).
  o drm/i915: Mark AML 0x87CA as ULX (jsc#SLE-4986).
  o drm/i915: Move final cleanup of drm_i915_private to i915_driver_destroy
    (jsc#SLE-4986).
  o drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
  o drm/i915: Remove redundant device id from IS_IRONLAKE_M macro (jsc#
    SLE-4986).
  o drm/i915/sdvo: Implement proper HDMI audio support for SDVO (bsc#1051510).
  o drm/i915: Split Pineview device info into desktop and mobile (jsc#
    SLE-4986).
  o drm/i915: Split some PCI ids into separate groups (jsc#SLE-4986).
  o drm/i915: start moving runtime device info to a separate struct (jsc#
    SLE-4986).
  o drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver (bsc#
    1111666).
  o drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() (bsc#
    1111666).
  o drm/mediatek: clear num_pipes when unbind driver (bsc#1111666).
  o drm/mediatek: fix unbind functions (bsc#1111666).
  o drm/mediatek: unbind components in mtk_drm_unbind() (bsc#1111666).
  o drm/nouveau/disp/dp: respect sink limits when selecting failsafe link
    configuration (bsc#1051510).
  o drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when
    encoders change (bsc#1111666).
  o drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bsc#
    1111666).
  o EDAC, amd64: Add Hygon Dhyana support (fate#327735).
  o EDAC/mc: Fix edac_mc_find() in case no device is found (bsc#1114279).
  o HID: wacom: Add ability to provide explicit battery status info (bsc#
    1051510).
  o HID: wacom: Add support for 3rd generation Intuos BT (bsc#1051510).
  o HID: wacom: Add support for Pro Pen slim (bsc#1051510).
  o HID: wacom: convert Wacom custom usages to standard HID usages (bsc#
    1051510).
  o HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth (bsc
    #1051510).
  o HID: wacom: Do not report anything prior to the tool entering range (bsc#
    1051510).
  o HID: wacom: Do not set tool type until we're in range (bsc#1051510).
  o HID: wacom: fix mistake in printk (bsc#1051510).
  o HID: wacom: generic: add the "Report Valid" usage (bsc#1051510).
  o HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0 (bsc#1051510).
  o HID: wacom: generic: Leave tool in prox until it completely leaves sense
    (bsc#1051510).
  o HID: wacom: generic: Refactor generic battery handling (bsc#1051510).
  o HID: wacom: generic: Report AES battery information (bsc#1051510).
  o HID: wacom: generic: Reset events back to zero when pen leaves (bsc#
    1051510).
  o HID: wacom: generic: Scale battery capacity measurements to percentages
    (bsc#1051510).
  o HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set
    (bsc#1051510).
  o HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters range
    (bsc#1051510).
  o HID: wacom: generic: Support multiple tools per report (bsc#1051510).
  o HID: wacom: generic: Use generic codepath terminology in
    wacom_wac_pen_report (bsc#1051510).
  o HID: wacom: Mark expected switch fall-through (bsc#1051510).
  o HID: wacom: Move handling of HID quirks into a dedicated function (bsc#
    1051510).
  o HID: wacom: Move HID fix for AES serial number into wacom_hid_usage_quirk
    (bsc#1051510).
  o HID: wacom: Properly handle AES serial number and tool type (bsc#1051510).
  o HID: wacom: Queue events with missing type/serial data for later processing
    (bsc#1051510).
  o HID: wacom: Remove comparison of u8 mode with zero and simplify (bsc#
    1051510).
  o HID: wacom: Replace touch_max fixup code with static touch_max definitions
    (bsc#1051510).
  o HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact (bsc#
    1051510).
  o HID: wacom: Support "in range" for Intuos/Bamboo tablets where possible
    (bsc#1051510).
  o HID: Wacom: switch Dell canvas into highres mode (bsc#1051510).
  o HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary (bsc
    #1051510).
  o HID: wacom: wacom_wac_collection() is local to wacom_wac.c (bsc#1051510).
  o HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452 (bsc#
    1051510).
  o hwmon/coretemp: Cosmetic: Rename internal variables to zones from packages
    (jsc#SLE-5454).
  o hwmon/coretemp: Support multi-die/package (jsc#SLE-5454).
  o hwmon: (k10temp) 27C Offset needed for Threadripper2 (FATE#327735).
  o hwmon: (k10temp) Add Hygon Dhyana support (FATE#327735).
  o hwmon: (k10temp) Add support for AMD Ryzen w/ Vega graphics (FATE#327735).
