-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.1812
         SUSE-SU-2020:1275-1 Security update for the Linux Kernel
                                22 May 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Root Compromise        -- Existing Account
                   Access Privileged Data -- Existing Account
                   Denial of Service      -- Existing Account
                   Reduced Security       -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-11609 CVE-2020-11608 CVE-2020-11494
                   CVE-2020-10942 CVE-2020-10720 CVE-2020-10690
                   CVE-2020-9383 CVE-2020-8992 CVE-2020-8649
                   CVE-2020-8648 CVE-2020-8647 CVE-2020-2732
                   CVE-2019-20096 CVE-2019-20054 CVE-2019-19966
                   CVE-2019-19965 CVE-2019-19768 CVE-2019-19767
                   CVE-2019-19447 CVE-2019-19319 CVE-2019-19066
                   CVE-2019-18675 CVE-2019-14897 CVE-2019-14896
                   CVE-2019-14615 CVE-2019-11091 CVE-2019-9458
                   CVE-2019-9455 CVE-2019-5108 CVE-2019-3701
                   CVE-2018-21008 CVE-2018-12130 CVE-2018-12127
                   CVE-2018-12126 CVE-2017-18255 

Reference:         ESB-2020.1779.2
                   ESB-2019.1708.3
                   ESB-2018.1921

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20201275-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:1275-1
Rating:            important
References:        #1056134 #1087813 #1120386 #1133147 #1137325 #1145929
                   #1149591 #1154118 #1154844 #1155689 #1157155 #1157157
                   #1157303 #1157804 #1158021 #1158642 #1158819 #1159199
                   #1159285 #1159297 #1159841 #1159908 #1159910 #1159911
                   #1159912 #1160195 #1161586 #1162227 #1162928 #1162929
                   #1162931 #1163508 #1163971 #1164009 #1164051 #1164069
                   #1164078 #1164846 #1165111 #1165311 #1165873 #1165881
                   #1165984 #1165985 #1167421 #1167423 #1167629 #1168075
                   #1168295 #1168424 #1168829 #1168854 #1170056 #1170345
                   #1170778 #1170847
Cross-References:  CVE-2017-18255 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130
                   CVE-2018-21008 CVE-2019-11091 CVE-2019-14615 CVE-2019-14896
                   CVE-2019-14897 CVE-2019-18675 CVE-2019-19066 CVE-2019-19319
                   CVE-2019-19447 CVE-2019-19767 CVE-2019-19768 CVE-2019-19965
                   CVE-2019-19966 CVE-2019-20054 CVE-2019-20096 CVE-2019-3701
                   CVE-2019-5108 CVE-2019-9455 CVE-2019-9458 CVE-2020-10690
                   CVE-2020-10720 CVE-2020-10942 CVE-2020-11494 CVE-2020-11608
                   CVE-2020-11609 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648
                   CVE-2020-8649 CVE-2020-8992 CVE-2020-9383
Affected Products:
                   SUSE OpenStack Cloud Crowbar 8
                   SUSE OpenStack Cloud 8
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP3-BCL
                   SUSE Linux Enterprise High Availability 12-SP3
                   SUSE Enterprise Storage 5
                   HPE Helion Openstack 8
______________________________________________________________________________

An update that solves 35 vulnerabilities and has 21 fixes is now available.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various securi=
ty
and bugfixes.

The following security bugs were fixed:

