SUSE: 2019:1245-1 important: the Linux Kernel
Summary
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.178 to receive various security and bugfixes. Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/ The following security issues fixed: - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348). - CVE-2019-9503: A brcmfmac frame validation bypass was fixed (bnc#1132828). - CVE-2019-3882: A flaw was fixed in the vfio interface implementation that permitted violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable (bnc#1131416 bnc#1131427). The following non-security bugs were fixed: - 9p/net: fix memory leak in p9_client_create (bnc#1012382). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bnc#1012382). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi / bus: Only call dmi_check_system() on X86 (git-fixes). - acpi / button: make module loadable when booted in non-ACPI mode (bsc#1051510). - acpi / device_sysfs: Avoid OF modalias creation for removed device (bnc#1012382). - acpi: include ACPI button driver in base kernel (bsc#1062056). - Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) (bnc#1012382). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bnc#1012382). - alsa: compress: add support for 32bit calls in a 64bit kernel (bnc#1012382). - alsa: compress: prevent potential divide by zero bugs (bnc#1012382). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bnc#1012382). - alsa: hda - Record the current power state before suspend/resume calls (bnc#1012382). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bnc#1012382). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bnc#1012382). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bnc#1012382). - alsa: seq: oss: Fix Spectre v1 vulnerability (bnc#1012382). - applicom: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - arc: fix __ffs return value to avoid build warnings (bnc#1012382). - arc: uacces: remove lp_start, lp_end from clobber list (bnc#1012382). - arcv2: Enable unaligned access in early ASM code (bnc#1012382). - arm64: fix COMPAT_SHMLBA definition for large pages (bnc#1012382). - arm64: Fix NUMA build error when !CONFIG_ACPI (fate#319981, git-fixes). - arm64: Fix NUMA build error when !CONFIG_ACPI (git-fixes). - arm64: hide __efistub_ aliases from kallsyms (bnc#1012382). - arm64: kconfig: drop CONFIG_RTC_LIB dependency (bnc#1012382). - arm64/kernel: fix incorrect EL0 check in inv_entry macro (bnc#1012382). - arm64: mm: Add trace_irqflags annotations to do_debug_exception() (bnc#1012382). - arm64: Relax GIC version check during early boot (bnc#1012382). - arm64: support keyctl() system call in 32-bit mode (bnc#1012382). - arm64: traps: disable irq in die() (bnc#1012382). - arm: 8458/1: bL_switcher: add GIC dependency (bnc#1012382). - arm: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor (bnc#1012382). - arm: 8510/1: rework ARM_CPU_SUSPEND dependencies (bnc#1012382). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bnc#1012382). - arm: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU (bnc#1012382). - arm: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 (bnc#1012382). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bnc#1012382). - arm: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized (bnc#1012382). - arm: pxa: ssp: unneeded to free devm_ allocated data (bnc#1012382). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bnc#1012382). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bnc#1012382). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bnc#1012382). - ASoC: topology: free created components in tplg load error (bnc#1012382). - assoc_array: Fix shortcut creation (bnc#1012382). - ath10k: avoid possible string overflow (bnc#1012382). - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1087092). - atm: he: fix sign-extension overflow on large shift (bnc#1012382). - autofs: drop dentry reference only when it is never used (bnc#1012382). - autofs: fix error return in autofs_fill_super() (bnc#1012382). - batman-adv: Avoid endless loop in bat-on-bat netdevice check (git-fixes). - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove (git-fixes). - batman-adv: fix uninit-value in batadv_interface_tx() (bnc#1012382). - batman-adv: Only put gw_node list reference when removed (git-fixes). - batman-adv: Only put orig_node_vlan list reference when removed (git-fixes). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bnc#1012382). - bnxt_en: Drop oversize TX packets to prevent errors (bnc#1012382). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (pending fix for bsc#1063638). - btrfs: fix corruption reading shared and compressed extents after hole punching (bnc#1012382). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: raid56: properly unmap parity page in finish_parity_scrub() (bnc#1012382). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: remove WARN_ON in log_dir_items (bnc#1012382). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1129770). - cfg80211: extend range deviation for DMG (bnc#1012382). - cfg80211: size various nl80211 messages correctly (bnc#1012382). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bnc#1012382). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix read after write for files with read caching (bnc#1012382). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bnc#1012382). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bnc#1012382). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bnc#1012382). - cls_bpf: reset class and reuse major in da (git-fixes). - coresight: coresight_unregister() function cleanup (bnc#1012382). - coresight: "DEVICE_ATTR_RO" should defined as static (bnc#1012382). - coresight: etm4x: Check every parameter used by dma_xx_coherent (bnc#1012382). - coresight: fixing lockdep error (bnc#1012382). - coresight: release reference taken by 'bus_find_device()' (bnc#1012382). - coresight: remove csdev's link from topology (bnc#1012382). - coresight: removing bind/unbind options from sysfs (bnc#1012382). - cpufreq: pxa2xx: remove incorrect __init annotation (bnc#1012382). - cpufreq: tegra124: add missing of_node_put() (bnc#1012382). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bnc#1012382). - cpu/hotplug: Handle unbalanced hotplug enable/disable (bnc#1012382). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: ahash - fix another early termination in hash walk (bnc#1012382). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bnc#1012382). - crypto: caam - fixed handling of sg list (bnc#1012382). - crypto: pcbc - remove bogus memcpy()s with src == dest (bnc#1012382). - crypto: qat - remove unused and redundant pointer vf_info (bsc#1085539). - crypto: tgr192 - fix unaligned memory access (bsc#1129770). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1129770). - dccp: do not use ipv6 header for ipv4 flow (bnc#1012382). - disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bnc#1012382). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bnc#1012382). - dmaengine: dmatest: Abort test in case of mapping error (bnc#1012382). - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit (bnc#1012382). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - dm: fix to_sector() for 32bit (bnc#1012382). - drivers: hv: vmbus: Fix bugs in rescind handling (bsc#1130567). - drivers: hv: vmbus: Fix ring buffer signaling (bsc#1118506). - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1130567). - drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm/msm: Unblock writer if reader closes file (bnc#1012382). - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1106929) - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures (bnc#1012382). - ext2: Fix underflow in ext2_max_size() (bnc#1012382). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bnc#1012382). - ext4: fix data corruption caused by unaligned direct AIO (bnc#1012382). - ext4: fix NULL pointer dereference while journal is aborted (bnc#1012382). - extcon: usb-gpio: Do not miss event during suspend/resume (bnc#1012382). - firmware: dmi: Optimize dmi_matches (git-fixes). - floppy: check_events callback should not return a negative number (git-fixes). - flow_dissector: Check for IP fragmentation even if not using IPv4 address (git-fixes). - fs/9p: use fscache mutex rather than spinlock (bnc#1012382). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bnc#1012382). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - futex: Ensure that futex address is aligned in handle_futex_death() (bnc#1012382). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (git-fixes). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bnc#1012382). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bnc#1012382). - gpio: vf610: Mask all GPIO interrupts (bnc#1012382). - gro_cells: make sure device is up in gro_cells_receive() (bnc#1012382). - hid-sensor-hub.c: fix wrong do_div() usage (bnc#1012382). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (bsc#1129770). - hugetlbfs: fix races and page leaks during migration (bnc#1012382). - hv_netvsc: Fix napi reschedule while receive completion is busy (bsc#1118506). - hv_netvsc: fix race in napi poll when rescheduling (bsc#1118506). - hv_netvsc: Fix the return status in RX path (bsc#1118506). - hv_netvsc: use napi_schedule_irqoff (bsc#1118506). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hv: v4.12 API for hyperv-iommu (fate#327171, bsc#1122822). - i2c: cadence: Fix the hold bit setting (bnc#1012382). - i2c: tegra: fix maximum transfer size (bnc#1012382). - ib/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bnc#1012382). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bnc#1012382). - input: matrix_keypad - use flush_delayed_work() (bnc#1012382). - input: st-keyscan - fix potential zalloc NULL dereference (bnc#1012382). - input: wacom_serial4 - add support for Wacom ArtPad II tablet (bnc#1012382). - intel_th: Do not reference unassigned outputs (bnc#1012382). - intel_th: gth: Fix an off-by-one in output unassigning (git-fixes). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130345). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130346). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (fate#327171, bsc#1122822). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130347). