Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

         SUSE-SU-2019:3389-1 Security update for the Linux Kernel
                              2 January 2020


        AusCERT Security Bulletin Summary

Product:           linux kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise   -- Remote/Unauthenticated
                   Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-19543 CVE-2019-19537 CVE-2019-19536
                   CVE-2019-19535 CVE-2019-19534 CVE-2019-19533
                   CVE-2019-19532 CVE-2019-19531 CVE-2019-19530
                   CVE-2019-19529 CVE-2019-19528 CVE-2019-19527
                   CVE-2019-19526 CVE-2019-19525 CVE-2019-19524
                   CVE-2019-19523 CVE-2019-19338 CVE-2019-19332
                   CVE-2019-19077 CVE-2019-19066 CVE-2019-19051
                   CVE-2019-16746 CVE-2019-15213 CVE-2019-14901

Reference:         ESB-2019.4793

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel


Announcement ID:   SUSE-SU-2019:3389-1
Rating:            important
References:        #1051510 #1071995 #1078248 #1083647 #1089644 #1090888
                   #1108043 #1111666 #1112178 #1113956 #1114279 #1115026
                   #1117169 #1119461 #1119465 #1120853 #1129770 #1137223
                   #1138039 #1138190 #1140948 #1142095 #1142635 #1144333
                   #1146519 #1146544 #1151067 #1151548 #1152107 #1152631
                   #1153811 #1154043 #1154355 #1154768 #1154905 #1154916
                   #1155689 #1155921 #1156462 #1156471 #1156928 #1157042
                   #1157115 #1157160 #1157169 #1157171 #1157303 #1157424
                   #1157463 #1157499 #1157698 #1157778 #1157895 #1157908
                   #1158049 #1158063 #1158064 #1158065 #1158066 #1158067
                   #1158068 #1158071 #1158082 #1158094 #1158132 #1158381
                   #1158394 #1158398 #1158407 #1158410 #1158413 #1158417
                   #1158427 #1158445 #1158533 #1158637 #1158638 #1158639
                   #1158640 #1158641 #1158643 #1158644 #1158645 #1158646
                   #1158647 #1158649 #1158651 #1158652 #1158823 #1158824
                   #1158827 #1158834 #1158893 #1158900 #1158903 #1158904
                   #1158954 #1159024 #1159096
Cross-References:  CVE-2019-14901 CVE-2019-15213 CVE-2019-16746 CVE-2019-19051
                   CVE-2019-19066 CVE-2019-19077 CVE-2019-19332 CVE-2019-19338
                   CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19526
                   CVE-2019-19527 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530
                   CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534
                   CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-19543
Affected Products:
                   SUSE Linux Enterprise Workstation Extension 12-SP5
                   SUSE Linux Enterprise Software Development Kit 12-SP5
                   SUSE Linux Enterprise Server 12-SP5
                   SUSE Linux Enterprise Live Patching 12-SP5
                   SUSE Linux Enterprise High Availability 12-SP5

An update that solves 24 vulnerabilities and has 75 fixes is now available.


The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  o CVE-2019-16746: There was an issue in net/wireless/nl80211.c where the
    kernel did not check the length of variable elements in a beacon head,
    leading to a buffer overflow (bnc#1152107).
  o CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in
    drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of
    service (memory consumption) by triggering bfa_port_get_stats() failures
  o CVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle()
    function in drivers/net/wimax/i2400m/op-rfkill.c that allowed attackers to
    cause a denial of service (memory consumption) (bnc#1159024).
  o CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous
    Abort (TAA) (bsc#1158954).
  o CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid
  o CVE-2019-19537: There was a race condition bug that could have been caused
    by a malicious USB device in the USB character device driver layer (bnc#
  o CVE-2019-19535: There was an info-leak bug that could have been caused by a
    malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c
    driver (bnc#1158903).
  o CVE-2019-19527: There was a use-after-free bug that could have been caused
    by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#
  o CVE-2019-19526: There was a use-after-free bug that could have been caused
    by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#
  o CVE-2019-19533: There was an info-leak bug that could have been caused by a
    malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver
  o CVE-2019-19532: There were multiple out-of-bounds write bugs that could
    have been caused by a malicious USB device in the Linux kernel HID drivers
  o CVE-2019-19523: There was a use-after-free bug that could have been caused
    by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#
  o CVE-2019-15213: An issue was discovered in the Linux kernel, there was a
    use-after-free caused by a malicious USB device in the drivers/media/usb/
    dvb-usb/dvb-usb-init.c driver (bnc#1146544).
  o CVE-2019-19531: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445).
  o CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in
    drivers/media/rc/serial_ir.c (bnc#1158427).
  o CVE-2019-19525: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#
  o CVE-2019-19530: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#
  o CVE-2019-19536: There was an info-leak bug that can be caused by a
    malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c
    driver (bnc#1158394).
  o CVE-2019-19524: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/input/ff-memless.c driver (bnc#
  o CVE-2019-19528: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#
  o CVE-2019-19534: There was an info-leak bug that can be caused by a
    malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c
    driver (bnc#1158398).
  o CVE-2019-19529: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#
  o CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in
    Marvell WiFi chip driver. The vulnerability allowed a remote attacker to
    cause a system crash, resulting in a denial of service, or execute
    arbitrary code. The highest threat with this vulnerability is with the
    availability of the system. If code execution occurs, the code will run
    with the permissions of root. This will affect both confidentiality and
    integrity of files on the system (bnc#1157042).
  o CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in
    drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by triggering
    copy to udata failures (bnc#1157171).

The following non-security bugs were fixed:

  o bnxt_en: Update firmware interface spec. to (bsc#1157115)
  o ACPI / APEI: Do not wait to serialise with oops messages when panic()ing
  o ACPI / LPSS: Ignore acpi_device_fix_up_power() return value (bsc#1051510).
  o ACPI / SBS: Fix rare oops when removing modules (bsc#1051510).
  o ACPI / hotplug / PCI: Allocate resources directly under the non-hotplug
    bridge (bsc#1111666).
  o ACPI: OSL: only free map once in osl.c (bsc#1051510).
  o ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 (bsc#1051510).
  o ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510).
  o ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510).
  o ALSA: 6fire: Drop the dead code (git-fixes).
  o ALSA: cs4236: fix error return comparison of an unsigned integer
  o ALSA: echoaudio: simplify get_audio_levels (bsc#1051510).
  o ALSA: fireface: fix return value in error path of isochronous resources
    reservation (bsc#1051510).
  o ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes).
  o ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes).
  o ALSA: hda - Fix pending unsol events at shutdown (git-fixes).
  o ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen
  o ALSA: hda/hdmi - Add new pci ids for AMD GPU display audio (git-fixes).
