Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2015:0985-1
Rating:	important
References:	bsc#758040 bsc#814440 bsc#904348 bsc#921949 bsc#924493 bsc#926238 bsc#933514 bsc#936773 bsc#939826 bsc#939926 bsc#940776 bsc#941113 bsc#941202 bsc#943959 bsc#944296 bsc#947241 bsc#947478 bsc#949100 bsc#949192 bsc#949706 bsc#949744 bsc#949936 bsc#950013 bsc#950580 bsc#950750 bsc#950998 bsc#951110 bsc#951165 bsc#951440 bsc#951638 bsc#951864 bsc#952384 bsc#952666 bsc#953717 bsc#953826 bsc#953830 bsc#953971 bsc#953980 bsc#954635 bsc#954986 bsc#955136 bsc#955148 bsc#955224 bsc#955354 bsc#955422 bsc#955533 bsc#955644 bsc#956047 bsc#956053 bsc#956147 bsc#956284 bsc#956703 bsc#956711 bsc#956717 bsc#956801 bsc#956876 bsc#957395 bsc#957546 bsc#958504 bsc#958510 bsc#958647
Cross-References:	CVE-2015-0272 CVE-2015-2925 CVE-2015-5156 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8215
CVSS scores:
Affected Products:	Public Cloud Module 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP1

An update that solves seven vulnerabilities and has 54 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive various security and bugfixes.

Following features were added: - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784).

Following security bugs were fixed: - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. (bsc#955354) - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack (bnc#926238). - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384).

The following non-security bugs were fixed: - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#954986, LTC#131684). - alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440). - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504). - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504). - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949). - audit: correctly record file names with different path name types (bsc#950013). - audit: create private file name copies when auditing inodes (bsc#950013). - bcache: Add btree_insert_node() (bnc#951638). - bcache: Add explicit keylist arg to btree_insert() (bnc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: backing device set to clean after finishing detach (bsc#951638). - bcache: Clean up keylist code (bnc#951638). - bcache: Convert btree_insert_check_key() to btree_insert_node() (bnc#951638). - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638). - bcache: Convert try_wait to wait_queue_head_t (bnc#951638). - bcache: Explicitly track btree node's parent (bnc#951638). - bcache: Fix a bug when detaching (bsc#951638). - bcache: Fix a lockdep splat in an error path (bnc#951638). - bcache: Fix a shutdown bug (bsc#951638). - bcache: Fix more early shutdown bugs (bsc#951638). - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - bcache: Insert multiple keys at a time (bnc#951638). - bcache: kill closure locking usage (bnc#951638). - bcache: Refactor journalling flow control (bnc#951638). - bcache: Refactor request_write() (bnc#951638). - bcache: Use blkdev_issue_discard() (bnc#951638). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more (bsc#958647). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: cleanup: remove no-used alloc_chunk in btrfs_check_data_free_space() (bsc#958647). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix condition of commit transaction (bsc#958647). - btrfs: fix file corruption and data loss after cloning inline extents (bnc#956053). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix out-of-space bug (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: fix the number of transaction units needed to remove a block group (bsc#958647). - btrfs: fix truncation of compressed and inlined extents (bnc#956053). - btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647). - btrfs: Set relative data on clear btrfs_block_group_cache->pinned (bsc#958647). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#958647). - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638). - cpu: Defer smpboot kthread unparking until CPU known to scheduler (bsc#936773). - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets (bsc#957395). - cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (bsc#950580). - dlm: make posix locks interruptible, (bsc#947241). - dmapi: Fix xfs dmapi to not unlock & lock XFS_ILOCK_EXCL (bsc#949744). - dm: do not start current request if it would've merged with the previous (bsc#904348). - dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348). - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826). - dm sysfs: introduce ability to add writable attributes (bsc#904348). - drm: Allocate new master object when client becomes master (bsc#956876, bsc#956801). - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801). - drm/i915: add hotplug activation period to hotplug update mask (bsc#953980). - drm/i915: clean up backlight conditional build (bsc#941113). - drm/i915: debug print on backlight register (bsc#941113). - drm/i915: do full backlight setup at enable time (bsc#941113). - drm/i915: do not save/restore backlight registers in KMS (bsc#941113). - drm/i915: Eliminate lots of WARNs when there's no backlight present (bsc#941113). - drm/i915: fix gen2-gen3 backlight set (bsc#941113,bsc#953971). - drm/i915: Fix gen3 self-refresh watermarks (bsc#953830,bsc#953971). - drm/i915: Fix missing backlight update during panel disablement (bsc#941113). - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040). - drm/i915: gather backlight information at setup (bsc#941113). - drm/i915: handle backlight through chip specific functions (bsc#941113). - drm/i915: Ignore "digital output" and "not HDMI output" bits for eDP detection (bsc#949192). - drm/i915: make asle notifications update backlight on all connectors (bsc#941113). - drm/i915: make backlight info per-connector (bsc#941113). - drm/i915: move backlight level setting in enable/disable to hooks (bsc#941113). - drm/i915: move opregion asle request handling to a work queue (bsc#953826). - drm/i915: nuke get max backlight functions (bsc#941113). - drm/i915/opregion: fix build error on CONFIG_ACPI=n (bsc#953826). - drm/i915: restore backlight precision when converting from ACPI (bsc#941113). - drm/i915/tv: add ->get_config callback (bsc#953830). - drm/i915: use backlight legacy combination mode also for i915gm/i945gm (bsc#941113). - drm/i915: use the initialized backlight max value instead of reading it (bsc#941113). - drm/i915: vlv does not have pipe field in backlight registers (bsc#941113). - fanotify: fix notification of groups with inode & mount marks (bsc#955533). - Fix remove_and_add_spares removes drive added as spare in slot_store (bsc#956717). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - genksyms: Handle string literals with spaces in reference files (bsc#958510). - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784). in the non-RT kernel to minimize the differences. - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224). - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422). - ixgbe: fix broken PFC with X550 (bsc#951864). - ixgbe: use correct fcoe ddp max check (bsc#951864). - kabi: Fix spurious kabi change in mm/util.c. - kABI: protect struct ahci_host_priv. - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635). - kabi: Restore kabi in struct se_cmd (bsc#954635). - kabi: Restore kabi in struct se_subsystem_api (bsc#954635). - ktime: add ktime_after and ktime_before helper (bsc#904348). - mm: factor commit limit calculation (VM Performance). - mm: get rid of "vmalloc_info" from /proc/meminfo (VM Performance). - mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault (Automatic NUMA Balancing (fate#315482)). - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959). - mm: vmscan: never isolate more pages than necessary (VM Performance). - Move ktime_after patch to the networking section - nfsrdma: Fix regression in NFSRDMA server (bsc#951110). - pci: Drop "setting latency timer" messages (bsc#956047). - pci: Update VPD size with correct length (bsc#924493). - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136). - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put() call (bsc#955136). - perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136). - perf/x86/intel/uncore: Fix multi-segment problem of perf_event_intel_uncore (bsc#955136). - pm, hinernate: use put_page in release_swap_writer (bnc#943959). - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706). - Re-add copy_page_vector_to_user() - ring-buffer: Always run per-cpu ring buffer resize with schedule_work_on() (bnc#956711). - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors. - rpm/kernel-binary.spec.in: Always build zImage for ARM - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs. - rpm/kernel-binary.spec.in: Drop the %build_src_dir macro It is the parent directory of the O= directory. - rpm/kernel-binary.spec.in: really pass down %{?_smp_mflags} - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now. - rpm/kernel-binary.spec.in: Use upstream script to support config.addon - s390/dasd: fix disconnected device with valid path mask (bnc#954986, LTC#132707). - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#954986, LTC#132706). - s390/dasd: fix list_del corruption after lcu changes (bnc#954986, LTC#133077). - sched: Call select_idle_sibling() when not affine_sd (Scheduler Performance). - sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100). - sched, isolcpu: make cpu_isolated_map visible outside scheduler (bsc#957395). - sched/numa: Check all nodes when placing a pseudo-interleaved group (Automatic NUMA Balancing (fate#315482)). - sched/numa: Fix math underflow in task_tick_numa() (Automatic NUMA Balancing (fate#315482)). - sched/numa: Only consider less busy nodes as numa balancing destinations (Automatic NUMA Balancing (fate#315482)). - sched: Put expensive runtime debugging checks under a separate Kconfig entry (Scheduler performance). - scsi: hosts: update to use ida_simple for host_no (bsc#939926) - sunrpc/cache: make cache flushing more reliable (bsc#947478). - sunrpc: Fix oops when trace sunrpc_task events in nfs client (bnc#956703). - supported.conf: Support peak_pci and sja1000: These 2 CAN drivers are supported in the RT kernel for a long time so we can also support them - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666). - target: Send UA upon LUN RESET tmr completion (bsc#933514). - target: use "se_dev_entry" when allocating UAs (bsc#933514). - Update config files. (bnc#955644) - Update kabi files with sbc_parse_cdb symbol change (bsc#954635). - usbvision fix overflow of interfaces array (bnc#950998). - vmxnet3: adjust ring sizes when interface is down (bsc#950750). - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750). - x86/efi: Fix invalid parameter error when getting hibernation key (fate#316350, bsc#956284). - x86/evtchn: make use of PHYSDEVOP_map_pirq. - x86/mm: Add parenthesis for TLB tracepoint size calculation (VM Performance (Reduce IPIs during reclaim)). - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality, bnc#955148). - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in remove_pagetable() (VM Functionality, bnc#955148). - x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate() (bsc#953717). - xen: fix boot crash in EC2 settings (bsc#956147). - xen: refresh patches.xen/xen-x86_64-m2p-strict (bsc#956147). - xen: Update Xen patches to 3.12.50. - xfs: always drain dio before extending aio write submission (bsc#949744). - xfs: DIO needs an ioend for writes (bsc#949744). - xfs: DIO write completion size updates race (bsc#949744). - xfs: DIO writes within EOF do not need an ioend (bsc#949744). - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744). - xfs: do not allocate an ioend for direct I/O completions (bsc#949744). - xfs: factor DIO write mapping from get_blocks (bsc#949744). - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744). - xfs: move DIO mapping size calculation (bsc#949744). - xfs: using generic_file_direct_write() is unnecessary (bsc#949744). - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951165). - xhci: Workaround to get Intel xHCI reset working more reliably (bnc#957546). - zfcp: fix fc_host port_type with NPIV (bnc#954986, LTC#132479).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP1