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (bnc#1012382). - ip_tunnel: fix ip tunnel lookup in collect_md mode (git-fixes). - ipvlan: disallow userns cap_net_admin to change global mode/flags (bnc#1012382). - ipvs: Fix signed integer overflow when setsockopt timeout (bnc#1012382). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bnc#1012382). - iscsi_ibft: Fix missing break in switch statement (bnc#1012382). - isdn: avm: Fix string plus integer warning from Clang (bnc#1012382). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bnc#1012382). - isdn: isdn_tty: fix build warning of strncpy (bnc#1012382). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1119086). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bnc#1012382). - jbd2: fix compile warning when using JBUFFER_TRACE (bnc#1012382). - kabi fixup gendisk disk_devt revert (bsc#1020989). - kbuild: setlocalversion: print error to STDERR (bnc#1012382). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bnc#1012382). - keys: allow reaching the keys quotas exactly (bnc#1012382). - keys: always initialize keyring_index_key::desc_len (bnc#1012382). - keys: restrict /proc/keys by credentials at open time (bnc#1012382). - keys: user: Align the payload buffer (bnc#1012382). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132634). - kvm: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (bnc#1012382). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132635). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bnc#1012382). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bnc#1012382). - kvm: Reject device ioctls from processes other than the VM's creator (bnc#1012382). - kvm: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run (bsc#1132636). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1132637). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1132534). - kvm: X86: Fix residual mmio emulation request to userspace (bnc#1012382). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132638). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - leds: lp5523: fix a missing check of return value of lp55xx_read (bnc#1012382). - libertas: call into generic suspend code before turning off power (bsc#1106110). - libertas: fix suspend and resume for SDIO connected cards (bsc#1106110). - lib/int_sqrt: optimize small argument (bnc#1012382). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1131857). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bnc#1012382). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - m68k: Add -ffreestanding to CFLAGS (bnc#1012382). - mac80211: do not initiate TDLS connection if station is not associated to AP (bnc#1012382). - mac80211: fix miscounting of ttl-dropped frames (bnc#1012382). - mac80211: fix "warning: target metric may be used uninitialized" (bnc#1012382). - mac80211_hwsim: propagate genlmsg_reply return code (bnc#1012382). - mac8390: Fix mmio access size probe (bnc#1012382). - md: Fix failed allocation of md_register_thread (bnc#1012382). - mdio_bus: Fix use-after-free on device_register fails (bnc#1012382 git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1100132). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bnc#1012382). - media: uvcvideo: Fix 'type' check leading to overflow (bnc#1012382). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1119086). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bnc#1012382). - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() (bnc#1012382). - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#11001132). - mfd: ab8500-core: Return zero in get_register_interruptible() (bnc#1012382). - mfd: db8500-prcmu: Fix some section annotations (bnc#1012382). - mfd: mc13xxx: Fix a missing check of a register-read failure (bnc#1012382). - mfd: qcom_rpm: write fw_version to CTRL_REG (bnc#1012382). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bnc#1012382). - mfd: twl-core: Fix section annotations on {,un}protect_pm_master (bnc#1012382). - mfd: wm5110: Add missing ASRC rate register (bnc#1012382). - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction (bnc#1012382). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bnc#1012382). - missing barriers in some of unix_sock ->addr and ->path accesses (bnc#1012382). - mmc: bcm2835: reset host on timeout (bsc#1070872). - mmc: block: Allow more than 8 partitions per card (bnc#1012382). - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails (bnc#1012382). - mmc: core: shut up "voltage-ranges unspecified" pr_info() (bnc#1012382). - mmc: debugfs: Add a restriction to mmc debugfs clock setting (bnc#1012382). - mmc: make MAN_BKOPS_EN message a debug (bnc#1012382). - mmc: mmc: fix switch timeout issue caused by jiffies precision (bnc#1012382). - mmc: pwrseq_simple: Make reset-gpios optional to match doc (bnc#1012382). - mmc: pxamci: fix enum type confusion (bnc#1012382). - mmc: sanitize 'bus width' in debug output (bnc#1012382). - mmc: spi: Fix card detection during probe (bnc#1012382). - mmc: tmio_mmc_core: do not claim spurious interrupts (bnc#1012382). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm, memory_hotplug: fix off-by-one in is_pageblock_removable (git-fixes). - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone (bnc#1012382). - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone (bnc#1012382).