  o ALSA: hda/hdmi - Clear codec->relaxed_resume flag at unbinding (git-fixes).
  o ALSA: hda/hdmi - Fix duplicate unref of pci_dev (bsc#1051510).
  o ALSA: hda/hdmi - fix vgaswitcheroo detection for AMD (git-fixes).
  o ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236
  o ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC (git-fixes).
  o ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
  o ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G (git-fixes).
  o ALSA: hda/realtek - Line-out jack does not work on a Dell AIO (bsc#
  o ALSA: hda/realtek - Move some alc236 pintbls to fallback table (git-fixes).
  o ALSA: hda/realtek - Move some alc256 pintbls to fallback table (git-fixes).
  o ALSA: hda: hdmi - fix port numbering for ICL and TGL platforms (git-fixes).
  o ALSA: hda: hdmi - remove redundant code comments (git-fixes).
  o ALSA: i2c/cs8427: Fix int to char conversion (bsc#1051510).
  o ALSA: oxfw: fix return value in error path of isochronous resources
    reservation (bsc#1051510).
  o ALSA: pcm: Yet another missing check of non-cached buffer type (bsc#
  o ALSA: pcm: oss: Avoid potential buffer overflows (git-fixes).
  o ALSA: usb-audio: Add skip_validation option (git-fixes).
  o ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input handling
  o ALSA: usb-audio: Fix NULL dereference at parsing BADD (git-fixes).
  o ALSA: usb-audio: sound: usb: usb true/false for bool return type
  o ASoC: compress: fix unsigned integer overflow check (bsc#1051510).
  o ASoC: tegra_sgtl5000: fix device_node refcounting (bsc#1051510).
  o Bluetooth: Fix invalid-free in bcsp_close() (git-fixes).
  o Bluetooth: Fix memory leak in hci_connect_le_scan (bsc#1051510).
  o Bluetooth: btusb: fix PM leak in error case of setup (bsc#1051510).
  o Bluetooth: delete a stray unlock (bsc#1051510).
  o Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading
  o Bluetooth: hci_core: fix init for HCI_USER_CHANNEL (bsc#1051510).
  o CIFS: Fix SMB2 oplock break processing (bsc#1144333, bsc#1154355).
  o CIFS: Fix oplock handling for SMB 2.1+ protocols (bsc#1144333, bsc#
  o CIFS: Fix retry mid list corruption on reconnects (bsc#1144333, bsc#
  o CIFS: Fix use after free of file info structures (bsc#1144333, bsc#
  o CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bsc#1144333, bsc#
  o CIFS: Force revalidate inode when dentry is stale (bsc#1144333, bsc#
  o CIFS: Gracefully handle QueryInfo errors during open (bsc#1144333, bsc#
  o CIFS: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355).
  o CIFS: fix max ea value size (bsc#1144333, bsc#1154355).
  o Documentation: debugfs: Document debugfs helper for unsigned long values
  o Documentation: x86: convert protection-keys.txt to reST (bsc#1078248).
  o EDAC/ghes: Fix locking and memory barrier issues (bsc#1114279). EDAC/ghes:
    Do not warn when incrementing refcount on 0 (bsc#1114279).
  o Fix patches.suse/suse_msi_set_irq_unmanaged.patch (jsc#SLE-8953, jsc#
    SLE-9221, jsc#SLE-4941, bsc#1119461, bsc#1119465, bsc#1138190, bsc#
    1154905). The added code was only active with CONFIG_HYPERV=y. Adjust the
    condition to cover also CONFIG_HYPERV=m.
  o HID: Add ASUS T100CHI keyboard dock battery quirks (bsc#1051510).
  o HID: Add quirk for Microsoft PIXART OEM mouse (bsc#1051510).
  o HID: Fix assumption that devices have inputs (git-fixes).
  o HID: asus: Add T100CHI bluetooth keyboard dock special keys mapping (bsc#
  o HID: doc: fix wrong data structure reference for UHID_OUTPUT (bsc#1051510).
  o HID: intel-ish-hid: fixes incorrect error handling (bsc#1051510).
  o Input: silead - try firmware reload after unsuccessful resume (bsc#
  o Input: st1232 - set INPUT_PROP_DIRECT property (bsc#1051510).
  o KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (bsc#
  o KVM: SVM: Serialize access to the SEV ASID bitmap (bsc#1114279).
  o KVM: VMX: Consider PID.PIR to determine if vCPU has pending interrupts (bsc
  o KVM: VMX: Fix conditions for guest IA32_XSS support (bsc#1158065).
  o KVM: s390: fix __insn32_query() inline assembly (git-fixes).
  o KVM: s390: vsie: Do not shadow CRYCB when no AP and no keys (git-fixes).
  o KVM: s390: vsie: Return correct values for Invalid CRYCB format
  o KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast() (bsc#
  o KVM: x86: Introduce vcpu->arch.xsaves_enabled (bsc#1158066).
  o KVM: x86: Remove a spurious export of a static function (bsc#1158954).
  o PCI/MSI: Fix incorrect MSI-X masking on resume (bsc#1051510).
  o PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() (bsc#
  o PCI/PM: Clear PCIe PME Status even for legacy power management (bsc#
  o PCI/PME: Fix possible use-after-free on remove (git-fixes).
  o PCI/PTM: Remove spurious "d" from granularity message (bsc#1051510).
  o PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 (bsc#1051510).
  o PCI: Fix Intel ACS quirk UPDCR register address (bsc#1051510).
  o PCI: dwc: Fix find_next_bit() usage (bsc#1051510).
  o PCI: pciehp: Avoid returning prematurely from sysfs requests (git-fixes).
  o PCI: pciehp: Do not disable interrupt twice on suspend (bsc#1111666).
  o PCI: rcar: Fix missing MACCTLR register setting in initialization sequence
  o PCI: sysfs: Ignore lockdep for remove attribute (git-fixes).
  o PCI: tegra: Enable Relaxed Ordering only for Tegra20 and Tegra30
  o PM / AVS: SmartReflex: NULL check before some freeing functions is not
    needed (bsc#1051510).
  o PM / Domains: Deal with multiple states but no governor in genpd (bsc#
  o PM / devfreq: Check NULL governor in available_governors_show (git-fixes).
  o PM / devfreq: Lock devfreq in trans_stat_show (git-fixes).
  o PM / devfreq: exynos-bus: Correct clock enable sequence (bsc#1051510).
  o PM / devfreq: passive: Use non-devm notifiers (bsc#1051510).
  o PM / devfreq: passive: fix compiler warning (bsc#1051510).
  o PM / hibernate: Check the success of generating md5 digest before
    hibernation (bsc#1051510).