  o hwmon: (k10temp) Add support for family 17h (FATE#327735).
  o hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs (FATE#
    327735).
  o hwmon: (k10temp) Add support for temperature offsets (FATE#327735).
  o hwmon: (k10temp) Add temperature offset for Ryzen 1900X (FATE#327735).
  o hwmon: (k10temp) Add temperature offset for Ryzen 2700X (FATE#327735).
  o hwmon: (k10temp) Correct model name for Ryzen 1600X (FATE#327735).
  o hwmon: (k10temp) Display both Tctl and Tdie (FATE#327735).
  o hwmon: (k10temp) Fix reading critical temperature register (FATE#327735).
  o hwmon: (k10temp) Make function get_raw_temp static (FATE#327735).
  o hwmon: (k10temp) Move chip specific code into probe function (FATE#327735).
  o hwmon: (k10temp) Only apply temperature offset if result is positive (FATE#
    327735).
  o hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors
    (FATE#327735).
  o hwmon: k10temp: Support Threadripper 2920X, 2970WX; simplify offset table
    (FATE#327735).
  o hwmon: (k10temp) Use API function to access System Management Network (FATE
    #327735).
  o hwmon/k10temp, x86/amd_nb: Consolidate shared device IDs (FATE#327735).
  o i2c-piix4: Add Hygon Dhyana SMBus support (FATE#327735).
  o ibmveth: Update ethtool settings to reflect virtual properties (bsc#
    1136157, LTC#177197).
  o ipv6: fib: Do not assume only nodes hold a reference on routes (bsc#
    1138732).
  o kabi: Mask no_vf_scan in struct pci_dev (jsc#SLE-5803 FATE#327056).
  o kabi: s390: enum interruption_class (jsc#SLE-5789 bsc#1134730 LTC#173388).
  o kabi: s390: enum interruption_class (jsc#SLE-5789 FATE#327042 bsc#1134730
    LTC#173388).
  o kabi/severities: Whitelist airq_iv_* (s390-specific)
  o kABI workaround for asus-wmi changes (bsc#1051510).
  o kABI workaround for the new pci_dev.skip_bus_pm field addition (bsc#
    1051510).
  o kabi: x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
  o kabi: x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
  o kvm: x86: Include CPUID leaf 0x8000001e in kvm's supported CPUID (bsc#
    1114279).
  o kvm: x86: Include multiple indices with CPUID leaf 0x8000001d (bsc#
    1114279).
  o mfd: intel-lpss: Set the device in reset state when init (bsc#1051510).
  o mfd: tps65912-spi: Add missing of table registration (bsc#1051510).
  o mfd: twl6040: Fix device init errors for ACCCTL register (bsc#1051510).
  o mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
    (bsc#1051510).
  o mmc: mmci: Prevent polling for busy detection in IRQ context (bsc#1051510).
  o mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support (bsc#
    1051510).
  o module: Fix livepatch/ftrace module text permissions race (bsc#1071995 fate
    #323487).
  o new primitive: vmemdup_user() (jsc#SLE-4712 bsc#1136156).
  o nl80211: fix station_info pertid memory leak (bsc#1051510).
  o {nl,mac}80211: allow 4addr AP operation on crypto controlled devices (bsc#
    1051510).
  o nvmem: allow to select i.MX nvmem driver for i.MX 7D (bsc#1051510).
  o nvmem: core: fix read buffer in place (bsc#1051510).
  o nvmem: correct Broadcom OTP controller driver writes (bsc#1051510).
  o nvmem: Do not let a NULL cell_id for nvmem_cell_get() crash us (bsc#
    1051510).
  o nvmem: imx-ocotp: Add i.MX7D timing write clock setup support (bsc#
    1051510).
  o nvmem: imx-ocotp: Add support for banked OTP addressing (bsc#1051510).
  o nvmem: imx-ocotp: Enable i.MX7D OTP write support (bsc#1051510).
  o nvmem: imx-ocotp: Move i.MX6 write clock setup to dedicated function (bsc#
    1051510).
  o nvmem: imx-ocotp: Pass parameters via a struct (bsc#1051510).
  o nvmem: imx-ocotp: Restrict OTP write to IMX6 processors (bsc#1051510).
  o nvmem: imx-ocotp: Update module description (bsc#1051510).
  o nvmem: properly handle returned value nvmem_reg_read (bsc#1051510).
  o nvme: skip nvme_update_disk_info() if the controller is not live (bsc#
    1128432).
