Bug 1106509 (CVE-2018-6554)

Summary: VUL-1: CVE-2018-6554: kernel-source: irda: Memory leak in the irda_bind function in net/irda/af_irda.c
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: carlos.lopez, mhocko, mkubecek, smash_bz, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/213505/
Whiteboard: CVSSv3:SUSE:CVE-2018-6554:3.3:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: 0001-v4.15-irda-Fix-memory-leak-caused-by-repeated.patch
0001-v4.4-irda-Fix-memory-leak-caused-by-repeated.patch

Comment 1 Marcus Meissner 2018-08-30 05:55:47 UTC 
Created attachment 781270 [details]
0001-v4.15-irda-Fix-memory-leak-caused-by-repeated.patch

0001-v4.15-irda-Fix-memory-leak-caused-by-repeated.patch

attached to mail
Comment 2 Marcus Meissner 2018-08-30 05:56:28 UTC 
Created attachment 781271 [details]
0001-v4.4-irda-Fix-memory-leak-caused-by-repeated.patch

0001-v4.4-irda-Fix-memory-leak-caused-by-repeated.patch
Comment 3 Michal Kubeček 2018-08-31 06:44:19 UTC 
This bug exists since before 2.6.16. On the other end, IRDA is gone in stable
(Tumbleweed) and disabled in SLE15(-SP1). However, it is enabled in SLE12-SP4,
openSUSE-15.0 and all older branches so that we will need to patch everything
up to SLE15 anyway.
Comment 4 Marcus Meissner 2018-09-05 05:26:28 UTC 
public now

https://seclists.org/oss-sec/2018/q3/212

 CVE-2018-6554 and CVE-2018-6555: Linux kernel: irda memory leak and use after free From: Tyler Hicks <tyhicks () canonical com>
Date: Tue, 4 Sep 2018 11:47:06 -0500

Two issues were discovered in the irda subsystem within the Linux
kernel.

The irda subsystem has been removed from the upstream kernel starting in
v4.17 but it is present in many distro kernels and the stable kernel tree.

Memory leak in the irda_bind function in net/irda/af_irda.c and later
in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17
allows local users to cause a denial of service (memory consumption) by
repeatedly binding an AF_IRDA socket. (CVE-2018-6554)

The irda_setsockopt function in net/irda/af_irda.c and later in
drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17
allows local users to cause a denial of service (ias_object
use-after-free and system crash) or possibly have unspecified other
impact via an AF_IRDA socket. (CVE-2018-6555)

I've sent the fixes to the stable kernel list but I don't yet see my
submissions in the list archive on Spinics. Here are the equivalent
versions of the patches against the Ubuntu kernel:

https://lists.ubuntu.com/archives/kernel-team/2018-September/095134.html
(>= 4.14)

https://lists.ubuntu.com/archives/kernel-team/2018-September/095137.html
(< 4.14)

Tyler
Comment 6 Swamp Workflow Management 2018-09-11 15:37:20 UTC 
This is an autogenerated message for OBS integration:
This bug (1106509) was mentioned in
https://build.opensuse.org/request/show/635004 42.3 / kernel-source
Comment 8 Swamp Workflow Management 2018-09-16 13:27:33 UTC 
openSUSE-SU-2018:2738-1: An update that solves 14 vulnerabilities and has 93 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1087092,1089066,1090888,1091171,1091860,1092903,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099832,1099922,1099999,1100000,1100001,1100132,1101822,1102346,1102486,1102517,1102715,1102797,1104485,1104683,1104897,1105271,1105292,1105296,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106191,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107937,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.155-68.1, kernel-default-4.4.155-68.1, kernel-docs-4.4.155-68.1, kernel-obs-build-4.4.155-68.1, kernel-obs-qa-4.4.155-68.1, kernel-source-4.4.155-68.1, kernel-syms-4.4.155-68.1, kernel-vanilla-4.4.155-68.1
Comment 13 Swamp Workflow Management 2018-09-20 22:26:57 UTC 
SUSE-SU-2018:2775-1: An update that solves 21 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1103717,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_17-1-4.3.1
Comment 14 Swamp Workflow Management 2018-09-20 22:46:08 UTC 
SUSE-SU-2018:2776-1: An update that solves 21 vulnerabilities and has 98 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1103717,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.155-94.50.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.155-94.50.1, kernel-obs-build-4.4.155-94.50.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.155-94.50.1, kernel-source-4.4.155-94.50.1, kernel-syms-4.4.155-94.50.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.155-94.50.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.155-94.50.1, kernel-source-4.4.155-94.50.1, kernel-syms-4.4.155-94.50.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.155-94.50.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.155-94.50.1
Comment 18 Swamp Workflow Management 2018-09-25 16:28:28 UTC 
SUSE-SU-2018:2858-1: An update that solves 22 vulnerabilities and has 96 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1065364,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1086457,1087092,1089066,1090888,1091171,1091860,1092903,1096254,1096748,1097105,1098253,1098822,1099597,1099810,1099811,1099813,1099832,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099999,1100000,1100001,1100132,1101822,1101841,1102346,1102486,1102517,1102715,1102797,1103269,1103445,1104319,1104485,1104494,1104495,1104683,1104897,1105271,1105292,1105322,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106594,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477,970506
CVE References: CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-azure-4.4.155-4.16.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.155-4.16.1, kernel-source-azure-4.4.155-4.16.1, kernel-syms-azure-4.4.155-4.16.1
Comment 19 Swamp Workflow Management 2018-09-25 19:26:07 UTC 
SUSE-SU-2018:2862-1: An update that solves 12 vulnerabilities and has 83 fixes is now available.