  zypper in -t patch SUSE-SLE-BSK-12-SP1-2015-985=1
• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-985=1
• SUSE Linux Enterprise Live Patching 12
  zypper in -t patch SUSE-SLE-Live-Patching-12-2015-985=1
• Public Cloud Module 12
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-985=1
• SUSE Linux Enterprise Software Development Kit 12 SP1
  zypper in -t patch SUSE-SLE-SDK-12-SP1-2015-985=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-985=1
• SUSE Linux Enterprise Server 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-985=1
• SUSE Linux Enterprise Workstation Extension 12 SP1
  zypper in -t patch SUSE-SLE-WE-12-SP1-2015-985=1

Package List:

• SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP1 (nosrc s390x)
  • kernel-zfcpdump-3.12.51-60.20.1
• SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP1 (s390x)
  • kernel-zfcpdump-debugsource-3.12.51-60.20.1
  • kernel-zfcpdump-debuginfo-3.12.51-60.20.1
• SUSE Linux Enterprise Desktop 12 SP1 (nosrc x86_64)
  • kernel-xen-3.12.51-60.20.2
  • kernel-default-3.12.51-60.20.2
• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • kernel-xen-devel-3.12.51-60.20.2
  • kernel-default-debugsource-3.12.51-60.20.2
  • kernel-xen-debuginfo-3.12.51-60.20.2
  • kernel-default-devel-3.12.51-60.20.2
  • kernel-xen-debugsource-3.12.51-60.20.2
  • kernel-default-extra-3.12.51-60.20.2
  • kernel-default-extra-debuginfo-3.12.51-60.20.2
  • kernel-default-debuginfo-3.12.51-60.20.2
  • kernel-syms-3.12.51-60.20.2
• SUSE Linux Enterprise Desktop 12 SP1 (noarch)
  • kernel-macros-3.12.51-60.20.2
  • kernel-source-3.12.51-60.20.2
  • kernel-devel-3.12.51-60.20.2
• SUSE Linux Enterprise Live Patching 12 (x86_64)
  • kgraft-patch-3_12_51-60_20-default-1-4.1
  • kgraft-patch-3_12_51-60_20-xen-1-4.1
• Public Cloud Module 12 (nosrc x86_64)
  • kernel-ec2-3.12.51-60.20.2
• Public Cloud Module 12 (x86_64)
  • kernel-ec2-devel-3.12.51-60.20.2
  • kernel-ec2-extra-debuginfo-3.12.51-60.20.2
  • kernel-ec2-debuginfo-3.12.51-60.20.2
  • kernel-ec2-extra-3.12.51-60.20.2
  • kernel-ec2-debugsource-3.12.51-60.20.2
• SUSE Linux Enterprise Software Development Kit 12 SP1 (noarch)
  • kernel-docs-3.12.51-60.20.2
• SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
  • kernel-obs-build-3.12.51-60.20.1
  • kernel-obs-build-debugsource-3.12.51-60.20.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc ppc64le x86_64)
  • kernel-default-3.12.51-60.20.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • kernel-default-debugsource-3.12.51-60.20.2
  • kernel-default-devel-3.12.51-60.20.2
  • kernel-default-base-3.12.51-60.20.2
  • kernel-default-debuginfo-3.12.51-60.20.2
  • kernel-default-base-debuginfo-3.12.51-60.20.2
  • kernel-syms-3.12.51-60.20.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
  • kernel-macros-3.12.51-60.20.2
  • kernel-source-3.12.51-60.20.2
  • kernel-devel-3.12.51-60.20.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc x86_64)
  • kernel-xen-3.12.51-60.20.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
  • kernel-xen-devel-3.12.51-60.20.2
  • kernel-xen-base-debuginfo-3.12.51-60.20.2
  • kernel-xen-debuginfo-3.12.51-60.20.2
  • kernel-xen-debugsource-3.12.51-60.20.2
  • kernel-xen-base-3.12.51-60.20.2
• SUSE Linux Enterprise Server 12 SP1 (nosrc ppc64le s390x x86_64)
  • kernel-default-3.12.51-60.20.2
• SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
  • kernel-default-debugsource-3.12.51-60.20.2
  • kernel-default-devel-3.12.51-60.20.2
  • kernel-default-base-3.12.51-60.20.2
  • kernel-default-debuginfo-3.12.51-60.20.2
  • kernel-default-base-debuginfo-3.12.51-60.20.2
  • kernel-syms-3.12.51-60.20.2
• SUSE Linux Enterprise Server 12 SP1 (noarch)
  • kernel-macros-3.12.51-60.20.2
  • kernel-source-3.12.51-60.20.2
  • kernel-devel-3.12.51-60.20.2
• SUSE Linux Enterprise Server 12 SP1 (s390x)
  • kernel-default-man-3.12.51-60.20.2
• SUSE Linux Enterprise Server 12 SP1 (nosrc x86_64)
  • kernel-xen-3.12.51-60.20.2