  o PCI: Disable VF decoding before pcibios_sriov_disable() updates resources
    (jsc#SLE-5803).
  o PCI/IOV: Add flag so platforms can skip VF scanning (jsc#SLE-5803 FATE#
    327056).
  o PCI/IOV: Factor out sriov_add_vfs() (jsc#SLE-5803 FATE#327056).
  o PCI: PM: Avoid possible suspend-to-idle issue (bsc#1051510).
  o perf tools: Add Hygon Dhyana support (fate#327735).
  o perf/x86/intel/cstate: Support multi-die/package (jsc#SLE-5454).
  o perf/x86/intel/rapl: Cosmetic rename internal variables in response to
    multi-die/pkg support (jsc#SLE-5454).
  o perf/x86/intel/rapl: Support multi-die/package (jsc#SLE-5454).
  o perf/x86/intel/uncore: Cosmetic renames in response to multi-die/pkg
    support (jsc#SLE-5454).
  o perf/x86/intel/uncore: Support multi-die/package (jsc#SLE-5454).
  o platform/chrome: cros_ec_proto: check for NULL transfer function (bsc#
    1051510).
  o platform_data/mlxreg: Add capability field to core platform data (bsc#
    1112374).
  o platform_data/mlxreg: additions for Mellanox watchdog driver (bsc#1112374).
  o platform_data/mlxreg: Document fixes for core platform data (bsc#1112374).
  o platform/mellanox: Add new ODM system types to mlx-platform (bsc#1112374).
  o platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc (bsc#
    1136333 jsc#SLE-4994).
  o platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
    (bsc#1111666).
  o platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys
    from asus_nb_wmi (bsc#1051510).
  o platform/x86: intel_pmc_core: Add ICL platform support (jsc#SLE-5226).
  o platform/x86: intel_pmc_core: Add Package cstates residency info (jsc#
    SLE-5226).
  o platform/x86: intel_pmc_core: Avoid a u32 overflow (jsc#SLE-5226).
  o platform/x86: intel_pmc_core: Include Reserved IP for LTR (jsc#SLE-5226).
  o platform/x86: intel_pmc_core: Mark local function static (jsc#SLE-5226).
  o platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown (jsc#SLE-5226).
  o platform/x86: mlx-platform: Add ASIC hotplug device configuration (bsc#
    1112374).
  o platform/x86: mlx-platform: Add definitions for new registers (bsc#
    1112374).
  o platform/x86: mlx-platform: Add extra CPLD for next generation systems (bsc
    #1112374).
  o platform/x86: mlx-platform: Add LED platform driver activation (bsc#
    1112374).
  o platform/x86: mlx-platform: Add mlxreg-fan platform driver activation (bsc#
    1112374).
  o platform/x86: mlx-platform: Add mlxreg-io platform driver activation (bsc#
    1112374).
  o platform/x86: mlx-platform: Add mlx-wdt platform driver activation (bsc#
    1112374).
  o platform/x86: mlx-platform: Add support for fan capability registers (bsc#
    1112374).
  o platform/x86: mlx-platform: Add support for fan direction register (bsc#
    1112374).
  o platform/x86: mlx-platform: Add support for new VMOD0007 board name (bsc#
    1112374).
  o platform/x86: mlx-platform: Add support for tachometer speed register (bsc#
    1112374).
  o platform/x86: mlx-platform: Add UID LED for the next generation systems
    (bsc#1112374).
  o platform/x86: mlx-platform: Allow mlxreg-io driver activation for more
    systems (bsc#1112374).
  o platform/x86: mlx-platform: Allow mlxreg-io driver activation for new
    systems (bsc#1112374).
  o platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x
    systems (bsc#1112374).
  o platform/x86: mlx-platform: Convert to use SPDX identifier (bsc#1112374).
  o platform/x86: mlx-platform: Fix access mode for fan_dir attribute (bsc#
    1112374).
  o platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init() (bsc#
    1112374).
  o platform/x86: mlx-platform: Fix LED configuration (bsc#1112374).
  o platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device
    registration (bsc#1051510).
  o platform/x86: mlx-platform: Fix tachometer registers (bsc#1112374).
  o platform/x86: mlx-platform: Remove unused define (bsc#1112374).
  o platform/x86: mlx-platform: Rename new systems product names (bsc#1112374).
  o PM / core: Propagate dev->power.wakeup_path when no callbacks (bsc#
    1051510).
  o powercap/intel_rapl: Simplify rapl_find_package() (jsc#SLE-5454).