  o RDMA/bnxt_re: Enable SRIOV VF support on Broadcom's 57500 adapter series
  o RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (bsc#
  o RDMA/bnxt_re: Fix missing le16_to_cpu (bsc#1157895).
  o RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (bsc#1157115)
  o USB: chaoskey: fix error case of a timeout (git-fixes).
  o USB: misc: appledisplay: fix backlight update_status return code (bsc#
  o USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P (bsc#1051510).
  o USB: serial: mos7720: fix remote wakeup (git-fixes).
  o USB: serial: mos7840: add USB ID to support Moxa UPort 2210 (bsc#1051510).
  o USB: serial: mos7840: fix remote wakeup (git-fixes).
  o USB: serial: option: add support for DW5821e with eSIM support (bsc#
  o USB: serial: option: add support for Foxconn T77W968 LTE modules (bsc#
  o acpi/nfit, device-dax: Identify differentiated memory with a unique
    numa-node (bsc#1158071).
  o appledisplay: fix error handling in the scheduled work (git-fixes).
  o ata: ep93xx: Use proper enums for directions (bsc#1051510).
  o ath10k: Correct error handling of dma_map_single() (bsc#1111666).
  o ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem (bsc#
  o ath10k: fix vdev-start timeout on error (bsc#1051510).
  o ath6kl: Fix off by one error in scan completion (bsc#1051510).
  o ath9k: fix reporting calculated new FFT upper max (bsc#1051510).
  o ath9k_hw: fix uninitialized variable data (bsc#1051510).
  o atl1e: checking the status of atl1e_write_phy_reg (bsc#1051510).
  o audit: Allow auditd to set pid to 0 to end auditing (bsc#1158094).
  o backlight: lm3639: Unconditionally call led_classdev_unregister (bsc#
  o bnxt_en: Update firmware interface spec. to (bsc#1157115)
  o bnxt_en: Update firmware interface to (bsc#1157115)
  o bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() (bsc#1083647).
  o bpf: Make use of probe_user_write in probe write helper (bsc#1083647).
  o brcmfmac: fix full timeout waiting for action frame on-channel tx (bsc#
  o brcmfmac: reduce timeout for action frame scan (bsc#1051510).
  o brcmfmac: set F2 watermark to 256 for 4373 (bsc#1111666).
  o brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373 (bsc#1111666).
  o brcmsmac: AP mode: update beacon when TIM changes (bsc#1051510).
  o brcmsmac: never log "tid x is not agg'able" by default (bsc#1051510).
  o can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
  o can: peak_usb: report bus recovery as well (bsc#1051510).
  o can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error (bsc#
  o can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error
  o can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on
    queue overflow or OOM (bsc#1051510).
  o can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate
    error value in case of errors (bsc#1051510).
  o cfg80211: Prevent regulatory restore during STA disconnect in concurrent
    interfaces (bsc#1051510).
  o cfg80211: call disconnect_wk when AP stops (bsc#1051510).
  o cgroup,writeback: do not switch wbs immediately on dead wbs if the memcg is
    dead (bsc#1158645).
  o cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bsc#
    1144333, bsc#1154355).
  o cifs: Fix missed free operations (bsc#1144333, bsc#1154355).
  o cifs: Use kzfree() to zero out the password (bsc#1144333, bsc#1154355).
  o cifs: add a helper to find an existing readable handle to a file (bsc#
    1144333, bsc#1154355).
  o cifs: create a helper to find a writeable handle by path name (bsc#1144333,
  o cifs: move cifsFileInfo_put logic into a work-queue (bsc#1144333, bsc#
  o cifs: prepare SMB2_Flush to be usable in compounds (bsc#1144333, bsc#
  o cifs: set domainName when a domain-key is used in multiuser (bsc#1144333,
  o cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic
    (bsc#1144333, bsc#1154355).
  o cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#
    1144333, bsc#1154355).
  o clk: pxa: fix one of the pxa RTC clocks (bsc#1051510).
  o clk: samsung: Use clk_hw API for calling clk framework from clk notifiers
  o clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/
    resume (bsc#1051510).
  o clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines (bsc#
  o clocksource/drivers/sh_cmt: Fixup for 64-bit machines (bsc#1051510).
  o compat_ioctl: handle SIOCOUTQNSD (bsc#1051510).
  o cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() (bsc#1051510).
  o cpufreq: Skip cpufreq resume if it's not suspended (bsc#1051510).
  o cpufreq: intel_pstate: Register when ACPI PCCH is present (bsc#1051510).
  o cpufreq: powernv: fix stack bloat and hard limit on number of CPUs (bsc#
  o cpufreq: ti-cpufreq: add missing of_node_put() (bsc#1051510).
  o cpupower : Fix cpupower working when cpu0 is offline (bsc#1051510).
  o cpupower : frequency-set -r option misses the last cpu in related cpu list
  o cpupower: Fix coredump on VMWare (bsc#1051510).
  o crypto: af_alg - cast ki_complete ternary op to int (bsc#1051510).
  o crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr (bsc#1051510).
  o crypto: ecdh - fix big endian bug in ECC library (bsc#1051510).
  o crypto: geode-aes - switch to skcipher for cbc(aes) fallback (bsc#1051510).
  o crypto: mxc-scc - fix build warnings on ARM64 (bsc#1051510).
  o crypto: mxs-dcp - Fix AES issues (bsc#1051510).
  o crypto: mxs-dcp - Fix SHA null hashes and output length (bsc#1051510).
  o crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash'
    static (bsc#1051510).
  o crypto: tgr192 - remove unneeded semicolon (bsc#1051510).
  o cw1200: Fix a signedness bug in cw1200_load_firmware() (bsc#1051510).
  o cxgb4: fix panic when attaching to ULD fail (networking-stable-19_11_05).
  o dccp: do not leak jiffies on the wire (networking-stable-19_11_05).
  o dlm: do not leak kernel pointer to userspace (bsc#1051510).
  o dlm: fix invalid free (bsc#1051510).
  o dma-buf: Fix memory leak in sync_file_merge() (git-fixes).
  o dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction (bsc#
  o dmaengine: imx-sdma: fix use-after-free on probe error path (bsc#1051510).
  o dmaengine: rcar-dmac: set scatter/gather max segment size (bsc#1051510).
  o dmaengine: timb_dma: Use proper enum in td_prep_slave_sg (bsc#1051510).
  o docs: move protection-keys.rst to the core-api book (bsc#1078248).
  o drivers/base/platform.c: kmemleak ignore a known leak (bsc#1051510).
  o drivers/regulator: fix a missing check of return value (bsc#1051510).
  o drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on unsupported (bsc#
  o drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1111666).
  o drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 (bsc#1114279)
  o drm/i915/gvt: fix dropping obj reference twice (bsc#1111666).
