Bug 1134395 (CVE-2018-20836)

Summary: VUL-1: CVE-2018-20836: kernel-source: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: bpetkov, hare, jthumshirn, smash_bz, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/232341/
Whiteboard: CVSSv3:SUSE:CVE-2018-20836:6.2:(AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H) maint:released:sle10-sp3:64403
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-05-08 05:47:46 UTC 
CVE-2018-20836

An issue was discovered in the Linux kernel before 4.20. There is a race
condition in smp_task_timedout() and smp_task_done() in
drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20836
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20836.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20836
https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae
Comment 1 Marcus Meissner 2019-05-08 05:50:22 UTC 
It is hard to undertsand if this can be attacker triggered.
Comment 2 Takashi Iwai 2019-05-08 06:01:16 UTC 
Adding two guys who added Reviewed-by tags.
Comment 5 Lee Duncan 2019-06-19 16:25:01 UTC 
I do not see how this can be attacker-initiated. For this use-after-free to occur, there must be multiple CPUs, and the 2nd CPU must time out a SAS command at precisely the right moment. But, under heavy load, and with fast CPUs, this window certainly could be hit. The consequences of such a (all be it slim) possible use-after-free are of course somewhat unpredictable, but likely would lead to a kernel oops at best, and corrupted data in the worst case.

It certainly needs to be fixed though. Would you like me to proceed with applying the appropriate patches for a CVE?
Comment 6 Lee Duncan 2019-07-02 17:05:19 UTC 
This has been around long enough that our master branch (factory/tumbleweed) is already updated with the fix, which is upstream commit b90cd6f2b905

Patch scsi-libsas-fix-a-race-condition-when-smp-task-timeout pushed to my SLE15 for-next branch, which was promptly merged into SLE15.

Also, pushed to my cve/linux-4.4 for-next branch.
Comment 7 Lee Duncan 2019-07-02 20:35:32 UTC 
Also pushed to my cve/linux-3.12 for-next branch.
Comment 8 Lee Duncan 2019-07-02 23:26:33 UTC 
Changes now submitted to my for-next branch on cve/linux-2.6.32 and cve/linux-2.6.16

I believe my work here is done -- if my branches get merged, that is.
Comment 9 Lee Duncan 2019-07-08 17:33:14 UTC 
Assigning back to default.
Comment 13 Swamp Workflow Management 2019-07-09 13:32:46 UTC 
This is an autogenerated message for OBS integration:
This bug (1134395) was mentioned in
https://build.opensuse.org/request/show/714223 15.0 / kernel-source
Comment 18 Swamp Workflow Management 2019-07-12 10:16:16 UTC 
SUSE-SU-2019:1823-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1096254,1108382,1109137,1127155,1133190,1133738,1134395,1134701,1136922,1136935,1137194,1138291,1140575
CVE References: CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11487,CVE-2019-11599,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.117.1, kernel-source-4.4.121-92.117.1, kernel-syms-4.4.121-92.117.1, kgraft-patch-SLE12-SP2_Update_31-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.117.1, kernel-source-4.4.121-92.117.1, kernel-syms-4.4.121-92.117.1, kgraft-patch-SLE12-SP2_Update_31-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.117.1, kernel-source-4.4.121-92.117.1, kernel-syms-4.4.121-92.117.1, kgraft-patch-SLE12-SP2_Update_31-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.117.1, kernel-source-4.4.121-92.117.1, kernel-syms-4.4.121-92.117.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.117.1, kernel-source-4.4.121-92.117.1, kernel-syms-4.4.121-92.117.1, kgraft-patch-SLE12-SP2_Update_31-1-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2019-07-12 16:16:36 UTC 
SUSE-SU-2019:1829-1: An update that solves 11 vulnerabilities and has 71 fixes is now available.

