The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-3459: A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel. - CVE-2019-3460: A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before . - CVE-2019-3896: A double-free could happen in idr_remove_all in lib/idr.c in the Linux kernel. An unprivileged local attacker could use this flaw for a privilege escalation or for a system crash and a denial of service . - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which could lead to a denial of service . - CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout and smp_task_done in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free . - CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was an unchecked kstrdup of prop-name, which might allow an attacker to cause a denial of service . - CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network . The following non-security bugs were fixed: - KEYS: do not let add_key update an uninstantiated key . - fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer . - signal: give SEND_SIG_FORCED more power to beat SIGNAL_UNKILLABLE . - signal: oom_kill_task: use SEND_SIG_FORCED instead of force_sig . - tcp: a regression in the previous fix for the TCP SACK issue was fixed Special Instructions and Notes: Please reboot the system after installing this update.