  o drm/i915/pmu: "Frequency" is reported as accumulated cycles (bsc#1112178)
  o drm/i915: Do not dereference request if it may have been retired when (bsc#
  o drm/i915: Fix and improve MCR selection logic (bsc#1112178)
  o drm/i915: Lock the engine while dumping the active request (bsc#1142635)
  o drm/i915: Reacquire priolist cache after dropping the engine lock (bsc#
  o drm/i915: Skip modeset for cdclk changes if possible (bsc#1156928).
  o drm/msm: fix memleak on release (bsc#1111666).
  o drm/msm: include linux/sched/task.h (bsc#1112178)
  o drm/radeon: fix bad DMA from INTERRUPT_CNTL2 (git-fixes).
  o drm/rockchip: Round up _before_ giving to the clock framework (bsc#1114279)
  o drm: fix module name in edid_firmware log message (bsc#1113956)
  o drm: panel-lvds: Potential Oops in probe error handling (bsc#1114279)
  o e1000e: Add support for Comet Lake (bsc#1158533).
  o e1000e: Add support for Tiger Lake (bsc#1158533).
  o e1000e: Drop unnecessary __E1000_DOWN bit twiddling (bsc#1158049).
  o e1000e: Increase pause and refresh time (bsc#1158533).
  o e1000e: Use dev_get_drvdata where possible (bsc#1158049).
  o e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm
  o ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable (bsc#
  o ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
  o ext4: fix punch hole for inline_data file systems (bsc#1158640).
  o ext4: update direct I/O read lock pattern for IOCB_NOWAIT (bsc#1158639).
  o fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() (bsc#1051510).
  o fbdev: sbuslib: use checked version of put_user() (bsc#1051510).
  o sctp: Fix regression (bsc#1158082).
  o ftrace: Introduce PERMANENT ftrace_ops flag (bsc#1120853).
  o gpio: mpc8xxx: Do not overwrite default irq_set_type callback (bsc#
  o gpio: syscon: Fix possible NULL ptr usage (bsc#1051510).
  o gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist
  o gsmi: Fix bug in append_to_eventlog sysfs handler (bsc#1051510).
  o hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros (bsc#1051510).
  o hwmon: (pwm-fan) Silence error on probe deferral (bsc#1051510).
  o hwrng: omap - Fix RNG wait loop timeout (bsc#1051510).
  o hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
  o hwrng: stm32 - fix unbalanced pm_runtime_enable (bsc#1051510).
  o hypfs: Fix error number left in struct pointer member (bsc#1051510).
  o i2c: of: Try to find an I2C adapter matching the parent (bsc#1129770)
  o i40e: enable X710 support (bsc#1151067).
  o ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
  o ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
  o ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
  o ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
  o ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
  o ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
  o ibmvnic: Terminate waiting device threads after loss of service (bsc#
    1155689 ltc#182047).
  o ibmvnic: Terminate waiting device threads after loss of service (bsc#
    1155689 ltc#182047).
  o idr: Fix idr_alloc_u32 on 32-bit systems (bsc#1051510).
  o iio: imu: adis16480: assign bias value only if operation succeeded
  o iio: imu: adis: assign read val in debugfs hook only if op successful
  o iio: imu: adis: assign value only if return code zero in read funcs
  o include/linux/bitrev.h: fix constant bitrev (bsc#1114279).
  o inet: stop leaking jiffies on the wire (networking-stable-19_11_05).
  o intel_th: Fix a double put_device() in error path (git-fixes).
  o iomap: Fix pipe page leakage during splicing (bsc#1158651).
  o iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros (bsc#
  o ipmi: Do not allow device module unload when in use (bsc#1154768).
  o ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
  o iwlwifi: check kasprintf() return value (bsc#1051510).
  o iwlwifi: mvm: do not send keys when entering D3 (bsc#1051510).
  o iwlwifi: mvm: force TCM re-evaluation on TCM resume (bsc#1111666).
  o iwlwifi: pcie: fix erroneous print (bsc#1111666).
  o kABI fix for "ipmi: Do not allow device module unload when in use" (bsc#
  o kABI fixup alloc_dax_region (bsc#1158071).
  o kABI workaround for ath10k last_wmi_vdev_start_status field (bsc#1051510).
  o kABI workaround for struct mwifiex_power_cfg change (bsc#1051510).
  o kABI: Fix for "KVM: x86: Introduce vcpu->arch.xsaves_enabled" (bsc#
  o kabi: s390: struct subchannel (git-fixes).
  o kexec: bail out upon SIGKILL when allocating memory (git-fixes).
  o libnvdimm: Export the target_node attribute for regions and namespaces (bsc
  o livepatch: Allow to distinguish different version of system state changes
  o livepatch: Basic API to track system state changes (bsc#1071995 ).
  o livepatch: Keep replaced patches until post_patch callback is called (bsc#
  o livepatch: Selftests of the API for tracking system state changes (bsc#
  o loop: add ioctl for changing logical block size (bsc#1108043).
  o loop: fix no-unmap write-zeroes request behavior (bsc#1158637).
  o mISDN: Fix type of switch control variable in ctrl_teimanager (bsc#
  o mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED (bsc#1051510).
  o mac80211: fix station inactive_time shortly after boot (bsc#1051510).
  o mac80211: minstrel: fix CCK rate group streams value (bsc#1051510).
  o mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode (bsc#
  o macvlan: schedule bc_work even if error (bsc#1051510).
  o mailbox: mailbox-test: fix null pointer if no mmio (bsc#1051510).
  o mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone
  o media: bdisp: fix memleak on release (git-fixes).
  o media: cxusb: detect cxusb_ctrl_msg error in query (bsc#1051510).
  o media: exynos4-is: Fix recursive locking in isp_video_release()
  o media: flexcop-usb: ensure -EIO is returned on error condition (git-fixes).
  o media: imon: invalid dereference in imon_touch_event (bsc#1051510).
  o media: isif: fix a NULL pointer dereference bug (bsc#1051510).
  o media: ov6650: Fix control handler not freed on init error (git-fixes).
  o media: pxa_camera: Fix check for pdev->dev.of_node (bsc#1051510).
  o media: radio: wl1273: fix interrupt masking on release (git-fixes).
  o media: ti-vpe: vpe: Fix Motion Vector vpdma stride (git-fixes).
  o media: usbvision: Fix races among open, close, and disconnect (bsc#
  o media: uvcvideo: Fix error path in control parsing failure (git-fixes).
  o media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE (bsc#1051510).
  o media: vim2m: Fix abort issue (git-fixes).
  o media: vivid: Set vid_cap_streaming and vid_out_streaming to true (bsc#
  o mei: bus: prefix device names on bus with the bus name (bsc#1051510).
