SUSE: 2020:0836-1 important: the Linux Kernel
Summary
The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-8647: Fixed a use-after-free in the vc_do_resize function in drivers/tty/vt/vt.c (bsc#1162929). - CVE-2020-8649: Fixed a use-after-free in the vgacon_invert_region function in drivers/video/console/vgacon.c (bsc#1162931). - CVE-2020-8648: Fixed a use-after-free in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928). - CVE-2020-9383: Fixed an out-of-bounds read due to improper error condition check of FDC index (bsc#1165111). - CVE-2019-19768: Fixed a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c (bnc#1159285). The following non-security bugs were fixed: - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bsc#1111666). - ALSA: hda/realtek - Add Headset Mic supported (bsc#1111666). - ALSA: hda/realtek - Add more codec supported Headset Button (bsc#1111666). - ALSA: hda/realtek - Apply quirk for MSI GP63, too (bsc#1111666). - ALSA: hda/realtek - Apply quirk for yet another MSI laptop (bsc#1111666). - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bsc#1111666). - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bsc#1111666). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bsc#1111666). - ALSA: usb-audio: Add boot quirk for MOTU M Series (bsc#1111666). - ALSA: usb-audio: Add clock validity quirk for Denon MC7000/MCX8000 (bsc#1111666). - ALSA: usb-audio: add implicit fb quirk for MOTU M Series (bsc#1111666). - ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82 (bsc#1111666). - ALSA: usb-audio: Apply 48kHz fixed rate playback for Jabra Evolve 65 headset (bsc#1111666). - ALSA: usb-audio: fix Corsair Virtuoso mixer label collision (bsc#1111666). - ALSA: usb-audio: Fix UAC2/3 effect unit parsing (bsc#1111666). - ALSA: usb-audio: unlock on error in probe (bsc#1111666). - ALSA: usb-audio: Use lower hex numbers for IDs (bsc#1111666). - ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status (bsc#1051510). - amdgpu/gmc_v9: save/restore sdpif regs during S3 (bsc#1113956) - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bsc#1051510). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bsc#1051510). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bsc#1051510). - ASoC: pcm: update FE/BE trigger order based on the command (bsc#1051510). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bsc#1051510). - atm: zatm: Fix empty body Clang warnings (bsc#1051510). - b43legacy: Fix -Wcast-function-type (bsc#1051510). - blk: Fix kabi due to blk_trace_mutex addition (bsc#1159285). - blktrace: fix dereference after null check (bsc#1159285). - blktrace: fix trace mutex deadlock (bsc#1159285). - bnxt_en: Fix NTUPLE firmware command failures (bsc#1104745 ). - bnxt_en: Fix TC queue mapping (networking-stable-20_02_05). - bnxt_en: Improve device shutdown method (bsc#1104745 ). - bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs (bsc#1134090 jsc#SLE-5954). - bonding/alb: properly access headers in bond_alb_xmit() (networking-stable-20_02_09). - bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill (bsc#1109837). - CIFS: add a debug macro that prints \\server\share for errors (bsc#1144333). - CIFS: add missing mount option to /proc/mounts (bsc#1144333). - CIFS: add new debugging macro cifs_server_dbg (bsc#1144333). - CIFS: add passthrough for smb2 setinfo (bsc#1144333). - CIFS: add SMB2_open() arg to return POSIX data (bsc#1144333). - CIFS: add smb2 POSIX info level (bsc#1144333). - CIFS: add SMB3 change notification support (bsc#1144333). - CIFS: add support for fallocate mode 0 for non-sparse files (bsc#1144333). - CIFS: Add support for setting owner info, dos attributes, and create time (bsc#1144333). - CIFS: Add tracepoints for errors on flush or fsync (bsc#1144333). - CIFS: Adjust indentation in smb2_open_file (bsc#1144333). - CIFS: allow chmod to set mode bits using special