  o powercap/intel_rapl: Support multi-die/package (jsc#SLE-5454).
  o powercap/intel_rapl: Update RAPL domain name and debug messages (jsc#
    SLE-5454).
  o powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (bsc#1138374,
    LTC#178199).
  o powerpc/pseries: Fix oops in hotplug memory notifier (bsc#1138375, LTC#
    178204).
  o powerpc/pseries/mobility: prevent cpu hotplug during DT update (bsc#
    1138374, LTC#178199).
  o powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (bsc#
    1138374, LTC#178199).
  o power: supply: max14656: fix potential use-before-alloc (bsc#1051510).
  o power: supply: sysfs: prevent endless uevent loop with
    CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
  o qlcnic: Avoid potential NULL pointer dereference (bsc#1051510).
  o qmi_wwan: add network device usage statistics for qmimux devices (bsc#
    1051510).
  o qmi_wwan: Add quirk for Quectel dynamic config (bsc#1051510).
  o qmi_wwan: add support for QMAP padding in the RX path (bsc#1051510).
  o qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode (bsc#
    1051510).
  o qmi_wwan: extend permitted QMAP mux_id value range (bsc#1051510).
  o rapidio: fix a NULL pointer dereference when create_workqueue() fails (bsc#
    1051510).
  o RAS/CEC: Convert the timer callback to a workqueue (bsc#1114279).
  o RAS/CEC: Fix binary search function (bsc#1114279).
  o rbd: do not assert on writes to snapshots (bsc#1137985 bsc#1138681).
  o Revert "ALSA: hda/realtek - Improve the headset mic for Acer Aspire
    laptops" (bsc#1051510).
  o Revert "HID: wacom: generic: Send BTN_TOOL_PEN in prox once the pen enters
    range" (bsc#1051510).
  o Revert "s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589)." This
    broke the build with older gcc instead.
  o s390/airq: provide cacheline aligned ivs (jsc#SLE-5789 FATE#327042 bsc#
    1134730 LTC#173388).
  o s390/airq: recognize directed interrupts (jsc#SLE-5789 FATE#327042 bsc#
    1134730 LTC#173388).
  o s390/dasd: fix using offset into zero size array error (bsc#1051510).
  o s390: enable processes for mio instructions (jsc#SLE-5802 FATE#327055 bsc#
    1134738 LTC#173387).
  o s390/ism: move oddities of device IO to wrapper function (jsc#SLE-5802 FATE
    #327055 bsc#1134738 LTC#173387).
  o s390/jump_label: Use "jdd" constraint on gcc9 (bsc#1138589).
  o s390/pci: add parameter to disable usage of MIO instructions (jsc#SLE-5802
    FATE#327055 bsc#1134738 LTC#173387).
  o s390/pci: add parameter to force floating irqs (jsc#SLE-5789 FATE#327042
    bsc#1134730 LTC#173388).
  o s390/pci: clarify interrupt vector usage (jsc#SLE-5789 FATE#327042 bsc#
    1134730 LTC#173388).
  o s390/pci: fix assignment of bus resources (jsc#SLE-5802 FATE#327055 bsc#
    1134738 LTC#173387).
  o s390/pci: fix struct definition for set PCI function (jsc#SLE-5802 FATE#
    327055 bsc#1134738 LTC#173387).
  o s390/pci: gather statistics for floating vs directed irqs (jsc#SLE-5789
    FATE#327042 bsc#1134730 LTC#173388).
  o s390/pci: improve bar check (jsc#SLE-5803 FATE#327056).
  o s390/pci: map IOV resources (jsc#SLE-5803 FATE#327056).
  o s390/pci: mark command line parser data __initdata (jsc#SLE-5789 FATE#
    327042 bsc#1134730 LTC#173388).
  o s390/pci: move everything irq related to pci_irq.c (jsc#SLE-5789 FATE#
    327042 bsc#1134730 LTC#173388).
  o s390/pci: move io address mapping code to pci_insn.c (jsc#SLE-5802 FATE#
    327055 bsc#1134738 LTC#173387).
  o s390/pci: provide support for CPU directed interrupts (jsc#SLE-5789 FATE#
    327042 bsc#1134730 LTC#173388).
  o s390/pci: provide support for MIO instructions (jsc#SLE-5802 FATE#327055
    bsc#1134738 LTC#173387).
  o s390/pci: remove stale rc (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#
    173388).
  o s390/pci: remove unused define (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#
    173388).
