Bug 1096748 (CVE-2018-1128)

Summary:	VUL-0: CVE-2018-1128 CVE-2018-1129: ceph: various issues with cephx
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Marcus Meissner <meissner>
Component:	Incidents	Assignee:	Nathan Cutler <ncutler>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	abergmann, alekshmanan, doliveira, holgi, lhenriques, lmb, meissner, mhocko, mkoutny, tserong
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
Whiteboard:	CVSSv3:RedHat:CVE-2018-1128:5.9:(AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L) CVSSv3:RedHat:CVE-2018-1129:5.9:(AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L) CVSSv3:SUSE:CVE-2018-1128:8.3:(AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L) CVSSv3:SUSE:CVE-2018-1129:8.1:(AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) CVSSv2:NVD:CVE-2018-1129:3.3:(AV:A/AC:L/Au:N/C:N/I:P/A:N) CVSSv3:NVD:CVE-2018-1129:6.5:(AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVSSv2:NVD:CVE-2018-1128:5.4:(AV:A/AC:M/Au:N/C:P/I:P/A:P) CVSSv3:NVD:CVE-2018-1128:7.5:(AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Comment 16 Marcus Meissner 2018-06-22 10:03:07 UTC

CRD: 2018-07-02

Comment 21 Marcus Meissner 2018-07-10 06:30:03 UTC

http://tracker.ceph.com/issues/24836



The cephx authorizer does not have any challenge or nonce, and thus (if sniffed) can be reused by another session.

Fixes are in place:
master: 5ead97120e07054d80623dada90a5cc764c28468
mimic: 4cbd72f11ecda4c28d1bf47328a4f8672295870a
luminous: 5ead97120e07054d80623dada90a5cc764c28468
jewel: 26816cd80ae245d351d5ce34d8af434fbc798602

CVE-2018-1128


http://tracker.ceph.com/issues/24837



The signature check code was validating only the first (32-byte) of two blocks, and thus did not cover all of the crc fields (notably not data_crc).

Fixes are in place:

master: 8f396cf35a3826044b089141667a196454c0a587
mimic: 436b08688a5be238280a6e93de8658c10d72044c
luminous: a2b04cc337a6f6f7b7a8b02bf31a8f3448670645
jewel: 546d15b25eb2af8b27ec509344c1a45387f77a57

CVE-2018-1129

Comment 22 Swamp Workflow Management 2018-07-10 13:08:27 UTC

SUSE-SU-2018:1920-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1096748,1099162
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129
Sources used:
SUSE Enterprise Storage 5 (src):    ceph-12.2.5+git.1530082629.8cbf63d997-2.16.1

Comment 23 Swamp Workflow Management 2018-07-11 11:40:07 UTC

This is an autogenerated message for OBS integration:
This bug (1096748) was mentioned in
https://build.opensuse.org/request/show/622065 Factory / ceph

Comment 27 Swamp Workflow Management 2018-08-03 22:08:52 UTC

SUSE-SU-2018:2193-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1092874,1094932,1096748,1099162
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1
SUSE Linux Enterprise Server 12-SP3 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1
SUSE CaaS Platform ALL (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1
SUSE CaaS Platform 3.0 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1

Comment 28 Swamp Workflow Management 2018-08-10 01:08:04 UTC

openSUSE-SU-2018:2283-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1092874,1094932,1096748,1099162
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129
Sources used:
openSUSE Leap 42.3 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-12.1, ceph-test-12.2.7+git.1531910353.c0ef85b854-12.1

Comment 29 Swamp Workflow Management 2018-08-10 13:09:53 UTC

SUSE-SU-2018:2299-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1072512,1080112,1081379,1086340,1096748,1099162
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129,CVE-2018-7262
Sources used:
SUSE Enterprise Storage 4 (src):    ceph-10.2.11+git.1531487710.3a12911a2e-12.14.2, ceph-test-10.2.11+git.1531487710.3a12911a2e-12.14.2