References
#1012382 #1020645 #1020989 #1031492 #1047487
#1051510 #1053043 #1062056 #1063638 #1066223
#1070872 #1085539 #1087092 #1094244 #1096480
#1096728 #1097104 #1100132 #1105348 #1106110
#1106913 #1106929 #1111331 #1112178 #1113399
#1114542 #1114638 #1114648 #1114893 #1118338
#1118506 #1119086 #1120902 #1122822 #1125580
#1126356 #1127445 #1129278 #1129326 #1129770
#1130130 #1130343 #1130344 #1130345 #1130346
#1130347 #1130356 #1130425 #1130567 #1130737
#1131107 #1131416 #1131427 #1131587 #1131659
#1131857 #1131900 #1131934 #1131935 #1131980
#1132227 #1132534 #1132589 #1132618 #1132619
#1132634 #1132635 #1132636 #1132637 #1132638
#1132727 #1132828 #1133308 #1133584 #994770
Cross- CVE-2018-1000204 CVE-2018-10853 CVE-2018-12126
CVE-2018-12127 CVE-2018-12130 CVE-2018-15594
CVE-2018-5814 CVE-2019-11091 CVE-2019-3882
CVE-2019-9503
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise High Availability 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
SUSE CaaS Platform ALL
SUSE CaaS Platform 3.0
https://www.suse.com/security/cve/CVE-2018-1000204.html
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-12126.html
https://www.suse.com/security/cve/CVE-2018-12127.html
https://www.suse.com/security/cve/CVE-2018-12130.html
https://www.suse.com/security/cve/CVE-2018-15594.html
https://www.suse.com/security/cve/CVE-2018-5814.html
https://www.suse.com/security/cve/CVE-2019-11091.html
https://www.suse.com/security/cve/CVE-2019-3882.html
https://www.suse.com/security/cve/CVE-2019-9503.html
https://bugzilla.suse.com/1012382
https://bugzilla.suse.com/1020645
https://bugzilla.suse.com/1020989
https://bugzilla.suse.com/1031492
https://bugzilla.suse.com/1047487
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1053043
https://bugzilla.suse.com/1062056
https://bugzilla.suse.com/1063638
https://bugzilla.suse.com/1066223
https://bugzilla.suse.com/1070872
https://bugzilla.suse.com/1085539
https://bugzilla.suse.com/1087092
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1096480
https://bugzilla.suse.com/1096728
https://bugzilla.suse.com/1097104
https://bugzilla.suse.com/1100132
https://bugzilla.suse.com/1105348
https://bugzilla.suse.com/1106110
https://bugzilla.suse.com/1106913
https://bugzilla.suse.com/1106929
https://bugzilla.suse.com/1111331
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1113399
https://bugzilla.suse.com/1114542
https://bugzilla.suse.com/1114638
https://bugzilla.suse.com/1114648
https://bugzilla.suse.com/1114893
https://bugzilla.suse.com/1118338
https://bugzilla.suse.com/1118506
https://bugzilla.suse.com/1119086
https://bugzilla.suse.com/1120902
https://bugzilla.suse.com/1122822
https://bugzilla.suse.com/1125580
https://bugzilla.suse.com/1126356
https://bugzilla.suse.com/1127445
https://bugzilla.suse.com/1129278
https://bugzilla.suse.com/1129326
https://bugzilla.suse.com/1129770
https://bugzilla.suse.com/1130130
https://bugzilla.suse.com/1130343
https://bugzilla.suse.com/1130344
https://bugzilla.suse.com/1130345
https://bugzilla.suse.com/1130346
https://bugzilla.suse.com/1130347
https://bugzilla.suse.com/1130356
https://bugzilla.suse.com/1130425
https://bugzilla.suse.com/1130567
https://bugzilla.suse.com/1130737
https://bugzilla.suse.com/1131107
https://bugzilla.suse.com/1131416
https://bugzilla.suse.com/1131427
https://bugzilla.suse.com/1131587
https://bugzilla.suse.com/1131659
https://bugzilla.suse.com/1131857
https://bugzilla.suse.com/1131900
https://bugzilla.suse.com/1131934
https://bugzilla.suse.com/1131935
https://bugzilla.suse.com/1131980
https://bugzilla.suse.com/1132227
https://bugzilla.suse.com/1132534
https://bugzilla.suse.com/1132589
https://bugzilla.suse.com/1132618
https://bugzilla.suse.com/1132619
https://bugzilla.suse.com/1132634
https://bugzilla.suse.com/1132635
https://bugzilla.suse.com/1132636
https://bugzilla.suse.com/1132637
https://bugzilla.suse.com/1132638
https://bugzilla.suse.com/1132727
https://bugzilla.suse.com/1132828
https://bugzilla.suse.com/1133308
https://bugzilla.suse.com/1133584
https://bugzilla.suse.com/994770