  o mei: fix modalias documentation (git-fixes).
  o mei: samples: fix a signedness bug in amt_host_if_call() (bsc#1051510).
  o mfd: intel-lpss: Add default I2C device properties for Gemini Lake (bsc#
  o mfd: max8997: Enale irq-wakeup unconditionally (bsc#1051510).
  o mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values (bsc#1051510).
  o mfd: palmas: Assign the right powerhold mask for tps65917 (git-fixes).
  o mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable
  o mlx5: add parameter to disable enhanced IPoIB (bsc#1142095)
  o mm, memory_hotplug: do not clear numa_node association after hot_remove
  o mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
    (git fixes (mm/gup)).
  o mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new
    zone (git fixes (mm/compaction)).
  o mm/debug.c: PageAnon() is true for PageKsm() pages (git fixes (mm/debug)).
  o mmc: core: fix wl1251 sdio quirks (git-fixes).
  o mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of
    pandora_wl1251_init_card (git-fixes).
  o mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail
  o mmc: sdio: fix wl1251 vendor id (git-fixes).
  o moduleparam: fix parameter description mismatch (bsc#1051510).
  o mt7601u: fix bbp version check in mt7601u_wait_bbp_ready (bsc#1051510).
  o mt76x0: init hw capabilities.
  o mtd: spear_smi: Fix Write Burst mode (bsc#1051510).
  o mtd: spi-nor: fix silent truncation in spi_nor_read() (bsc#1051510).
  o mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510).
  o mwifiex: debugfs: correct histogram spacing, formatting (bsc#1051510).
  o mwifiex: fix potential NULL dereference and use after free (bsc#1051510).
  o nbd: prevent memory leak (bsc#1158638).
  o net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047).
  o net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (bsc
    #1089644, ltc#166495, ltc#165544, git-fixes).
  o net/mlx4_core: Dynamically set guaranteed amount of counters per VF
  o net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget
  o net/smc: Fix error path in smc_init (git-fixes).
  o net/smc: Fix error path in smc_init (git-fixes).
  o net/smc: avoid fallback in case of non-blocking connect (git-fixes).
  o net/smc: avoid fallback in case of non-blocking connect (git-fixes).
  o net/smc: do not schedule tx_work in SMC_CLOSED state (git-fixes).
  o net/smc: fix SMCD link group creation with VLAN id (git-fixes).
  o net/smc: fix closing of fallback SMC sockets (git-fixes).
  o net/smc: fix closing of fallback SMC sockets (git-fixes).
  o net/smc: fix ethernet interface refcounting (git-fixes).
  o net/smc: fix ethernet interface refcounting (git-fixes).
  o net/smc: fix fastopen for non-blocking connect() (git-fixes).
  o net/smc: fix refcount non-blocking connect() -part 2 (git-fixes).
  o net/smc: fix refcounting for non-blocking connect() (git-fixes).
  o net/smc: fix refcounting for non-blocking connect() (git-fixes).
  o net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes).
  o net/smc: keep vlan_id for SMC-R in smc_listen_work() (git-fixes).
  o net/smc: original socket family in inet_sock_diag (git-fixes).
  o net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
  o net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
  o net: add skb_queue_empty_lockless() (networking-stable-19_11_05).
  o net: annotate accesses to sk->sk_incoming_cpu (networking-stable-19_11_05).
  o net: annotate lockless accesses to sk->sk_napi_id
  o net: avoid potential infinite loop in tc_ctl_action()
  o net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
  o net: bcmgenet: Set phydev->dev_flags only for internal PHYs
  o net: bcmgenet: reset 40nm EPHY on energy detect
  o net: dsa: b53: Do not clear existing mirrored port mask
  o net: dsa: bcm_sf2: Fix IMP setup for port different than 8
  o net: dsa: fix switch tree list (networking-stable-19_11_05).
  o net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum
  o net: fix sk_page_frag() recursion from memory reclaim
  o net: hisilicon: Fix ping latency when deal with high throughput
  o net: phy: Check against net_device being NULL (bsc#1051510).
  o net: phy: Fix not to call phy_resume() if PHY is not attached (bsc#
  o net: phy: Fix the register offsets in Broadcom iProc mdio mux driver (bsc#
  o net: phy: at803x: Change error to EINVAL for invalid MAC (bsc#1051510).
  o net: phy: broadcom: Use strlcpy() for ethtool::get_strings (bsc#1051510).
  o net: phy: dp83867: Set up RGMII TX delay (bsc#1051510).
  o net: phy: fixed_phy: Fix fixed_phy not checking GPIO (bsc#1051510).
  o net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1051510).
  o net: phy: marvell: clear wol event before setting it (bsc#1051510).
  o net: phy: meson-gxl: check phy_write return value (bsc#1051510).
  o net: phy: micrel: Use strlcpy() for ethtool::get_strings (bsc#1051510).
  o net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 (bsc#1051510).
  o net: phy: mscc: read 'vsc8531,vddmac' as an u32 (bsc#1051510).
  o net: phy: xgene: disable clk on error paths (bsc#1051510).
  o net: phy: xgmiitorgmii: Check phy_driver ready before accessing (bsc#
  o net: phy: xgmiitorgmii: Check read_status results (bsc#1051510).
  o net: phy: xgmiitorgmii: Support generic PHY status read (bsc#1051510).
  o net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
  o net: use skb_queue_empty_lockless() in busy poll contexts
  o net: use skb_queue_empty_lockless() in poll() handlers
  o net: wireless: ti: remove local VENDOR_ID and DEVICE_ID definitions
  o net: wireless: ti: wl1251 use new SDIO_VENDOR_ID_TI_WL1251 definition
  o netns: fix GFP flags in rtnl_net_notifyid() (networking-stable-19_11_05).
  o nfc: port100: handle command failure cleanly (git-fixes).
  o nl80211: Fix a GET_KEY reply attribute (bsc#1051510).
  o ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644).
  o ocfs2: fix passing zero to 'PTR_ERR' warning (bsc#1158649).
  o openvswitch: fix flow command message size (git-fixes).
  o padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
  o phy: phy-twl4030-usb: fix denied runtime access (git-fixes).
  o pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args
    call (git-fixes).
  o pinctrl: at91: do not use the same irqchip with multiple gpiochips
  o pinctrl: lewisburg: Update pin list according to v1.1v6 (bsc#1051510).
  o pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT (bsc#
  o pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues (bsc#1051510).
  o pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup
    controller init (bsc#1051510).
  o pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup
    controller init (bsc#1051510).
  o pinctrl: samsung: Fix device node refcount leaks in init code (bsc#
  o pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' (bsc#
  o pinctrl: xway: fix gpio-hog related boot issues (bsc#1051510).