Comment 30 Swamp Workflow Management 2018-08-22 13:40:29 UTC

SUSE-SU-2018:2478-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1092874,1094932,1096748,1099162
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1
SUSE Linux Enterprise Server 12-SP3 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1
SUSE CaaS Platform ALL (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1
SUSE CaaS Platform 3.0 (src):    ceph-12.2.7+git.1531910353.c0ef85b854-2.12.1

Comment 31 Luis Henriques 2018-09-05 09:08:46 UTC

I've just pushed the kernel-side fixes for SLE12-SP3 and SLE15 (merge still pending).  Just for reference, the commits that actually fix these 2 CVEs are:

6daca13d2e72 ("libceph: add authorizer challenge")
cc255c76c70f ("libceph: implement CEPHX_V2 calculation mode")

However, there are a few extra admin steps required to really secure a ceph cluster.  These include setting the new config cephx options that force the cluster to accept cephv2-only clients and, probably, the cephx_require_signatures.  The 3 new cephx config options are cephx_cluster_require_version, cephx_service_require_version and cephx_require_version.

Comment 33 Swamp Workflow Management 2018-09-11 15:34:34 UTC

This is an autogenerated message for OBS integration:
This bug (1096748) was mentioned in
https://build.opensuse.org/request/show/635004 42.3 / kernel-source

Comment 37 Swamp Workflow Management 2018-09-16 13:18:08 UTC

openSUSE-SU-2018:2738-1: An update that solves 14 vulnerabilities and has 93 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1087092,1089066,1090888,1091171,1091860,1092903,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099832,1099922,1099999,1100000,1100001,1100132,1101822,1102346,1102486,1102517,1102715,1102797,1104485,1104683,1104897,1105271,1105292,1105296,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106191,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107937,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.155-68.1, kernel-default-4.4.155-68.1, kernel-docs-4.4.155-68.1, kernel-obs-build-4.4.155-68.1, kernel-obs-qa-4.4.155-68.1, kernel-source-4.4.155-68.1, kernel-syms-4.4.155-68.1, kernel-vanilla-4.4.155-68.1

Comment 39 Swamp Workflow Management 2018-09-20 22:17:50 UTC

SUSE-SU-2018:2775-1: An update that solves 21 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1103717,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_17-1-4.3.1

Comment 40 Swamp Workflow Management 2018-09-20 22:37:50 UTC

SUSE-SU-2018:2776-1: An update that solves 21 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1103717,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.155-94.50.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.155-94.50.1, kernel-obs-build-4.4.155-94.50.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.155-94.50.1, kernel-source-4.4.155-94.50.1, kernel-syms-4.4.155-94.50.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.155-94.50.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.155-94.50.1, kernel-source-4.4.155-94.50.1, kernel-syms-4.4.155-94.50.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.155-94.50.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.155-94.50.1

Comment 42 Swamp Workflow Management 2018-09-25 16:18:38 UTC

SUSE-SU-2018:2858-1: An update that solves 22 vulnerabilities and has 96 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1092903,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106594,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-azure-4.4.155-4.16.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.155-4.16.1, kernel-source-azure-4.4.155-4.16.1, kernel-syms-azure-4.4.155-4.16.1

Comment 43 Swamp Workflow Management 2018-09-25 19:18:45 UTC

SUSE-SU-2018:2862-1: An update that solves 12 vulnerabilities and has 83 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1087092,1089066,1090888,1092903,1096748,1097105,1098822,1099597,1099810,1099832,1099922,1099999,1100000,1100001,1100132,1102346,1102486,1102517,1104485,1104683,1105271,1105296,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106191,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.155-3.23.1, kernel-rt_debug-4.4.155-3.23.1, kernel-source-rt-4.4.155-3.23.1, kernel-syms-rt-4.4.155-3.23.1

Comment 44 Swamp Workflow Management 2018-10-02 19:25:55 UTC

SUSE-SU-2018:2980-1: An update that solves 13 vulnerabilities and has 134 fixes is now available.