Category: security (important)
Bug References: 1051510,1071995,1088047,1094555,1098633,1106383,1106751,1109137,1114279,1119532,1120423,1124167,1127155,1128432,1128902,1128910,1131645,1132154,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1136157,1136598,1136922,1136935,1137103,1137194,1137429,1137625,1137728,1137884,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375,1138589,1138719,1139771,1139782,1139865,1140133,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11599,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.33.1, kernel-source-azure-4.12.14-5.33.1, kernel-syms-azure-4.12.14-5.33.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-azure-4.12.14-5.33.1, kernel-source-azure-4.12.14-5.33.1, kernel-syms-azure-4.12.14-5.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2019-07-15 10:12:48 UTC 
SUSE-SU-2019:1823-2: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1096254,1108382,1109137,1127155,1133190,1133738,1134395,1134701,1136922,1136935,1137194,1138291,1140575
CVE References: CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11487,CVE-2019-11599,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819
Sources used:
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.117.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2019-07-15 10:13:16 UTC 
This is an autogenerated message for OBS integration:
This bug (1134395) was mentioned in
https://build.opensuse.org/request/show/715440 15.1 / kernel-source
Comment 24 Swamp Workflow Management 2019-07-15 19:14:39 UTC 
SUSE-SU-2019:1854-1: An update that solves 6 vulnerabilities and has 69 fixes is now available.

Category: security (important)
Bug References: 1051510,1071995,1088047,1098633,1103990,1103991,1103992,1106383,1109837,1111666,1112374,1114685,1119113,1119532,1120423,1125703,1128902,1130836,1131645,1132390,1133401,1133738,1134303,1134395,1135556,1135642,1135897,1136161,1136264,1136343,1136935,1137625,1137728,1138879,1139712,1139751,1139771,1139865,1140133,1140228,1140328,1140405,1140424,1140428,1140454,1140463,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992
CVE References: CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11599,CVE-2019-13233
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.10.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dtb-aarch64-4.12.14-197.10.1, kernel-debug-4.12.14-197.10.1, kernel-default-4.12.14-197.10.1, kernel-docs-4.12.14-197.10.1, kernel-kvmsmall-4.12.14-197.10.1, kernel-obs-qa-4.12.14-197.10.1, kernel-source-4.12.14-197.10.1, kernel-vanilla-4.12.14-197.10.1, kernel-zfcpdump-4.12.14-197.10.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.10.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.10.1, kernel-obs-build-4.12.14-197.10.1, kernel-source-4.12.14-197.10.1, kernel-syms-4.12.14-197.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.10.1, kernel-source-4.12.14-197.10.1, kernel-zfcpdump-4.12.14-197.10.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2019-07-15 19:24:57 UTC 
SUSE-SU-2019:1855-1: An update that solves 12 vulnerabilities and has 73 fixes is now available.

Category: security (important)
Bug References: 1051510,1061840,1065600,1071995,1088047,1094555,1098633,1106383,1106751,1109137,1114279,1119532,1120423,1124167,1127155,1128432,1128902,1128910,1131645,1132154,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1136157,1136598,1136922,1136935,1137103,1137194,1137429,1137625,1137728,1137884,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375,1138589,1138719,1139751,1139771,1139782,1139865,1140133,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11478,CVE-2019-11599,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.27.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.27.1, kernel-docs-4.12.14-150.27.1, kernel-obs-qa-4.12.14-150.27.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.27.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.27.1, kernel-obs-build-4.12.14-150.27.1, kernel-source-4.12.14-150.27.1, kernel-syms-4.12.14-150.27.1, kernel-vanilla-4.12.14-150.27.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.27.1, kernel-source-4.12.14-150.27.1, kernel-zfcpdump-4.12.14-150.27.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2019-07-15 19:35:50 UTC 
SUSE-SU-2019:1854-1: An update that solves 6 vulnerabilities and has 69 fixes is now available.