  o s390/pci: skip VF scanning (jsc#SLE-5803 FATE#327056).
  o s390/protvirt: add memory sharing for diag 308 set/store (jsc#SLE-5759 FATE
    #327003 bsc#1135153 LTC#173151).
  o s390/protvirt: block kernel command line alteration (jsc#SLE-5759 FATE#
    327003 bsc#1135153 LTC#173151).
  o s390/qeth: fix race when initializing the IP address table (bsc#1051510).
  o s390/qeth: fix VLAN attribute in bridge_hostnotify udev event (bsc#
    1051510).
  o s390/sclp: detect DIRQ facility (jsc#SLE-5789 FATE#327042 bsc#1134730 LTC#
    173388).
  o s390/setup: fix early warning messages (bsc#1051510).
  o s390: show statistics for MSI IRQs (jsc#SLE-5789 FATE#327042 bsc#1134730
    LTC#173388).
  o s390/uv: introduce guest side ultravisor code (jsc#SLE-5759 FATE#327003 bsc
    #1135153 LTC#173151).
  o s390/virtio: handle find on invalid queue gracefully (bsc#1051510).
  o sched/topology: Improve load balancing on AMD EPYC (bsc#1137366).
  o scsi: hpsa: bump driver version (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: check for lv removal (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: clean up two indentation issues (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: correct device id issues (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: correct device resets (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: correct ioaccel2 chaining (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: correct simple mode (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: fix an uninitialized read and dereference of pointer dev (jsc#
    SLE-4712 bsc#1136156).
  o scsi: hpsa: mark expected switch fall-throughs (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: remove timeout from TURs (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: switch to generic DMA API (jsc#SLE-4712 bsc#1136156).
  o scsi: hpsa: Use vmemdup_user to replace the open code (jsc#SLE-4712 bsc#
    1136156).
  o scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (bsc#
    1136271).
  o scsi: megaraid_sas: correct an info message (bsc#1136271).
  o scsi: megaraid_sas: driver version update (bsc#1136271).
  o scsi: megaraid_sas: Retry reads of outbound_intr_status reg (bsc#1136271).
  o scsi: megaraid_sas: Rework code to get PD and LD list (bsc#1136271).
  o scsi: megaraid_sas: Rework device add code in AEN path (bsc#1136271).
  o scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (bsc#
    1136271).
  o scsi: qla2xxx: Fix FC-AL connection target discovery (bsc#1094555).
  o scsi: qla2xxx: Fix N2N target discovery with Local loop (bsc#1094555).
  o scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (bsc#1135296).
  o scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
    (bsc#1051510).
  o scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bsc#
    1051510).
  o scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
    devices (bsc#1051510).
  o scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only
    sdevs) (bsc#1051510).
  o serial: sh-sci: disable DMA for uart_console (bsc#1051510).
  o SMB3: Fix endian warning (bsc#1137884).
  o soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bsc#
    1051510).
  o soc: rockchip: Set the proper PWM for rk3288 (bsc#1051510).
  o spi: bitbang: Fix NULL pointer dereference in spi_unregister_master (bsc#
    1051510).
  o spi: Fix zero length xfer bug (bsc#1051510).
  o spi: pxa2xx: fix SCR (divisor) calculation (bsc#1051510).
  o spi: spi-fsl-spi: call spi_finalize_current_message() at the end (bsc#
    1051510).
  o spi : spi-topcliff-pch: Fix to handle empty DMA buffers (bsc#1051510).
  o spi: tegra114: reset controller on probe (bsc#1051510).
  o supported.conf: added mlxbf_tmfifo (bsc#1136333 jsc#SLE-4994)
  o thermal: rcar_gen3_thermal: disable interrupt in .remove (bsc#1051510).
  o thermal/x86_pkg_temp_thermal: Cosmetic: Rename internal variables to zones
    from packages (jsc#SLE-5454).
  o thermal/x86_pkg_temp_thermal: Support multi-die/package (jsc#SLE-5454).
  o tmpfs: fix link accounting when a tmpfile is linked in (bsc#1051510).
  o tmpfs: fix uninitialized return value in shmem_link (bsc#1051510).
  o tools/cpupower: Add Hygon Dhyana support (fate#327735).
  o topology: Create core_cpus and die_cpus sysfs attributes (jsc#SLE-5454).
  o topology: Create package_cpus sysfs attribute (jsc#SLE-5454).
  o tty: max310x: Fix external crystal register setup (bsc#1051510).