  o CVE-2020-11494: An issue was discovered in slc_bump in drivers/net/can/
    slcan.c, which allowed attackers to read uninitialized can_frame data,
    potentially containing sensitive information from kernel stack memory, if
    the configuration lacks CONFIG_INIT_STACK_ALL (bnc#1168424).
  o CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacks validation
    of an sk_family field, which might allow attackers to trigger kernel stack
    corruption via crafted system calls (bnc#1167629).
  o CVE-2020-8647: Fixed a use-after-free vulnerability in the vc_do_resize
    function in drivers/tty/vt/vt.c (bnc#1162929).
  o CVE-2020-8649: Fixed a use-after-free vulnerability in the
    vgacon_invert_region function in drivers/video/console/vgacon.c (bnc#
    1162931).
  o CVE-2020-9383: Fixed an issue in set_fdc in drivers/block/floppy.c, which
    leads to a wait_til_ready out-of-bounds read (bnc#1165111).
  o CVE-2019-9458: In the video driver there was a use after free due to a race
    condition. This could lead to local escalation of privilege with no
    additional execution privileges needed (bnc#1168295).
  o CVE-2019-3701: Fixed an issue in can_can_gw_rcv, which could cause a system
    crash (bnc#1120386).
  o CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in
    kernel/trace/blktrace.c (bnc#1159285).
  o CVE-2020-11609: Fixed a NULL pointer dereference in the stv06xx subsystem
    caused by mishandling invalid descriptors (bnc#1168854).
  o CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#
    1170778).
  o CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev
    (bsc#1170056).
  o CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video
    driver. This could lead to local information disclosure with System
    execution privileges needed (bnc#1170345).
  o CVE-2020-11608: Fixed an issue in drivers/media/usb/gspca/ov519.c caused by
    a NULL pointer dereferences in ov511_mode_init_regs and
    ov518_mode_init_regs when there are zero endpoints (bnc#1168829).
  o CVE-2017-18255: The perf_cpu_time_max_percent_handler function in kernel/
    events/core.c allowed local users to cause a denial of service (integer
    overflow) or possibly have unspecified other impact via a large value, as
    demonstrated by an incorrect sample-rate calculation (bnc#1087813).
  o CVE-2020-8648: There was a use-after-free vulnerability in the
    n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928).
  o CVE-2020-2732: A flaw was discovered in the way that the KVM hypervisor
    handled instruction emulation for an L2 guest when nested virtualisation is
    enabled. Under some circumstances, an L2 guest may trick the L0 guest into
    accessing sensitive L1 resources that should be inaccessible to the L2
    guest (bnc#1163971).
  o CVE-2019-5108: Fixed a denial-of-service vulnerability caused by triggering
    AP to send IAPP location updates for stations before the required
    authentication process has completed (bnc#1159912).
  o CVE-2020-8992: ext4_protect_reserved_inode in fs/ext4/block_validity.c
    allowed attackers to cause a denial of service (soft lockup) via a crafted
    journal size (bnc#1164069).
  o CVE-2018-21008: Fixed a use-after-free which could be caused by the
    function rsi_mac80211_detach in the file drivers/net/wireless/rsi/
    rsi_91x_mac80211.c (bnc#1149591).
  o CVE-2019-14896: A heap-based buffer overflow vulnerability was found in
    Marvell WiFi chip driver. A remote attacker could cause a denial of service
    (system crash) or, possibly execute arbitrary code, when the
    lbs_ibss_join_existing function is called after a STA connects to an AP
    (bnc#1157157).
  o CVE-2019-14897: A stack-based buffer overflow was found in Marvell WiFi
    chip driver. An attacker is able to cause a denial of service (system
    crash) or, possibly execute arbitrary code, when a STA works in IBSS mode
    (allows connecting stations together without the use of an AP) and connects
    to another STA (bnc#1157155).
  o CVE-2019-18675: Fixed an integer overflow in cpia2_remap_buffer in drivers/
    media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation.
    This allowed local users (with /dev/video0 access) to obtain read and write
    permissions on kernel physical pages, which can possibly result in a
    privilege escalation (bnc#1157804).
  o CVE-2019-14615: Insufficient control flow in certain data structures for
    some Intel(R) Processors with Intel(R) Processor Graphics may have allowed
    an unauthenticated user to potentially enable information disclosure via
    local access (bnc#1160195, bsc#1165881).
  o CVE-2019-19965: Fixed a NULL pointer dereference in drivers/scsi/libsas/
    sas_discover.c because of mishandling of port disconnection during
    discovery, related to a PHY down race condition (bnc#1159911).
  o CVE-2019-20054: Fixed a NULL pointer dereference in drop_sysctl_table() in
    fs/proc/proc_sysctl.c, related to put_links (bnc#1159910).
  o CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/
    feat.c, which may cause denial of service (bnc#1159908).
  o CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb
    /cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841).
  o CVE-2019-19447: Fixed an issue with mounting a crafted ext4 filesystem
    image, performing some operations, and unmounting could lead to a
    use-after-free in ext4_put_super in fs/ext4/super.c, related to
    dump_orphan_list in fs/ext4/super.c (bnc#1158819).
  o CVE-2019-19319: Fixed an issue with a setxattr operation, after a mount of
    a crafted ext4 image, can cause a slab-out-of-bounds write access because
    of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large
    old_size value is used in a memset call (bnc#1158021).
  o CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as
    demonstrated by use-after-free errors in __ext4_expand_extra_isize and
    ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#
    1159297).
  o CVE-2019-11091,CVE-2018-12126,CVE-2018-12130,CVE-2018-12127: Earlier
    mitigations for the "MDS" Microarchitectural Data Sampling attacks were not
    complete. An additional fix was added to the x86_64 fast systemcall path to
    further mitigate these attacks. (bsc#1164846 bsc#1170847)