Category: security (important)
Bug References: 1051510,1071995,1088047,1098633,1103990,1103991,1103992,1106383,1109837,1111666,1112374,1114685,1119113,1119532,1120423,1125703,1128902,1130836,1131645,1132390,1133401,1133738,1134303,1134395,1135556,1135642,1135897,1136161,1136264,1136343,1136935,1137625,1137728,1138879,1139712,1139751,1139771,1139865,1140133,1140228,1140328,1140405,1140424,1140428,1140454,1140463,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992
CVE References: CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11599,CVE-2019-13233
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    kernel-default-4.12.14-197.10.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dtb-aarch64-4.12.14-197.10.1, kernel-debug-4.12.14-197.10.1, kernel-default-4.12.14-197.10.1, kernel-docs-4.12.14-197.10.1, kernel-kvmsmall-4.12.14-197.10.1, kernel-obs-qa-4.12.14-197.10.1, kernel-source-4.12.14-197.10.1, kernel-vanilla-4.12.14-197.10.1, kernel-zfcpdump-4.12.14-197.10.1
SUSE Linux Enterprise Module for Live Patching 15-SP1 (src):    kernel-default-4.12.14-197.10.1, kernel-livepatch-SLE15-SP1_Update_3-1-3.3.1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src):    kernel-default-4.12.14-197.10.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    kernel-docs-4.12.14-197.10.1, kernel-obs-build-4.12.14-197.10.1, kernel-source-4.12.14-197.10.1, kernel-syms-4.12.14-197.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    kernel-default-4.12.14-197.10.1, kernel-source-4.12.14-197.10.1, kernel-zfcpdump-4.12.14-197.10.1
SUSE Linux Enterprise High Availability 15-SP1 (src):    kernel-default-4.12.14-197.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Swamp Workflow Management 2019-07-15 19:45:15 UTC 
SUSE-SU-2019:1851-1: An update that solves 11 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1051510,1061840,1065600,1071995,1088047,1094555,1098633,1106383,1106751,1109137,1114279,1119532,1120423,1124167,1127155,1128432,1128902,1128910,1132154,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1136157,1136811,1136922,1137103,1137194,1137221,1137366,1137429,1137625,1137728,1137884,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375,1138589,1138719,1139751,1139771,1139782,1139865,1140133,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814,1140948,821419,945811
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11478,CVE-2019-11599,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_6-1-6.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 28 Swamp Workflow Management 2019-07-15 19:57:42 UTC 
SUSE-SU-2019:1855-1: An update that solves 12 vulnerabilities and has 73 fixes is now available.

Category: security (important)
Bug References: 1051510,1061840,1065600,1071995,1088047,1094555,1098633,1106383,1106751,1109137,1114279,1119532,1120423,1124167,1127155,1128432,1128902,1128910,1131645,1132154,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1136157,1136598,1136922,1136935,1137103,1137194,1137429,1137625,1137728,1137884,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375,1138589,1138719,1139751,1139771,1139782,1139865,1140133,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11478,CVE-2019-11599,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-150.27.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-150.27.1, kernel-docs-4.12.14-150.27.1, kernel-obs-qa-4.12.14-150.27.1
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-150.27.1, kernel-livepatch-SLE15_Update_12-1-1.5.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-150.27.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-150.27.1, kernel-obs-build-4.12.14-150.27.1, kernel-source-4.12.14-150.27.1, kernel-syms-4.12.14-150.27.1, kernel-vanilla-4.12.14-150.27.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-150.27.1, kernel-source-4.12.14-150.27.1, kernel-zfcpdump-4.12.14-150.27.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-150.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 29 Swamp Workflow Management 2019-07-15 20:08:55 UTC 
SUSE-SU-2019:1852-1: An update that solves 11 vulnerabilities and has 29 fixes is now available.

Category: security (important)
Bug References: 1053043,1066223,1094555,1108382,1109137,1111188,1119086,1120902,1121263,1125580,1126961,1127155,1129770,1131335,1131336,1131645,1132390,1133140,1133190,1133191,1133738,1134395,1135642,1136598,1136889,1136922,1136935,1137004,1137194,1137739,1137749,1137752,1137915,1138291,1138293,1138374,1138681,1139751,1140575,1140577
CVE References: CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11487,CVE-2019-11599,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819
Sources used:
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.100.1, kernel-source-4.4.180-94.100.1, kernel-syms-4.4.180-94.100.1, kgraft-patch-SLE12-SP3_Update_27-1-4.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.100.1, kernel-source-4.4.180-94.100.1, kernel-syms-4.4.180-94.100.1, kgraft-patch-SLE12-SP3_Update_27-1-4.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.100.1, kernel-source-4.4.180-94.100.1, kernel-syms-4.4.180-94.100.1, kgraft-patch-SLE12-SP3_Update_27-1-4.3.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.100.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.100.1, kernel-source-4.4.180-94.100.1, kernel-syms-4.4.180-94.100.1, kgraft-patch-SLE12-SP3_Update_27-1-4.3.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.180-94.100.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 30 Swamp Workflow Management 2019-07-15 20:17:39 UTC 
SUSE-SU-2019:1851-1: An update that solves 11 vulnerabilities and has 77 fixes is now available.