  o pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD (bsc#
  o pktcdvd: remove warning on attempting to register non-passthrough dev (bsc#
  o platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size
  o platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer (bsc#
  o powerpc/book3s64/hash: Use secondary hash for bolted mapping if the primary
    is full (bsc#1157778 ltc#182520).
  o powerpc/bpf: Fix tail call implementation (bsc#1157698).
  o powerpc/pseries/mobility: notify network peers after migration (bsc#1152631
  o powerpc/pseries: Do not fail hash page table insert for bolted mapping (bsc
    #1157778 ltc#182520).
  o powerpc/pseries: Do not opencode HPTE_V_BOLTED (bsc#1157778 ltc#182520).
  o ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510).
  o printk: Export console_printk (bsc#1071995).
  o pwm: Clear chip_data in pwm_put() (bsc#1051510).
  o pwm: clps711x: Fix period calculation (bsc#1051510).
  o pwm: lpss: Only set update bit if we are actually changing the settings
  o r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2
  o regulator: ab8500: Remove AB8505 USB regulator (bsc#1051510).
  o regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id (bsc#
  o regulator: tps65910: fix a missing check of return value (bsc#1051510).
  o remoteproc: Check for NULL firmwares in sysfs interface (git-fixes).
  o reset: Fix potential use-after-free in __of_reset_control_get() (bsc#
  o reset: fix of_reset_simple_xlate kerneldoc comment (bsc#1051510).
  o reset: fix reset_control_get_exclusive kerneldoc comment (bsc#1051510).
  o reset: fix reset_control_ops kerneldoc comment (bsc#1051510).
  o resource: fix locking in find_next_iomem_res() (bsc#1114279).
  o rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX (bnc#1155921) Let
    COMPRESS_VMLINUX determine the compression used for vmlinux. By default
    (historically), it is gz.
  o rpm/kernel-source.spec.in: Fix dependency of kernel-devel (bsc#1154043)
  o rt2800: remove errornous duplicate condition (git-fixes).
  o rtl818x: fix potential use after free (bsc#1051510).
  o rtlwifi: Remove unnecessary NULL check in rtl_regd_init (bsc#1051510).
  o rtlwifi: btcoex: Use proper enumerated types for Wi-Fi only interface (bsc#
  o rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information (bsc#1051510).
  o rtlwifi: rtl8192de: Fix missing callback that tests for hw release of
    buffer (bsc#1111666).
  o rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address (bsc#
  o rtlwifi: rtl8192de: Fix missing enable interrupt flag (bsc#1051510).
  o s390/bpf: fix lcgr instruction encoding (bsc#1051510).
  o s390/bpf: use 32-bit index for tail calls (bsc#1051510).
  o s390/cio: avoid calling strlen on null pointer (bsc#1051510).
  o s390/cio: exclude subchannels with no parent from pseudo check (bsc#
  o s390/cio: fix virtio-ccw DMA without PV (git-fixes).
  o s390/cmm: fix information leak in cmm_timeout_handler() (bsc#1051510).
  o s390/idle: fix cpu idle time calculation (bsc#1051510).
  o s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported (bsc#
  o s390/process: avoid potential reading of freed stack (bsc#1051510).
  o s390/qdio: (re-)initialize tiqdio list entries (bsc#1051510).
  o s390/qdio: do not touch the dsci in tiqdio_add_input_queues() (bsc#
  o s390/qeth: clean up page frag creation (git-fixes).
  o s390/qeth: consolidate skb allocation (git-fixes).
  o s390/qeth: ensure linear access to packet headers (git-fixes).
  o s390/qeth: guard against runt packets (git-fixes).
  o s390/qeth: return proper errno on IO error (bsc#1051510).
  o s390/setup: fix boot crash for machine without EDAT-1 (bsc#1051510 bsc#
  o s390/setup: fix early warning messages (bsc#1051510 bsc#1140948).
  o s390/topology: avoid firing events before kobjs are created (bsc#1051510).
  o s390/zcrypt: fix memleak at release (git-fixes).
  o s390: fix stfle zero padding (bsc#1051510).
  o s390: vsie: Use effective CRYCBD.31 to check CRYCBD validity (git-fixes).
  o sched/fair: Add tmp_alone_branch assertion (bnc#1156462).
  o sched/fair: Fix O(nr_cgroups) in the load balancing path (bnc#1156462).
  o sched/fair: Fix insertion in rq->leaf_cfs_rq_list (bnc#1156462).
  o sched/fair: Optimize update_blocked_averages() (bnc#1156462).
  o sched/fair: WARN() and refuse to set buddy when !se->on_rq (bsc#1158132).
  o scsi: lpfc: use hdwq assigned cpu for allocation (bsc#1157160).
  o scsi: qla2xxx: Add debug dump of LOGO payload and ELS IOCB (bsc#1157424,
    bsc#1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (bsc#
    1157424, bsc#1157908, bsc#1157169, bsc#1151548).
  o scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424, bsc#1157908. bsc#
    1117169, bsc#1151548).
  o scsi: qla2xxx: Change discovery state before PLOGI (bsc#1157424, bsc#
    1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Configure local loop for N2N target (bsc#1157424, bsc#
    1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Correctly retrieve and interpret active flash region (bsc#
    1157424, bsc#1157908, bsc#1157169, bsc#1151548).
  o scsi: qla2xxx: Do not call qlt_async_event twice (bsc#1157424, bsc#1157908.
    bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Do not defer relogin unconditonally (bsc#1157424, bsc#
    1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Drop superfluous INIT_WORK of del_work (bsc#1157424, bsc#
    1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length (bsc#1157424, bsc
    #1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB
    Cmd (bsc#1157424, bsc#1157908, bsc#1157169, bsc#1151548).
  o scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI (bsc#1157424, bsc#
    1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Ignore NULL pointer in tcm_qla2xxx_free_mcmd (bsc#1157424,
    bsc#1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bsc#1157424, bsc#
    1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Initialize free_work before flushing it (bsc#1157424, bsc#
    1157908. bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bsc#1157424, bsc#1157908.
    bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: Use correct number of vectors for online CPUs (bsc#1137223).
  o scsi: qla2xxx: Use explicit LOGO in target mode (bsc#1157424, bsc#1157908.
    bsc#1117169, bsc#1151548).
  o scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan (bsc#
  o scsi: qla2xxx: unregister ports after GPN_FT failure (bsc#1138039).
  o scsi: zfcp: fix request object use-after-free in send path causing wrong
    traces (bsc#1051510).
  o scsi: zfcp: trace channel log even for FCP command responses (git-fixes).
  o sctp: change sctp_prot .no_autobind with true (networking-stable-19_10_24).
  o selftests: net: reuseport_dualstack: fix uninitalized parameter
  o serial: max310x: Fix tx_empty() callback (bsc#1051510).