sid (bsc#1144333). - CIFS: Avoid doing network I/O while holding cache lock (bsc#1144333). - CIFS: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1144333). - CIFS: Clean up DFS referral cache (bsc#1144333). - CIFS: create a helper function to parse the query-directory response buffer (bsc#1144333). - CIFS: do d_move in rename (bsc#1144333). - CIFS: Do not display RDMA transport on reconnect (bsc#1144333). - CIFS: do not ignore the SYNC flags in getattr (bsc#1144333). - CIFS: do not leak -EAGAIN for stat() during reconnect (bsc#1144333). - CIFS: do not use 'pre:' for MODULE_SOFTDEP (bsc#1144333). - CIFS: enable change notification for SMB2.1 dialect (bsc#1144333). - CIFS: fail i/o on soft mounts if sessionsetup errors out (bsc#1144333). - CIFS: fix a comment for the timeouts when sending echos (bsc#1144333). - CIFS: fix a white space issue in cifs_get_inode_info() (bsc#1144333). - CIFS: fix dereference on ses before it is null checked (bsc#1144333). - CIFS: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1144333). - CIFS: fix mode bits from dir listing when mounted with modefromsid (bsc#1144333). - CIFS: Fix mode output in debugging statements (bsc#1144333). - CIFS: Fix mount options set in automount (bsc#1144333). - CIFS: fix NULL dereference in match_prepath (bsc#1144333). - CIFS: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1144333). - CIFS: fix potential mismatch of UNC paths (bsc#1144333). - CIFS: fix rename() by ensuring source handle opened with DELETE bit (bsc#1144333). - CIFS: Fix return value in __update_cache_entry (bsc#1144333). - CIFS: fix soft mounts hanging in the reconnect code (bsc#1144333). - CIFS: fix soft mounts hanging in the reconnect code (bsc#1144333). - CIFS: Fix task struct use-after-free on reconnect (bsc#1144333). - CIFS: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1144333). - CIFS: get mode bits from special sid on stat (bsc#1144333). - CIFS: Get rid of kstrdup_const()'d paths (bsc#1144333). - CIFS: handle prefix paths in reconnect (bsc#1144333). - CIFS: Introduce helpers for finding TCP connection (bsc#1144333). - CIFS: log warning message (once) if out of disk space (bsc#1144333). - CIFS: make sure we do not overflow the max EA buffer size (bsc#1144333). - CIFS: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1144333). - CIFS: Merge is_path_valid() into get_normalized_path() (bsc#1144333). - CIFS: modefromsid: make room for 4 ACE (bsc#1144333). - CIFS: modefromsid: write mode ACE first (bsc#1144333). - CIFS: Optimize readdir on reparse points (bsc#1144333). - CIFS: plumb smb2 POSIX dir enumeration (bsc#1144333). - CIFS: potential unintitliazed error code in cifs_getattr() (bsc#1144333). - CIFS: prepare SMB2_query_directory to be used with compounding (bsc#1144333). - CIFS: print warning once if mounting with vers=1.0 (bsc#1144333). - CIFS: refactor cifs_get_inode_info() (bsc#1144333). - CIFS: remove redundant assignment to pointer pneg_ctxt (bsc#1144333). - CIFS: remove redundant assignment to variable rc (bsc#1144333). - CIFS: remove set but not used variables (bsc#1144333). - CIFS: remove set but not used variable 'server' (bsc#1144333). - CIFS: remove unused variable (bsc#1144333). - CIFS: remove unused variable 'sid_user' (bsc#1144333). - CIFS: rename a variable in SendReceive() (bsc#1144333). - CIFS: rename posix create rsp (bsc#1144333). - CIFS: replace various strncpy with strscpy and similar (bsc#1144333). - CIFS: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1144333). - CIFS: set correct max-buffer-size for smb2_ioctl_init() (bsc#1144333). - CIFS: smbd: Add messages on RDMA session destroy and reconnection (bsc#1144333). - CIFS: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1144333). - CIFS: smbd: Only queue work for error recovery on memory registration (bsc#1144333). - CIFS: smbd: Return -EAGAIN when transport is reconnecting (bsc#1144333). - CIFS: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1144333). - CIFS: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1144333). - CIFS: Use common error handling code in smb2_ioctl_query_info() (bsc#1144333). - CIFS: use compounding for open and first query-dir for readdir() (bsc#1144333). - CIFS: Use #define in cifs_dbg (bsc#1144333). - CIFS: Use memdup_user() rather than duplicating its implementation (bsc#1144333). - CIFS: use mod_delayed_work() for server->reconnect if already queued (bsc#1144333). - CIFS: use PTR_ERR_OR_ZERO() to simplify code (bsc#1144333). - cls_rsvp: fix rsvp_policy (networking-stable-20_02_05). - core: Do not skip generic XDP program execution for cloned SKBs (bsc#1109837). - cpufreq: powernv: Fix unsafe notifiers (bsc#1065729). - cpufreq: powernv: Fix use-after-free (bsc#1065729). - crypto: pcrypt - Fix user-after-free on module unload (git-fixes). - devlink: report 0 after hitting end in region read (bsc#1109837). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bsc#1051510). - driver core: platform: fix u32 greater or equal to zero comparison (bsc#1051510). - driver core: platform: Prevent resouce overflow from causing infinite loops (bsc#1051510). - driver core: Print device when resources present in really_probe() (bsc#1051510). - drivers/md/raid5.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drivers/md/raid5-ppl.c: use the new spelling of RWH_WRITE_LIFE_NOT_SET (bsc#1166003). - drm/amd/dm/mst: Ignore payload update failures (bsc#1112178) - drm/amdkfd: fix a use after free race with mmu_notifer unregister (bsc#1114279) - drm: atmel-hlcdc: enable clock before configuring timing engine (bsc#1114279) - drm/etnaviv: fix dumping of iommuv2 (bsc#1114279) - drm/gma500: Fixup fbdev stolen size usage evaluation (bsc#1051510). - drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime (git-fixes). - drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits (git-fixes). - drm/i915/gvt: Separate display reset from ALL_ENGINES reset (bsc#1114279) - drm/i915: Program MBUS with rmw during initialization (git-fixes). - drm/i915/selftests: Fix return in assert_mmap_offset() (bsc#1114279) - drm/i915/userptr: fix size calculation (bsc#1114279) - drm/i915/userptr: Try to acquire the page lock around (bsc#1114279) - drm/i915: Wean off drm_pci_alloc/drm_pci_free (bsc#1114279) - drm/mediatek: Add gamma property according to hardware capability (bsc#1114279) - drm/mediatek: disable all the planes in atomic_disable (bsc#1114279) - drm/mediatek: handle events when enabling/disabling crtc (bsc#1051510). - drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank() (bsc#1114279) - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bsc#1114279) - drm/nouveau/disp/nv50-: prevent oops when no channel method map provided (bsc#1051510). - drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw (bsc#1051510). - drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets (git-fixes). - drm: rcar-du: Recognize "renesas,vsps" in addition to "vsps" (bsc#1114279) - drm: remove the newline for CRC source name (bsc#1051510). - EDAC/mc: Fix use-after-free and memleaks during device removal (bsc#1114279). - Enabled the following two patches in series.conf, and refresh the KABI patch due to previous md commit (bsc#1119680) - ethtool: Factored out similar ethtool link settings for virtual devices to core (bsc#1136157 ltc#177197). - fcntl: fix typo in RWH_WRITE_LIFE_NOT_SET r/w hint name (bsc#1166003). - firmware: imx: misc: Align imx sc msg structs to 4 (git-fixes). - firmware: imx: scu: Ensure sequential TX (git-fixes). - firmware: imx: scu-pd: Align imx sc msg structs to 4 (git-fixes). - Fixed memory leak in large read decrypt offload (bsc#1144333). - Fixed some regressions (bsc#1165527 ltc#184149). - fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1144333). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1144333). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1144333). - fs: cifs: mute -Wunused-const-variable message (bsc#1144333). - fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1144333). - fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1144333). - fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1144333). - fs/xfs: fix f_ffree value for statfs when project quota is set (bsc#1165985). - gtp: make sure only SOCK_DGRAM UDP sockets are accepted (networking-stable-20_01_27). - gtp: use __GFP_NOWARN to avoid memalloc warning (networking-stable-20_02_05). - HID: core: fix off-by-one memset in hid_report_raw_event() (bsc#1051510). - HID: hiddev: Fix race in in hiddev_disconnect() (git-fixes). - hv_netvsc: Fix memory leak when removing rndis device (networking-stable-20_01_20). - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bsc#1051510). - IB/hfi1: Close window for pq and request coliding (bsc#1060463 ). - ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551). - ibmvnic: Do not process device remove during device reset (bsc#1065729). - ibmvnic: Warn unknown speed message only when carrier is present (bsc#1065729). - Input: edt-ft5x06 - work around first register access error (bsc#1051510). - Input: synaptics - enable SMBus on ThinkPad L470 (bsc#1051510). - Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list (bsc#1051510). - Input: synaptics - switch T470s to RMI4 by default (bsc#1051510). - iommu/amd: Check feature support bit before accessing MSI capability registers (bsc#1166101). - iommu/amd: Only support x2APIC with IVHD type 11h/40h (bsc#1166102). - iommu/amd: Remap the IOMMU device table with the memory encryption mask for kdump (bsc#1141895). - iommu/dma: Fix MSI reservation allocation (bsc#1166730). - iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint (bsc#1166731). - iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page (bsc#1166732). - iommu/vt-d: Fix compile warning from intel-svm.h (bsc#1166103). - iommu/vt-d: Fix the wrong printing in RHSA parsing (bsc#1166733). - iommu/vt-d: Ignore devices with out-of-spec domain number (bsc#1166734). - iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint (bsc#1166735). - ipv4: ensure rcu_read_lock() in cipso_v4_error() (git-fixes). - ipv6: restrict IPV6_ADDRFORM operation (bsc#1109837). - iwlegacy: Fix -Wcast-function-type (bsc#1051510). - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1166632). - iwlwifi: mvm: Fix thermal zone registration (bsc#1051510). - kdump, proc/vmcore: Enable kdumping encrypted memory with SME enabled (bsc#1141895). - kernel/module.c: Only return -EEXIST for modules that have finished loading (bsc#1165488). - kernel/module.c: wakeup processes in module_wq on module unload (bsc#1165488). - kexec: Allocate decrypted control pages for kdump if SME is enabled (bsc#1141895). - KVM: arm64: Store vcpu on the stack during __guest_enter() (bsc#1133021). - KVM: s390: do not clobber registers during guest reset/store status (bsc#1133021). - KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups (bsc#1133021). - KVM: VMX: check descriptor table exits on instruction emulation (bsc#1166104). - l2tp: Allow duplicate session creation with UDP (networking-stable-20_02_05). - libnvdimm/pfn_dev: Do not clear device memmap area during generic namespace probe (bsc#1165929 bsc#1165950). - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields (bsc#1165929). - libnvdimm: remove redundant __func__ in dev_dbg (bsc#1165929). - lib/raid6: add missing include for raid6test (bsc#1166003). - lib/raid6: add option to skip algo benchmarking (bsc#1166003). - lib/raid6: avoid __attribute_const__ redefinition (bsc#1166003). - md: add __acquires/__releases annotations to handle_active_stripes (bsc#1166003). - md: add __acquires/__releases annotations to (un)lock_two_stripes (bsc#1166003). - md: add a missing endianness conversion in check_sb_changes (bsc#1166003). - md: add bitmap_abort label in md_run (bsc#1166003). - md: add feature flag MD_FEATURE_RAID0_LAYOUT (bsc#1166003). - md: allow last device to be forcibly removed from RAID1/RAID10 (bsc#1166003). - md: avoid invalid memory access for array sb->dev_roles (bsc#1166003). - md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of backlog (bsc#1166003). - md-bitmap: create and destroy wb_info_pool with the change of bitmap (bsc#1166003). - md-bitmap: small cleanups (bsc#1166003). - md/bitmap: use mddev_suspend/resume instead of ->quiesce() (bsc#1166003). - md-cluster/bitmap: do not call md_bitmap_sync_with_cluster during reshaping stage (bsc#1166003). - md-cluster: introduce resync_info_get interface for sanity check (bsc#1166003). - md-cluster/raid10: call update_size in md_reap_sync_thread (bsc#1166003). - md-cluster/raid10: do not call remove_and_add_spares during reshaping stage (bsc#1166003). - md-cluster/raid10: resize all the bitmaps before start reshape (bsc#1166003). - md-cluster/raid10: support add disk under grow mode (bsc#1166003). - md-cluster: remove suspend_info (bsc#1166003). - md-cluster: send BITMAP_NEEDS_SYNC message if reshaping is interrupted (bsc#1166003). - md: convert to kvmalloc (bsc#1166003). - md: do not call spare_active in md_reap_sync_thread if all member devices can't work (bsc#1166003). - md: do not set In_sync if array is frozen (bsc#1166003). - md: fix a typo s/creat/create (bsc#1166003). - md: fix for divide error in status_resync (bsc#1166003). - md: fix spelling typo and add necessary space (bsc#1166003). - md: introduce mddev_create/destroy_wb_pool for the change of member device (bsc#1166003). - md-linear: use struct_size() in kzalloc() (bsc#1166003). - md: Make bio_alloc_mddev use bio_alloc_bioset (bsc#1166003). - md: make sure desc_nr less than MD_SB_DISKS (bsc#1166003). - md: md.c: Return -ENODEV when mddev is NULL in rdev_attr_show (bsc#1166003). - md: no longer compare spare disk superblock events in super_load (bsc#1166003). - md/raid0: Fix an error message in raid0_make_request() (bsc#1166003). - md raid0/linear: Mark array as 'broken' and fail BIOs if a member is gone (bsc#1166003). - md/raid10: end bio when the device faulty (bsc#1166003). - md/raid10: Fix raid10 replace hang when new added disk faulty (bsc#1166003). - md/raid10: prevent access of uninitialized resync_pages offset (bsc#1166003). - md/raid10: read balance chooses idlest disk for SSD (bsc#1166003). - md: raid10: Use struct_size() in kmalloc() (bsc#1166003). - md/raid1: avoid soft lockup under high load (bsc#1166003). - md: raid1: check rdev before reference in raid1_sync_request func (bsc#1166003). - md/raid1: end bio when the device faulty (bsc#1166003). - md/raid1: fail run raid1 array when active disk less than one (bsc#1166003). - md/raid1: Fix a warning message in remove_wb() (bsc#1166003). - md/raid1: fix potential data inconsistency issue with write behind device (bsc#1166003). - md/raid1: get rid of extra blank line and space (bsc#1166003). - md/raid5: use bio_end_sector to calculate last_sector (bsc#1166003). - md/raid6: fix algorithm choice under larger PAGE_SIZE (bsc#1166003). - md: remove set but not used variable 'bi_rdev' (bsc#1166003). - md: rename wb stuffs (bsc#1166003). - md: return -ENODEV if rdev has no mddev assigned (bsc#1166003). - md: use correct type in super_1_load (bsc#1166003). - md: use correct type in super_1_sync (bsc#1166003). - md: use correct types in md_bitmap_print_sb (bsc#1166003). - media: uvcvideo: Refactor teardown of uvc on USB disconnect (bsc#1164507). - mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters (bsc#1112374). - mlxsw: spectrum: Wipe xstats.backlog of down ports (bsc#1112374). - net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM (networking-stable-20_01_27). - net: dsa: mv88e6xxx: Preserve priority when setting CPU port (networking-stable-20_01_11). - net: dsa: tag_qca: fix doubled Tx statistics (networking-stable-20_01_20). - net/ethtool: Introduce link_ksettings API for virtual network devices (bsc#1136157 ltc#177197). - net: Fix Tx hash bound checking (bsc#1109837). - net: hns3: fix a copying IPv6 address error in hclge_fd_get_flow_tuples() (bsc#1104353). - net: hns: fix soft lockup when there is not enough memory (networking-stable-20_01_20). - net: hsr: fix possible NULL deref in hsr_handle_frame()
References
#1044231 #1051510 #1051858 #1056686 #1060463
#1065729 #1103990 #1103992 #1104353 #1104745
#1109837 #1111666 #1111974 #1112178 #1112374
#1113956 #1114279 #1114685 #1119680 #1127611
#1133021 #1134090 #1136157 #1141895 #1144333
#1146539 #1156510 #1157424 #1158187 #1159285
#1160659 #1161561 #1161951 #1162928 #1162929
#1162931 #1164078 #1164507 #1165111 #1165404
#1165488 #1165527 #1165741 #1165813 #1165873
#1165929 #1165950 #1165980 #1165984 #1165985
#1166003 #1166101 #1166102 #1166103 #1166104
#1166632 #1166658 #1166730 #1166731 #1166732
#1166733 #1166734 #1166735
Cross- CVE-2019-19768 CVE-2020-8647 CVE-2020-8648
CVE-2020-8649 CVE-2020-9383
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
SUSE Linux Enterprise Module for Legacy Software 15-SP1
SUSE Linux Enterprise Module for Development Tools 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
SUSE Linux Enterprise High Availability 15-SP1
https://www.suse.com/security/cve/CVE-2019-19768.html
https://www.suse.com/security/cve/CVE-2020-8647.html
https://www.suse.com/security/cve/CVE-2020-8648.html
https://www.suse.com/security/cve/CVE-2020-8649.html
https://www.suse.com/security/cve/CVE-2020-9383.html
https://bugzilla.suse.com/1044231
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1051858
https://bugzilla.suse.com/1056686
https://bugzilla.suse.com/1060463
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1103990
https://bugzilla.suse.com/1103992
https://bugzilla.suse.com/1104353
https://bugzilla.suse.com/1104745
https://bugzilla.suse.com/1109837
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1111974
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1112374
https://bugzilla.suse.com/1113956
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1114685
https://bugzilla.suse.com/1119680
https://bugzilla.suse.com/1127611
https://bugzilla.suse.com/1133021
https://bugzilla.suse.com/1134090
https://bugzilla.suse.com/1136157
https://bugzilla.suse.com/1141895
https://bugzilla.suse.com/1144333
https://bugzilla.suse.com/1146539
https://bugzilla.suse.com/1156510
https://bugzilla.suse.com/1157424
https://bugzilla.suse.com/1158187
https://bugzilla.suse.com/1159285
https://bugzilla.suse.com/1160659
https://bugzilla.suse.com/1161561
https://bugzilla.suse.com/1161951
https://bugzilla.suse.com/1162928
https://bugzilla.suse.com/1162929
https://bugzilla.suse.com/1162931
https://bugzilla.suse.com/1164078
https://bugzilla.suse.com/1164507
https://bugzilla.suse.com/1165111
https://bugzilla.suse.com/1165404
https://bugzilla.suse.com/1165488
https://bugzilla.suse.com/1165527
https://bugzilla.suse.com/1165741
https://bugzilla.suse.com/1165813
https://bugzilla.suse.com/1165873
https://bugzilla.suse.com/1165929
https://bugzilla.suse.com/1165950
https://bugzilla.suse.com/1165980
https://bugzilla.suse.com/1165984
https://bugzilla.suse.com/1165985
https://bugzilla.suse.com/1166003
https://bugzilla.suse.com/1166101
https://bugzilla.suse.com/1166102
https://bugzilla.suse.com/1166103
https://bugzilla.suse.com/1166104
https://bugzilla.suse.com/1166632
https://bugzilla.suse.com/1166658
https://bugzilla.suse.com/1166730
https://bugzilla.suse.com/1166731
https://bugzilla.suse.com/1166732
https://bugzilla.suse.com/1166733
https://bugzilla.suse.com/1166734
https://bugzilla.suse.com/1166735