Category: security (important)
Bug References: 1012382,1015342,1015343,1017967,1019695,1019699,1020412,1021121,1022604,1024361,1024365,1024376,1027968,1030552,1031492,1033962,1042286,1048317,1050431,1053685,1055014,1056596,1062604,1063646,1064232,1066223,1068032,1068075,1069138,1078921,1080157,1083663,1085042,1085536,1085539,1087092,1089066,1090888,1092903,1096748,1097105,1098822,1099597,1099810,1099832,1099922,1099999,1100000,1100001,1100132,1102346,1102486,1102517,1104485,1104683,1105271,1105296,1105322,1105323,1105392,1105396,1105524,1105536,1105769,1106016,1106105,1106185,1106191,1106229,1106271,1106275,1106276,1106278,1106281,1106283,1106369,1106509,1106511,1106697,1106929,1106934,1106995,1107060,1107078,1107319,1107320,1107689,1107735,1107966,963575,966170,966172,969470,969476,969477
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.155-3.23.1, kernel-rt_debug-4.4.155-3.23.1, kernel-source-rt-4.4.155-3.23.1, kernel-syms-rt-4.4.155-3.23.1
Comment 20 Swamp Workflow Management 2018-09-26 16:18:24 UTC 
SUSE-SU-2018:2879-1: An update that solves 12 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1037441,1045538,1047487,1048185,1050381,1050431,1057199,1060245,1064861,1068032,1080157,1087081,1092772,1092903,1093666,1096547,1097562,1098822,1099922,1100132,1100705,1102517,1102870,1103119,1103884,1103909,1104481,1104684,1104818,1104901,1105100,1105322,1105348,1105536,1105723,1106095,1106105,1106199,1106202,1106206,1106209,1106212,1106369,1106509,1106511,1106609,1106886,1106930,1106995,1107001,1107064,1107071,1107650,1107689,1107735,1107949,1108096,1108170,1108823,1108912
CVE References: CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-14617,CVE-2018-14634,CVE-2018-14734,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.71.1
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.71.1, kernel-default-3.0.101-108.71.1, kernel-ec2-3.0.101-108.71.1, kernel-pae-3.0.101-108.71.1, kernel-ppc64-3.0.101-108.71.1, kernel-source-3.0.101-108.71.1, kernel-syms-3.0.101-108.71.1, kernel-trace-3.0.101-108.71.1, kernel-xen-3.0.101-108.71.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.71.1, kernel-pae-3.0.101-108.71.1, kernel-ppc64-3.0.101-108.71.1, kernel-trace-3.0.101-108.71.1, kernel-xen-3.0.101-108.71.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.71.1, kernel-default-3.0.101-108.71.1, kernel-ec2-3.0.101-108.71.1, kernel-pae-3.0.101-108.71.1, kernel-ppc64-3.0.101-108.71.1, kernel-trace-3.0.101-108.71.1, kernel-xen-3.0.101-108.71.1
Comment 21 Swamp Workflow Management 2018-09-27 19:11:57 UTC 
SUSE-SU-2018:2907-1: An update that solves 8 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1057199,1087081,1092903,1102517,1103119,1104367,1104684,1104818,1105100,1105296,1105322,1105323,1105536,1106369,1106509,1106511,1107001,1107689,1108912
CVE References: CVE-2018-10902,CVE-2018-10940,CVE-2018-14634,CVE-2018-14734,CVE-2018-15572,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.50.1, kernel-default-3.0.101-0.47.106.50.1, kernel-ec2-3.0.101-0.47.106.50.1, kernel-pae-3.0.101-0.47.106.50.1, kernel-source-3.0.101-0.47.106.50.1, kernel-syms-3.0.101-0.47.106.50.1, kernel-trace-3.0.101-0.47.106.50.1, kernel-xen-3.0.101-0.47.106.50.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.50.1, kernel-default-3.0.101-0.47.106.50.1, kernel-pae-3.0.101-0.47.106.50.1, kernel-ppc64-3.0.101-0.47.106.50.1, kernel-trace-3.0.101-0.47.106.50.1, kernel-xen-3.0.101-0.47.106.50.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.50.1, kernel-ec2-3.0.101-0.47.106.50.1, kernel-pae-3.0.101-0.47.106.50.1, kernel-source-3.0.101-0.47.106.50.1, kernel-syms-3.0.101-0.47.106.50.1, kernel-trace-3.0.101-0.47.106.50.1, kernel-xen-3.0.101-0.47.106.50.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.50.1, kernel-default-3.0.101-0.47.106.50.1, kernel-ec2-3.0.101-0.47.106.50.1, kernel-pae-3.0.101-0.47.106.50.1, kernel-trace-3.0.101-0.47.106.50.1, kernel-xen-3.0.101-0.47.106.50.1
Comment 22 Swamp Workflow Management 2018-09-27 19:21:47 UTC 
SUSE-SU-2018:2908-1: An update that solves 19 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.104.1
Comment 25 Swamp Workflow Management 2018-10-02 19:34:24 UTC 
SUSE-SU-2018:2980-1: An update that solves 13 vulnerabilities and has 134 fixes is now available.