  o signal: Properly set TRACE_SIGNAL_LOSE_INFO in __send_signal (bsc#1157463).
  o slip: Fix use-after-free Read in slip_open (bsc#1051510).
  o smb3: Incorrect size for netname negotiate context (bsc#1144333, bsc#
  o smb3: fix leak in "open on server" perf counter (bsc#1144333, bsc#1154355).
  o smb3: fix signing verification of large reads (bsc#1144333, bsc#1154355).
  o smb3: fix unmount hang in open_shroot (bsc#1144333, bsc#1154355).
  o smb3: improve handling of share deleted (and share recreated) (bsc#1144333,
  o spi: atmel: Fix CS high support (bsc#1051510).
  o spi: atmel: fix handling of cs_change set on non-last xfer (bsc#1051510).
  o spi: fsl-lpspi: Prevent FIFO under/overrun by default (bsc#1051510).
  o spi: mediatek: use correct mata->xfer_len when in fifo transfer (bsc#
  o spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch (bsc#
  o spi: omap2-mcspi: Set FIFO DMA trigger level to word length (bsc#1051510).
  o spi: rockchip: initialize dma_slave_config properly (bsc#1051510).
  o spi: spidev: Fix OF tree warning logic (bsc#1051510).
  o staging: rtl8192e: fix potential use after free (bsc#1051510).
  o staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids (bsc#
  o staging: rtl8723bs: Drop ACPI device ids (bsc#1051510).
  o stm class: Fix a double free of stm_source_device (bsc#1051510).
  o supported.conf:
  o synclink_gt(): fix compat_ioctl() (bsc#1051510).
  o tcp_nv: fix potential integer overflow in tcpnv_acked (bsc#1051510).
  o thermal: Fix deadlock in thermal thermal_zone_device_check (bsc#1051510).
  o thunderbolt: Fix lockdep circular locking depedency warning (git-fixes).
  o tipc: Avoid copying bytes beyond the supplied data (bsc#1051510).
  o tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
  o tipc: check link name with right length in tipc_nl_compat_link_set (bsc#
  o tipc: check msg->req data len in tipc_nl_compat_bearer_disable (bsc#
  o tipc: compat: allow tipc commands without arguments (bsc#1051510).
  o tipc: fix a missing check of genlmsg_put (bsc#1051510).
  o tipc: fix link name length check (bsc#1051510).
  o tipc: fix link name length check (git-fixes).
  o tipc: fix memory leak in tipc_nl_compat_publ_dump (bsc#1051510).
  o tipc: fix skb may be leaky in tipc_link_input (bsc#1051510).
  o tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path (bsc#
  o tipc: fix wrong timeout input for tipc_wait_for_cond() (bsc#1051510).
  o tipc: handle the err returned from cmd header function (bsc#1051510).
  o tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb (bsc#1051510).
  o tipc: tipc clang warning (bsc#1051510).
  o tools/power/x86/intel-speed-select: Fix a read overflow in
    isst_set_tdp_level_msr() (bsc#1111666).
  o tpm: add check after commands attribs tab allocation (bsc#1051510).
  o tty: serial: fsl_lpuart: use the sg count from dma_map_sg (bsc#1051510).
  o tty: serial: imx: use the sg count from dma_map_sg (bsc#1051510).
  o tty: serial: msm_serial: Fix flow control (bsc#1051510).
  o tty: serial: pch_uart: correct usage of dma_unmap_sg (bsc#1051510).
  o tun: fix data-race in gro_normal_list() (bsc#1111666).
  o uaccess: Add non-pagefault user-space write function (bsc#1083647).
  o ubifs: Correctly initialize c->min_log_bytes (bsc#1158641).
  o ubifs: Limit the number of pages in shrink_liability (bsc#1158643).
  o udp: use skb_queue_empty_lockless() (networking-stable-19_11_05).
  o usb-serial: cp201x: support Mark-10 digital force gauge (bsc#1051510).
  o usb: dwc3: gadget: Check ENBLSLPM before sending ep command (bsc#1051510).
  o usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in
    fotg210_get_status() (bsc#1051510).
  o usbip: tools: fix fd leakage in the function of read_attr_usbip_status
  o vfio-ccw: Fix misleading comment when setting orb.cmd.c64 (bsc#1051510).
  o vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn (bsc#
  o vfio: ccw: push down unsupported IDA check (bsc#1156471 LTC#182362).
  o vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 (bsc#
  o video/hdmi: Fix AVI bar unpack (git-fixes).
  o video: backlight: Add devres versions of of_find_backlight (bsc#1090888)
    Taken for 6010831dde5.
  o video: backlight: Add of_find_backlight helper in backlight.c (bsc#1090888)
    Taken for 6010831dde5.
  o virtio/s390: fix race on airq_areas (bsc#1051510).
  o virtio_console: allocate inbufs in add_port() only if it is needed
  o virtio_ring: fix return code on DMA mapping fails (git-fixes).
  o vmxnet3: turn off lro when rxcsum is disabled (bsc#1157499).
  o vsock/virtio: fix sock refcnt holding during the shutdown (git-fixes).
  o watchdog: meson: Fix the wrong value of left time (bsc#1051510).
  o watchdog: sama5d4: fix WDD value to be always set to max (bsc#1051510).
  o wil6210: fix L2 RX status handling (bsc#1111666).
  o wil6210: fix RGF_CAF_ICR address for Talyn-MB (bsc#1111666).
  o wil6210: fix debugfs memory access alignment (bsc#1111666).
  o wil6210: fix locking in wmi_call (bsc#1111666).
  o x86/alternatives: Add int3_emulate_call() selftest (bsc#1153811).
  o x86/alternatives: Fix int3_emulate_call() selftest stack corruption (bsc#
  o x86/mm/pkeys: Fix typo in Documentation/x86/protection-keys.txt (bsc#
  o x86/pkeys: Update documentation about availability (bsc#1078248).
  o x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (bsc#
  o x86/speculation: Fix incorrect MDS/TAA mitigation status (bsc#1114279).
  o x86/speculation: Fix redundant MDS mitigation message (bsc#1114279).
  o xfs: Sanity check flags of Q_XQUOTARM call (bsc#1158652).