The following non-security bugs were fixed:

  o blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285).
  o blktrace: fix dereference after null check (bsc#1159285).
  o blktrace: fix trace mutex deadlock (bsc#1159285).
  o btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered
    extents (bsc#1163508).
  o btrfs: fix panic during relocation after ENOSPC before writeback happens
    (bsc#1163508).
  o btrfs: qgroup: Fix root item corruption when multiple same source snapshots
    are created with quota enabled (bsc#1158642)
  o btrfs: relocation: fix reloc_root lifespan and access (bsc#1164009).
  o enic: prevent waking up stopped tx queues over watchdog reset (bsc#
    1133147).
  o fix PageHeadHuge() race with THP split (VM Functionality, bsc#1165311).
  o fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#
    1165985).
  o ibmvnic: Bound waits for device queries (bsc#1155689 ltc#182047).
  o ibmvnic: Fix completion structure initialization (bsc#1155689 ltc#182047).
  o ibmvnic: Serialize device queries (bsc#1155689 ltc#182047).
  o ibmvnic: Terminate waiting device threads after loss of service (bsc#
    1155689 ltc#182047).
  o input: add safety guards to input_set_keycode() (bsc#1168075).
  o ipv4: correct gso_size for UFO (bsc#1154844).
  o ipv6: fix memory accounting during ipv6 queue expire (bsc#1162227) (bsc#
    1162227).
  o ipvlan: do not add hardware address of master to its unicast filter list
    (bsc#1137325).
  o md: add mddev->pers to avoid potential NULL pointer dereference (bsc#
    1056134).
  o md/bitmap: do not read page from device with Bitmap_sync (bsc#1056134).
  o md: change the initialization value for a spare device spot to
    MD_DISK_ROLE_SPARE (bsc#1056134).
  o md: Delete gendisk before cleaning up the request queue (bsc#1056134).
  o md: do not call bitmap_create() while array is quiesced (bsc#1056134).
  o md: do not set In_sync if array is frozen (bsc#1056134).
  o md: fix a potential deadlock of raid5/raid10 reshape (bsc#1056134).
  o md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#
    1056134).
  o md: notify about new spare disk in the container (bsc#1056134).
  o md/raid0: Fix buffer overflow at debug print (bsc#1164051).
  o md/raid10: end bio when the device faulty (bsc#1056134).
  o md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#
    1056134).
  o md/raid1,raid10: silence warning about wait-within-wait (bsc#1056134).
  o md: return -ENODEV if rdev has no mddev assigned (bsc#1056134).
  o media: ov519: add missing endpoint sanity checks (bsc#1168829).
  o media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
  o net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421, bsc#
    1167423).
  o netfilter: conntrack: sctp: use distinct states for new SCTP connections
    (bsc#1159199).
  o net/ibmvnic: Fix typo in retry check (bsc#1155689 ltc#182047).
  o rpm/kernel-binary.spec.in: Replace Novell with SUSE
  o sched/fair: Scale bandwidth quota and period without losing quota/period
    ratio precision (bsc#1161586).
  o scsi: core: avoid repetitive logging of device offline messages (bsc#
    1145929).
  o scsi: core: kABI fix already_offline (bsc#1145929).
  o tcp: clear tp->packets_out when purging write queue (bsc#1154118).
  o x86/mitigations: Clear CPU buffers on the SYSCALL fast path (bsc#1164846
    bsc#1170847).
  o xfs: also remove cached ACLs when removing the underlying attr (bsc#
    1165873).
  o xfs: bulkstat should copy lastip whenever userspace supplies one (bsc#
    1165984).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 8:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1275=3D1
  o SUSE OpenStack Cloud 8:
    zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1275=3D1
  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1275=3D1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1275=3D1
  o SUSE Linux Enterprise Server 12-SP3-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1275=3D1
  o SUSE Linux Enterprise High Availability 12-SP3:
    zypper in -t patch SUSE-SLE-HA-12-SP3-2020-1275=3D1
  o SUSE Enterprise Storage 5:
    zypper in -t patch SUSE-Storage-5-2020-1275=3D1
  o HPE Helion Openstack 8:
    zypper in -t patch HPE-Helion-OpenStack-8-2020-1275=3D1