Category: security (important)
Bug References: 1012382,1043912,1044189,1046302,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1058659,1060463,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082555,1083647,1083663,1084332,1085042,1085262,1086282,1089663,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1098459,1098822,1099922,1099999,1100000,1100001,1100132,1101557,1101669,1102346,1102870,1102875,1102877,1102879,1102882,1102896,1103363,1103387,1103421,1103948,1103949,1103961,1104172,1104353,1104824,1105247,1105524,1105536,1105597,1105603,1105672,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106191,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107870,1107924,1107945,1107966,1108010,1108093,1108243,1108520,1108870,1109269,1109511,920344
CVE References: CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.19.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.19.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.19.1, kernel-obs-build-4.12.14-25.19.1, kernel-source-4.12.14-25.19.1, kernel-syms-4.12.14-25.19.1, kernel-vanilla-4.12.14-25.19.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.19.1, kernel-source-4.12.14-25.19.1, kernel-zfcpdump-4.12.14-25.19.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.19.1

Comment 45 Swamp Workflow Management 2018-10-02 19:49:41 UTC

SUSE-SU-2018:2981-1: An update that solves 13 vulnerabilities and has 134 fixes is now available.

Category: security (important)
Bug References: 1012382,1043912,1044189,1046302,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1058659,1060463,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082555,1083647,1083663,1084332,1085042,1085262,1086282,1089663,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1098459,1098822,1099922,1099999,1100000,1100001,1100132,1101557,1101669,1102346,1102870,1102875,1102877,1102879,1102882,1102896,1103363,1103387,1103421,1103948,1103949,1103961,1104172,1104353,1104824,1105247,1105524,1105536,1105597,1105603,1105672,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106191,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107870,1107924,1107945,1107966,1108010,1108093,1108243,1108520,1108870,1109269,1109511,920344
CVE References: CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.19.1, kernel-livepatch-SLE15_Update_5-1-1.3.1

Comment 46 Swamp Workflow Management 2018-10-04 19:14:53 UTC

This is an autogenerated message for OBS integration:
This bug (1096748) was mentioned in
https://build.opensuse.org/request/show/640014 15.0 / kernel-source

Comment 47 Swamp Workflow Management 2018-10-08 13:20:04 UTC

openSUSE-SU-2018:3071-1: An update that solves 18 vulnerabilities and has 201 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082519,1082555,1083647,1083663,1084332,1085030,1085042,1085262,1086282,1086327,1089663,1090078,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099922,1099999,1100000,1100001,1100132,1101480,1101557,1101669,1101822,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103269,1103363,1103387,1103405,1103421,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104365,1104482,1104683,1104708,1104824,1104888,1104890,1104897,1105190,1105247,1105292,1105296,1105322,1105355,1105378,1105396,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108243,1108281,1108323,1108399,1108520,1108823,1108870,1109244,1109269,1109333,1109336,1109337,1109511,1109603,1109806,1109859,1109979,1109992,1110006,1110301,1110363,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1110716,971975
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.19.2, kernel-default-4.12.14-lp150.12.19.2, kernel-docs-4.12.14-lp150.12.19.3, kernel-kvmsmall-4.12.14-lp150.12.19.2, kernel-obs-build-4.12.14-lp150.12.19.2, kernel-obs-qa-4.12.14-lp150.12.19.2, kernel-source-4.12.14-lp150.12.19.1, kernel-syms-4.12.14-lp150.12.19.1, kernel-vanilla-4.12.14-lp150.12.19.2