Category: security (important)
Bug References: 1051510,1061840,1065600,1071995,1088047,1094555,1098633,1106383,1106751,1109137,1114279,1119532,1120423,1124167,1127155,1128432,1128902,1128910,1132154,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1136157,1136811,1136922,1137103,1137194,1137221,1137366,1137429,1137625,1137728,1137884,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375,1138589,1138719,1139751,1139771,1139782,1139865,1140133,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814,1140948,821419,945811
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11478,CVE-2019-11599,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.24.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.24.1, kernel-obs-build-4.12.14-95.24.1
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.24.1, kernel-source-4.12.14-95.24.1, kernel-syms-4.12.14-95.24.1
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_6-1-6.5.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.24.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.24.1, kernel-source-4.12.14-95.24.1, kernel-syms-4.12.14-95.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2019-07-17 16:12:34 UTC 
SUSE-SU-2019:1870-1: An update that solves 7 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1102340,1112824,1130159,1133190,1134395,1135603,1136922,1137194,1138293,1139751
CVE References: CVE-2018-20836,CVE-2018-5390,CVE-2018-7191,CVE-2019-11487,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.118.1, kernel-source-3.12.74-60.64.118.1, kernel-syms-3.12.74-60.64.118.1, kernel-xen-3.12.74-60.64.118.1, kgraft-patch-SLE12-SP1_Update_35-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.118.1, kernel-source-3.12.74-60.64.118.1, kernel-syms-3.12.74-60.64.118.1, kernel-xen-3.12.74-60.64.118.1, kgraft-patch-SLE12-SP1_Update_35-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.118.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 32 Swamp Workflow Management 2019-07-18 22:11:18 UTC 
SUSE-SU-2019:14127-1: An update that solves 7 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1063416,1090078,1102340,1120758,1134395,1134835,1135650,1136424,1137194,1138943,1139751
CVE References: CVE-2018-20836,CVE-2018-5390,CVE-2019-12614,CVE-2019-3459,CVE-2019-3460,CVE-2019-3846,CVE-2019-3896
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kernel-bigmem-3.0.101-108.98.1, kernel-default-3.0.101-108.98.1, kernel-ec2-3.0.101-108.98.1, kernel-pae-3.0.101-108.98.1, kernel-ppc64-3.0.101-108.98.1, kernel-source-3.0.101-108.98.1, kernel-syms-3.0.101-108.98.1, kernel-trace-3.0.101-108.98.1, kernel-xen-3.0.101-108.98.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.98.1, kernel-pae-3.0.101-108.98.1, kernel-ppc64-3.0.101-108.98.1, kernel-trace-3.0.101-108.98.1, kernel-xen-3.0.101-108.98.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.98.1, kernel-default-3.0.101-108.98.1, kernel-ec2-3.0.101-108.98.1, kernel-pae-3.0.101-108.98.1, kernel-ppc64-3.0.101-108.98.1, kernel-trace-3.0.101-108.98.1, kernel-xen-3.0.101-108.98.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 33 Swamp Workflow Management 2019-07-19 10:18:48 UTC 
openSUSE-SU-2019:1716-1: An update that solves 7 vulnerabilities and has 45 fixes is now available.

Category: security (important)
Bug References: 1051510,1071995,1088047,1094555,1098633,1106383,1106751,1109137,1114279,1119532,1120423,1124167,1127155,1128902,1128910,1131645,1132154,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1136157,1136935,1137103,1137194,1137625,1137728,1137884,1138589,1138719,1139771,1139782,1139865,1140133,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11599,CVE-2019-12614
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.67.1, kernel-default-4.12.14-lp150.12.67.1, kernel-docs-4.12.14-lp150.12.67.1, kernel-kvmsmall-4.12.14-lp150.12.67.1, kernel-obs-build-4.12.14-lp150.12.67.1, kernel-obs-qa-4.12.14-lp150.12.67.1, kernel-source-4.12.14-lp150.12.67.1, kernel-syms-4.12.14-lp150.12.67.1, kernel-vanilla-4.12.14-lp150.12.67.1
Comment 35 Swamp Workflow Management 2019-07-20 10:19:01 UTC 
openSUSE-SU-2019:1757-1: An update that solves 9 vulnerabilities and has 82 fixes is now available.