Package List:

  o SUSE OpenStack Cloud Crowbar 8 (noarch):
       kernel-devel-4.4.180-94.116.1
       kernel-macros-4.4.180-94.116.1
       kernel-source-4.4.180-94.116.1
  o SUSE OpenStack Cloud Crowbar 8 (x86_64):
       kernel-default-4.4.180-94.116.1
       kernel-default-base-4.4.180-94.116.1
       kernel-default-base-debuginfo-4.4.180-94.116.1
       kernel-default-debuginfo-4.4.180-94.116.1
       kernel-default-debugsource-4.4.180-94.116.1
       kernel-default-devel-4.4.180-94.116.1
       kernel-default-kgraft-4.4.180-94.116.1
       kernel-syms-4.4.180-94.116.1
       kgraft-patch-4_4_180-94_116-default-1-4.3.1
       kgraft-patch-4_4_180-94_116-default-debuginfo-1-4.3.1
  o SUSE OpenStack Cloud 8 (noarch):
       kernel-devel-4.4.180-94.116.1
       kernel-macros-4.4.180-94.116.1
       kernel-source-4.4.180-94.116.1
  o SUSE OpenStack Cloud 8 (x86_64):
       kernel-default-4.4.180-94.116.1
       kernel-default-base-4.4.180-94.116.1
       kernel-default-base-debuginfo-4.4.180-94.116.1
       kernel-default-debuginfo-4.4.180-94.116.1
       kernel-default-debugsource-4.4.180-94.116.1
       kernel-default-devel-4.4.180-94.116.1
       kernel-default-kgraft-4.4.180-94.116.1
       kernel-syms-4.4.180-94.116.1
       kgraft-patch-4_4_180-94_116-default-1-4.3.1
       kgraft-patch-4_4_180-94_116-default-debuginfo-1-4.3.1
  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       kernel-default-4.4.180-94.116.1
       kernel-default-base-4.4.180-94.116.1
       kernel-default-base-debuginfo-4.4.180-94.116.1
       kernel-default-debuginfo-4.4.180-94.116.1
       kernel-default-debugsource-4.4.180-94.116.1
       kernel-default-devel-4.4.180-94.116.1
       kernel-default-kgraft-4.4.180-94.116.1
       kernel-syms-4.4.180-94.116.1
       kgraft-patch-4_4_180-94_116-default-1-4.3.1
       kgraft-patch-4_4_180-94_116-default-debuginfo-1-4.3.1
  o SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
       kernel-devel-4.4.180-94.116.1
       kernel-macros-4.4.180-94.116.1
       kernel-source-4.4.180-94.116.1
  o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
       kernel-default-4.4.180-94.116.1
       kernel-default-base-4.4.180-94.116.1
       kernel-default-base-debuginfo-4.4.180-94.116.1
       kernel-default-debuginfo-4.4.180-94.116.1
       kernel-default-debugsource-4.4.180-94.116.1
       kernel-default-devel-4.4.180-94.116.1
       kernel-syms-4.4.180-94.116.1
  o SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64):
       kernel-default-kgraft-4.4.180-94.116.1
       kgraft-patch-4_4_180-94_116-default-1-4.3.1
       kgraft-patch-4_4_180-94_116-default-debuginfo-1-4.3.1
  o SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
       kernel-devel-4.4.180-94.116.1
       kernel-macros-4.4.180-94.116.1
       kernel-source-4.4.180-94.116.1
  o SUSE Linux Enterprise Server 12-SP3-LTSS (s390x):
       kernel-default-man-4.4.180-94.116.1
  o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
       kernel-default-4.4.180-94.116.1
       kernel-default-base-4.4.180-94.116.1
       kernel-default-base-debuginfo-4.4.180-94.116.1
       kernel-default-debuginfo-4.4.180-94.116.1
       kernel-default-debugsource-4.4.180-94.116.1
       kernel-default-devel-4.4.180-94.116.1
       kernel-syms-4.4.180-94.116.1
  o SUSE Linux Enterprise Server 12-SP3-BCL (noarch):
       kernel-devel-4.4.180-94.116.1
       kernel-macros-4.4.180-94.116.1
       kernel-source-4.4.180-94.116.1
  o SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64):
       cluster-md-kmp-default-4.4.180-94.116.1
       cluster-md-kmp-default-debuginfo-4.4.180-94.116.1
       dlm-kmp-default-4.4.180-94.116.1
       dlm-kmp-default-debuginfo-4.4.180-94.116.1
       gfs2-kmp-default-4.4.180-94.116.1
       gfs2-kmp-default-debuginfo-4.4.180-94.116.1
       kernel-default-debuginfo-4.4.180-94.116.1
       kernel-default-debugsource-4.4.180-94.116.1
       ocfs2-kmp-default-4.4.180-94.116.1
       ocfs2-kmp-default-debuginfo-4.4.180-94.116.1
  o SUSE Enterprise Storage 5 (aarch64 x86_64):
       kernel-default-4.4.180-94.116.1
       kernel-default-base-4.4.180-94.116.1
       kernel-default-base-debuginfo-4.4.180-94.116.1
       kernel-default-debuginfo-4.4.180-94.116.1
       kernel-default-debugsource-4.4.180-94.116.1
       kernel-default-devel-4.4.180-94.116.1
       kernel-syms-4.4.180-94.116.1
  o SUSE Enterprise Storage 5 (x86_64):
       kernel-default-kgraft-4.4.180-94.116.1
       kgraft-patch-4_4_180-94_116-default-1-4.3.1
       kgraft-patch-4_4_180-94_116-default-debuginfo-1-4.3.1
  o SUSE Enterprise Storage 5 (noarch):
       kernel-devel-4.4.180-94.116.1
       kernel-macros-4.4.180-94.116.1
       kernel-source-4.4.180-94.116.1
  o HPE Helion Openstack 8 (noarch):
       kernel-devel-4.4.180-94.116.1
       kernel-macros-4.4.180-94.116.1
       kernel-source-4.4.180-94.116.1
  o HPE Helion Openstack 8 (x86_64):
       kernel-default-4.4.180-94.116.1
       kernel-default-base-4.4.180-94.116.1
       kernel-default-base-debuginfo-4.4.180-94.116.1
       kernel-default-debuginfo-4.4.180-94.116.1
       kernel-default-debugsource-4.4.180-94.116.1
       kernel-default-devel-4.4.180-94.116.1
       kernel-default-kgraft-4.4.180-94.116.1
       kernel-syms-4.4.180-94.116.1
       kgraft-patch-4_4_180-94_116-default-1-4.3.1
       kgraft-patch-4_4_180-94_116-default-debuginfo-1-4.3.1


