Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.2955
Security update for the Linux Kernel
16 June 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-30594 CVE-2022-24448 CVE-2022-21499
CVE-2022-21180 CVE-2022-21166 CVE-2022-21127
CVE-2022-21125 CVE-2022-21123 CVE-2022-1975
CVE-2022-1974 CVE-2022-1966 CVE-2022-1734
CVE-2022-1729 CVE-2022-1652 CVE-2022-1184
CVE-2021-39711 CVE-2021-33061 CVE-2019-19377
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20222080-1
Comment: CVSS (Max): 8.4 CVE-2022-30594 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2080-1
Rating: important
References: #1024718 #1055117 #1061840 #1065729 #1129770 #1158266
#1162338 #1162369 #1173871 #1188885 #1194124 #1195612
#1195651 #1196426 #1196570 #1197219 #1197601 #1198438
#1198577 #1198899 #1198989 #1199035 #1199063 #1199237
#1199239 #1199314 #1199399 #1199426 #1199505 #1199507
#1199526 #1199602 #1199605 #1199606 #1199631 #1199650
#1199671 #1199839 #1200015 #1200045 #1200057 #1200143
#1200144 #1200173 #1200249
Cross-References: CVE-2019-19377 CVE-2021-33061 CVE-2021-39711 CVE-2022-1184
CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1966
CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125
CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499
CVE-2022-24448 CVE-2022-30594
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that solves 18 vulnerabilities and has 27 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated.
The following security bugs were fixed:
o CVE-2019-19377: Fixed an user-after-free that could be triggered when an
attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
o CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash
linux kernel by simulating nfc device from user-space. (bsc#1200143)
o CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to
speculatively/transiently disclose information via spectre like attacks.
(bsc#1199650)
o CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by
simulating an nfc device from user-space. (bsc#1200144)
o CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag,
and tries to open a regular file, nfs_atomic_open() performs a regular
lookup. If a regular file is found, ENOTDIR should have occured, but the
server instead returned uninitialized data in the file descriptor (bsc#
1195612).
o CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter
subsystem. This flaw allowed a local attacker with user access to cause a
privilege escalation issue. (bnc#1200015)
o CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self
(bsc#1199507).
o CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible
out of bounds read due to Incorrect Size Value. This could lead to local
information disclosure with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1197219).
o CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when
mounting and operating on a corrupted image. (bsc#1198577)
o CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been
trivial to break out of it with kgdb or kdb. (bsc#1199426)
o CVE-2022-1652: Fixed a statically allocated error counter inside the floppy
kernel module (bsc#1199063).
o CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between
cleanup routine and firmware download routine. (bnc#1199605)
o CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP
flag (bnc#1199505).
o CVE-2021-33061: Fixed insufficient control flow management for the Intel(R)
82599 Ethernet Controllers and Adapters that may have allowed an
authenticated user to potentially enable denial of service via local access
(bnc#1196426).
The following non-security bugs were fixed:
o ACPI: property: Release subnode properties with data nodes (git-fixes).
o ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
o arm64: set plt* section addresses to 0x0 (git-fixes)
o arm64: Add missing ISB after invalidating TLB in __primary_switch
(git-fixes)
o arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
o arm64: avoid -Woverride-init warning (git-fixes)
o arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default
config too.
o arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
o arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1
(git-fixes).
o arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
o arm64: compat: Reduce address limit (git-fixes)
o arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
o arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
o arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
o arm64: csum: Fix handling of bad packets (git-fixes)
o arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug
(git-fixes)
o arm64: debug: Ensure debug handlers check triggering exception level
(git-fixes)
o arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
o arm64: entry: SP Alignment Fault does not write to FAR_EL1 (git-fixes)
o arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
o arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
o arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
o arm64: Fix size of __early_cpu_boot_status (git-fixes)
o arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
o arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
o arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes)
o arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
(git-fixes)
o arm64: futex: Restore oldval initialization to work around buggy
(git-fixes)
o arm64: hibernate: check pgd table allocation (git-fixes)
o arm64: hugetlb: avoid potential NULL dereference (git-fixes)
o arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes)
o arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
o arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
o arm64: kgdb: Fix single-step exception handling oops (git-fixes)
o arm64: kprobes: Recover pstate.D in single-step exception handler
(git-fixes)
o arm64: module: remove (NOLOAD) from linker script (git-fixes)
o arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
o arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
o arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
o arm64: Relax GIC version check during early boot (git-fixes)
o arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
o arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
o arm64: smp: fix smp_send_stop() behaviour (git-fixes)
o arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess
(git-fixes)
o arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
(git-fixes)
o arm64: handle non-remapped addresses in ->mmap and (git-fixes)
o arm64: avoid fixmap race condition when create pud mapping (git-fixes)
o bonding: pair enable_port with slave_arr_updates (git-fixes).
o btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (bsc#1199399).
o btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
o cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
(bsc#1199839).
o cputime, cpuacct: Include guest time in user time in (git-fixes)
o crypto: arm64/aes-neonbs - do not access already-freed walk.iv (git-fixes)
o crypto: ixp4xx - dma_unmap the correct address (git-fixes).
o crypto: qat - do not cast parameter in bit operations (git-fixes).
o crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
(bsc#1197601).
o crypto: virtio - deal with unsupported input sizes (git-fixes).
o crypto: virtio: Fix dest length calculation in
__virtio_crypto_skcipher_do_req() (git-fixes).
o drbd: fix an invalid memory access caused by incorrect use of list iterator
(git-fixes).
o drbd: Fix five use after free bugs in get_initial_state (git-fixes).
o drivers: net: xgene: Fix regression in CRC stripping (git-fixes).
o drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
o i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes).
o i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
o i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
(git-fixes).
o i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes).
o i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
o i40e: Refactoring VF MAC filters counting to make more reliable
(git-fixes).
o i40e: Remove scheduling while atomic possibility (git-fixes).
o iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
o Input: aiptek - properly check endpoint type (git-fixes).
o Input: appletouch - initialize work before device registration (git-fixes).
o Input: elantench - fix misreporting trackpoint coordinates (git-fixes).
o Input: spaceball - fix parsing of movement data packets (git-fixes).
o Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
o Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
o Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
o KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
o KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
o KVM: PPC: Propagate errors to the guest when failed instead of ignoring
(bsc#1061840 git-fixes).
o lpfc: drop driver update 14.2.0.x The amount of backport changes necessary
for due to the refactoring is introducing to much code churn and is likely
to introduce regressions. This ends the backport effort to keep the lpfc in
sync with mainline.
o lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899).
o media: cpia2: fix control-message timeouts (git-fixes).
o media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
o media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
o media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
o media: em28xx: fix control-message timeouts.
o media: flexcop-usb: fix control-message timeouts (git-fixes).
o media: mceusb: fix control-message timeouts (git-fixes).
o media: mtk-vpu: Fix a resource leak in the error handling path of
'mtk_vpu_probe()' (git-fixes).
o media: netup_unidvb: Do not leak SPI master in probe error path
(git-fixes).
o media: pvrusb2: fix control-message timeouts (git-fixes).
o media: redrat3: fix control-message timeouts (git-fixes).
o media: s2255: fix control-message timeouts (git-fixes).
o media: stk1160: fix control-message timeouts (git-fixes).
o media: vim2m: Remove surplus name initialization (git-fixes).
o mm, page_alloc: fix build_zonerefs_node() (git-fixes).
o net: bcmgenet: Do not claim WOL when its not available (git-fixes).
o net: mana: Add counter for packet dropped by XDP (bsc#1195651).
o net: mana: Add counter for XDP_TX (bsc#1195651).
o net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
o net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()
(bsc#1195651).
o net: mana: Reuse XDP dropped page (bsc#1195651).
o net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#
1195651).
o net: qlogic: check the return value of dma_alloc_coherent() in
qed_vf_hw_prepare() (git-fixes).
o net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
(git-fixes).
o netfilter: conntrack: connection timeout after re-register (bsc#1199035).
o netfilter: conntrack: move synack init code to helper (bsc#1199035).
o netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#
1199035).
o netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#
1199035).
o netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
o netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc
#1200015).
o NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
o NFSv4: Do not invalidate inode attributes on delegation return (git-fixes).
o PCI / ACPI: Mark expected switch fall-through (git-fixes).
o PCI: Do not enable AtomicOps on VFs (bsc#1129770)
o PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#
1199314).
o powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#
159753).
o powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753).
o powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840
git-fixes).
o powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc
#198329).
o powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885
ltc#193722 git-fixes).
o powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885
ltc#193722 git-fixes).
o powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess
flushes (bsc#1188885 ltc#193722 git-fixes).
o powerpc/xive: Add some error handling code to 'xive_spapr_init()'
(git-fixes).
o powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
o qed: display VF trust config (git-fixes).
o qed: return status of qed_iov_get_link (git-fixes).
o qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
o revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
o sched/core: Add __sched tag for io_schedule() (git-fixes)
o sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
o sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
o scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
o scsi: fnic: Fix a tracing statement (git-fixes).
o scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
o scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
o scsi: pm8001: Fix abort all task initialization (git-fixes).
o scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
(git-fixes).
o scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
(git-fixes).
o scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(git-fixes).
o scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req()
(git-fixes).
o scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (git-fixes).
o scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
o scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
o scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update()
(git-fixes).
o scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
(git-fixes).
o scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
o scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045).
o scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
o scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
o scsi: sr: Do not leak information in ioctl (git-fixes).
o scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
(git-fixes).
o scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
o smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
o SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
o SUNRPC: Ensure that the gssproxy client can start in a connected state
(git-fixes).
o timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
o tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#
1065729).
o USB: cdc-wdm: fix reading stuck on device close (git-fixes).
o USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
o USB: dwc3: gadget: Do not send unintended link state change (git-fixes).
o USB: hub: Fix locking issues with address0_mutex (git-fixes).
o USB: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
o USB: quirks: add a Realtek card reader (git-fixes).
o USB: quirks: add STRING quirk for VCOM device (git-fixes).
o USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
o USB: serial: option: add Fibocom L610 modem (git-fixes).
o USB: serial: option: add Fibocom MA510 modem (git-fixes).
o USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
o USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
(git-fixes).
o USB: serial: pl2303: add device id for HP LM930 Display (git-fixes).
o USB: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
o USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