Category: security (important)
Bug References: 1051510,1071995,1088047,1094555,1098633,1103990,1103991,1103992,1106383,1109837,1111666,1112374,1114279,1114685,1119113,1119532,1120423,1125703,1128902,1130836,1132390,1133401,1133738,1134303,1134395,1135296,1135556,1135642,1135897,1136156,1136157,1136161,1136264,1136271,1136333,1136343,1136462,1136935,1137103,1137194,1137366,1137625,1137728,1137884,1137985,1138263,1138589,1138681,1138719,1138732,1138879,1139712,1139771,1139865,1140133,1140228,1140328,1140405,1140424,1140428,1140454,1140463,1140575,1140577,1140637,1140658,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-11599,CVE-2019-12614,CVE-2019-12817,CVE-2019-13233
Sources used:
openSUSE Leap 15.1 (src):    kernel-debug-4.12.14-lp151.28.10.1, kernel-default-4.12.14-lp151.28.10.1, kernel-docs-4.12.14-lp151.28.10.1, kernel-kvmsmall-4.12.14-lp151.28.10.1, kernel-obs-build-4.12.14-lp151.28.10.1, kernel-obs-qa-4.12.14-lp151.28.10.1, kernel-source-4.12.14-lp151.28.10.1, kernel-syms-4.12.14-lp151.28.10.1, kernel-vanilla-4.12.14-lp151.28.10.1
Comment 40 Swamp Workflow Management 2019-08-07 05:21:18 UTC 
SUSE-SU-2019:2069-1: An update that solves 18 vulnerabilities and has 157 fixes is now available.

Category: security (important)
Bug References: 1051510,1055117,1071995,1083647,1083710,1088047,1094555,1098633,1103990,1103991,1103992,1104745,1106383,1109837,1111666,1112374,1114279,1114685,1119113,1119222,1119532,1120423,1123080,1125703,1127034,1127315,1127611,1128432,1128902,1129770,1130836,1132390,1133021,1133401,1133738,1134090,1134097,1134390,1134395,1134399,1134730,1134738,1135153,1135296,1135335,1135556,1135642,1135897,1136156,1136157,1136161,1136217,1136264,1136271,1136333,1136342,1136343,1136345,1136348,1136460,1136461,1136462,1136467,1137103,1137194,1137224,1137366,1137429,1137458,1137534,1137535,1137584,1137586,1137609,1137625,1137728,1137811,1137827,1137884,1137985,1138263,1138291,1138293,1138336,1138374,1138375,1138589,1138681,1138719,1138732,1138874,1138879,1139358,1139619,1139712,1139751,1139771,1139865,1140133,1140139,1140228,1140322,1140328,1140405,1140424,1140428,1140454,1140463,1140559,1140575,1140577,1140637,1140652,1140658,1140676,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141312,1141401,1141402,1141452,1141453,1141454,1141478,1141558,1142023,1142052,1142083,1142112,1142115,1142119,1142220,1142221,1142265,1142350,1142351,1142354,1142359,1142450,1142623,1142673,1142701,1142868,1143003,1143105,1143185,1143189,1143191,1143209,1143507
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2018-20855,CVE-2019-10638,CVE-2019-10639,CVE-2019-1125,CVE-2019-11478,CVE-2019-11599,CVE-2019-11810,CVE-2019-12614,CVE-2019-12817,CVE-2019-12818,CVE-2019-12819,CVE-2019-13233,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src):    kernel-azure-4.12.14-8.13.1, kernel-source-azure-4.12.14-8.13.1, kernel-syms-azure-4.12.14-8.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 45 Swamp Workflow Management 2019-09-23 13:51:43 UTC 
SUSE-SU-2019:2430-1: An update that solves 45 vulnerabilities and has 474 fixes is now available.