• SUSE Linux Enterprise Server 12 SP1 (x86_64)
  • kernel-xen-devel-3.12.51-60.20.2
  • kernel-xen-base-debuginfo-3.12.51-60.20.2
  • kernel-xen-debuginfo-3.12.51-60.20.2
  • kernel-xen-debugsource-3.12.51-60.20.2
  • kernel-xen-base-3.12.51-60.20.2
• SUSE Linux Enterprise Workstation Extension 12 SP1 (nosrc)
  • kernel-default-3.12.51-60.20.2
• SUSE Linux Enterprise Workstation Extension 12 SP1 (x86_64)
  • kernel-default-extra-debuginfo-3.12.51-60.20.2
  • kernel-default-extra-3.12.51-60.20.2
  • kernel-default-debuginfo-3.12.51-60.20.2
  • kernel-default-debugsource-3.12.51-60.20.2

References:

• https://www.suse.com/security/cve/CVE-2015-0272.html
• https://www.suse.com/security/cve/CVE-2015-2925.html
• https://www.suse.com/security/cve/CVE-2015-5156.html
• https://www.suse.com/security/cve/CVE-2015-7799.html
• https://www.suse.com/security/cve/CVE-2015-7872.html
• https://www.suse.com/security/cve/CVE-2015-7990.html
• https://www.suse.com/security/cve/CVE-2015-8215.html
• https://bugzilla.suse.com/show_bug.cgi?id=758040
• https://bugzilla.suse.com/show_bug.cgi?id=814440
• https://bugzilla.suse.com/show_bug.cgi?id=904348
• https://bugzilla.suse.com/show_bug.cgi?id=921949
• https://bugzilla.suse.com/show_bug.cgi?id=924493
• https://bugzilla.suse.com/show_bug.cgi?id=926238
• https://bugzilla.suse.com/show_bug.cgi?id=933514
• https://bugzilla.suse.com/show_bug.cgi?id=936773
• https://bugzilla.suse.com/show_bug.cgi?id=939826
• https://bugzilla.suse.com/show_bug.cgi?id=939926
• https://bugzilla.suse.com/show_bug.cgi?id=940776
• https://bugzilla.suse.com/show_bug.cgi?id=941113
• https://bugzilla.suse.com/show_bug.cgi?id=941202
• https://bugzilla.suse.com/show_bug.cgi?id=943959
• https://bugzilla.suse.com/show_bug.cgi?id=944296
• https://bugzilla.suse.com/show_bug.cgi?id=947241
• https://bugzilla.suse.com/show_bug.cgi?id=947478
• https://bugzilla.suse.com/show_bug.cgi?id=949100
• https://bugzilla.suse.com/show_bug.cgi?id=949192
• https://bugzilla.suse.com/show_bug.cgi?id=949706
• https://bugzilla.suse.com/show_bug.cgi?id=949744
• https://bugzilla.suse.com/show_bug.cgi?id=949936
• https://bugzilla.suse.com/show_bug.cgi?id=950013
• https://bugzilla.suse.com/show_bug.cgi?id=950580
• https://bugzilla.suse.com/show_bug.cgi?id=950750
• https://bugzilla.suse.com/show_bug.cgi?id=950998
• https://bugzilla.suse.com/show_bug.cgi?id=951110
• https://bugzilla.suse.com/show_bug.cgi?id=951165
• https://bugzilla.suse.com/show_bug.cgi?id=951440
• https://bugzilla.suse.com/show_bug.cgi?id=951638
• https://bugzilla.suse.com/show_bug.cgi?id=951864
• https://bugzilla.suse.com/show_bug.cgi?id=952384
• https://bugzilla.suse.com/show_bug.cgi?id=952666
• https://bugzilla.suse.com/show_bug.cgi?id=953717
• https://bugzilla.suse.com/show_bug.cgi?id=953826
• https://bugzilla.suse.com/show_bug.cgi?id=953830
• https://bugzilla.suse.com/show_bug.cgi?id=953971
• https://bugzilla.suse.com/show_bug.cgi?id=953980
• https://bugzilla.suse.com/show_bug.cgi?id=954635
• https://bugzilla.suse.com/show_bug.cgi?id=954986
• https://bugzilla.suse.com/show_bug.cgi?id=955136
• https://bugzilla.suse.com/show_bug.cgi?id=955148
• https://bugzilla.suse.com/show_bug.cgi?id=955224
• https://bugzilla.suse.com/show_bug.cgi?id=955354
• https://bugzilla.suse.com/show_bug.cgi?id=955422
• https://bugzilla.suse.com/show_bug.cgi?id=955533
• https://bugzilla.suse.com/show_bug.cgi?id=955644
• https://bugzilla.suse.com/show_bug.cgi?id=956047
• https://bugzilla.suse.com/show_bug.cgi?id=956053
• https://bugzilla.suse.com/show_bug.cgi?id=956147
• https://bugzilla.suse.com/show_bug.cgi?id=956284
• https://bugzilla.suse.com/show_bug.cgi?id=956703
• https://bugzilla.suse.com/show_bug.cgi?id=956711
• https://bugzilla.suse.com/show_bug.cgi?id=956717
• https://bugzilla.suse.com/show_bug.cgi?id=956801
• https://bugzilla.suse.com/show_bug.cgi?id=956876
• https://bugzilla.suse.com/show_bug.cgi?id=957395
• https://bugzilla.suse.com/show_bug.cgi?id=957546
• https://bugzilla.suse.com/show_bug.cgi?id=958504
• https://bugzilla.suse.com/show_bug.cgi?id=958510
• https://bugzilla.suse.com/show_bug.cgi?id=958647