  o usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
  o usb: serial: pl2303: fix tranceiver suspend mode (bsc#1135642).
  o usb: xhci: avoid null pointer deref when bos field is NULL (bsc#1135642).
  o vfio: ccw: only free cp on final interrupt (bsc#1051510).
  o video: hgafb: fix potential NULL pointer dereference (bsc#1051510).
  o video: imsttfb: fix potential NULL pointer dereferences (bsc#1051510).
  o virtio_console: initialize vtermno value for ports (bsc#1051510).
  o vlan: disable SIOCSHWTSTAMP in container (bsc#1051510).
  o watchdog: imx2_wdt: Fix set_timeout for big timeout values (bsc#1051510).
  o x86/alternative: Init ideal_nops for Hygon Dhyana (fate#327735).
  o x86/amd_nb: Add support for Raven Ridge CPUs (FATE#327735).
  o x86/amd_nb: Check vendor in AMD-only functions (fate#327735).
  o x86/apic: Add Hygon Dhyana support (fate#327735).
  o x86/bugs: Add Hygon Dhyana to the respective mitigation machinery (fate#
    327735).
  o x86/cpu: Add Icelake model number (jsc#SLE-5226).
  o x86/cpu/amd: Do not force the CPB cap when running under a hypervisor (bsc#
    1114279).
  o x86/cpu: Create Hygon Dhyana architecture support file (fate#327735).
  o x86/cpufeatures: Carve out CQM features retrieval (jsc#SLE-5382).
  o x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    (jsc#SLE-5382).
  o x86/cpufeatures: Enumerate the new AVX512 BFLOAT16 instructions (jsc#
    SLE-5382).
  o x86/cpu: Get cache info and setup cache cpumap for Hygon Dhyana (fate#
    327735).
  o x86/cpu/hygon: Fix phys_proc_id calculation logic for multi-die processors
    ().
  o x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number (fate#327735).
  o x86/events: Add Hygon Dhyana support to PMU infrastructure (fate#327735).
  o x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).
  o x86/mce: Add Hygon Dhyana support to the MCA infrastructure (fate#327735).
  o x86/mce: Do not disable MCA banks when offlining a CPU on AMD (fate#
    327735).
  o x86/mce: Fix machine_check_poll() tests for error types (bsc#1114279).
  o x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback (bsc
    #1114279).
  o x86/microcode: Fix microcode hotplug state (bsc#1114279).
  o x86/microcode: Fix the ancient deprecated microcode loading method (bsc#
    1114279).
  o x86/mm/mem_encrypt: Disable all instrumentation for early SME setup (bsc#
    1114279).
  o x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and northbridge (fate#
    327735).
  o x86/smpboot: Do not use BSP INIT delay and MWAIT to idle on Dhyana (fate#
    327735).
  o x86/smpboot: Rename match_die() to match_pkg() (jsc#SLE-5454).
  o x86/speculation/mds: Revert CPU buffer clear on double fault exit (bsc#
    1114279).
  o x86/topology: Add CPUID.1F multi-die/package support (jsc#SLE-5454).
  o x86/topology: Create topology_max_die_per_package() (jsc#SLE-5454).
  o x86/topology: Define topology_die_id() (jsc#SLE-5454).
  o x86/topology: Define topology_logical_die_id() (jsc#SLE-5454).
  o x86/umip: Make the UMIP activated message generic (bsc#1138336).
  o x86/umip: Print UMIP line only once (bsc#1138336).
  o x86/xen: Add Hygon Dhyana support to Xen (fate#327735).