References:

  o https://www.suse.com/security/cve/CVE-2017-18255.html
  o https://www.suse.com/security/cve/CVE-2018-12126.html
  o https://www.suse.com/security/cve/CVE-2018-12127.html
  o https://www.suse.com/security/cve/CVE-2018-12130.html
  o https://www.suse.com/security/cve/CVE-2018-21008.html
  o https://www.suse.com/security/cve/CVE-2019-11091.html
  o https://www.suse.com/security/cve/CVE-2019-14615.html
  o https://www.suse.com/security/cve/CVE-2019-14896.html
  o https://www.suse.com/security/cve/CVE-2019-14897.html
  o https://www.suse.com/security/cve/CVE-2019-18675.html
  o https://www.suse.com/security/cve/CVE-2019-19066.html
  o https://www.suse.com/security/cve/CVE-2019-19319.html
  o https://www.suse.com/security/cve/CVE-2019-19447.html
  o https://www.suse.com/security/cve/CVE-2019-19767.html
  o https://www.suse.com/security/cve/CVE-2019-19768.html
  o https://www.suse.com/security/cve/CVE-2019-19965.html
  o https://www.suse.com/security/cve/CVE-2019-19966.html
  o https://www.suse.com/security/cve/CVE-2019-20054.html
  o https://www.suse.com/security/cve/CVE-2019-20096.html
  o https://www.suse.com/security/cve/CVE-2019-3701.html
  o https://www.suse.com/security/cve/CVE-2019-5108.html
  o https://www.suse.com/security/cve/CVE-2019-9455.html
  o https://www.suse.com/security/cve/CVE-2019-9458.html
  o https://www.suse.com/security/cve/CVE-2020-10690.html
  o https://www.suse.com/security/cve/CVE-2020-10720.html
  o https://www.suse.com/security/cve/CVE-2020-10942.html
  o https://www.suse.com/security/cve/CVE-2020-11494.html
  o https://www.suse.com/security/cve/CVE-2020-11608.html
  o https://www.suse.com/security/cve/CVE-2020-11609.html
  o https://www.suse.com/security/cve/CVE-2020-2732.html
  o https://www.suse.com/security/cve/CVE-2020-8647.html
  o https://www.suse.com/security/cve/CVE-2020-8648.html
  o https://www.suse.com/security/cve/CVE-2020-8649.html
  o https://www.suse.com/security/cve/CVE-2020-8992.html
  o https://www.suse.com/security/cve/CVE-2020-9383.html
  o https://bugzilla.suse.com/1056134
  o https://bugzilla.suse.com/1087813
  o https://bugzilla.suse.com/1120386
  o https://bugzilla.suse.com/1133147
  o https://bugzilla.suse.com/1137325
  o https://bugzilla.suse.com/1145929
  o https://bugzilla.suse.com/1149591
  o https://bugzilla.suse.com/1154118
  o https://bugzilla.suse.com/1154844
  o https://bugzilla.suse.com/1155689
  o https://bugzilla.suse.com/1157155
  o https://bugzilla.suse.com/1157157