Comment 49 Swamp Workflow Management 2018-11-30 20:21:20 UTC

SUSE-SU-2018:3961-1: An update that solves 22 vulnerabilities and has 286 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046540,1046543,1050244,1050319,1050536,1050540,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1065600,1065729,1066674,1067126,1067906,1068032,1069138,1071995,1076830,1077761,1077989,1078720,1079524,1080157,1082519,1082555,1083647,1083663,1084760,1084831,1085030,1085042,1085262,1086282,1086283,1086288,1086327,1089663,1090078,1091800,1092903,1094244,1094825,1095344,1095805,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099125,1099922,1099999,1100001,1100132,1101480,1101557,1101669,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102881,1102882,1102896,1103269,1103308,1103356,1103363,1103387,1103405,1103421,1103543,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104482,1104683,1104731,1104824,1104888,1104890,1105025,1105190,1105247,1105292,1105322,1105355,1105378,1105396,1105428,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106110,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106779,1106800,1106838,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107074,1107207,1107319,1107320,1107522,1107535,1107685,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108241,1108243,1108260,1108281,1108323,1108377,1108399,1108468,1108520,1108823,1108841,1108870,1109151,1109158,1109217,1109244,1109269,1109330,1109333,1109336,1109337,1109511,1109603,1109739,1109772,1109784,1109806,1109818,1109907,1109915,1109919,1109951,1109979,1109992,1110006,1110096,1110301,1110363,1110538,1110561,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1111028,1111040,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112208,1112219,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279,971975
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.16.1, kernel-source-azure-4.12.14-5.16.1, kernel-syms-azure-4.12.14-5.16.1

Comment 51 Swamp Workflow Management 2019-01-22 13:00:47 UTC

This is an autogenerated message for OBS integration:
This bug (1096748) was mentioned in
https://build.opensuse.org/request/show/667784 15.0 / ceph

Comment 54 Swamp Workflow Management 2019-03-11 13:20:17 UTC

This is an autogenerated message for OBS integration:
This bug (1096748) was mentioned in
https://build.opensuse.org/request/show/683881 15.0 / ceph

Comment 55 Swamp Workflow Management 2019-03-12 20:15:06 UTC

SUSE-SU-2019:0586-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1084645,1086613,1096748,1099162,1101262,1111177,1114567
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129,CVE-2018-14662,CVE-2018-16846
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    ceph-13.2.4.125+gad802694f5-3.7.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    ceph-13.2.4.125+gad802694f5-3.7.2

Comment 66 Swamp Workflow Management 2019-04-27 22:32:47 UTC

openSUSE-SU-2019:1284-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1084645,1086613,1096748,1099162,1101262,1111177,1114567,1114710
CVE References: CVE-2018-10861,CVE-2018-1128,CVE-2018-1129,CVE-2018-14662,CVE-2018-16846
Sources used:
openSUSE Leap 15.0 (src):    ceph-13.2.4.125+gad802694f5-lp150.2.3.1, ceph-test-13.2.4.125+gad802694f5-lp150.2.3.1

Comment 71 Swamp Workflow Management 2019-05-17 19:12:16 UTC

SUSE-SU-2019:1287-1: An update that solves 16 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024908,1034113,1043485,1068032,1073311,1080157,1080533,1082632,1087231,1087659,1087906,1093158,1094268,1096748,1100152,1103186,1106913,1109772,1111331,1112178,1113399,1116841,1118338,1119019,1122822,1124832,1125580,1129279,1131416,1131427,1131587,1132673,1132828,1133188
CVE References: CVE-2016-8636,CVE-2017-17741,CVE-2017-18174,CVE-2018-1091,CVE-2018-1120,CVE-2018-1128,CVE-2018-1129,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-19407,CVE-2019-11091,CVE-2019-11486,CVE-2019-3882,CVE-2019-8564,CVE-2019-9503
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.109.2, kernel-source-4.4.121-92.109.2, kernel-syms-4.4.121-92.109.2, kgraft-patch-SLE12-SP2_Update_29-1-3.5.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.109.2, kernel-source-4.4.121-92.109.2, kernel-syms-4.4.121-92.109.2, kgraft-patch-SLE12-SP2_Update_29-1-3.5.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.109.2, kernel-source-4.4.121-92.109.2, kernel-syms-4.4.121-92.109.2, kgraft-patch-SLE12-SP2_Update_29-1-3.5.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.109.2, kernel-source-4.4.121-92.109.2, kernel-syms-4.4.121-92.109.2
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.109.2
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.109.2, kernel-source-4.4.121-92.109.2, kernel-syms-4.4.121-92.109.2, kgraft-patch-SLE12-SP2_Update_29-1-3.5.2
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.109.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 72 Alexander Bergmann 2019-07-24 11:31:25 UTC

All released. Closing bug.