  o x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors
    (fate#327735).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Workstation Extension 15-SP1:
    zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1744=1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1744=1
  o SUSE Linux Enterprise Module for Live Patching 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1744=1
  o SUSE Linux Enterprise Module for Legacy Software 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1744=1
  o SUSE Linux Enterprise Module for Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1744=1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1744=1
  o SUSE Linux Enterprise High Availability 15-SP1:
    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1744=1

Package List:

  o SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64):
       kernel-default-debuginfo-4.12.14-197.7.1
       kernel-default-debugsource-4.12.14-197.7.1
       kernel-default-extra-4.12.14-197.7.1
       kernel-default-extra-debuginfo-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (aarch64 ppc64le s390x x86_64):
       kernel-default-debuginfo-4.12.14-197.7.1
       kernel-default-debugsource-4.12.14-197.7.1
       kernel-obs-qa-4.12.14-197.7.1
       kernel-vanilla-4.12.14-197.7.1
       kernel-vanilla-base-4.12.14-197.7.1
       kernel-vanilla-base-debuginfo-4.12.14-197.7.1
       kernel-vanilla-debuginfo-4.12.14-197.7.1
       kernel-vanilla-debugsource-4.12.14-197.7.1
       kernel-vanilla-devel-4.12.14-197.7.1
       kernel-vanilla-devel-debuginfo-4.12.14-197.7.1
       kernel-vanilla-livepatch-devel-4.12.14-197.7.1
       kselftests-kmp-default-4.12.14-197.7.1
       kselftests-kmp-default-debuginfo-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (ppc64le x86_64):
       kernel-debug-4.12.14-197.7.1
       kernel-debug-base-4.12.14-197.7.1
       kernel-debug-base-debuginfo-4.12.14-197.7.1
       kernel-debug-debuginfo-4.12.14-197.7.1
       kernel-debug-debugsource-4.12.14-197.7.1
       kernel-debug-devel-4.12.14-197.7.1
       kernel-debug-devel-debuginfo-4.12.14-197.7.1
       kernel-debug-livepatch-devel-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (aarch64 s390x):
       kernel-default-livepatch-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (aarch64):
       dtb-al-4.12.14-197.7.1
       dtb-allwinner-4.12.14-197.7.1
       dtb-altera-4.12.14-197.7.1
       dtb-amd-4.12.14-197.7.1
       dtb-amlogic-4.12.14-197.7.1
       dtb-apm-4.12.14-197.7.1
       dtb-arm-4.12.14-197.7.1
       dtb-broadcom-4.12.14-197.7.1
       dtb-cavium-4.12.14-197.7.1
       dtb-exynos-4.12.14-197.7.1
       dtb-freescale-4.12.14-197.7.1
       dtb-hisilicon-4.12.14-197.7.1
       dtb-lg-4.12.14-197.7.1
       dtb-marvell-4.12.14-197.7.1
       dtb-mediatek-4.12.14-197.7.1
       dtb-nvidia-4.12.14-197.7.1
       dtb-qcom-4.12.14-197.7.1
       dtb-renesas-4.12.14-197.7.1
       dtb-rockchip-4.12.14-197.7.1
       dtb-socionext-4.12.14-197.7.1
       dtb-sprd-4.12.14-197.7.1
       dtb-xilinx-4.12.14-197.7.1
       dtb-zte-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (noarch):
       kernel-docs-html-4.12.14-197.7.1
       kernel-source-vanilla-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (x86_64):
       kernel-kvmsmall-4.12.14-197.7.1
       kernel-kvmsmall-base-4.12.14-197.7.1
       kernel-kvmsmall-base-debuginfo-4.12.14-197.7.1
       kernel-kvmsmall-debuginfo-4.12.14-197.7.1
       kernel-kvmsmall-debugsource-4.12.14-197.7.1
       kernel-kvmsmall-devel-4.12.14-197.7.1
       kernel-kvmsmall-devel-debuginfo-4.12.14-197.7.1
       kernel-kvmsmall-livepatch-devel-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
    (s390x):
       kernel-zfcpdump-debuginfo-4.12.14-197.7.1
       kernel-zfcpdump-debugsource-4.12.14-197.7.1
       kernel-zfcpdump-man-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
       kernel-default-debuginfo-4.12.14-197.7.1
       kernel-default-debugsource-4.12.14-197.7.1
       kernel-default-livepatch-4.12.14-197.7.1