  o https://bugzilla.suse.com/1157303
  o https://bugzilla.suse.com/1157804
  o https://bugzilla.suse.com/1158021
  o https://bugzilla.suse.com/1158642
  o https://bugzilla.suse.com/1158819
  o https://bugzilla.suse.com/1159199
  o https://bugzilla.suse.com/1159285
  o https://bugzilla.suse.com/1159297
  o https://bugzilla.suse.com/1159841
  o https://bugzilla.suse.com/1159908
  o https://bugzilla.suse.com/1159910
  o https://bugzilla.suse.com/1159911
  o https://bugzilla.suse.com/1159912
  o https://bugzilla.suse.com/1160195
  o https://bugzilla.suse.com/1161586
  o https://bugzilla.suse.com/1162227
  o https://bugzilla.suse.com/1162928
  o https://bugzilla.suse.com/1162929
  o https://bugzilla.suse.com/1162931
  o https://bugzilla.suse.com/1163508
  o https://bugzilla.suse.com/1163971
  o https://bugzilla.suse.com/1164009
  o https://bugzilla.suse.com/1164051
  o https://bugzilla.suse.com/1164069
  o https://bugzilla.suse.com/1164078
  o https://bugzilla.suse.com/1164846
  o https://bugzilla.suse.com/1165111
  o https://bugzilla.suse.com/1165311
  o https://bugzilla.suse.com/1165873
  o https://bugzilla.suse.com/1165881
  o https://bugzilla.suse.com/1165984
  o https://bugzilla.suse.com/1165985
  o https://bugzilla.suse.com/1167421
  o https://bugzilla.suse.com/1167423
  o https://bugzilla.suse.com/1167629
  o https://bugzilla.suse.com/1168075
  o https://bugzilla.suse.com/1168295
  o https://bugzilla.suse.com/1168424
  o https://bugzilla.suse.com/1168829
  o https://bugzilla.suse.com/1168854
  o https://bugzilla.suse.com/1170056
  o https://bugzilla.suse.com/1170345
  o https://bugzilla.suse.com/1170778
  o https://bugzilla.suse.com/1170847

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXscic+NLKJtyKPYoAQi40RAAp8unH4eBciWRWUZeJl/XNEuZ4BVBbY/s
z+FcT2COzsmqMqAl70kqvdrWmNaEip5ugYnLVFZkuSHimshHL0PiuGF24qRLXPE3
NxZav6KC8IttCS9hoD7NLvoA4XzsvFiuvWMt+bSKr+i7mzmW17ImMHmiTpFiT7z6
hivtllq/MER+exfs/vO8zTn2FwgbyecFXkAwoqmHc1wsduTJk79JN6dk4NIMxHs1
bXL+5MnGoR16R1cgSUtGOQyBke1UR2qFjoYgM1vQWe06s3EydAb2AuLX4IdD4qOH
Yjsjog4pkaHhaTpHnFTlSBocHIIAwU3WwgQs+ZhHLLcZ77IB5h6kLTubfBcjdxF0
BToSFPe9widXDOf3MIuU2/rySkQYFRmRcSqnDLmZsBphY7oMG7vD9JfnKbokUCrS
vvJx08o93Zr1F5A/DjA1ibZ9Y6+zgaCT3uGcTdUgZxkUApEN4w0CS0xzfFx33jPE
TyPfvt4J8tUVuVu3UpsmvHjsfJhoa75W7NTbebGt9jJaJVA1Zr5pY7SC7wzj02rI
ic9LICXEOi0ZW3LGsI7OAjQ3h1o3Wjdvop36p3zloIo4FkcJQJYLRI9jAyWIm8ET
2SVh3yBb1/pGvlM4TmD1DEus4TKNia8g8TL8YkJV7cBmljMe56qR/D9FGQzdeAz9
27Rna8mjPg4=
=5G3Y
-----END PGP SIGNATURE-----