Category: security (important)
Bug References: 1050242,1050549,1051510,1052904,1053043,1055117,1055121,1055186,1056787,1058115,1061840,1064802,1065600,1065729,1066129,1070872,1071995,1075020,1082387,1082555,1083647,1083710,1085535,1085536,1088047,1088804,1093389,1094555,1096003,1098633,1099658,1102247,1103186,1103259,1103990,1103991,1103992,1104745,1106011,1106284,1106383,1106751,1108193,1108838,1108937,1109837,1110946,1111331,1111666,1111696,1112063,1112128,1112178,1112374,1113722,1113956,1114279,1114427,1114542,1114638,1114685,1115688,1117114,1117158,1117561,1118139,1119113,1119222,1119532,1119680,1120091,1120318,1120423,1120566,1120843,1120902,1122767,1122776,1123080,1123454,1123663,1124503,1124839,1125703,1126206,1126356,1126704,1127034,1127175,1127315,1127371,1127374,1127611,1127616,1128052,1128415,1128432,1128544,1128902,1128904,1128971,1128979,1129138,1129273,1129693,1129770,1129845,1130195,1130425,1130527,1130567,1130579,1130699,1130836,1130937,1130972,1131326,1131427,1131438,1131451,1131467,1131488,1131530,1131565,1131574,1131587,1131645,1131659,1131673,1131847,1131848,1131851,1131900,1131934,1131935,1132044,1132219,1132226,1132227,1132365,1132368,1132369,1132370,1132372,1132373,1132384,1132390,1132397,1132402,1132403,1132404,1132405,1132407,1132411,1132412,1132413,1132414,1132426,1132527,1132531,1132555,1132558,1132561,1132562,1132563,1132564,1132570,1132571,1132572,1132589,1132618,1132673,1132681,1132726,1132828,1132894,1132943,1132982,1133005,1133016,1133021,1133094,1133095,1133115,1133149,1133176,1133188,1133190,1133311,1133320,1133401,1133486,1133529,1133547,1133584,1133593,1133612,1133616,1133667,1133668,1133672,1133674,1133675,1133698,1133702,1133731,1133738,1133769,1133772,1133774,1133778,1133779,1133780,1133825,1133850,1133851,1133852,1133897,1134090,1134097,1134160,1134162,1134199,1134200,1134201,1134202,1134203,1134204,1134205,1134223,1134303,1134354,1134390,1134393,1134395,1134397,1134399,1134459,1134460,1134461,1134597,1134600,1134607,1134618,1134651,1134671,1134730,1134738,1134743,1134760,1134806,1134810,1134813,1134848,1134936,1134945,1134946,1134947,1134948,1134949,1134950,1134951,1134952,1134953,1134972,1134974,1134975,1134980,1134981,1134983,1134987,1134989,1134990,1134994,1134995,1134998,1134999,1135006,1135007,1135008,1135018,1135021,1135024,1135026,1135027,1135028,1135029,1135031,1135033,1135034,1135035,1135036,1135037,1135038,1135039,1135041,1135042,1135044,1135045,1135046,1135047,1135049,1135051,1135052,1135053,1135055,1135056,1135058,1135100,1135120,1135153,1135278,1135281,1135296,1135309,1135312,1135314,1135315,1135316,1135320,1135323,1135330,1135335,1135492,1135542,1135556,1135603,1135642,1135661,1135758,1135897,1136156,1136157,1136161,1136188,1136206,1136215,1136217,1136264,1136271,1136333,1136342,1136343,1136345,1136347,1136348,1136353,1136424,1136428,1136430,1136432,1136434,1136435,1136438,1136439,1136456,1136460,1136461,1136462,1136467,1136469,1136477,1136478,1136498,1136573,1136586,1136598,1136881,1136922,1136935,1136978,1136990,1137103,1137151,1137152,1137153,1137162,1137194,1137201,1137224,1137232,1137233,1137236,1137366,1137372,1137429,1137444,1137458,1137534,1137535,1137584,1137586,1137609,1137625,1137728,1137739,1137752,1137811,1137827,1137884,1137985,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138263,1138291,1138293,1138336,1138374,1138375,1138589,1138681,1138719,1138732,1138874,1138879,1139358,1139619,1139712,1139751,1139771,1139865,1140133,1140139,1140228,1140322,1140328,1140405,1140424,1140428,1140454,1140463,1140559,1140575,1140577,1140637,1140652,1140658,1140676,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140948,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141312,1141401,1141402,1141452,1141453,1141454,1141478,1141558,1142023,1142052,1142083,1142112,1142115,1142119,1142220,1142221,1142254,1142350,1142351,1142354,1142359,1142450,1142623,1142673,1142701,1142868,1143003,1143045,1143105,1143185,1143189,1143191,1143209,1143507
CVE References: CVE-2017-5753,CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-16871,CVE-2018-16880,CVE-2018-20836,CVE-2018-20855,CVE-2018-7191,CVE-2019-10124,CVE-2019-10638,CVE-2019-10639,CVE-2019-11085,CVE-2019-11091,CVE-2019-1125,CVE-2019-11477,CVE-2019-11478,CVE-2019-11479,CVE-2019-11486,CVE-2019-11487,CVE-2019-11599,CVE-2019-11810,CVE-2019-11811,CVE-2019-11815,CVE-2019-11833,CVE-2019-11884,CVE-2019-12380,CVE-2019-12382,CVE-2019-12456,CVE-2019-12614,CVE-2019-12817,CVE-2019-12818,CVE-2019-12819,CVE-2019-13233,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284,CVE-2019-3846,CVE-2019-3882,CVE-2019-5489,CVE-2019-8564,CVE-2019-9003,CVE-2019-9500,CVE-2019-9503
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP1 (src):    kernel-rt-4.12.14-14.8.1, kernel-rt_debug-4.12.14-14.8.1, kernel-source-rt-4.12.14-14.8.1, kernel-syms-rt-4.12.14-14.8.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    kernel-rt-4.12.14-14.8.1, kernel-rt_debug-4.12.14-14.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 46 Swamp Workflow Management 2019-09-24 16:17:50 UTC 
SUSE-SU-2019:2450-1: An update that solves 21 vulnerabilities and has 160 fixes is now available.