       kernel-default-livepatch-devel-4.12.14-197.7.1
       kernel-livepatch-4_12_14-197_7-default-1-3.3.1
  o SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le
    s390x x86_64):
       kernel-default-debuginfo-4.12.14-197.7.1
       kernel-default-debugsource-4.12.14-197.7.1
       reiserfs-kmp-default-4.12.14-197.7.1
       reiserfs-kmp-default-debuginfo-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le
    s390x x86_64):
       kernel-obs-build-4.12.14-197.7.1
       kernel-obs-build-debugsource-4.12.14-197.7.1
       kernel-syms-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch):
       kernel-docs-4.12.14-197.7.1
       kernel-source-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x
    x86_64):
       kernel-default-4.12.14-197.7.1
       kernel-default-base-4.12.14-197.7.1
       kernel-default-base-debuginfo-4.12.14-197.7.1
       kernel-default-debuginfo-4.12.14-197.7.1
       kernel-default-debugsource-4.12.14-197.7.1
       kernel-default-devel-4.12.14-197.7.1
       kernel-default-devel-debuginfo-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
       kernel-devel-4.12.14-197.7.1
       kernel-macros-4.12.14-197.7.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x):
       kernel-default-man-4.12.14-197.7.1
       kernel-zfcpdump-4.12.14-197.7.1
       kernel-zfcpdump-debuginfo-4.12.14-197.7.1
       kernel-zfcpdump-debugsource-4.12.14-197.7.1
  o SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x
    x86_64):
       cluster-md-kmp-default-4.12.14-197.7.1
       cluster-md-kmp-default-debuginfo-4.12.14-197.7.1
       dlm-kmp-default-4.12.14-197.7.1
       dlm-kmp-default-debuginfo-4.12.14-197.7.1
       gfs2-kmp-default-4.12.14-197.7.1
       gfs2-kmp-default-debuginfo-4.12.14-197.7.1
       kernel-default-debuginfo-4.12.14-197.7.1
       kernel-default-debugsource-4.12.14-197.7.1
       ocfs2-kmp-default-4.12.14-197.7.1
       ocfs2-kmp-default-debuginfo-4.12.14-197.7.1


References:

  o https://www.suse.com/security/cve/CVE-2018-16871.html
  o https://www.suse.com/security/cve/CVE-2019-12614.html
  o https://www.suse.com/security/cve/CVE-2019-12817.html
  o https://bugzilla.suse.com/1051510
  o https://bugzilla.suse.com/1071995
  o https://bugzilla.suse.com/1094555
  o https://bugzilla.suse.com/1111666
  o https://bugzilla.suse.com/1112374
  o https://bugzilla.suse.com/1114279
  o https://bugzilla.suse.com/1128432
  o https://bugzilla.suse.com/1134730
  o https://bugzilla.suse.com/1134738
  o https://bugzilla.suse.com/1135153
  o https://bugzilla.suse.com/1135296
  o https://bugzilla.suse.com/1135642
  o https://bugzilla.suse.com/1136156
  o https://bugzilla.suse.com/1136157
  o https://bugzilla.suse.com/1136271
  o https://bugzilla.suse.com/1136333
  o https://bugzilla.suse.com/1137103
  o https://bugzilla.suse.com/1137194
  o https://bugzilla.suse.com/1137366
  o https://bugzilla.suse.com/1137884
  o https://bugzilla.suse.com/1137985
  o https://bugzilla.suse.com/1138263
  o https://bugzilla.suse.com/1138336
  o https://bugzilla.suse.com/1138374
  o https://bugzilla.suse.com/1138375
  o https://bugzilla.suse.com/1138589
  o https://bugzilla.suse.com/1138681
  o https://bugzilla.suse.com/1138719
  o https://bugzilla.suse.com/1138732

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXR7FhWaOgq3Tt24GAQizNhAAoxw15kL1CNvYCVAsQNXhObSNm5oSZjjY
rj6CrtaBDhbHUItma9l8YyHPBenvV06XEPQ0xQeh/IoRK5aTBnyac3tqZr9xXLFY
rnGXjonsJPPwCl0ucJXuoG+2ZnJC80tuUzd5kUdR+seBZ9/at5hmTpc++EZw5Df/
q8bRGBwAsr7zJKO2m/C/sDjd/nKZpgFLa4S7CXArHaotIDkSGc07NaIlNMmgqG2w
FWxt2aW6hiznb8vGTU2nHgkf3HVrFDJtP8EUlNOxBtuC1Ri7bLCpA95nSGr786s8
BCZAqTDl/w+yGPhfyfYQuApExt1Qkfz82Z+rCjJgo4mdi2SueXCZArkKcBJ8kkHh
sIKRtV5L6EYitHH84uJA86zxoWs8h8BbYvhcywebhqEn+OFzswvOQ8ggzTuwT40C
hELsBAOP1cdeuysjXmP2oZ40uJHRZyKMgzxXf8XsYzWnuj9TGqyp9ow/YwYvYO7O
MrQX+jndSsgwUEp7GgH1aaf6TPeB0HXQT90x+URp6xE3iSsXjrS3Amu2IS/HRUbv
TBu2NHjDSNPrhqull/tMQo3Tt6Et/ib8OPoZF0AKS058BOJHFnp0FAS8Yl//vNVG
wOZAEWvPHUZUhEMhhBvMqlr1wFrFFuu9xMKo1AE0OadaJo4Rhh8yfO03r0GGmJd3
F0DIvNyU9ZY=
=sBx6
-----END PGP SIGNATURE-----