  o temporarily disable debug_pagealloc (bsc#1159096).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Workstation Extension 12-SP5:
    zypper in -t patch SUSE-SLE-WE-12-SP5-2019-3389=1
  o SUSE Linux Enterprise Software Development Kit 12-SP5:
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2019-3389=1
  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2019-3389=1
  o SUSE Linux Enterprise Live Patching 12-SP5:
    zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2019-3389=1
  o SUSE Linux Enterprise High Availability 12-SP5:
    zypper in -t patch SUSE-SLE-HA-12-SP5-2019-3389=1

Package List:

  o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
  o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
    s390x x86_64):
  o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
  o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
  o SUSE Linux Enterprise Server 12-SP5 (noarch):
  o SUSE Linux Enterprise Server 12-SP5 (x86_64):
  o SUSE Linux Enterprise Server 12-SP5 (s390x):
  o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le x86_64):
  o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):


  o https://www.suse.com/security/cve/CVE-2019-14901.html
  o https://www.suse.com/security/cve/CVE-2019-15213.html
  o https://www.suse.com/security/cve/CVE-2019-16746.html
  o https://www.suse.com/security/cve/CVE-2019-19051.html
  o https://www.suse.com/security/cve/CVE-2019-19066.html
  o https://www.suse.com/security/cve/CVE-2019-19077.html
  o https://www.suse.com/security/cve/CVE-2019-19332.html
  o https://www.suse.com/security/cve/CVE-2019-19338.html
  o https://www.suse.com/security/cve/CVE-2019-19523.html
  o https://www.suse.com/security/cve/CVE-2019-19524.html
  o https://www.suse.com/security/cve/CVE-2019-19525.html
  o https://www.suse.com/security/cve/CVE-2019-19526.html
  o https://www.suse.com/security/cve/CVE-2019-19527.html
  o https://www.suse.com/security/cve/CVE-2019-19528.html
  o https://www.suse.com/security/cve/CVE-2019-19529.html
  o https://www.suse.com/security/cve/CVE-2019-19530.html
  o https://www.suse.com/security/cve/CVE-2019-19531.html
  o https://www.suse.com/security/cve/CVE-2019-19532.html
  o https://www.suse.com/security/cve/CVE-2019-19533.html
  o https://www.suse.com/security/cve/CVE-2019-19534.html
  o https://www.suse.com/security/cve/CVE-2019-19535.html
  o https://www.suse.com/security/cve/CVE-2019-19536.html
  o https://www.suse.com/security/cve/CVE-2019-19537.html
  o https://www.suse.com/security/cve/CVE-2019-19543.html
  o https://bugzilla.suse.com/1051510
  o https://bugzilla.suse.com/1071995
  o https://bugzilla.suse.com/1078248
  o https://bugzilla.suse.com/1083647
  o https://bugzilla.suse.com/1089644
  o https://bugzilla.suse.com/1090888
  o https://bugzilla.suse.com/1108043
  o https://bugzilla.suse.com/1111666
  o https://bugzilla.suse.com/1112178
  o https://bugzilla.suse.com/1113956
  o https://bugzilla.suse.com/1114279
  o https://bugzilla.suse.com/1115026
  o https://bugzilla.suse.com/1117169
  o https://bugzilla.suse.com/1119461
  o https://bugzilla.suse.com/1119465
  o https://bugzilla.suse.com/1120853
  o https://bugzilla.suse.com/1129770
  o https://bugzilla.suse.com/1137223
  o https://bugzilla.suse.com/1138039
  o https://bugzilla.suse.com/1138190
  o https://bugzilla.suse.com/1140948
  o https://bugzilla.suse.com/1142095
  o https://bugzilla.suse.com/1142635
  o https://bugzilla.suse.com/1144333
  o https://bugzilla.suse.com/1146519
  o https://bugzilla.suse.com/1146544
  o https://bugzilla.suse.com/1151067
  o https://bugzilla.suse.com/1151548
  o https://bugzilla.suse.com/1152107
  o https://bugzilla.suse.com/1152631
  o https://bugzilla.suse.com/1153811
  o https://bugzilla.suse.com/1154043
  o https://bugzilla.suse.com/1154355
  o https://bugzilla.suse.com/1154768
  o https://bugzilla.suse.com/1154905
  o https://bugzilla.suse.com/1154916
  o https://bugzilla.suse.com/1155689
  o https://bugzilla.suse.com/1155921
  o https://bugzilla.suse.com/1156462
  o https://bugzilla.suse.com/1156471
  o https://bugzilla.suse.com/1156928
  o https://bugzilla.suse.com/1157042
  o https://bugzilla.suse.com/1157115
  o https://bugzilla.suse.com/1157160
  o https://bugzilla.suse.com/1157169
  o https://bugzilla.suse.com/1157171
  o https://bugzilla.suse.com/1157303
  o https://bugzilla.suse.com/1157424
  o https://bugzilla.suse.com/1157463
  o https://bugzilla.suse.com/1157499
  o https://bugzilla.suse.com/1157698
  o https://bugzilla.suse.com/1157778
  o https://bugzilla.suse.com/1157895
  o https://bugzilla.suse.com/1157908
  o https://bugzilla.suse.com/1158049
  o https://bugzilla.suse.com/1158063
  o https://bugzilla.suse.com/1158064
  o https://bugzilla.suse.com/1158065
  o https://bugzilla.suse.com/1158066
  o https://bugzilla.suse.com/1158067
  o https://bugzilla.suse.com/1158068
  o https://bugzilla.suse.com/1158071
  o https://bugzilla.suse.com/1158082
  o https://bugzilla.suse.com/1158094
  o https://bugzilla.suse.com/1158132
  o https://bugzilla.suse.com/1158381
  o https://bugzilla.suse.com/1158394
  o https://bugzilla.suse.com/1158398
  o https://bugzilla.suse.com/1158407
  o https://bugzilla.suse.com/1158410
  o https://bugzilla.suse.com/1158413
  o https://bugzilla.suse.com/1158417
  o https://bugzilla.suse.com/1158427
  o https://bugzilla.suse.com/1158445
  o https://bugzilla.suse.com/1158533
  o https://bugzilla.suse.com/1158637
  o https://bugzilla.suse.com/1158638
  o https://bugzilla.suse.com/1158639
  o https://bugzilla.suse.com/1158640
  o https://bugzilla.suse.com/1158641
  o https://bugzilla.suse.com/1158643
  o https://bugzilla.suse.com/1158644
  o https://bugzilla.suse.com/1158645
  o https://bugzilla.suse.com/1158646
  o https://bugzilla.suse.com/1158647
  o https://bugzilla.suse.com/1158649
  o https://bugzilla.suse.com/1158651
  o https://bugzilla.suse.com/1158652
  o https://bugzilla.suse.com/1158823
  o https://bugzilla.suse.com/1158824
  o https://bugzilla.suse.com/1158827
  o https://bugzilla.suse.com/1158834
  o https://bugzilla.suse.com/1158893
  o https://bugzilla.suse.com/1158900
  o https://bugzilla.suse.com/1158903
  o https://bugzilla.suse.com/1158904
  o https://bugzilla.suse.com/1158954
  o https://bugzilla.suse.com/1159024
  o https://bugzilla.suse.com/1159096

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967