Category: security (important)
Bug References: 1012382,1051510,1053043,1055117,1061840,1065600,1065729,1068032,1071995,1083647,1083710,1088047,1094555,1098633,1102247,1106383,1106751,1109137,1111666,11123080,1112824,1113722,1114279,1115688,1117158,1118139,1119222,1120423,1120566,1124167,1124503,1127034,1127155,1127315,1128432,1128902,1128910,1129770,1130972,1132154,1132390,1133021,1133401,1133738,1134097,1134303,1134390,1134393,1134395,1134399,1134671,1135296,1135335,1135556,1135642,1135661,1136157,1136424,1136598,1136811,1136896,1136922,1136935,1136990,1137103,1137162,1137194,1137366,1137372,1137429,1137444,1137458,1137534,1137535,1137584,1137586,1137609,1137625,1137728,1137739,1137752,1137811,1137827,1137884,1137995,1137996,1137998,1137999,1138000,1138002,1138003,1138005,1138006,1138007,1138008,1138009,1138010,1138011,1138012,1138013,1138014,1138015,1138016,1138017,1138018,1138019,1138291,1138293,1138374,1138375,1138589,1138719,1139358,1139751,1139771,1139782,1139865,1140133,1140139,1140322,1140328,1140405,1140424,1140428,1140575,1140577,1140637,1140652,1140658,1140715,1140719,1140726,1140727,1140728,1140814,1140887,1140888,1140889,1140891,1140893,1140903,1140945,1140954,1140955,1140956,1140957,1140958,1140959,1140960,1140961,1140962,1140964,1140971,1140972,1140992,1141401,1141402,1141452,1141453,1141454,1141478,1141488,1142023,1142112,1142220,1142221,1142265,1142350,1142351,1142354,1142359,1142450,1142701,1142868,1143003,1143045,1143105,1143185,1143189,1143191,1143507
CVE References: CVE-2018-16871,CVE-2018-20836,CVE-2018-20855,CVE-2019-10126,CVE-2019-10638,CVE-2019-10639,CVE-2019-1125,CVE-2019-11477,CVE-2019-11478,CVE-2019-11599,CVE-2019-11810,CVE-2019-12380,CVE-2019-12456,CVE-2019-12614,CVE-2019-12818,CVE-2019-12819,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284,CVE-2019-3846
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP4 (src):    kernel-rt-4.12.14-8.3.1, kernel-rt_debug-4.12.14-8.3.1, kernel-source-rt-4.12.14-8.3.1, kernel-syms-rt-4.12.14-8.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 48 Marcus Meissner 2019-11-08 16:25:08 UTC 
released
Comment 52 Swamp Workflow Management 2020-04-23 13:50:45 UTC 
SUSE-SU-2020:1084-1: An update that solves 11 vulnerabilities and has 107 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1141895,1142685,1144333,1145051,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159142,1159198,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163508,1163762,1164078,1164507,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166982,1167005,1167216,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168273,1168276,1168295,1168367,1168424,1168443,1168552,1168829,1168854,1169013,1169307,1169308
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP5 (src):    kernel-rt-4.12.14-10.8.1, kernel-rt_debug-4.12.14-10.8.1, kernel-source-rt-4.12.14-10.8.1, kernel-syms-rt-4.12.14-10.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Swamp Workflow Management 2020-04-27 13:18:07 UTC 
SUSE-SU-2020:1118-1: An update that solves 12 vulnerabilities and has 139 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1137325,1141895,1142685,1144333,1145051,1145929,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163403,1163508,1163762,1163897,1164078,1164284,1164507,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-azure-4.12.14-16.13.1, kernel-source-azure-4.12.14-16.13.1, kernel-syms-azure-4.12.14-16.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 54 Swamp Workflow Management 2020-04-29 16:47:41 UTC 
SUSE-SU-2020:1142-1: An update that solves 13 vulnerabilities and has 157 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1137325,1141895,1142685,1144162,1144333,1145051,1145929,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163403,1163508,1163762,1163897,1163971,1164051,1164078,1164115,1164284,1164388,1164471,1164507,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-2732,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kgraft-patch-SLE12-SP5_Update_4-1-8.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 55 Swamp Workflow Management 2020-04-29 17:12:11 UTC 
SUSE-SU-2020:1142-1: An update that solves 13 vulnerabilities and has 157 fixes is now available.