Category: security (important)
Bug References: 1012382,1043912,1044189,1046302,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1058659,1060463,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082555,1083647,1083663,1084332,1085042,1085262,1086282,1089663,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1098459,1098822,1099922,1099999,1100000,1100001,1100132,1101557,1101669,1102346,1102870,1102875,1102877,1102879,1102882,1102896,1103363,1103387,1103421,1103948,1103949,1103961,1104172,1104353,1104824,1105247,1105524,1105536,1105597,1105603,1105672,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106191,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107870,1107924,1107945,1107966,1108010,1108093,1108243,1108520,1108870,1109269,1109511,920344
CVE References: CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.19.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.19.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.19.1, kernel-obs-build-4.12.14-25.19.1, kernel-source-4.12.14-25.19.1, kernel-syms-4.12.14-25.19.1, kernel-vanilla-4.12.14-25.19.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.19.1, kernel-source-4.12.14-25.19.1, kernel-zfcpdump-4.12.14-25.19.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.19.1
Comment 26 Swamp Workflow Management 2018-10-02 19:57:51 UTC 
SUSE-SU-2018:2981-1: An update that solves 13 vulnerabilities and has 134 fixes is now available.

Category: security (important)
Bug References: 1012382,1043912,1044189,1046302,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1058659,1060463,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082555,1083647,1083663,1084332,1085042,1085262,1086282,1089663,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1098459,1098822,1099922,1099999,1100000,1100001,1100132,1101557,1101669,1102346,1102870,1102875,1102877,1102879,1102882,1102896,1103363,1103387,1103421,1103948,1103949,1103961,1104172,1104353,1104824,1105247,1105524,1105536,1105597,1105603,1105672,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106191,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107870,1107924,1107945,1107966,1108010,1108093,1108243,1108520,1108870,1109269,1109511,920344
CVE References: CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.19.1, kernel-livepatch-SLE15_Update_5-1-1.3.1
Comment 27 Swamp Workflow Management 2018-10-04 19:21:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1106509) was mentioned in
https://build.opensuse.org/request/show/640014 15.0 / kernel-source
Comment 28 Swamp Workflow Management 2018-10-08 13:36:58 UTC 
openSUSE-SU-2018:3071-1: An update that solves 18 vulnerabilities and has 201 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046543,1050244,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1064232,1065600,1065729,1068032,1069138,1071995,1077761,1077989,1078720,1080157,1082519,1082555,1083647,1083663,1084332,1085030,1085042,1085262,1086282,1086327,1089663,1090078,1090528,1092903,1093389,1094244,1095344,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099922,1099999,1100000,1100001,1100132,1101480,1101557,1101669,1101822,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103269,1103363,1103387,1103405,1103421,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104365,1104482,1104683,1104708,1104824,1104888,1104890,1104897,1105190,1105247,1105292,1105296,1105322,1105355,1105378,1105396,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106426,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106743,1106779,1106800,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107073,1107074,1107078,1107265,1107319,1107320,1107522,1107535,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108243,1108281,1108323,1108399,1108520,1108823,1108870,1109244,1109269,1109333,1109336,1109337,1109511,1109603,1109806,1109859,1109979,1109992,1110006,1110301,1110363,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1110716,971975
CVE References: CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.19.2, kernel-default-4.12.14-lp150.12.19.2, kernel-docs-4.12.14-lp150.12.19.3, kernel-kvmsmall-4.12.14-lp150.12.19.2, kernel-obs-build-4.12.14-lp150.12.19.2, kernel-obs-qa-4.12.14-lp150.12.19.2, kernel-source-4.12.14-lp150.12.19.1, kernel-syms-4.12.14-lp150.12.19.1, kernel-vanilla-4.12.14-lp150.12.19.2
Comment 29 Swamp Workflow Management 2018-10-09 16:13:56 UTC 