(git-fixes).
o veth: Ensure eth header is in skb's linear part (git-fixes).
o video: backlight: Drop maximum brightness override for brightness (bsc#
1129770)
o video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
o vxlan: fix memleak of fdb (git-fixes).
o xhci: stop polling roothubs after shutdown (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2080=1
Package List:
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-azure-4.12.14-16.100.1
kernel-source-azure-4.12.14-16.100.1
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-azure-4.12.14-16.100.2
kernel-azure-base-4.12.14-16.100.2
kernel-azure-base-debuginfo-4.12.14-16.100.2
kernel-azure-debuginfo-4.12.14-16.100.2
kernel-azure-debugsource-4.12.14-16.100.2
kernel-azure-devel-4.12.14-16.100.2
kernel-syms-azure-4.12.14-16.100.1
References:
o https://www.suse.com/security/cve/CVE-2019-19377.html
o https://www.suse.com/security/cve/CVE-2021-33061.html
o https://www.suse.com/security/cve/CVE-2021-39711.html
o https://www.suse.com/security/cve/CVE-2022-1184.html
o https://www.suse.com/security/cve/CVE-2022-1652.html
o https://www.suse.com/security/cve/CVE-2022-1729.html
o https://www.suse.com/security/cve/CVE-2022-1734.html
o https://www.suse.com/security/cve/CVE-2022-1966.html
o https://www.suse.com/security/cve/CVE-2022-1974.html
o https://www.suse.com/security/cve/CVE-2022-1975.html
o https://www.suse.com/security/cve/CVE-2022-21123.html
o https://www.suse.com/security/cve/CVE-2022-21125.html
o https://www.suse.com/security/cve/CVE-2022-21127.html
o https://www.suse.com/security/cve/CVE-2022-21166.html
o https://www.suse.com/security/cve/CVE-2022-21180.html
o https://www.suse.com/security/cve/CVE-2022-21499.html
o https://www.suse.com/security/cve/CVE-2022-24448.html
o https://www.suse.com/security/cve/CVE-2022-30594.html
o https://bugzilla.suse.com/1024718
o https://bugzilla.suse.com/1055117
o https://bugzilla.suse.com/1061840
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1129770
o https://bugzilla.suse.com/1158266
o https://bugzilla.suse.com/1162338
o https://bugzilla.suse.com/1162369
o https://bugzilla.suse.com/1173871
o https://bugzilla.suse.com/1188885
o https://bugzilla.suse.com/1194124
o https://bugzilla.suse.com/1195612
o https://bugzilla.suse.com/1195651
o https://bugzilla.suse.com/1196426
o https://bugzilla.suse.com/1196570
o https://bugzilla.suse.com/1197219
o https://bugzilla.suse.com/1197601
o https://bugzilla.suse.com/1198438
o https://bugzilla.suse.com/1198577
o https://bugzilla.suse.com/1198899
o https://bugzilla.suse.com/1198989
o https://bugzilla.suse.com/1199035
o https://bugzilla.suse.com/1199063
o https://bugzilla.suse.com/1199237
o https://bugzilla.suse.com/1199239
o https://bugzilla.suse.com/1199314
o https://bugzilla.suse.com/1199399
o https://bugzilla.suse.com/1199426
o https://bugzilla.suse.com/1199505
o https://bugzilla.suse.com/1199507
o https://bugzilla.suse.com/1199526
o https://bugzilla.suse.com/1199602
o https://bugzilla.suse.com/1199605
o https://bugzilla.suse.com/1199606
o https://bugzilla.suse.com/1199631
o https://bugzilla.suse.com/1199650
o https://bugzilla.suse.com/1199671
o https://bugzilla.suse.com/1199839
o https://bugzilla.suse.com/1200015
o https://bugzilla.suse.com/1200045
o https://bugzilla.suse.com/1200057
o https://bugzilla.suse.com/1200143
o https://bugzilla.suse.com/1200144
o https://bugzilla.suse.com/1200173
o https://bugzilla.suse.com/1200249
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYqqre8kNZI30y1K9AQiBhQ//XdFkaSnpTMRafUUpfl097YuhT0ePgmWg
Oi89ADyV7H4B6YDVajfYDKjDt0RVwKvQtNE5Jpc8Vjo+azUB35pn7Q05ucmfS2gd
uuL2qVpju8xBnQM1fjTR4lNOp67i4KV5x8R9tduh96hRbrJjC5HK+AfKHuGDScQn
u/NcnGgt8+6GQRur+ISovtkDcc7Dc0doP4gHPjqL9OtnBr3jaM6M0eFm9BGqN5P2
0NpXMKLsNS4Ro+HWbD9+9tjsGophsAgwXhe/hiIb5UOiVlDWlJG2eg4rgDIcuHvY
XPhIevXIS1wZ7osiDnaL+Yv54ZhAVvigfrknhDcDO4EpdUUoPlm+fepLF4qXFxfs
JiGefwnKJTfdKtHxiCA66m2Fj3dGXwP3uyRyrtqmxCOXM/nS8fO18ycaNi0T8RAz
X8PNDqrw3gc6fW1Ivy7eB65SHGUEX2O3A6qbhw/CbHm6Tzg5V3tnIYXWQXTtFVpi
vUC5cLMq7HAvHeSpClFY+so9mebo6zpAQNz7oL1tBDRj8EMHb+lcQ5C61ETRwu5A
Z7H/3WShzQRKH6dIkV0t9O/WzCPj/0JSdgTMaZ7wnDCAF6RE7NdDpYwmNfjOOv9h
FeHoww6dKFCAE6hlkVNI5EMJb5in7YHfeaaZAZsluMoQUivQh2JN0mNn4bfWYsLt
+AA4QHZr0c0=
=caIE
-----END PGP SIGNATURE-----