Category: security (important)
Bug References: 1044231,1050549,1051510,1051858,1056686,1060463,1065600,1065729,1083647,1085030,1088810,1103990,1103992,1104353,1104745,1104967,1109837,1109911,1111666,1111974,1112178,1112374,1112504,1113956,1114279,1114685,1118338,1119680,1120386,1123328,1127611,1133021,1134090,1134395,1136157,1136333,1137325,1141895,1142685,1144162,1144333,1145051,1145929,1146539,1148868,1154385,1156510,1157424,1158187,1158552,1158983,1159037,1159142,1159198,1159199,1159285,1160659,1161561,1161702,1161951,1162171,1162929,1162931,1163403,1163508,1163762,1163897,1163971,1164051,1164078,1164115,1164284,1164388,1164471,1164507,1164598,1164632,1164705,1164712,1164727,1164728,1164729,1164730,1164731,1164732,1164733,1164734,1164735,1164777,1164780,1164893,1165019,1165111,1165182,1165185,1165211,1165404,1165488,1165527,1165581,1165741,1165813,1165823,1165873,1165929,1165949,1165950,1165980,1165984,1165985,1166003,1166101,1166102,1166103,1166104,1166632,1166658,1166730,1166731,1166732,1166733,1166734,1166735,1166780,1166860,1166861,1166862,1166864,1166866,1166867,1166868,1166870,1166940,1166982,1167005,1167216,1167288,1167290,1167316,1167421,1167423,1167627,1167629,1168075,1168202,1168273,1168276,1168295,1168367,1168424,1168443,1168486,1168552,1168760,1168762,1168763,1168764,1168765,1168829,1168854,1168881,1168884,1168952,1169013,1169057,1169307,1169308,1169390,1169514,1169625
CVE References: CVE-2018-20836,CVE-2019-19768,CVE-2019-19770,CVE-2019-3701,CVE-2019-9458,CVE-2020-10942,CVE-2020-11494,CVE-2020-11669,CVE-2020-2732,CVE-2020-8647,CVE-2020-8649,CVE-2020-8834,CVE-2020-9383
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    kernel-default-4.12.14-122.20.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    kernel-docs-4.12.14-122.20.1, kernel-obs-build-4.12.14-122.20.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kernel-source-4.12.14-122.20.1, kernel-syms-4.12.14-122.20.1
SUSE Linux Enterprise Live Patching 12-SP5 (src):    kernel-default-4.12.14-122.20.1, kgraft-patch-SLE12-SP5_Update_4-1-8.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    kernel-default-4.12.14-122.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.