SUSE-SU-2018:3083-1: An update that solves 20 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1012382,1062604,1064232,1065999,1092903,1093215,1096547,1097104,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1100089,1102870,1103445,1104319,1104495,1104906,1105322,1105412,1106095,1106369,1106509,1106511,1107689,1108399,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.146.1, kernel-source-3.12.61-52.146.1, kernel-syms-3.12.61-52.146.1, kernel-xen-3.12.61-52.146.1, kgraft-patch-SLE12_Update_38-1-1.5.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.146.1
Comment 30 Swamp Workflow Management 2018-10-09 16:23:32 UTC 
SUSE-SU-2018:3084-1: An update that solves 28 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 1012382,1042286,1062604,1064232,1065364,1082519,1082863,1084536,1085042,1088810,1089066,1092903,1094466,1095344,1096547,1097104,1099597,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099993,1099999,1100000,1100001,1100152,1102517,1102715,1102870,1103445,1104319,1104495,1105292,1105296,1105322,1105348,1105396,1105536,1106016,1106095,1106369,1106509,1106511,1106512,1106594,1107689,1107735,1107966,1108239,1108399,1109333
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14617,CVE-2018-14678,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555,CVE-2018-7480,CVE-2018-7757,CVE-2018-9363
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.95.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.95.1
Comment 31 Swamp Workflow Management 2018-10-09 16:33:41 UTC 
SUSE-SU-2018:3088-1: An update that solves 12 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1045538,1048185,1050381,1050431,1057199,1060245,1064861,1068032,1080157,1087081,1092772,1092903,1093666,1096547,1098822,1099922,1100132,1100705,1102517,1102870,1103119,1104481,1104684,1104818,1104901,1105100,1105322,1105348,1105536,1105723,1106095,1106105,1106199,1106202,1106206,1106209,1106212,1106369,1106509,1106511,1106609,1106886,1106930,1106995,1107001,1107064,1107071,1107650,1107689,1107735,1107949,1108096,1108170,1108823,1108912
CVE References: CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-14617,CVE-2018-14634,CVE-2018-14734,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.36.1, kernel-rt_trace-3.0.101.rt130-69.36.1, kernel-source-rt-3.0.101.rt130-69.36.1, kernel-syms-rt-3.0.101.rt130-69.36.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.36.1, kernel-rt_debug-3.0.101.rt130-69.36.1, kernel-rt_trace-3.0.101.rt130-69.36.1
Comment 34 Swamp Workflow Management 2018-11-30 20:37:21 UTC 
SUSE-SU-2018:3961-1: An update that solves 22 vulnerabilities and has 286 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046540,1046543,1050244,1050319,1050536,1050540,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1065600,1065729,1066674,1067126,1067906,1068032,1069138,1071995,1076830,1077761,1077989,1078720,1079524,1080157,1082519,1082555,1083647,1083663,1084760,1084831,1085030,1085042,1085262,1086282,1086283,1086288,1086327,1089663,1090078,1091800,1092903,1094244,1094825,1095344,1095805,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099125,1099922,1099999,1100001,1100132,1101480,1101557,1101669,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102881,1102882,1102896,1103269,1103308,1103356,1103363,1103387,1103405,1103421,1103543,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104482,1104683,1104731,1104824,1104888,1104890,1105025,1105190,1105247,1105292,1105322,1105355,1105378,1105396,1105428,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106110,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106779,1106800,1106838,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107074,1107207,1107319,1107320,1107522,1107535,1107685,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108241,1108243,1108260,1108281,1108323,1108377,1108399,1108468,1108520,1108823,1108841,1108870,1109151,1109158,1109217,1109244,1109269,1109330,1109333,1109336,1109337,1109511,1109603,1109739,1109772,1109784,1109806,1109818,1109907,1109915,1109919,1109951,1109979,1109992,1110006,1110096,1110301,1110363,1110538,1110561,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1111028,1111040,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112208,1112219,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279,971975
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.16.1, kernel-source-azure-4.12.14-5.16.1, kernel-syms-azure-4.12.14-5.16.1
Comment 35 Swamp Workflow Management 2019-04-27 22:24:22 UTC 
SUSE-SU-2018:2908-2: An update that solves 19 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1, kgraft-patch-SLE12-SP1_Update_31-1-2.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 39 Carlos López 2022-06-09 11:00:02 UTC 
Done, closing.